PLATFORM PRIVACY POLICY

1.1. This Privacy Policy (hereinafter, the “Policy”) governs the collection, use, storage, disclosure, transfer, and other processing activities involving personal data carried out by the Platform (hereinafter, the “Platform,” “we,” “us,” or “our”), in relation to natural persons who access, browse, interact with, or use the services offered (hereinafter, the “User” or “Users”).

1.2. This Policy applies to all User interactions with the Platform through its website, mobile application, or any equivalent digital interface, as well as to identity verification (KYC) and anti-money laundering and counter-terrorist financing (AML) procedures, both in the purchase of tokens and in the collection of returns.

1.3. By accessing or using the Platform, the User acknowledges having read and understood this Policy and consents to the processing of their personal data as described herein. If the User does not accept these terms, they must refrain from using the Platform.

We apply the following principles:

• a) Lawfulness, fairness, and transparency: data is processed on clear legal grounds and communicated in an understandable manner.
• b) Purpose limitation: data is processed for specific, explicit, and legitimate purposes.
• c) Data minimization: we collect only the data that is adequate, relevant, and limited to what is necessary.
• d) Accuracy: we maintain data reasonably up to date.
• e) Storage limitation: we retain data only as long as necessary and in accordance with legal or contractual obligations.
• f) Integrity and confidentiality: we apply appropriate technical and organizational measures to protect data.
• g) Accountability: we document and periodically review our compliance.

Depending on the User’s interaction, we may process the following categories of data:

• a) KYC Identification: full name, date of birth, nationality, identification document, selfie/biometrics (if required by the KYC provider), proof of address, source of funds, and occupation or economic activity.
• b) Contact data: email address, phone number (if applicable).
• c) Technical data: IP address, device identifiers, operating system, browser, language, time zone, access logs, cookies, and equivalent technologies (see Section 12).
• d) Access data: connection of compatible wallet or authentication via external account (e.g., email provider). The Platform does not create its own passwords.
• e) On-chain transactional data: hashes, public wallet addresses, related smart contracts, transaction amounts, and timestamps (to the extent linkable to the User and in accordance with applicable regulations).
• f) Usage and support data: customer service inquiries, incidents, tickets, and preferences.
• g) AML compliance data: sanctions list checks, politically exposed person (PEP) status, risk alerts, and AML/Fraud scoring (no automated decisions with legal effect without human intervention).

Sensitive data: we do not request special categories of data unless required by applicable law or strictly necessary for AML compliance (e.g., sanctions list verification). In such cases, processing will be limited to what is strictly necessary.

We process data for the following purposes:

4.1. Service provision:

• Allow access through wallet or external account (email or equivalent).
• Operate the purchase of project tokens; record and display relevant transactions.
• Execute KYC/AML procedures during purchase and payout (when you request payment of returns or recovery of investment).
• Verify ownership for payments and prevent impersonation.

4.2. Legal and regulatory compliance:

• Fraud, money laundering, and terrorism financing prevention.
• Respond to requests from competent authorities.

4.3. Support and security:

• Manage incidents, communications, and tickets.
• Monitor and protect infrastructure (logs, audits, intrusion detection).

4.4. Analytics and service improvement:

• Usage metrics, performance, user experience, and product improvement.
• Statistical and aggregated data (de-identified).

4.5. Communications:

• Send operational notices (changes to Terms/Policy, security, KYC requirements).
• Transactional messages.

4.6. Permitted marketing:

• Send informational and/or promotional content, only where legally permitted and with an opt-out option.

We do not make solely automated decisions that produce legal effects without human intervention. If such processing becomes necessary in the future, we will notify Users and obtain the corresponding consent or legal basis.

Depending on the case:

• a) Contract performance: access via wallet/external account, token purchases, payments, support.
• b) Legal obligation: KYC/AML, data retention, cooperation with authorities.
• c) Legitimate interest: security, fraud prevention, basic analytics, and service improvement (while respecting User rights).
• d) Consent: for non-essential cookies and, where required, marketing communications.

• 6.1. We retain data for as long as the relationship with the User exists and, after termination, for the legally required periods (e.g., KYC/AML retention typically ranges from 5 to 10 years depending on jurisdiction).
• 6.2. Technical logs and analytical data are retained for reasonable periods for security and improvement purposes.
• 6.3. After such periods, data will be deleted, anonymized, or blocked in accordance with the law.

Users may exercise the following rights:

• Access to their data.
• Correction of inaccurate data.
• Deletion (where no legal retention obligations apply).
• Objection or restriction of processing in specific cases.
• Data portability (where applicable).
• Withdrawal of consent (without retroactive effect).

To exercise these rights, Users may contact us through the channels listed in Section 15. We may request identity verification before responding. We will reply within the timeframes required by law.

• 8.1. We may host or process data outside the User’s country of residence using providers offering adequate safeguards.
• 8.2. When a transfer is necessary for service execution, legal compliance, or legitimate interest, we will implement reasonable and proportionate safeguards.

• 9.1. We implement reasonable technical and organizational measures, including encryption in transit, access controls, event logging, segmentation, and periodic testing and audits.
• 9.2. Despite our efforts, no system is infallible. The User acknowledges the inherent risks of digital environments and blockchain technology.
• 9.3. The Platform does not hold or custody Users’ private keys. Wallet and external account security remain the sole responsibility of the User.

• 10.1. We use analytics to measure performance, detect abuse, and improve user experience.
• 10.2. We may apply risk scoring and automated fraud/AML rules; decisions to block, suspend, or request additional KYC include human review or an appeal channel.
• 10.3. We do not make solely automated decisions with legal effects without human intervention.

The User agrees to:

• Provide accurate and up-to-date data.
• Not impersonate others or use falsified documents.
• Keep their wallet and external account secure.
• Immediately report security incidents.
• Complete KYC when purchasing tokens and, where applicable, when collecting returns. The Platform may request additional or updated KYC at any time as a condition for continued service use.

• 12.1. We use cookies and similar technologies for: (i) technical operation, (ii) security, (iii) usage analytics, (iv) preferences, and (v) where permitted, marketing.
• 12.2. Users can manage cookies via browser settings and/or the consent banner where applicable. Strictly necessary cookies are essential for operating the Platform.
• 12.3. Third-party tools (e.g., analytics) may receive technical data under processing agreements or joint controller arrangements, as applicable.

We may share data with:

• a) Authorized KYC/AML providers (identity verification, sanctions lists, PEP checks).
• b) Technology providers (hosting, cybersecurity, analytics, messaging).
• c) Advisors and auditors (legal, compliance, financial).
• d) Administrative, regulatory, or judicial authorities when legally required.
• e) Fraud prevention entities in legitimate investigations.

All such transfers occur under appropriate contracts and safeguards. We do not disclose private keys nor operate Users’ wallets on their behalf.

The Platform is intended exclusively for individuals over 18 years of age. We do not knowingly collect data from minors. If we become aware that a minor has submitted data, we will take reasonable steps to delete it.

To exercise rights or submit privacy inquiries, you may contact our privacy channel as indicated within the Platform interface. For rights requests, we may ask for additional information to verify your identity.

• 16.1. We may amend this Policy to reflect legal, technical, or operational changes.
• 16.2. Any amendment becomes immediately effective upon publication on the Platform. Continued use constitutes acceptance of the current version.

This Policy complements and must be read together with the Platform’s Terms and Conditions. In case of conflict, the provision offering greater protection to the User shall prevail, provided it does not contradict legal or AML compliance obligations.

• • KYC at purchase: mandatory to acquire tokens.
• • KYC at payout: mandatory to receive investment reimbursement and/or returns, unless you are the same individual who completed and still holds a valid KYC. The Platform may request additional or renewed KYC at any time for compliance purposes.
• • Third-party payouts: if someone other than the original purchaser requests payment, they must complete KYC before receiving any funds.
• • The existence of a token on the blockchain after payment does not confer new economic rights.

We may act as a data controller and, for certain functions (e.g., aggregated analysis, infrastructure), engage processors under data protection agreements. Where legally required (e.g., integrations), we may jointly determine purposes and means with third parties as joint controllers, informing Users accordingly.

We provide a privacy complaint channel. We will handle complaints in good faith and in accordance with applicable law. This Policy does not limit the User’s inalienable rights under their local law.

This Policy takes effect upon publication and remains in force until replaced by a new version. The date of the latest update shall appear in the header of the Policy published on the Platform.