Last updated: May 2026
In compliance with the Federal Law on Protection of Personal Data Held by Private Parties (hereinafter, the “Law”), its Regulations and other applicable legal provisions, this Privacy Notice is hereby made known to you, with the purpose of informing you of the information we will collect from you, the purposes thereof and the other obligations contemplated in the Law, its Regulations and other applicable legal provisions.
You are hereby informed that you have the right to self-determine the legal treatment and control of the information you provide to us, so that the data is used for the purpose for which it was intended, preserving its confidentiality and privacy.
POLIBIT, S.A.P.I. DE C.V., commercially known as “PoliBit” (hereinafter, “PoliBit”), with address at Calle San Juan Capistrano, number 107, Fraccionamiento Nuevo Bernardez, in the City of Guadalupe, Zacatecas, Mexico, ZIP Code 98610, is responsible for the processing of your personal data collected by PoliBit through any electronic means, paper format, the electronic format of the application or the website at www.polibit.io, telephone or any other means whose purpose is the collection of personal data, as well as for safeguarding the privacy of the data that you provide to us as a client or potential client, hereby informing you that your information will be processed exclusively for the purposes set forth in this Privacy Notice, in accordance with the provisions of the Law. PoliBit offers technological infrastructure services (Infrastructure-as-a-Service, “IaaS”) under a Software-as-a-Service (“SaaS”) model for the management of investment vehicles, enabling Managers (Fund Managers, Sponsors, Family Offices and Developers) to operate funds, trusts, SPVs, corporations, LLCs and syndications on a white-label basis. PoliBit does not take custody of assets, does not intermediate financial transactions and is not a party to the contractual relationships between Managers and their Investors or Limited Partners (“LPs”).
Personal Data Officer of POLIBIT: admin@polibit.io
Address: Calle San Juan Capistrano, number 107, Fraccionamiento Nuevo Bernardez, in the City of Guadalupe, Zacatecas, Mexico, ZIP Code 98610.
Email: admin@polibit.io
Telephone: +52 492 491 0708
The personal data that PoliBit will request, or may come to request, from its Users are:
A. Site Visitor Data: contact data (name, email, telephone where applicable); usage data: cookies, browsing metrics, IP address, device identifiers.
B. Manager Data (B2B Clients): contact data (name, email, telephone, title, company); tax data (RFC, business name, registered tax address); commercial data related to the investment vehicle operated through the Platform.
C. Investor / LP Data (PoliBit as Data Processor on behalf of the Manager pursuant to Article 49 of the LFPDPPP Regulations): contact data (name, email, telephone); financial and asset operational data (commitment, capital paid, distributions, bank account or wallet for distributions, capital call records); tax data (RFC or Tax ID); KYC status (approved/rejected indicator and date — identity documents and detailed AML data reside with the KYC/AML provider contracted by POLIBIT, which acts as the direct Data Controller for such processing); Platform activity data (login timestamps, LP Portal access, notice downloads); capital call notice and distribution notice PDFs.
Pursuant to Article 8 of the Law, with respect to the personal data referred to above, it shall be understood that you tacitly consent to the processing of your personal data when, having been made available this Privacy Notice, you do not express your opposition. The financial and asset operational data of Investors (commitment, capital paid, distributions, bank accounts or wallets) constitute Patrimonial Personal Data under the LFPDPPP Regulations. PoliBit applies enhanced security measures for their processing, including encryption at rest and in transit, and processes them exclusively under the instruction of the Manager in its capacity as Data Controller.
We hereby inform you that PoliBit will not collect any sensitive data from you.
In accordance with applicable legal provisions, the processing of the personal data collected shall be used for: (i) the provision of the POLIBIT Service, including the management of Capital Calls, distributions, KYC/AML, and reporting for Managers and Investors; (ii) the authentication and administration of user accounts in the LP Portal and the Management Panel; (iii) compliance with contractual obligations with PoliBit’s Managers (B2B Clients); (iv) the analysis and improvement of the Platform; (v) sending institutional communications regarding PoliBit and the fund management sector (subject to prior consent where required); (vi) compliance with applicable legal and regulatory obligations; and (vii) carrying out all kinds of legal acts within PoliBit’s corporate purpose.
PoliBit may share the personal data provided by you with the different departments of the corporate group, as well as with the different subsidiary, affiliated and controlling companies of PoliBit, whether located within the Mexican Republic or abroad, for the purposes set forth in this Privacy Notice and to comply with the contractual obligations PoliBit may have with you as the holder of the corresponding personal data. Likewise, PoliBit may share the information provided by you with any data processor it may designate, in accordance with Article 49 of the Regulations of the Law. PoliBit assumes two distinct roles with respect to the processing of personal data depending on the data subject: (a) Data Controller, with respect to the data of Site Visitors and Managers (B2B Clients) that directly contract PoliBit’s services; (b) Data Processor pursuant to Article 49 of the LFPDPPP Regulations, with respect to the personal data of Investors (LPs) that the Manager incorporates into the Platform. In this case, the Data Controller is the Manager, who determines the purposes and means of processing, and PoliBit acts exclusively under its instructions pursuant to the Data Processing Agreement entered into between the parties.
PoliBit may share some of your personal data with other companies for the purposes of data verification, as well as transferring data consisting of certain financial information to third parties.
Likewise, PoliBit may transfer personal data to the following data processors and sub-processors, who provide services integrated into the Platform: a) Identity verification and KYC/AML provider, with jurisdiction in the European Union and subject to the GDPR; b) Electronic document signing provider, with jurisdiction in the United States of America, pursuant to Article 36 of the LFPDPPP; c) Cross-border payment and settlement processing provider, with jurisdiction in the United States of America, pursuant to Article 36 of the LFPDPPP; d) Card payment processing provider, with jurisdiction in the United States of America and global jurisdictions, pursuant to Article 36 of the LFPDPPP; e) Institutional communications and email marketing provider, with jurisdiction in the European Union and subject to the GDPR; f) Web analytics provider, pursuant to Article 36 of the LFPDPPP; g) Public layer-2 blockchain network for the issuance of Tokens; the on-chain record is public and immutable in nature. The updated list of sub-processors is available to Managers and Investors upon request addressed to admin@polibit.io. PoliBit may disclose personal data when there is a court order or a legitimate request from a competent authority, in strict compliance with the applicable legal framework. PoliBit does not disclose data to the National Banking and Securities Commission (CNBV) or to any other financial regulator, as it is not a regulated entity under Mexican financial legislation.
To carry out the collection of personal data, PoliBit is governed by the principles of lawfulness, quality, consent, information, purpose, loyalty, proportionality and accountability established in the Law. We collect the data of the data subject in person or by electronic means, the Website, email, courier, telephone, among others, in order to guarantee their reliability. Additionally, PoliBit may obtain information through lawful means established by the Law, including, among others, telephone directories, public databases such as that of the Public Registry of Property and Commerce, or any other agency or public source of information. In addition to the foregoing, for the purposes set forth in this Privacy Notice, personal data may be collected in various ways: when you provide them directly to us; when you visit our application or website or use our online services; and when we obtain information through other sources that are permitted by the Law.
Any information concerning an identified or identifiable natural person that is provided on our website may also be collected.
In order to enable you to limit the use and disclosure of the data collected by PoliBit, we make the following means available to you: (i) the registration of the data in the Public Registry maintained by the Federal Consumer Prosecutor’s Office (PROFECO), so that your personal data are not used to receive advertising or promotions from companies offering goods and services. For more information on this registry, you may consult PROFECO’s website or contact PROFECO directly; (ii) your registration on an exclusion list, so that your personal data are not processed by PoliBit for marketing, advertising or commercial prospecting purposes.
You have the right to access your personal data that we hold and to the details of their processing, as well as to rectify them in the event they are inaccurate or incomplete; to cancel them when you consider that they are not required for any of the purposes set forth in this Privacy Notice, are being used for purposes for which you have not consented, or the contractual or service relationship has ended; or to object to their processing for specific purposes.
The mechanisms implemented for the exercise of such ARCO rights consist of submitting a written request by email, addressed to the Personal Data Officer of POLIBIT at admin@polibit.io, with the following information:
a) Full name of the data subject.
b) Address of the data subject or email address to which the response to the request may be sent.
c) Official documents evidencing identity.
d) For legal entities, it is necessary to attach the documents evidencing the legal existence of the company, as well as those containing the powers and authority of the legal representative, and the official identification of the legal representative.
e) Clear and precise description of the personal data with respect to which one of your rights is to be exercised.
f) Any other element or document that facilitates the location of the personal data, as well as any other document required by the legislation in force at the time the request is submitted.
The request shall be resolved within a period of 20 (twenty) business days following the date of receipt of the request. Notwithstanding the foregoing, PoliBit shall at all times have the right to extend the aforementioned period on one occasion only, for an equal period, provided that it is justified and the circumstances of the case so warrant. For Data Subjects located in the European Union, in addition to ARCO rights, the right to data portability set forth in Article 20 of the European Union’s General Data Protection Regulation (“GDPR”) applies, pursuant to which the Data Subject may request to receive their personal data in a structured, commonly used and machine-readable format. In the event that PoliBit does not favorably address your request, or if the Data Subject considers the response to be unsatisfactory, the Data Subject may refer the matter to the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) to initiate the corresponding rights protection proceeding within fifteen (15) days following the date on which the Data Subject receives PoliBit’s response or on which the response period expires.
The exercise of the rights of access, rectification, cancellation or objection may be denied in the following circumstances:
When the applicant is not the data subject or the legal representative of the legal entity, and/or does not evidence the legal existence of the entity it represents, or its powers and authority are insufficient to exercise the rights in question.
When PoliBit’s databases do not contain the personal data of the applicant.
When third-party rights would be impaired.
When there is a legal impediment or a resolution of a judicial or administrative authority.
When the rectification, cancellation or objection has been previously carried out, such that the request lacks subject matter.
Additionally, PoliBit shall not be obliged to cancel your personal data in any of the following circumstances:
When the data refer to the parties to a private, social or administrative contract and are necessary for its performance and fulfillment.
When they must be processed by legal provision.
When cancellation would hinder judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes, or the imposition of administrative sanctions.
When the data are necessary to protect the legally protected interests of the data subject.
When the data are necessary to carry out an action in the public interest.
When the data are necessary to fulfill a legally acquired obligation of the data subject.
When the data are subject to processing for the prevention or medical diagnosis or for the management of healthcare services, provided that such processing is carried out by a healthcare professional subject to a duty of confidentiality.
At any time, you may revoke the consent you have granted us for the processing of your personal data, so that we cease using them. To do so, it is necessary to submit a request to the Personal Data Officer of POLIBIT (admin@polibit.io), which must contain the following information:
a) Full name of the data subject.
b) Address of the data subject or email address to which the response to the request may be sent.
c) For natural persons, official documents evidencing identity.
d) For legal entities, it is necessary to attach the documents evidencing the legal existence of the company, as well as those containing the powers and authority of the legal representative, and the official identification of the legal representative.
e) Expressly state the request to revoke consent for the processing of personal data, indicating the reasons for which such revocation is sought.
Your request shall be addressed within a maximum period of 20 (twenty) business days, and we shall inform you of the outcome through the means indicated in your request.
It should be noted that, notwithstanding your request, PoliBit shall retain the right to process certain information as permitted or required by the Law.
You are hereby informed that once the purpose or purposes of the processing have been fulfilled and where no legal, administrative or regulatory provision establishes otherwise, the data shall be cancelled following prior blocking, for their subsequent deletion.
PoliBit undertakes to implement the technological and administrative security measures to protect your personal data against unauthorized processing, whether on its own behalf or through the engagement of a third party for such purpose. For this purpose, the information provided shall be safeguarded in databases that have the highest security and encryption technology to prevent information leaks.
PoliBit reserves the right to make modifications or updates to this Privacy Notice at any time, in response to legislative developments, internal policies or new requirements for the provision or offering of our services or products.
It shall be understood that you accept the modifications made to the Privacy Notice when you continue to make use of the Services provided by PoliBit, including those provided through the use of its applications or websites.
POLIBIT uses cookies and similar technologies (web beacons, tracking pixels and local storage) on the Site and the Platform. The details of the types of cookies used, their purpose, the authorized third-party providers, the applicable retention periods and the management mechanisms available to the Data Subject are set out in POLIBIT’s Cookie Policy, available at https://www.polibit.io/cookie-policy, which forms an integral part of this Privacy Notice.
This Privacy Notice complies with all applicable provisions set forth in the Law, its Regulations and other applicable legal provisions.
Access to or use of the Site or the Platform implies acceptance of this Privacy Notice and the express consent for the processing of the Data Subject’s personal data in accordance with the terms set forth herein, including their transfer as provided in this instrument, pursuant to Article 8 of the LFPDPPP and Articles 1803 and 1834 Bis of the Federal Civil Code.
This Privacy Notice is published in its Spanish and English versions. The Spanish version is the binding version. The English version constitutes a courtesy translation. In the event of any discrepancy between both versions, the Spanish version shall prevail.