< Back

Privacy Notice

Effective Date: March 19, 2026

Contents

1. Overview

2. Scope

3. Personal Information We Collect

4. How We Use Personal Information

5. How We Disclose Personal Information

6. Retention of Personal Information

7. Protection of Personal Information

8. Incident Response and Breach Notification

9. International Transfers

10. Your Privacy Rights

11. Cookies, Analytics, and Similar Technologies

12. Children’s Privacy

13. Third-Party Sites and Services

14. U.S. State Privacy Disclosures

15. Contact Us

16. Changes to This Privacy Notice

17. California Privacy Addendum (CCPA/CPRA)

1. Overview

This Privacy Notice describes how Protego Holdings Corporation, National Digital Trust Company (In Organization), and Quintessentially Technology Services Corporation (collectively, “Protego Group,” “we,” “us,” or “our”) collect, use, disclose, and otherwise process personal information in connection with our public-facing websites, digital content, and related online interactions that link to this Privacy Notice (collectively, the “Site”).

This Privacy Notice applies only to a public, informational website. The Site is not intended to provide banking, custody, trading, brokerage, money transmission, account opening, or other financial transaction functionality. No bank or trust company services are performed through the Site.

To the extent National Digital Trust Company becomes subject to the Gramm-Leach-Bliley Act (“GLBA”), personal information collected in connection with financial products and services will be governed by separate privacy notices and may be exempt from certain state privacy law requirements.

If you have questions about this Privacy Notice, you may contact us at privacy@nationaldigital.com or through the methods listed in the “Contact Us” section below.

If you engage separately with any products or services offered outside the Site, different privacy notices, disclosures, or terms may apply to those interactions.

2. Scope

This Privacy Notice does not apply to:

  • job applicants, employees, contractors, or other personnel;
  • offline interactions that do not reference or incorporate this Privacy Notice;
  • third-party websites, applications, or services not controlled by us, even if linked from the Site; or
  • information that has been de-identified, anonymized, or aggregated such that it cannot reasonably be linked to an identified or identifiable person.

3. Personal Information We Collect

Because the Site is informational only, the categories of personal information we collect are narrower than those used for financial products or account-based services.

A. Information You Provide to Us

We may collect the following information when you choose to provide it:

  • Contact information, such as your name, email address, telephone number, company name, title, and mailing address;
  • Communications and inquiry information, such as the contents of messages you submit through contact forms, email, event registrations, surveys, or other communications with us;
  • Marketing and preference information, such as your subscription preferences, interests, and communication preferences; and
  • Any other information you voluntarily provide through the Site.

B. Information Collected Automatically

When you visit or interact with the Site, we may automatically collect certain information, including:

  • Device and browser information, such as browser type, operating system, device type, language settings, and similar technical information;
  • Network and usage information, such as IP address, approximate geolocation derived from IP, referral URLs, pages viewed, links clicked, session timestamps, and interaction patterns;
  • Cookie and similar technology information, as described in Section 10; and
  • Diagnostic and performance information, such as crash logs, error reports, load times, and similar analytics data.

C. Information from Other Sources

We may receive information from:

  • service providers that support website hosting, analytics, communications, security, and similar business operations;
  • social media platforms or other third parties if you interact with our content or pages on those platforms, subject to your settings and the third party’s practices; and
  • publicly available sources, such as company websites, public directories, or professional networking platforms, where permitted by law.

4. How We Use Personal Information

We may use personal information for the following purposes:

  • to operate, maintain, secure, and improve the Site;
  • to respond to your inquiries, requests, or other communications;
  • to send newsletters, alerts, updates, event invitations, or other communications you request or consent to receive;
  • to understand how visitors use the Site and evaluate content effectiveness, traffic patterns, and user engagement;
  • to detect, prevent, investigate, and address security incidents, fraud, misuse, or other unlawful or harmful activity affecting the Site;
  • to comply with applicable law, regulation, legal process, or governmental request;
  • to protect our rights, safety, property, and the rights, safety, and property of others; and
  • to support corporate governance, auditing, reporting, and transaction planning in connection with actual or contemplated reorganizations, financings, mergers, acquisitions, or similar events.

We do not use personal information collected through the Site to provide banking, trust, custody, brokerage, money transmission, or trading services through the Site. We limit the collection, use, and retention of personal information to what is reasonably necessary and proportionate to achieve the purposes described in this Privacy Notice, consistent with applicable law. We do not knowingly collect or process sensitive personal information unless required for a legitimate business purpose and subject to appropriate administrative, technical, and physical safeguards consistent with applicable law.

Where required by applicable law, we rely on consent for certain processing activities, including certain cookies and electronic marketing communications. In other circumstances, we may rely on our legitimate interests, legal obligations, or other lawful bases recognized under applicable law.

5. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients:

  • our affiliated entities within the Protego Group;
  • service providers and vendors that support hosting, analytics, site performance, communications, marketing administration, cybersecurity, professional services, and similar operational functions;
  • advisors, auditors, insurers, and legal, tax, or other professional service providers;
  • regulators, law enforcement, courts, and governmental authorities when required or permitted by law;
  • counterparties and transaction participants in connection with a proposed or completed merger, acquisition, financing, restructuring, sale of assets, or similar corporate event; and
  • other parties with your direction or consent.

Because the Site is informational only, we do not disclose personal information from the Site as part of payment processing, transaction settlement, custody operations, blockchain transaction execution, or Travel Rule compliance through the Site.

We do not sell personal information for money. Depending on the technologies in use, some analytics, advertising, or social media-related disclosures may be considered “sharing” or use for targeted advertising under certain U.S. state privacy laws. Where required, we provide applicable rights and choice mechanisms.

6. Retention of Personal Information

We retain personal information for as long as reasonably necessary to:

  • fulfill the purposes described in this Privacy Notice;
  • maintain appropriate business and operational records;
  • comply with legal, regulatory, tax, accounting, or reporting obligations; and
  • establish, exercise, or defend legal claims.

Retention periods vary depending on the nature of the information, the sensitivity of the data, the reason for collection, and applicable legal requirements. Retention periods are governed by internal data retention policies and are periodically reviewed to ensure alignment with applicable legal, regulatory, and business requirements.

7. Protection of Personal Information

We use reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, or disclosure. We implement risk-based administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, or disclosure, consistent with applicable regulatory guidance and industry standards, which may include those applicable to financial institutions.

However, no security measure is infallible, and we cannot guarantee absolute security. You should use caution when transmitting information over the internet.

8. Incident Response and Breach Notification

We maintain incident response procedures designed to detect, respond to, and recover from security incidents involving personal information.

In the event of a data breach affecting personal information, we will provide notifications to affected individuals and, where applicable, regulators in accordance with federal and state laws, including applicable breach notification requirements and regulatory guidance.

9. International Transfers

Your personal information may be processed in jurisdictions other than the one in which you reside.

Where required by law, we implement appropriate safeguards for cross-border transfers, which may include standard contractual clauses or other legally recognized transfer mechanisms.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • know whether we process your personal information;
  • request access to personal information we hold about you;
  • request correction of inaccurate personal information;
  • request deletion of personal information;
  • object to or restrict certain processing;
  • request portability of certain personal information;
  • withdraw consent where processing is based on consent; and
  • appeal a denial of a rights request where required by law.

You may submit a request by contacting us at privacy@nationaldigital.com.

We may take reasonable steps to verify your identity and the authenticity of your request before responding. Authorized agents may submit requests on your behalf where permitted by law.

11. Cookies, Analytics, and Similar Technologies

We use cookies, pixels, SDKs, local storage, and similar technologies to:

  • enable core site functionality;
  • understand and improve Site performance;
  • measure traffic and engagement;
  • remember preferences where applicable; and
  • support communications, content optimization, and, where used, marketing effectiveness.

Some of these technologies may be operated by third-party analytics or advertising partners.

Where required by law, we will obtain consent before using non-essential cookies or similar technologies, and we will provide a cookie banner, preference center, or similar mechanism to manage those choices.

Do Not Track / Global Privacy Signals

We may recognize browser-based preference signals, such as Global Privacy Control, where required by applicable law.

Because standards for “Do Not Track” signals have not been universally adopted, the Site may not respond to legacy browser do-not-track settings except where required by law.

12. Children’s Privacy

The Site is not directed to children, and we do not knowingly collect personal information from individuals under 18 through the Site. If you believe a child has provided personal information through the Site, please contact us so we can review and delete the information as appropriate.

13. Third-Party Sites and Services

The Site may contain links to third-party websites, platforms, or services. We are not responsible for the privacy, security, or information practices of those third parties. Their practices are governed by their own notices and terms.

Your interactions with third-party sites or services are at your own risk and outside the scope of this Privacy Notice.

14. U.S. State Privacy Disclosures

This Section supplements the rest of this Privacy Notice for residents of states with applicable privacy laws, including California, Colorado, Connecticut, Virginia, Texas, Oregon, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, and Rhode Island, to the extent applicable.

Over the last 12 months, we may have collected the following categories of personal information:

  • identifiers and contact information;
  • internet or other electronic network activity information;
  • approximate geolocation information derived from IP address;
  • professional or commercial information you choose to provide; and
  • inferences drawn from Site interactions for analytics or content optimization purposes.

We may use these categories for the purposes described in Section 4 and disclose them to the categories of recipients described in Section 5.

We do not use sensitive personal information collected through the Site to infer characteristics about you.

To the extent applicable state law grants you rights to opt out of targeted advertising, profiling in furtherance of decisions that produce legal or similarly significant effects, or certain forms of data sharing, you may exercise those rights through our designated privacy request methods or cookie preference tools, as applicable.

The Site is informational only, and we do not engage through the Site in profiling to make decisions producing legal or similarly significant effects concerning consumers.

For California residents, this Section is intended to supplement disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act, except to the extent an exemption applies.

We recognize and comply with applicable U.S. state privacy laws, including requirements related to consumer rights, data minimization, purpose limitation, and opt-out rights for targeted advertising or profiling, where applicable.

15. Contact Us

If you have questions or concerns about this Privacy Notice or our privacy practices, please contact:

Data Protection and Privacy Governance

Protego Holdings Corporation / National Digital Trust Company (In Organization) / Quintessentially Technology Services Corporation

Email: privacy@nationaldigital.com

Address: 5608 17th Ave NW, Seattle, WA 98107

16. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. Any changes will be reflected by updating the effective date above.

Where required by law, we will provide additional notice of material changes through the Site or by other appropriate means.

17. California Privacy Addendum (CCPA/CPRA)

Last Updated: March 19, 2026

1. Applicability

This California Privacy Addendum (“Addendum”) applies exclusively to individuals who are residents of the State of California and who interact with the public-facing websites and digital properties operated by Protego Holdings Corporation, National Digital Trust Company (In Organization), and Quintessentially Technology Services Corporation (collectively, “NDTC Group,” “we,” “us,” or “our”).

This Addendum supplements our general Privacy Notice and is adopted to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA/CPRA”).

Under applicable law, “Personal Information” means information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

This Addendum applies only to data collected through our informational website and related digital interactions. It does not apply to personal information collected in connection with financial products, fiduciary services, custody, brokerage, or other regulated activities, which—if applicable—would be governed by separate disclosures and may be exempt under federal law, including the Gramm-Leach-Bliley Act (GLBA).

2. Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of Personal Information through the Site:

  • Identifiers: name, email address, IP address, and similar identifiers;
  • Contact and professional information: company name, title, business contact details, and information submitted through forms or inquiries;
  • Internet or network activity information: browsing activity, pages viewed, referring URLs, session duration, and interaction data;
  • Approximate geolocation data: derived from IP address;
  • Communications content: information you provide in emails, inquiries, or event registrations;
  • Audio/visual information (limited): recordings of webinars, events, or support interactions where applicable; and
  • Inferences: limited analytics-derived insights such as general interests or engagement patterns.

3. Sources of Personal Information

We collect Personal Information from the following sources:

  • Directly from you, including when you submit forms, subscribe to communications, register for events, or contact us;
  • Automatically from your device or browser, including through cookies, pixels, and similar technologies;
  • Service providers and analytics partners that support website functionality, performance, and communications;
  • Social media platforms when you interact with our content or pages; and
  • Publicly available sources, where permitted by law.

4. Business and Commercial Purposes for Collection

We use Personal Information for the following purposes:

  • Operating, maintaining, and improving the Site and its content;
  • Responding to inquiries, requests, and communications;
  • Providing newsletters, updates, thought leadership, and event-related communications;
  • Analyzing Site usage and engagement to improve performance and user experience;
  • Maintaining security, detecting fraud, and preventing misuse of the Site;
  • Complying with legal obligations and enforcing our policies; and
  • Supporting internal business operations, governance, and corporate transactions.

5. Retention of Personal Information

We retain Personal Information for as long as reasonably necessary to:

  • fulfill the purposes described above;
  • maintain appropriate business records;
  • comply with legal, regulatory, and contractual obligations; and
  • resolve disputes and enforce agreements.

6. Sale and Sharing of Personal Information

Under the CCPA/CPRA, “sale” and “sharing” are broadly defined.

We do not sell Personal Information for monetary consideration.

However, we may use third-party cookies, analytics tools, or advertising technologies that could be considered “sharing” of Personal Information for purposes of cross-context behavioral advertising under California law.

California residents have the right to opt out of such sharing.

We honor browser-based opt-out signals, including Global Privacy Control (GPC), where required by law. We also provide cookie preference tools or similar mechanisms to manage these choices.

7. Categories of Third Parties to Whom We Disclose Personal Information

We may disclose Personal Information for business purposes to:

  • affiliated entities within NDTC Group;
  • service providers and contractors supporting hosting, analytics, communications, security, and marketing operations;
  • professional advisors (e.g., legal, audit, tax);
  • regulators, law enforcement, or governmental authorities where required; and
  • transaction counterparties in connection with mergers, acquisitions, or similar corporate events.

8. Sensitive Personal Information

Under the CPRA, certain data is classified as “Sensitive Personal Information.”

We do not intentionally collect or use Sensitive Personal Information through the Site for purposes of inferring characteristics about individuals.

To the extent any sensitive data is incidentally collected (e.g., via free-text submissions), it is used only for limited operational purposes such as responding to inquiries or maintaining security.

9. Your Rights Under CCPA/CPRA

California residents have the following rights:

  • Right to Know: request disclosure of categories and specific pieces of Personal Information collected;
  • Right to Delete: request deletion of Personal Information (subject to exceptions);
  • Right to Correct: request correction of inaccurate Personal Information;
  • Right to Opt Out of Sale/Sharing;
  • Right to Limit Use of Sensitive Personal Information (where applicable); and
  • Right to Non-Discrimination for exercising your rights.

10. Frequency and Verification of Requests

You may submit requests to access or obtain copies of your Personal Information up to twice within a 12-month period, as permitted by law.

Requests must:

  • provide sufficient information for identity verification; and
  • describe the request with enough detail to allow proper evaluation and response.

11. Updates to This Addendum

We may update this Addendum periodically.

Any changes will be reflected by updating the “Last Updated” date above, and material changes will be communicated as required by law.