Rêv USA, Inc., X World Club, Inc. and their respective affiliates and subsidiaries (collectively “we” or “us”) are committed to protecting your privacy and safeguarding your Personal Information. This Privacy Policy describes how and why we may obtain, use, store and process your Personal Information. It also sets out your choices regarding our use of the information and provides instructions for contacting us for inquiries about our privacy practices.
This Privacy Policy applies if you are a US consumer that enrolled in the services we offer, including the X World Wallet website, the mobile app and the X World Club (collectively the “Services”), unless a specific product has a separate privacy notice. For example, the X World Club Travel Portal is subject to its own privacy policy and terms and conditions, which you should review.
Also, this Privacy Policy is separate from the X World Wallet – Texas First Bank Privacy Policy (the “Bank’s Privacy Notice”). The Bank’s Privacy Notice applies to your use of the X World Wallet bank account. When you create the account, we collect your Personal Information on behalf of Texas First Bank, which issues the Card and maintains your Account. We are not responsible for the Bank’s Privacy Notice or its practices.

Please note the respective Services are subject to their own agreements. This Privacy Policy should be read in conjunction with the X World Club Membership Agreement (“Agreement”). Terms not defined in this Privacy Policy shall have the same meaning as assigned to them in the Agreement.

If you are a California resident, please refer to our Privacy Statement for California Residents (below).

Your ongoing use of the Services constitutes your consent to this Privacy Policy, as amended.

I. Information We Collect

When you use the Services and communicate with us, we collect information that identifies, relates to, describes, references, or could reasonably be linked, directly or indirectly, with a you (“Personal Information“).

We may collect the following types of Personal Information:

• Information to establish your identity, such as name, date of birth, address, email address, phone number, and proof of identity information, such as government IDs;
• Your login credentials;
• Financial information regarding your bank World Wallet Account and Card, including your account and transaction history, linked bank accounts and their respective balances or transactions, load methods, payor/payee information, source of wealth and source of funds, and information you may provide through account inquiries;
• Commercial information, including receipts or records of purchase/enrollment in products or services, general interest in a product or service, and purchasing tendencies.
• Information about your preferences, habits and inquiries regarding the use of the Services, including click-throughs and confirmation that you opened our communications;
• Recordings of your conversations when you call customer service;
• IP address and geolocation data of the devices which you use to access our Services;
  Information provided by third parties through which we market or distribute our Services;
• Biometric data, such as your fingerprint or facial features which are used in the mobile app for certain features; and
• Other information which you may choose to provide, for example referrals, survey responses, social media pages, and contacts that you share with us.

While we collect your Social Security Number or other government ID, WE DO NOT pull credit reports or credit history data. We use your Social Security Number or government ID solely to help establish your identity.

II. How we collect information

We obtain your Personal Information from the following categories of sources:

• Directly from you. This includes the information that you provide to us to: (a) activate your Account, (b) download, register to use, and utilize the Website or Mobile App, (c) use the Services, (d) make any transaction, (e) receive customer service or make postings on social media that are part of the Account and Card, and (f) participate in any promotion, survey, or competition.
• From third parties with whom we work to provide you with the Services or market them.
• Automatically when you use any device to access the Services. We may automatically collect additional information about you and the devices you use whenever you use the Card or Account.

As part of the program Services, we may use Cookies. Cookies are small text files that are placed on your computer by websites that you visit, and which enable websites to work more efficiently and to collect information about usage. Our cookies will not be used to analyze your visits to other sites. Our agents, who assist in the serving and targeting of advertisements, promotions and other marketing messages may use cookies to collect anonymous data such as how many people have viewed a particular page each day. Data collected by cookies will not otherwise be passed to any third party.

We use the following Cookies:

Google Analytics

• Persistent cookie: Provides us aggregated data around usage and web traffic. You can opt out of tracking by Google Analytics by visiting: http://tools.google.com/dlpage/gaoptout.

Mixpanel

• Persistent cookie: Provides us aggregated data around usage and web traffic. You can opt out of Mixpanel tracking by visiting: https://mixpanel.com/optout/.
• Essential cookies: Session cookie to authenticate users and prevent fraudulent use of user accounts. We also use these cookies to establish and control a session so we can identify if you are logged out. The session cookie is refreshed every time the user logs in and cleared upon logout. The session ID expires in 15 minutes.

We also use local storage to store locale, username and restful-authenticated information which is used to identify if you are logged in. This Local storage lasts only for the duration of your session and is cleared when you log out.

We may also use Web Beacons which is a small graphic image that informs us whether you have opened the emails or messages sent to you.

We do not use cookies for advertising purposes and we will not share your information with any other party not listed in Section IV without your consent.

Your browser may allow you to disable existing cookies, block cookies automatically or notify you if you are receiving a cookie. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

III. Use of Personal Information

We may use or disclose the Personal Information we collect for one or more of the following business purposes:

• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or Services, we will use that Personal Information to respond to your inquiry;
• Opening and managing Accounts;
• Customizing your experience with our Services;
• Informing you of any service-related message that may be relevant to the Services provided to you;
• Determining whether or not you qualify for certain offers;
• Verifying your identity and that you are an authorized user for security purposes;
• Complying with our legal and regulatory obligations and assisting us with crime and fraud prevention (e.g., by checking your identity);
• Assisting you with any product or service enquiries, complaints or issues that may arise;
• Operating, evaluating, and improving our Services;
• Analyzing market and product reports, performing research and statistical analysis, and monitoring usage behavior to improve our technologies and Services;
• Marketing our products and Services generally;
• Informing you of any products and services offered by other companies that we think may be of interest to you, provided that you choose to receive this information;
• Determining your eligibility for, and administer your participation in, certain features offered by us such as surveys, sweepstakes, rewards and promotions;
• Exercising our rights and remedies and to defend against legal claims;
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
• As described to you when collecting your Personal Information; and
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our consumers is among the assets transferred.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

IV. Sharing Personal Information

We may share your Personal Information by disclosing it to a third party, such as parent/subsidiary organizations, affiliates, partners, and service providers, for specific reasons. Such reasons may include:

• • • For third parties to perform services on our behalf;
    • When required to do so by law or legal processes;
    • To establish, defend, and exercise our legal rights;
    • In response to requests made by government agencies;
    • To assist with investigations of suspected or actual illegal activity; or
    • Otherwise with your consent.

V. Retention of Personal Information

Cookies are stored on a per-session basis to aid your navigation of the Website. Persistent cookies may be set to store display-related preferences. Depending on your browser, you may also be able to control cookie use by altering your browser settings.
We retain Personal Information only for a period reasonably necessary to accomplish the purposes set out in this Privacy Policy. In determining this period of time, we consider criteria such as applicable statutes of limitation and other legal requirements. Note that the retention period for Personal Information is subject to change as required by applicable law.
For more information regarding the retention of Personal Information, please email privacy@xworldwallet.com.

VI. Security of Personal Information

We have standards of security and confidentiality. We maintain administrative, technical and physical safeguards designed to protect the Personal Information you provide against accidental, unlawful or unauthorized access, destruction, loss, alteration, disclosure or use.

We use current technologies and business strategies and have implemented security systems and procedures to protect the integrity and privacy of your Personal Information. Although we will endeavor to protect your Personal Information from unauthorized access, disclosure, use or modification, we cannot guarantee its security or integrity. The transmission of Personal Information from you to us is at your own risk.

We limit the use of your Personal Information to those employees, agents or contractors who we believe have a legitimate business purpose to access your Personal Information. We maintain physical, electronic and procedural safeguards that comply with or exceed best practice standards to keep your Personal Information safe. We require companies working for us to protect your Personal Information and use it only to provide the services we ask them to perform for us.

The protection of your Personal Information is a shared responsibility. We provide you a password to access certain program Services. Please do not share your password with anybody and please note that you are responsible for keeping it confidential.

You may receive electronic communications claiming to be from us with a link to what appears to be our website, where you are prompted to enter your Personal Information and/or Account details – a so-called “phishing” attempt. We will never send you any communication that requests you to provide your Personal Information or Account information (e.g., Card number or PIN) via a reply or link in an electronic communication.
If you think you have received a fraudulent communication that looks like it is from us, please forward the entire email including the header and footer to privacy@xworldwallet.com and then delete it immediately.

VII. Your Rights and Choices

Under this Privacy Policy, you have specific rights regarding your Personal Information. If you have questions or wish to make a request regarding your Personal Information that we have collected, please send an email to privacy@xworldwallet.com

If you determine that any of your Personal Information that we have collected is incorrect, you may update such Personal Information by logging into the X World Wallet Account Center and updating your information from within your Account.

VIII. Changes to Our Privacy Policy

We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

IX. Contact Information

If you have any questions or comments about this notice, the ways in which we collect and use your information described, your choices and rights regarding such use, or wish to exercise your rights under this Privacy Policy, please do not hesitate to contact us at:

Phone: 1-915-900-REVX (7389)
Email: privacy@xworldwallet.com

If you need to access this Policy in an alternative format due to having a disability, please email us at privacy@xworldwallet.com or call us at 1-915-900-REVX.

X. Privacy Policy for California Residents
Effective Date: December 17, 2021

This Privacy Policy for California Residents supplements the information contained in the X World Club Privacy Policy Above and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Policy.

1. Information We Collect
   In particular, we have collected the following categories of Personal Information from consumers within the last twelve (12) months:
   

   Category	Examples	Collected
   A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.	Yes
   B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.	Yes
   C. Protected classification characteristics under federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	Yes
   D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Yes
   E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	No
   F. Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	Yes
   G. Geolocation data.	Physical location or movements.	No
   H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	No
   I. Professional or employment-related information.	Current or past job history or performance evaluations.	No
   J. Non-public education information	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No
   K. Inferences drawn from other Personal Information.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	Yes

2. Use of Personal Information
   For more information about how we use your Personal Information, please see Section III of the X World Club Privacy Policy above.
3. Sources of Information
   For more information about the sources your Personal Information is collected from, please see Section II of the X World Club Privacy Policy above.
4. Sale of Personal Information
   We do not sell Personal Information.
5. Sharing Personal Information
   In the preceding twelve (12) months, Company has disclosed Personal Information for a business purpose to the categories of third parties indicated in the chart below.
   

   Personal Information Category	Business Purpose Disclosures
   A: Identifiers.	Parent/Subsidiary Organizations Affiliates Partners Service Providers
   B: California Customer Records Personal Information categories.	Parent/Subsidiary Organizations Service Providers
   C: Protected classification characteristics under California or federal law.	Parent/Subsidiary Organizations Service Providers
   D: Commercial information.	Parent/Subsidiary Organizations Service Providers
   E: Biometric information.	None
   F: Internet or other similar network activity.	None
   G: Geolocation data.	None
   H: Sensory data.	None
   I: Professional or employment-related information.	None
   J: Non-public education information.	None
   K: Inferences drawn from other Personal Information.	Parent/Subsidiary Organizations

6. California Consumer Privacy Rights
   The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

A. Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:

• • • The categories of Personal Information we collected about you.
    • The categories of sources for the Personal Information we collected about you.
    • Our business purpose for collecting that Personal Information.
    • The categories of third parties with whom we share that Personal Information.
    • The specific pieces of Personal Information we collected about you (also called a data portability request).

B. Right to Delete
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

1. 1. 1. 1. Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
         2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
         3. Debug products to identify and repair errors that impair existing intended functionality.
         4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
         5. In the case of California residents, comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
         6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
         7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
         8. Comply with a legal obligation.
         9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.We will delete or deidentify Personal Information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

C. Shine the Light Requests
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@xworldwallet.com.

D. Exercising Your Rights to Know and Delete
To exercise your rights to know or delete described above, please send an email labeled “Personal Information Request” to privacy@xworldwallet.com.Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Information.You or your authorized agent may only submit a request to know twice within a 12-month period. Your request to know or delete must:

• • • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include:
    • Your name.
    • A copy of government identification (e.g., passport, driver’s license, or government-issued identification card).
    • An agent’s proof of legal authorization to act on an Accountholder’s behalf, if applicable.
    • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
    • When possible, provide the name and relevant X World Wallet Account number of the subject of the request.We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made from the email address associated with your account as sufficiently verified when the request relates to Personal Information associated with that specific account.We will only use Personal Information provided in the request to verify the requestor’s identity or authority to make it.

E. Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please call 1-915-900-REVX to speak with an agent directly.We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.If you have an account with us, we will deliver our written response to the email address associated with that account. If you do not have an account with us or are an authorized agent, we will deliver our written response to the email address that sent the initial request.Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

F. Non-Discrimination
We will not discriminate against you for exercising any of your rights under this Privacy Policy. We will not:

• • • Deny you goods or Services.
    • Charge you different prices or rates for goods or Services, including through granting discounts or other benefits, or imposing penalties.
    • Provide you a different level or quality of goods or Services.
    • Suggest that you may receive a different price or rate for goods or Services or a different level or quality of goods or Services.