Fire Markets

Privacy Policy

Fire Markets LLC

Last Updated: March 5, 2026

This Privacy Policy explains how Fire Markets LLC (“Fire Markets,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information when you visit or use our website at firemarkets.cx (the “Site”) and related services that reference this Privacy Policy (collectively, the “Services”).

Important Notice: Not a Bank

Fire Markets is not a bank or trust company. Banking services are provided through partnerships with regulated financial institutions. Fire Markets does not itself offer deposit accounts.

1. Who We Are

Fire Markets LLC provides institutional-focused infrastructure and technology for digital asset and foreign exchange operations, including money transmission, stablecoin liquidity, and cross-border settlement services. Fire Markets is registered with FinCEN as a Money Services Business (MSB Registration No. 31000318885084) and has applied for state money transmission licensure (NMLS ID: 2796815); the Illinois application is pending. Depending on how you interact with us, we may act as a “data controller” (or “business” under U.S. state privacy laws) or as a “processor” (or “service provider”) for certain data.

2. Information We Collect

2.1 Information You Provide to Us

  • Contact Information: full legal name, email address, telephone number, mailing address, company name, and job title.
  • Account Information: username, authentication credentials, security questions, and other information you provide when creating or administering an account.
  • Financial and Transactional Information: bank account numbers, routing numbers, payment card details, wallet addresses, transaction history, settlement instructions, source-of-funds documentation, and operational details submitted through the Services.
  • Compliance and Identity Verification Information: date of birth, government-issued identification documents (e.g., driver's license, passport), tax identification numbers, beneficial ownership details, address verification, and any other information required to comply with Know Your Customer (KYC), Know Your Business (KYB), Bank Secrecy Act (BSA), anti-money laundering (AML), and sanctions screening requirements.
  • Business Information (Institutional Clients): corporate formation documents, officer/director details, authorized signatory information, operating licenses, and financial statements as part of KYB onboarding and ongoing due diligence.
  • Communications: information you provide when you contact us, request a demo, complete forms, or correspond with us, including support tickets, emails, and call recordings where permitted by law.

2.2 Information Collected Automatically

  • Device and Usage Data: IP address, device identifiers, browser type and version, operating system, referring/exit pages, pages viewed, timestamps, clickstream data, and approximate location derived from IP address.
  • Cookies and Similar Technologies: we (and our vendors) may use cookies, pixels, local storage, and similar technologies for functionality, security, analytics, and marketing purposes. See Section 7 (Cookies and Tracking Technologies) for details.
  • Log Data: server logs recording requests to our systems, including timestamps, response codes, and data transferred.

2.3 Information We Collect from Third Parties

Plaid Technologies, Inc. (“Plaid”)

If you choose to connect a financial account through our Services, we use Plaid to help you securely link your financial institution account. Depending on your choices, the Plaid products used, and the permissions you grant, Plaid may provide us with information such as:

  • Account identifiers and details (e.g., financial institution name, account type, account balances)
  • Account and routing numbers (where enabled/required)
  • Transaction history and transaction details (where enabled)
  • Account holder identity information (e.g., name, email address, phone number, mailing address) (where enabled)

We do not store your bank login credentials; Plaid manages the authentication process independently. Plaid's collection and use of your information is governed by Plaid's own End User Privacy Policy, available at plaid.com/legal. We encourage you to review Plaid's privacy notices for additional information about how Plaid processes your data and the options available to you.

Identity Verification and KYC/KYB Vendors

We use third-party identity verification and compliance vendors—including Socure, Inc. (“Socure”)—to perform Know Your Customer (KYC) and Know Your Business (KYB) checks in accordance with BSA/AML requirements, the USA PATRIOT Act, and applicable state money transmission laws. These vendors may collect and process:

  • Government-issued identification details (e.g., ID document images, document numbers, expiration dates)
  • Biographical data (name, date of birth, address) cross-referenced against authoritative data sources
  • Device and session intelligence (e.g., device fingerprinting, IP geolocation) for fraud risk scoring
  • Sanctions, politically exposed persons (PEP), and adverse media screening results
  • Business entity verification data (e.g., corporate registration records, beneficial ownership, officer/director information) for KYB purposes

These vendors process your information on our behalf and under our instructions, subject to contractual data protection obligations. We share only the information necessary to verify your identity, assess risk, and comply with regulatory requirements.

Other Third-Party Sources

  • Sanctions and watchlist screening providers (e.g., OFAC, international sanctions databases)
  • Blockchain analytics providers
  • Banking partners and payment processors
  • Credit reporting agencies (where applicable)
  • Cloud infrastructure providers (e.g., Microsoft Azure, Amazon Web Services)
  • Publicly available sources and commercial data providers

3. How We Use Plaid-Sourced Information

We may use information received from Plaid specifically to:

  • Verify bank account ownership and reduce fraud
  • Facilitate payments, transfers, and settlement
  • Provide customer support and troubleshooting related to linked accounts
  • Comply with legal, regulatory, and compliance obligations
  • Improve the Services and enhance risk controls

4. How We Use Personal Information

We use personal information for the following purposes:

  • Providing and Operating Services: processing money transmission transactions, facilitating stablecoin and foreign exchange operations, settling transactions, maintaining your account, and delivering the Services you request.
  • Identity Verification and Regulatory Compliance: performing KYC/KYB checks (including through Socure and other vendors), verifying identity, screening against sanctions lists (including OFAC), and complying with BSA, USA PATRIOT Act, FinCEN requirements, and applicable state money transmission laws.
  • Fraud Prevention and Security: detecting and preventing fraudulent activity, unauthorized access, and other illegal activities; monitoring transactions for suspicious activity; and filing Suspicious Activity Reports (SARs) as required by law.
  • Communications: sending you transaction confirmations, receipts, account alerts, regulatory notices, service-related messages, and (with your consent or where permitted by law) marketing communications.
  • Customer Support: responding to inquiries, troubleshooting issues, and providing technical and operational support.
  • Analytics and Improvement: analyzing usage patterns, conducting research, improving our Services, developing new features, and enhancing security measures.
  • Legal and Regulatory Obligations: complying with applicable laws, regulations, legal processes, and enforceable governmental requests; maintaining required records; and responding to regulatory examinations and audits.
  • Protecting Rights: enforcing our agreements, protecting our rights, users, and the public, and defending against legal claims.

5. How We Disclose Personal Information

We do not sell your personal information. We may disclose personal information to the following categories of recipients:

  • Service Providers and Vendors: third parties that perform services on our behalf, including cloud hosting (Microsoft Azure, AWS), identity verification/KYC/KYB (Socure), payment processing (Global Payments), fraud prevention, sanctions screening, blockchain analytics, customer support, and communications providers. All service providers are bound by contractual data protection obligations.
  • Plaid: when you choose to link or verify a financial account, as described in Sections 2.3 and 3.
  • Banking and Financial Partners: regulated financial institution partners and payment/settlement providers—including Global Payments—as necessary to provide the Services, process transactions, and settle funds.
  • Professional Advisors: legal counsel, auditors, insurers, and consultants as necessary for the operation and protection of our business.
  • Government Authorities and Regulators: we disclose information to government agencies, regulators (including the IDFPR, FinCEN, OFAC, and other state/federal authorities), and law enforcement when required by law, regulation, legal process, or governmental request, or to protect rights and safety.
  • Corporate Transactions: in connection with a merger, acquisition, financing, reorganization, sale of assets, or bankruptcy, your information may be transferred to the acquiring or successor entity, subject to applicable law.

6. Legal Bases for Processing (EEA/UK)

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), we process personal information only when we have a lawful basis:

  • Contract: processing necessary to provide the Services you request or to take steps at your request before entering a contract.
  • Legal Obligation: processing necessary to comply with applicable laws and regulations to which we are subject (e.g., AML/KYC requirements, tax reporting, regulatory record-keeping).
  • Legitimate Interests: processing necessary for our legitimate interests—such as operating our business, securing our systems, preventing fraud, improving the Services, and conducting analytics—provided those interests are not overridden by your data protection rights.
  • Consent: where we rely on your consent (e.g., for certain cookies, marketing communications, or optional data sharing), you may withdraw consent at any time by contacting us.

7. Cookies and Tracking Technologies

We and our vendors may use cookies and similar technologies for the following purposes:

  • Essential: necessary for the Site to function properly, including security, fraud prevention, and session management.
  • Analytics: helping us understand how visitors interact with our Site so we can improve performance, usability, and content.
  • Functional: enabling enhanced features, preferences, and personalization.
  • Marketing/Advertising (if used): where we employ targeted advertising technologies, these cookies help deliver relevant content; you may opt out where required by law through available preference tools.

We do not currently use third-party advertising or behavioral tracking cookies. If this practice changes, we will update this policy and provide appropriate opt-out mechanisms.

Your Choices: You may control cookies through your browser settings and, where implemented, through our cookie banner or preference center. Disabling certain cookies may affect the functionality of the Site. If you are located in the EEA or UK, we will obtain your consent before placing non-essential cookies, in accordance with the ePrivacy Directive and applicable national implementing legislation.

8. International Data Transfers

Your personal information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.

For transfers of personal data from the EEA or the UK to countries not deemed to provide an adequate level of data protection, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Agreement/Addendum, or other lawful transfer mechanisms. By using our Services, you acknowledge and consent to such transfers.

9. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including to satisfy legal, regulatory, accounting, and reporting requirements. Specific retention periods include:

  • Transaction records: minimum five (5) years after the date of the transaction, or longer as required by applicable law (including BSA recordkeeping requirements).
  • KYC/KYB and AML records: minimum five (5) years after the account relationship ends, or longer as required by law.
  • Communications and support records: three (3) years or as otherwise required.
  • Website analytics data: retained in aggregated or anonymized form and may be kept indefinitely.

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies and applicable law.

10. Data Security

We implement and maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption of data in transit (TLS) and at rest
  • Multi-factor authentication and role-based access controls
  • Regular security assessments, penetration testing, and vulnerability scanning
  • Incident response procedures and breach notification protocols
  • Employee and contractor training on data protection and information security

No method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

11. Your Privacy Rights and Choices

11.1 EEA/UK Rights (GDPR / UK GDPR)

If you are located in the EEA or the United Kingdom, subject to certain exceptions you have the following rights:

  • Right of Access: request a copy of the personal data we hold about you.
  • Right to Rectification: request correction of inaccurate or incomplete data.
  • Right to Erasure (“Right to Be Forgotten”): request deletion of your personal data, subject to legal retention obligations.
  • Right to Restrict Processing: request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to Object: object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: where processing is based on consent, withdraw consent at any time.
  • Right to Lodge a Complaint: file a complaint with your local data protection supervisory authority.

11.2 California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: request disclosure of the categories and specific pieces of personal information collected, the sources, purposes, and categories of third parties with whom we share your information.
  • Right to Delete: request deletion of your personal information, subject to certain exceptions (e.g., legal and regulatory retention requirements).
  • Right to Correct: request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: Fire Markets does not sell your personal information and does not share your personal information for cross-context behavioral advertising. If this practice changes, we will provide a “Do Not Sell or Share My Personal Information” mechanism.
  • Right to Limit Use of Sensitive Personal Information: direct us to limit our use of sensitive personal information to purposes necessary for providing the Services.
  • Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights.

11.3 Other U.S. State Privacy Rights

Residents of states with comprehensive privacy laws (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have similar rights to access, correct, delete, and opt out of certain processing. Some states also provide the right to appeal a decision regarding your request.

11.4 Illinois-Specific Rights

If you are an Illinois resident, you may have additional rights under the Illinois Personal Information Protection Act. Fire Markets does not currently collect biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA). If this changes, we will provide notice and obtain consent as required.

11.5 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at privacy[AT]firemarkets.cx or use the contact information in Section 16. We will verify your identity before processing your request and respond within the timeframe required by applicable law. You may also designate an authorized agent to submit a request on your behalf, subject to identity verification.

12. Gramm-Leach-Bliley Act (GLBA) Notice

As a FinCEN-registered Money Services Business and provider of financial services, Fire Markets is subject to the Gramm-Leach-Bliley Act (GLBA) and its implementing regulations. Pursuant to GLBA:

  • Categories of NPI Collected: we collect nonpublic personal information (“NPI”) as described in Section 2, including financial account numbers, transaction history, and account balances.
  • Sharing Practices: we share NPI only as described in Section 5 and as permitted or required by law. We do not share your NPI with nonaffiliated third parties for their own marketing purposes.
  • Opt-Out: because we do not share NPI with nonaffiliated third parties for marketing, no opt-out is currently required. If our practices change, we will provide you with the opportunity to opt out as required by GLBA.
  • Safeguards: we maintain administrative, technical, and physical safeguards to protect NPI as described in Section 10, consistent with GLBA's Safeguards Rule.

13. State Money Transmission Regulatory Notices

Fire Markets is registered with the Financial Crimes Enforcement Network (FinCEN) as a Money Services Business (MSB Registration No. 31000318885084) and has applied for state money transmission licensure through the Nationwide Multistate Licensing System (NMLS ID: 2796815). Our Illinois money transmission license application is currently pending with the Illinois Department of Financial and Professional Regulation (IDFPR). For state-specific regulatory notices, including how to file complaints with your state financial regulator, please refer to our Licenses and Disclosures page on our website or contact us directly.

Illinois Regulatory Notice

Customers of Fire Markets LLC (NMLS ID: 2796815 — Illinois money transmission license application pending) may contact the Illinois Department of Financial and Professional Regulation (IDFPR) with questions or complaints about Fire Markets LLC's money transmission services. IDFPR Phone: 1-888-473-4858 | TTY: 1-866-325-4949.

14. Children's Privacy

The Services are not directed to individuals under the age of 18 (or under 16 in certain jurisdictions), and we do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a child, we will promptly delete that information. If you believe we have inadvertently collected information from a minor, please contact us immediately.

15. Third-Party Links and Services

The Site may contain links to third-party websites or services, or integrate with third-party platforms. This Privacy Policy does not apply to any third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third party before providing your information. Key third-party services currently used by Fire Markets include:

  • Plaid Technologies, Inc. – financial account linking and data retrieval (plaid.com/legal)
  • Socure, Inc. – identity verification, KYC/KYB, and fraud risk assessment
  • Microsoft Azure and Amazon Web Services (AWS) – cloud infrastructure, compute, and data hosting
  • Global Payments – payment processing, merchant acquiring, and transaction settlement
  • Banking partners and other payment/settlement providers – transaction settlement and fund transfers
  • Sanctions and watchlist screening providers – OFAC and international compliance

We require all third-party service providers to process your data only on our instructions, under contractual data protection obligations, and in accordance with applicable data protection laws.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Fire Markets LLC

875 N Michigan Ave, 31 Fl #3179, Chicago, Illinois 60611

Privacy Email: privacy[AT]firemarkets.cx

Website: firemarkets.cx

For GDPR-related inquiries, you may also contact our designated representative in the EEA/UK (if appointed) or file a complaint with your local data protection supervisory authority.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. The “Last Updated” date at the top of this policy indicates when it was last revised. If changes are material, we will provide additional notice where required by law (such as an email notification or a prominent notice on our Site).

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.