Last Updated: May 18, 2026
1. Introduction
This Privacy Policy (this “Policy”) describes how USO Deposit Trust LLC, a Delaware limited liability company, and its affiliated entities, including USO Labs Ltd., a Marshall Islands corporation, collect, use, disclose, and process personal information in connection with the UpsideOnly.com platform (the “Platform”). References in this Policy to “Company,” “we,” “us,” or “our” include such affiliates and subsidiaries where the context requires.
2. Scope and Role
Controller: We act as a data controller for personal information processed to operate the Platform.
3. Categories of Personal Information Collected
We collect the following categories of personal information:
(a) Identification Data
- Name, date of birth, username
- Government-issued ID (e.g., passport, driver’s license)
- National identifiers (e.g., Social Security Numbers, where required)
- Nationality
- Country of residence
- Your status as an employee or affiliate of a publicly traded company
(b) Contact Data
- Email address
- We may collect contact information such as telephone numbers and mailing addresses in connection with customer support services or identity verification
(c) Financial and Transaction Data
- Bank account and payment details
- Deposits, withdrawals, balances
(d) Platform Activity and User-Generated Data
- Paper trades, predictions, entries, positions, and rankings
- User preferences and settings
- Communications (including support interactions)
(e) Technical and Device Data
- IP address
- Device identifiers
- Browser type and operating system
- Log files, timestamps, and usage data
(f) Compliance and Risk Data
- Identity verification (Know Your Customer, or KYC) results
- Anti-Money Laundering, or AML, screening and sanctions checks
- Fraud detection signals and risk scoring
(g) Additional Categories
- Commercial information (services used or considered)
- Internet/network activity (pages viewed, features used)
- Approximate geolocation (derived from IP)
- Inferences (e.g., fraud risk, behavioral segmentation)
(h) Sensitive Personal Information (where applicable)
- Government ID numbers
- Financial account credentials
- Biometric data (if used for identity verification)
If we are in possession of any de-identified data, we commit to maintaining and using deidentified data without attempting to reidentify the data
4. Sources of Personal Information
We collect personal information from:
- You directly
- Service providers (e.g., KYC vendors, payment processors)
- Public databases and regulatory sources
- Automated technologies (cookies, logs, analytics tools)
5. Purposes of Processing
We process personal information for the following purposes:
(a) Platform Operation – email address; username; name; date of birth; government ID; government ID numbers (where required); account information
- Account creation and management
- Facilitating transactions, payments, awards, and settlements
(b) Regulatory Compliance – government ID; biometric data; date of birth; nationality; address; affiliation with publicly traded company; payment data
- KYC/AML obligations
- Sanctions screening
- Regulatory reporting
(c) Risk, Fraud, and Security – government ID; biometric data; date of birth; nationality; address; affiliation with publicly traded company; payment data; platform usage data
- Fraud detection and prevention
- Monitoring suspicious activity
- Enforcement of platform rules
(d) Product Improvement – information from cookies; logs; clicks; session data; user behavior
- Analytics and performance optimization
- Feature development, including to train our artificial intelligence tools
(e) Communications – contact information; email; telephone numbers; mailing address
- Service-related messages
- Customer support
- Marketing (subject to applicable law)
- Link clicks
- Data opening data
We limit our collection and use of personal information to what is reasonably necessary and proportionate for these purposes. Certain data elements are used only for specific functions (e.g., identity data for compliance).
5A. Automated Decision-Making and Profiling
We may use automated systems to:
- Detect fraud and suspicious activity
- Conduct risk scoring and monitoring
- Support regulatory compliance
These systems may analyze transaction patterns, behavioral data, and device information.
For EEA/UK users:
You may have the right to:
- Request human review
- Obtain additional information about the logic involved
6. Legal Bases for Processing (EEA/UK)
| Purpose | Legal Basis |
|---|---|
| Platform operation | Contractual necessity |
| Compliance (KYC/AML) | Legal obligation |
| Fraud and security | Legitimate interests |
| Product improvement | Legitimate interests |
| Marketing | Consent (where required) |
7. Data Retention
| Data Category | Retention Period | Rationale |
|---|---|---|
| Identity data | Account life + 5–10 years | Regulatory compliance |
| Financial data | 5–10 years | Audit/legal obligations |
| Communications | 2–5 years | Disputes/support |
| Technical logs | 12–24 months | Security/analytics |
| Marketing data | Until opt-out or inactivity | Marketing management |
We may retain data longer where required by law or investigations.
8. Sharing and Disclosure
We disclose personal information to:
(a) Service Providers
- Infrastructure and cloud providers
- Payment processors and financial institutions
- Identity verification and compliance vendors
- Fraud prevention and risk analytics providers
- Customer support providers
- Analytics providers
The categories of data we may provide to service providers, as well as the corresponding purpose of each category, are set forth below:
| Data Category | Purpose |
|---|---|
| Identity data | Identity verification; KYC and AML screening; payment processing |
| Contact information | Payment processing; user inquiries, customer service communications; disputes, identity verification |
| Biometric data | Identify verification; KYC and AML screening |
| Government-issued identification numbers | Identify verification; KYC and AML screening |
| Payment information | Payment processing; KYC and AML screening; performance tracking; fraud prevention |
| Financial data | Audit; legal obligations |
| Communications | Disputes; support |
| Technical logs | Security; analytics |
| Marketing data | Marketing management |
| Information from cookies | Authentication; security; fraud prevention; session continuity; core platform functionality; user preferences; clicks; session data; advertising identifiers; conversion events; cross-site tracking data |
These parties are contractually restricted in their use of personal information when they act on our behalf. Some third-party providers may independently collect personal information when you visit our site. For example, our site includes social media features connected with social networking sites such as X, LinkedIn, and Facebook. Those sites may collect your IP address and which page you are visiting on the site, and may set a cookie to enable social media features to function properly. Our authorized third-party vendors and partners have their own privacy notices which govern the use, handling, and disclosure of your personal information. For example, your interactions with social media sites, including any personal information you provide via buttons or links to these sites, are governed by the privacy policy/notice of the social media company.
(b) Regulators and Authorities
- Law enforcement and courts
- Financial regulators
- Government agencies
(c) Business Transfers
- Mergers, acquisitions, financing events
(d) Affiliates
- Internal operational purposes
9. International Data Transfers
We may transfer personal information to jurisdictions outside your own, including the United States.
Where required by applicable law, we implement appropriate safeguards for cross-border transfers of personal information, including contractual protections such as standard contractual clauses approved by relevant regulators.
We conduct transfer impact assessments and implement safeguards such as encryption and access controls.
10. Data Security
We implement reasonable administrative, technical, and physical safeguards including:
- Encryption in transit and at rest
- Role-based access controls
- Network monitoring and intrusion detection
- Security testing and audits
- Incident response procedures
No system is completely secure. In the unlikely event that we believe the security of your personal information in our possession or control may have been compromised, we may seek to notify you. As applicable, we will comply with security breach notification requirements.
11. Platform Transparency and Visibility
Due to the nature of the Platform:
- Certain transaction or market activity may be visible to other users
- This may include positions, outcomes, or aggregated activity
While we seek to limit direct identification, activity may in some cases be attributable to you based on behavior, patterns, or external data.
12. Your Rights
You have the following rights with respect to the data we collect:
- Confirm our use of your personal information
- Access personal information we have collected about you, including the right to request certain categories of information and information about third parties to whom we disclosed personal information
- Obtain a copy of your personal information in a portable, usable format
- Delete personal information we have collected from you, subject to legal exceptions
- Correct inaccuracies in your personal information
- Opt out of the sale of personal information, the use of personal information for targeted advertising, and profiling in furtherance of decisions that produce legal or similarly significant effects
- Limit use of sensitive personal information
We do not sell personal information for monetary consideration.
We may disclose certain identifiers, device information, internet or network activity information, and similar information to analytics, advertising, and marketing partners, including providers such as Google Analytics or Meta Pixel, for purposes of analytics, advertising, and marketing. Under certain U.S. state privacy laws, these disclosures may be considered a “sale,” “sharing,” or use for targeted advertising. These activities are subject to opt-out rights.
Where you have given us consent to process your personal information for a specific purpose, you may withdraw that consent for processing that has not yet occurred.
While we hope that we can resolve any questions or concerns you may have, you may lodge complaints with a supervisory authority.
13. Exercising Your Rights
Contact:
- Email: [email protected]
- Address: 255 California St., 6th Floor, San Francisco CA 94111
- Phone: 1 (800) 289-5290
We may authenticate your identity by asking you to verify your identity via email or over the phone. We reserve the right to verify the identity of any person making a request to opt-out or to delete or modify personal information; provided, however, that we will have no liability of any kind resulting from false or erroneous requests or any change or deletion made by us for any reason.
We will respond within applicable legal timelines (typically 30–45 days).
If 45 days after you send us a request, we have not responded to your request or asked for additional time to respond to your request, or we inform you that we decline to take action regarding your request, you have the right to appeal our failure to take action by contacting [email protected]. For us to properly process your appeal, you must use “Rights Request Appeal” as the subject line of your email.
You also have the right to not be discriminated against for exercising any of your rights.
Authorized agents may submit requests on behalf of California residents.
14. Cookies and Tracking
We use cookies for:
- Core functionality
- Analytics
- Personalization
You can manage preferences through browser settings or the Platform’s cookie banner
14A. Privacy Signals
We may recognize opt-out preference signals such as Global Privacy Control (GPC) where required by law.
15. Children’s Privacy
The Platform is not intended for individuals under 18.
We may implement age verification measures and reserve the right to suspend accounts suspected of underage use.
16. Changes to This Policy
We may update this Privacy Policy periodically and will provide notice of material changes by email, as required. If you do not agree with the changes, you must stop using our site and services. You can also withdraw your consent to any further processing of your personal information.
17. Contact
Email: [email protected]
END OF DOCUMENT