1. Introduction

This Privacy Policy describes how AAYT LLC, a Delaware limited liability company ("Company," "we," "our," or "us") collects, uses, discloses, and safeguards personal information obtained through our website (the "Site") and in connection with our AML (Anti-Money Laundering) operations advisory services (the "Services").

By using our Site or engaging our Services, you acknowledge that you have read and understood this Privacy Policy. This Policy applies to all visitors and clients, including those located in the United States, the European Union, and other jurisdictions worldwide.

2. Information We Collect

Information you provide directly

We collect personal information that you voluntarily provide to us, including:

• Name, job title, and professional contact information, including email address, phone number, and mailing address.
• Information submitted through our website contact form.
• Information provided when subscribing to our newsletter or marketing communications.
• Communications you send to us directly.

Information collected automatically

When you visit our Site, we automatically collect certain technical data, including IP address and approximate geographic location, browser type, version, operating system, device identifiers, device type, pages visited, time spent on pages, referring URLs, cookie identifiers, and similar tracking technologies.

Information from third parties

We may receive information about you from third-party vendors, advertising partners, and service providers, including analytics providers and marketing platforms, subject to those parties' own privacy policies.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

• To provide, operate, and improve our AML advisory Services.
• To respond to inquiries submitted through our contact form.
• To send newsletters, updates, and marketing communications where you have opted in.
• To comply with applicable legal obligations, including AML/KYC regulatory requirements.
• To analyze Site usage and improve user experience.
• To detect, prevent, and address fraud, security incidents, and abuse.
• To enforce our Terms of Use or other agreements.

4. Legal Bases for Processing

If you are located in the European Union or European Economic Area, we process your personal data under the General Data Protection Regulation (GDPR) on the following legal bases:

• Performance of a contract, to provide Services you have requested or entered into a contract for.
• Legal obligation, to comply with regulatory requirements.
• Legitimate interests, to operate and improve our business, provided such interests are not overridden by your rights.
• Consent, where you have provided explicit consent, such as subscribing to our newsletter. You may withdraw consent at any time.

5. Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies to enhance your experience, analyze traffic, and support our advertising efforts. The types of cookies we use include essential cookies, analytics cookies, and advertising or targeting cookies.

You may control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Site. Where required by law, including under the EU ePrivacy Directive and GDPR, we will obtain your consent before placing non-essential cookies.

6. Disclosure of Information

We may share personal information with third-party vendors and service providers that assist us in operating our Site and delivering our Services. This includes SaaS platforms, cloud hosting providers, email marketing tools, CRM systems, and analytics providers.

We may share certain technical data with advertising partners to deliver targeted advertisements and measure advertising effectiveness. We do not sell your personally identifiable information to advertisers.

We may disclose your information where required by law or in response to valid requests by public authorities, including to comply with AML regulations, court orders, subpoenas, or other legal processes. Your information may also be transferred in connection with a merger, acquisition, reorganization, or sale of assets.

7. International Data Transfers

Our operations are based primarily in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the U.S., where data protection laws may differ from those in your country.

For transfers of personal data from the European Economic Area to the United States or other third countries, we rely on appropriate transfer mechanisms as required by applicable law, including Standard Contractual Clauses approved by the European Commission, where applicable.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including:

• Client data related to AML advisory engagements for the period required by applicable AML regulations and financial laws, which may include retention periods of five years or longer.
• Contact form and newsletter data until you request deletion, opt out, or as otherwise required by law.
• Technical and log data generally for up to 24 months, unless a longer retention period is required.

When personal information is no longer needed, we will securely delete or anonymize it in accordance with applicable law.

9. Your Privacy Rights

Depending on your state of residence, you may have rights under applicable U.S. privacy laws, including the California Consumer Privacy Act as amended by the CPRA. These rights may include the right to know, access, delete, or correct personal information we hold about you, and the right to opt out of the sale or sharing of personal information.

If you are located in the EU, EEA, or United Kingdom, you may have rights under the GDPR or UK GDPR, including rights of access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent where processing is based on consent. You also have the right to lodge a complaint with your local data protection authority.

To exercise any applicable rights, please contact us using the information below.

10. Data Security

We implement reasonable and appropriate technical and organizational measures designed to protect your personal information against unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

11. Children's Privacy

Our Site and Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete it promptly.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have a concern about how we handle your personal information, please contact us at:

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or for other operational or legal reasons. When we make material changes, we will update the Effective Date at the top of this Policy and, where required by law, provide you with appropriate notice. Your continued use of our Site or Services after the updated Policy is posted constitutes your acceptance of the changes.