This Privacy Policy describes how Ethio American LLC, operating the Crestmont platform at crestmont.co.com, collects, uses, discloses, and safeguards personal information from users of our cryptocurrency exchange and digital wallet services. This policy is written in accordance with applicable US federal law including the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable state and federal privacy frameworks.
By accessing or using the Crestmont platform, you acknowledge that you have read and understood this Privacy Policy. This policy applies to all users of the platform, including registered account holders and visitors to our website.
The data controller for all personal information collected through the Crestmont platform is:
Ethio American LLC
539 S Orange Ave
Sarasota, FL 34236
Email: support@crestmont.co.com
Phone: +1 (941) 955-7859
Ethio American LLC is registered with the Financial Crimes Enforcement Network (FinCEN) as a Money Services Business (MSB). As such, we are subject to federal data retention and reporting obligations under the Bank Secrecy Act (BSA), 31 U.S.C. 5311 et seq., which may supersede certain privacy preferences in specific circumstances.
We collect personal information in several categories depending on your relationship with the Crestmont platform:
To comply with our Know Your Customer (KYC) obligations under the USA PATRIOT Act (31 U.S.C. 5318(l)) and FinCEN Customer Identification Program rules (31 CFR 1020.220), we collect: full legal name, date of birth, government-issued identification number (Social Security Number or Individual Taxpayer Identification Number), copy of government-issued photo ID, and residential address.
Email address, phone number, and mailing address for account communications, regulatory notices, and customer service purposes.
Bank account details or payment method information used to fund your Crestmont wallet, transaction history including dates, amounts, asset types, wallet addresses involved, and counterparty information where applicable.
IP address, browser type, operating system, device identifiers, session duration, pages visited, and clickstream data collected automatically through our website and platform. This information is collected through cookies and similar tracking technologies as described in our Cookie Policy.
Records of communications with our customer service team, including email correspondence, phone call logs, and any written submissions including complaints or error reports.
Ethio American LLC uses collected personal information for the following purposes:
To create and maintain your account, process exchange transactions and wallet operations, verify your identity as required by law, communicate account status and transaction confirmations, and provide customer support.
To fulfill our obligations under the Bank Secrecy Act, USA PATRIOT Act, and FinCEN regulations including Customer Identification Program requirements, transaction monitoring, Suspicious Activity Report (SAR) filing, Currency Transaction Report (CTR) filing for qualifying transactions, and OFAC sanctions screening.
To detect, investigate, and prevent fraudulent transactions, unauthorized account access, and other security incidents. This includes automated monitoring of transaction patterns and manual review where warranted.
To respond to lawful requests from law enforcement, regulatory agencies, or courts, including FinCEN, the IRS, state financial regulators, and federal law enforcement agencies.
To analyze usage patterns and improve the functionality, usability, and performance of the Crestmont platform. Aggregated, de-identified data may be used for this purpose.
Our processing of personal information is grounded in multiple legal bases:
Contractual Necessity: Processing necessary to provide the services you have requested under our Terms of Use, including account creation, transaction processing, and wallet management.
Legal Obligation: Processing required to comply with federal and state law including BSA recordkeeping requirements (31 CFR 1010.400-1010.430), FinCEN reporting obligations, and applicable state money transmission regulations.
Legitimate Interests: Processing for fraud prevention, security monitoring, and platform improvement where these interests do not override your privacy rights.
Consent: For certain non-essential data uses including marketing communications, where we obtain your explicit consent before processing.
We do not sell personal information to third parties. We may disclose personal information in the following circumstances:
We engage third-party service providers for identity verification services, payment processing, cloud infrastructure, and compliance software. These providers are contractually bound to process personal information only as directed by Ethio American LLC and in accordance with applicable law.
As a FinCEN-registered MSB, we are required by law to file SARs and CTRs with FinCEN. We may also disclose information in response to lawful subpoenas, court orders, or requests from federal or state regulatory agencies including the IRS, OFAC, and state financial regulators. These disclosures may be made without prior notice to you where legally required.
In the event of a merger, acquisition, or sale of substantially all assets of Ethio American LLC, personal information may be transferred to the successor entity, subject to equivalent privacy protections.
We may share information with industry fraud prevention services and networks to identify and prevent fraudulent activity, consistent with applicable law.
Personal information is retained in accordance with our legal obligations and legitimate business needs:
BSA Recordkeeping: Transaction records, account information, and KYC documentation are retained for a minimum of five (5) years from the date of the transaction or account closure, as required by 31 CFR 1010.430 and related regulations.
Account Data: Account information is retained for the duration of the account relationship and for a minimum of five years following account closure.
Communications: Customer service communications are retained for a minimum of two years for quality assurance and dispute resolution purposes.
Technical Logs: Server logs and technical usage data are retained for up to twelve months for security and performance purposes.
Retention periods may be extended where required by law, ongoing investigations, or pending litigation.
California residents have specific rights under the California Consumer Privacy Act (Cal. Civ. Code 1798.100 et seq.) as amended by the California Privacy Rights Act. These rights are subject to limitations where compliance would conflict with our federal legal obligations under the BSA or other applicable law.
You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collection, and the categories of third parties with whom it has been shared.
You have the right to request deletion of personal information we hold about you, subject to exceptions including our legal obligation to retain records under the BSA and other applicable regulations.
You have the right to request correction of inaccurate personal information, subject to verification and our legal obligations.
We do not sell personal information as defined under the CCPA. No opt-out mechanism is required for this purpose.
We will not discriminate against you for exercising your CCPA rights.
Submit requests to support@crestmont.co.com or by mail to 539 S Orange Ave, Sarasota, FL 34236. We will verify your identity before processing any request and respond within 45 days, with a possible extension of an additional 45 days where reasonably necessary.
Ethio American LLC implements administrative, technical, and physical safeguards to protect personal information from unauthorized access, disclosure, alteration, or destruction. These measures include TLS 1.3 encryption for data in transit, AES-256 encryption for data at rest, multi-factor authentication requirements, role-based access controls with principle of least privilege, regular security assessments, and employee training on information security and privacy obligations.
No security system is impenetrable. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and applicable regulatory authorities as required by applicable law.
The Crestmont platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. Account creation requires confirmation that the applicant is 18 years of age or older. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information and close the associated account.
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or regulatory requirements. Material changes will be communicated to registered account holders by email and posted on the Crestmont platform with an updated effective date. Continued use of the platform following notification of material changes constitutes acceptance of the revised policy.
For questions, concerns, or requests related to this Privacy Policy or our data practices, contact us at:
Ethio American LLC - Privacy
539 S Orange Ave, Sarasota, FL 34236
Email: support@crestmont.co.com
Phone: +1 (941) 955-7859