How we handle your data.
Plain-English summary. Pesito operates in Mexico, so the binding legal version of this policy is the Spanish Aviso de Privacidad at /privacidad, written to comply with the Federal Law on the Protection of Personal Data held by Private Parties (LFPDPPP). This English page exists so you can understand the gist in your language.
Who is responsible
Pesito Technologies, S.A.P.I. de C.V. (“Pesito”), a Mexican corporation. We are a technology company, not a bank.
What data we collect
- Waitlist: name, email, phone (optional), locale.
- Account (when the app launches): phone number, CURP, government-issued ID photo + selfie for identity verification on transactions over the regulatory threshold.
- Device & usage: device type, operating system, IP address, analytics events needed to run and defend the service.
Why we collect it
- To run the service you signed up for.
- To verify your identity when required by Mexican anti-money-laundering rules.
- To detect fraud and defend your account.
- To notify you about the product you asked to hear about.
What we do NOT do
- We do not sell your personal data.
- We do not share it with third parties except as required to operate the service (e.g. Firebase Auth, SMS carriers) or by law.
- We do not run cross-site advertising trackers on this marketing site. No third-party cookies beyond those strictly needed for the service.
Your rights (ARCO)
Under Mexican law you have the right to:
- Access the personal data we hold about you.
- Rectify incorrect data.
- Cancel (delete) your data, subject to legal retention.
- Oppose specific uses of your data.
Exercise any of these by emailing legal@pesito.la from the address registered with us. We respond within 20 business days as required by LFPDPPP.
Cookies
We set one cookie on this marketing site: pesito_lang,
which stores your Spanish/English preference so we send you to the
right version on return visits. One-year lifetime, SameSite=Lax.
No marketing or advertising cookies.
Security
Transport is TLS 1.3. Sensitive fields (identity documents, CURP) are encrypted at rest with AES-256-GCM. Session tokens are signed and rotated on every login.
Changes
If we update this policy materially, we will email you at the address on file and post the new version on this page at least 30 days before it takes effect.