Privacy & Data

Privacy Policy

JHD Investment Group LLC (d/b/a eWallet) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and protect your personal information.

Effective Date: December 7, 2025Privacy Questions? Contact Us

At a Glance

  • We collect information necessary to verify identity, operate your wallet, and comply with regulations.
  • Your data is protected with encryption, tokenization, and industry-standard security measures.
  • We do not sell your personal information.
  • We share data with partners only as necessary to provide our services.

Key Disclosures

eWallet is not a bank. Banking services are provided by our partner banks.

Terms of ServiceCookie Policy

1. Introduction

JHD Investment Group LLC ("eWallet," "we," "us," or "our") provides digital wallet services, payment processing, debit card issuance, business invoicing, and related financial technology solutions.

eWallet is not a bank. We are a financial technology company registered with FinCEN as a Money Services Business (MSB #31000303711381). Wallet funds are held in custodial accounts at partner banks, including Chase Bank. The eWallet Debit Card is issued by Sunrise Banks, N.A., Member FDIC, pursuant to a license from Mastercard.

This Privacy Policy describes how we collect, use, disclose, store, and protect your information when you use our mobile apps, web applications, business portals, and related services (collectively, the "Services").

By using our Services, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use our Services.

2. Information We Collect

We collect personal and business information necessary to verify your identity, operate your wallet, process transactions, issue cards, maintain regulatory compliance, and protect the platform.

2.1 Identity Verification Information (KYC/KYB)

For individuals (KYC):

  • Full legal name
  • Date of birth
  • Residential address
  • Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN)
  • Government-issued ID (driver's license, passport, state ID)
  • Selfie or photo for identity matching
  • Email address and phone number

For businesses (KYB):

  • Legal business name and DBA
  • Employer Identification Number (EIN)
  • Business address
  • State of incorporation and formation documents
  • Beneficial ownership information (owners with 25%+ ownership)
  • Business license or registration documents
  • Authorized representative information

2.2 Financial & Transaction Information

  • Bank account information (account and routing numbers, via Plaid tokens)
  • Debit card information (tokenized via Stripe)
  • Wallet transaction history (deposits, withdrawals, transfers)
  • Debit card transaction history
  • ACH, RTP, and wire transfer details
  • Invoice and payment records
  • Dispute and chargeback records

2.3 Device & Technical Information

  • Device type, model, and operating system
  • Device identifiers (IMEI, advertising ID)
  • IP address and geolocation data
  • Browser type and version
  • App version and crash reports
  • Session duration and feature usage

2.4 Communications Data

  • Customer support messages and call recordings
  • Dispute documentation
  • Application forms and onboarding data
  • Survey responses and feedback

2.5 Sensitive Permissions

Our mobile app may request access to:

  • Camera: For scanning IDs, taking selfies for identity verification, and scanning QR codes
  • Photo Library: For uploading ID documents or profile photos
  • Location: For fraud detection and compliance purposes
  • Biometrics: For secure app authentication (Face ID, Touch ID, fingerprint)
  • Push Notifications: For transaction alerts and security notifications

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

  • Create and manage your account
  • Process deposits, withdrawals, and transfers
  • Issue and manage your debit card
  • Process invoice payments
  • Provide customer support

3.2 Identity & Compliance

  • Verify your identity (KYC) and business (KYB)
  • Screen against OFAC sanctions lists and watchlists
  • Monitor transactions for fraud and suspicious activity
  • File required regulatory reports (including SARs)
  • Comply with anti-money laundering (AML) requirements

3.3 Security & Fraud Prevention

  • Detect and prevent unauthorized access
  • Monitor for suspicious transactions
  • Investigate security incidents
  • Protect against fraud and abuse

3.4 Communications

  • Send transaction confirmations and alerts
  • Provide account and security notifications
  • Respond to customer inquiries
  • Send service updates and legal notices

3.5 Improvements & Analytics

  • Analyze usage patterns to improve services
  • Develop new features and products
  • Conduct research and analysis
  • Debug and fix technical issues

We do not sell your personal information.

4. How We Share Your Information

We share information only as necessary to provide our services or when required by law.

4.1 Financial Service Partners

We share information with our banking and service partners to provide the Services:

  • Chase Bank: Custodial banking for wallet funds
  • Checkbook.io: ACH, RTP, ledgering, and payment processing
  • Sunrise Banks, N.A. / Onbe: Debit card issuance and management
  • Plaid: Bank account verification and identity verification (KYC)
  • Middesk: Business verification (KYB)
  • Stripe: Card funding and tokenization

4.2 Fraud & Risk Partners

  • Fraud detection and prevention services
  • Identity verification services
  • Watchlist and sanctions screening providers

4.3 Legal & Regulatory Disclosures

We may disclose information to:

  • Comply with legal obligations, subpoenas, or court orders
  • Respond to government or regulatory requests
  • File legally required reports (including Suspicious Activity Reports)
  • Protect our rights, property, or safety
  • Enforce our Terms of Service

Important: We may file Suspicious Activity Reports (SARs) without notice as required by law. We are prohibited from informing you if a SAR has been filed.

4.4 Service Providers

We use third-party providers for:

  • Cloud hosting and infrastructure (Vultr)
  • Email and communication services
  • Analytics and monitoring
  • Customer support tools

4.5 ISO/Agent Sharing

If you were referred by an ISO (Independent Sales Organization) partner, we may share limited account information such as activation status and account tier. We do not share full transaction data or sensitive personal information with ISO partners.

4.6 Business Transfers

If eWallet is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

5. Our Service Partners

We partner with regulated financial institutions and service providers to deliver our Services. Your use of eWallet involves sharing data with these partners:

PartnerRoleData Shared
Chase BankCustodial BankingAccount data, transaction data
Checkbook.ioACH, RTP, LedgeringBank account data, transaction data
Sunrise Banks / OnbeCard IssuingIdentity data, card transaction data
PlaidKYC, Bank LinkingIdentity data, bank account data
MiddeskBusiness VerificationBusiness data, beneficial ownership
StripeCard FundingCard data (tokenized)
VultrHosting InfrastructureEncrypted data storage

Each partner maintains their own privacy policy and data protection practices. Links to partner privacy policies are available upon request.

6. Data Security

We implement industry-standard security measures to protect your data:

6.1 Encryption

  • Data in transit is encrypted using TLS 1.2+
  • Data at rest is encrypted using AES-256
  • Sensitive fields use additional application-level encryption

6.2 Payment Card Security

Card funding, tokenization, and payment processing occur within PCI DSS–compliant environments provided by our authorized third-party processors. We do not store raw card numbers.

6.3 Infrastructure Security

  • Our production systems operate in SOC 2–certified data centers provided by Vultr
  • Network segmentation and firewall protection
  • Audited access controls and logging
  • Our security controls align with ISO 27001 standards

6.4 Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication for administrative access
  • Regular access reviews and audits
  • Employee security training

6.5 Monitoring & Response

  • 24/7 security monitoring
  • Intrusion detection systems
  • Incident response procedures
  • Regular security assessments

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your data.

7. Data Retention

We retain your data as follows:

7.1 Regulatory Requirements

We are required by anti-money laundering (AML) regulations to retain identity verification data, transaction records, and related compliance data for a minimum of 5 years after account closure or the date of the transaction.

7.2 Retention Periods

  • Identity & KYC/KYB Data: Minimum 5 years after account closure
  • Transaction Records: Minimum 5 years from transaction date
  • Account Information: Duration of account plus 5 years
  • Customer Support Records: 3 years or as required for disputes
  • Device & Technical Data: Up to 2 years
  • Marketing Data: Until consent is withdrawn

7.3 After Retention Period

After the required retention period, data is securely deleted or anonymized. Some aggregated, anonymized data may be retained indefinitely for analytics and research purposes.

8. Your Privacy Rights

Subject to applicable law, you may have the following rights:

8.1 Access

You can request a copy of the personal information we hold about you.

8.2 Correction

You can request correction of inaccurate or incomplete personal information.

8.3 Deletion

You can request deletion of your personal information, subject to legal retention requirements. Due to AML regulations, we must retain certain data for a minimum of 5 years.

8.4 Data Portability

You can request a copy of your data in a structured, commonly used format.

8.5 Opt-Out

You can opt out of marketing communications at any time.

8.6 How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: privacy@ewallet.app
  • Phone: 1-877-827-0995

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

9. Cookies & Tracking Technologies

We use cookies and similar technologies for:

  • Essential: Authentication, security, and basic functionality
  • Fraud Prevention: Device fingerprinting and risk assessment
  • Performance: Site performance and error monitoring
  • Analytics: Usage patterns and feature adoption

See our Cookie Policy for detailed information about the cookies we use and how to manage your preferences.

10. International Data Transfers

Your data is primarily processed and stored in the United States. If you access our Services from outside the United States, your information will be transferred to and processed in the United States.

By using our Services, you consent to the transfer of your information to the United States and other countries that may have different data protection laws than your country of residence.

11. Children's Privacy

Our Services are not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately at privacy@ewallet.app.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

12.1 Right to Know

You can request information about the categories and specific pieces of personal information we collect.

12.2 Right to Delete

You can request deletion of personal information, subject to legal exceptions.

12.3 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

12.4 Notice at Collection

We collect the following categories of personal information:

  • Identifiers (name, SSN, address, email, phone)
  • Financial information (bank accounts, transaction data)
  • Biometric information (facial recognition for ID verification)
  • Internet/network activity (IP address, device data)
  • Geolocation data
  • Professional information (for business accounts)

12.5 Do Not Sell

We do not sell personal information. We do not and will not sell your personal information to third parties.

To exercise your CCPA rights, contact us at privacy@ewallet.app or call 1-877-827-0995.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will post the updated policy with a new effective date
  • We will notify you via email or in-app notification for significant changes
  • Your continued use after the effective date constitutes acceptance

We encourage you to review this Privacy Policy periodically for any updates.

14. Contact Information

For privacy-related questions, data requests, or concerns:

Privacy Team

  • Email: privacy@ewallet.app
  • Phone: 1-877-827-0995

Data Protection

  • Email: dpo@ewallet.app

Mailing Address

  • JHD Investment Group LLC
  • Attn: Privacy Team
  • 830 Julie Rivers Dr, Suite 203
  • Sugar Land, TX 77478

Privacy Questions?

Our team is available to answer questions about data handling and your privacy rights.