HedgrAI

Our Services are offered through one or more subsidiaries of HedgrAI Luxembourg S.A. By using the Services, you understand that your Personal Data may be used by one of the following entities (each, a "Controller"):

• HedgrAI Access UK; and
• HedgrAI Trading Limited, registered in the British Virgin Islands.

HedgrAI is a financial technology company providing AI-powered cryptocurrency trading services. We are not a bank, securities broker, or investment advisor. Our services involve automated algorithmic trading on cryptocurrency exchanges using artificial intelligence to analyze market data and execute trades on behalf of our clients.

When you access or use the Services, we collect the following information:

Information you may provide to us: You may give us information about you by filling in forms on our website or through our app or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use the Services and when you report a problem with the website or with our app.

Information we collect about you: With regard to each of your visits to our website or our app we automatically collect the following information:

• Login Information: We log technical information about your use of the Services, including the type of browser and version you use, the wallet identifier, the last access time of your wallet, the Internet Protocol (IP) address used to create the wallet and the most recent IP address used to access the wallet.
• Device Information: We collect information about the device you use to access your account, including the hardware model, operating system and version, and unique device identifiers, but this information is anonymized and not tied to any particular person.
• Wallet Information: If you create a HedgrAI Wallet through our Services, you will generate a public and private key pair. When you log-out of the Wallet, we collect an encrypted file that, if unencrypted, would contain these keys, along with your transaction history. When you enable notifications through your Account Settings, we will collect the unencrypted public key in order to provide such notifications. Under no circumstances do we collect an unencrypted private key from you, nor can we decrypt any Wallet file data.
• Transaction Information: In connection with our Conversion Service, as such term is defined in our User Agreement, we may collect and maintain information relating to transactions you effect in your Wallet that convert one virtual currency to another (e.g. Bitcoin for Ether).

Information We Collect Required By Law, Rule, or Regulation: Depending on the Service, we may collect information from you in order to meet regulatory obligations around know-your-customer ("KYC") and anti-money laundering ("AML") requirements. Information that we collect from you includes the following:

• Full name
• Residential address
• Contact details (telephone number, email address)
• Date and place of birth, gender, place of citizenship
• Bank account information and/or credit card details
• Your status as a politically exposed person
• Source of funds & proof of address
• Passport and/or national driver's license or government-issued identification card to verify your identity
• Transaction history and account balances in connection with your use of certain Services.

We will use your Personal Data, to:

• Understand and strive to meet your needs and preferences in using our Services
• Develop new and enhance existing service and product offerings
• Manage and develop our business and operations
• Carry out any actions for which we have received your consent
• Prevent and investigate fraudulent or other criminal activity
• Address service requests and resolve user questions
• Meet legal and regulatory requirements
• Process transactions and send notices about your transactions
• Resolve disputes, collect fees, and troubleshoot problems
• Customize, measure, and improve our services
• Send you marketing and promotional communications (with opt-out options)
• Compare information for accuracy and verify it with third parties

We also reserve the right to use aggregated Personal Data to understand how our users use our Services, provided that those data cannot identify any individual.

We also use third-party web analytics tools that help us understand how users engage with our website. These third-parties may use first-party cookies to track user interactions to collect information about how users use our website. This information is used to compile reports and to help us improve our website. The reports disclose website trends without identifying individual visitors. You can opt-out of such third-party analytic tools without affecting how you visit our site. For more information on opting-out, please contact support.

We will process your Personal Data legally and fairly and not use it outside the purposes of which we have informed you, including selling it individually or in the aggregate for commercial use.

We may share your information with selected recipients to perform functions required to provide certain Services to you and/or in connection with our efforts to prevent and investigate fraudulent or other criminal activity. All such third parties will be contractually bound to protect data in compliance with our Privacy Policy. The categories of recipients include:

• Companies within the HedgrAI corporate family located in the United States, the United Kingdom, and the EEA in order to provide the Services to you.
• Cloud service providers to store certain personal data and for disaster recovery services, as well as, for the performance of any contract we enter into with you.
• Fraud detection service providers who will run certain fraud detection checks against Personal Data provided.
• Spam and abuse detection providers making software available designed to prevent users from programatically using the Services in unsupported ways.
• Payment processors and banking providers to authorize and process payments for investment-related services.
• Financial institutions and execution venues for the purpose of executing trades on your behalf.
• Professional advisers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
• Regulators and other authorities who require reporting of processing activities in certain circumstances.

We also may share Personal Data with a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of HedgrAI's assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Data held by HedgrAI is among the assets transferred.

Except where we are required by law to disclose Personal Data, or are exempted from, released from or not subject to any legal requirement concerning the disclosure of Personal Data, we will require any person to whom we provide your Personal Data to agree to comply with our Privacy Policy in force at that time or requirements substantially similar to such policy. We will make reasonable commercial efforts to ensure that they comply with such policy or requirements, however, where not expressly prohibited by law, we will have no liability to you, if any person fails to do so.

We shall require any third-party, including without limitation, any government or enforcement entity, seeking access to the data we hold to a court order, or equivalent proof that they are statutorily authorised to access your data and that their request is valid and within their statutory or regulatory power.

Because blockchains are decentralized or third-party networks that are not controlled or operated by HedgrAI or its affiliates, we are not able to erase, modify, or alter Personal Data from such networks.

We protect Personal Data with appropriate physical, technological and organizational safeguards and security measures. Your Personal Data comes to us via the internet which chooses its own routes and means, whereby information is conveyed from location to location. We audit our procedures and security measures regularly to ensure they are being properly administered and remain effective and appropriate.

Every member of HedgrAI is committed to our privacy policies and procedures to safeguard Personal Data. Our site has security measures in place to protect against the loss, misuse and unauthorized alteration of the information under our control. More specifically, our server uses TLS (Transport Layer Security) security protection by encrypting your Personal Data to prevent individuals from accessing such Personal Data as it travels over the internet.

We have implemented strict security controls, including:

• Encryption of all personal data in transit and at rest
• Multi-factor authentication for all staff accounts
• Regular security assessments and penetration testing
• Advanced threat monitoring and intrusion detection systems
• Staff training on data protection and security best practices
• Strict access controls based on need-to-know principles
• Regular security patch management
• Physical security measures for server locations

Despite our efforts to protect your Personal Data, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. While we will do our best to protect your Personal Data, transmission of personal information to and from our platform is at your own risk.

The length of time we retain Personal Data outside our back-up system varies depending on the purpose for which it was collected and used, as follows:

• Data you provide to us when subscribing for our Services: while user remains active, stored in the England UK.
• Country location data: while user remains active, stored in the England UK.
• Data on your preferences: while user remains active, stored in the England UK.
• IP address login: until subsequent login from a new IP, stored in the England UK.
• Transaction data: minimum of 5 years from the date of transaction, as required by financial regulations.
• KYC documentation: minimum of 5 years from the end of the business relationship, as required by AML regulations.
• Communications: minimum of 5 years from the date of communication.

When Personal Data is no longer necessary for the purpose for which it was collected, we will remove any details that identifies you or we will securely destroy the records, where permissible. However, we may need to maintain records for a significant period of time (after you cease using a particular Service) as mandated by regulation. For example, we are subject to certain anti-money laundering laws that require us to retain the following, for a period of five (5) years after our business relationship with you has ended:

• A copy of the records we used in order to comply with our client due diligence obligations;
• Supporting evidence and records of transactions with you and your relationship with us.

Except where prohibited by law, this period may extend beyond the end of the particular relationship with us, but only for as long as we are bound to do so for the audit, regulatory or other accounting purposes. When Personal Data is no longer needed, we have procedures either to destroy, delete, erase or convert it to an anonymous form. If you have opted-out of receiving marketing communications, we will hold your details on our suppression list so that we know you do not want to receive these communications.

After you have terminated the use of our Services, we reserve the right to maintain your Personal Data as part of our standard back-up procedures in an aggregated format.

HedgrAI stores your Personal Data at secure locations in the EU. HedgrAI ensures that appropriate security standards are in place regarding the safeguarding, confidentiality, and security of Data.

The information that we collect from you will be transferred to, and stored in, destinations outside of your country and the European Economic Area ("EEA") as described below:

We may transfer your Personal Data outside the EEA and the England UK to other company subsidiaries, service providers and business partners (i.e., Data Processors) who are engaged on our behalf. To the extent that we transfer your Personal Data outside of the EEA and England UK, we will ensure that the transfer is lawful and that Data Processors in third countries are obliged to comply with the GDPR and the England UK Data Protection Act 2018. If transfers of Personal Data are processed in the US, we may in some cases rely on applicable standard contractual clauses.

The rights that are available to you in relation to the Personal Data we hold about you are outlined below.

• Information Access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, what information we process and, if requested, provide you with a copy of that information within 30 days from the date of your request.
• Rectification: It is important to us that your Personal Data is up-to-date. We will take all reasonable steps to make sure that your Personal Data remains accurate, complete and up-to-date. If the Personal Data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have disclosed your Personal Data to others, we will let them know about the rectification where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your Personal Data so that you can contact them directly.
• Erasure: You can ask us to delete or remove your Personal Data in certain circumstances such as if we no longer need it, provided that we have no legal or regulatory obligation to retain that data. Such requests will be subject to any agreements that you have entered into with us, and to any retention limits, we are required to comply with in accordance with applicable laws and regulations.
• Processing Restrictions: You can ask us to block or suppress the processing of your Personal Data in certain circumstances, such as, if you contest the accuracy of that Personal Data or object to us processing it. It will not stop us from storing your Personal Data.
• Data Portability: In certain circumstances, you might have the right to obtain Personal Data you have provided us with (in a structured, commonly used and machine-readable format) and to re-use it elsewhere or ask us to transfer this to a third party of your choice.
• Objection: You can ask us to stop processing your Personal Data, and we will do so if we are: relying on our own or someone else's legitimate interests to process your Personal Data, except if we can demonstrate compelling legal grounds for the processing; processing your Personal Data for direct marketing; or processing your Personal Data for research, unless we reasonably believe such processing is necessary or prudent for the performance of a task carried out in the public interest.
• Automated Decision-making and Profiling: If we make a decision about you based solely on an automated process (e.g. through automatic profiling) that affects your ability to access our Services or has another significant effect on you, you can request not to be subject to such a decision unless we can demonstrate to you that such a decision is necessary for entering into, or the performance of, a contract between us.

You can exercise any of these rights by contacting us at support@hedgrai.com.

By using the Services, you signify your agreement to this Privacy Policy. HedgrAI reserves the right to change or amend this Privacy Policy at any time. If we make any material changes to this Privacy Policy, the revised Policy will be posted here and we will notify our users at least 30 days prior to the changes taking effect so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it. Please check this page frequently to see any updates or changes to this Privacy Policy.

Any questions about this Privacy Policy, the collection, use and disclosure of Personal Data by HedgrAI or access to your Personal Data as required by law (to be disclosed) should be directed to support@hedgrai.com.

In the event that you wish to make a complaint about how we process your Personal Data, please contact us in the first instance at support@hedgrai.com and we will attempt to handle your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work where you think we have violated data protection laws.

For users in the UK, you can contact the Information Commissioner's Office (ICO) at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk

HedgrAI is committed to complying with all applicable laws and regulations regarding financial services, data protection, and cryptocurrency operations in the jurisdictions where we operate. This includes but is not limited to:

• Anti-Money Laundering (AML) Compliance: We implement robust AML policies to prevent money laundering and terrorist financing. This includes customer due diligence, transaction monitoring, and suspicious activity reporting.
• Know Your Customer (KYC) Requirements: We verify the identity of our clients to prevent fraud, money laundering, and other financial crimes. This process may involve collecting and verifying personal identification documents.
• Financial Regulations: We adhere to relevant financial regulations applicable to cryptocurrency trading and investment services in the jurisdictions where we operate.
• Data Protection: We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) in the EU and the Data Protection Act 2018 in the UK.
• Tax Reporting: We may be required to report certain financial information to tax authorities. We comply with applicable tax reporting requirements in the jurisdictions where we operate.

In some jurisdictions, cryptocurrency trading and investment services may be subject to specific regulations or licensing requirements. HedgrAI does not offer services in jurisdictions where such activities are prohibited or where we do not hold the required licenses or registrations.

Trading and investing in cryptocurrencies involves significant risks. It is important that you understand these risks before using our services.

• Market Risk: Cryptocurrency markets are highly volatile. Prices can fluctuate significantly over short periods of time, potentially resulting in substantial losses.
• Technology Risk: Our AI trading algorithms use sophisticated technology to analyze markets and execute trades. While designed to optimize returns, these algorithms cannot guarantee profits and may experience technical issues or make incorrect predictions.
• Liquidity Risk: Cryptocurrency markets may experience periods of low liquidity, which can affect the ability to execute trades at desired prices or to withdraw funds quickly.
• Regulatory Risk: The regulatory environment for cryptocurrencies is evolving. Changes in laws or regulations may adversely affect the value of cryptocurrencies or the operation of our services.
• Cybersecurity Risk: Despite our security measures, cryptocurrency transactions are vulnerable to cybersecurity threats, including hacking, phishing, and fraud.
• Operational Risk: Our services may be affected by technical issues, system failures, or other operational problems that could result in losses or delays.
• Counterparty Risk: When using our services, you may be exposed to the risk of default by counterparties involved in cryptocurrency transactions.
• Market Manipulation Risk: Cryptocurrency markets may be subject to manipulation, which could affect the performance of our trading algorithms and your investment returns.

All intellectual property rights in our platform, services, and content belong to HedgrAI or its licensors. This includes, but is not limited to:

• Our website and mobile application design, interface, and code
• Our trading algorithms and artificial intelligence systems
• Our brand names, logos, and trademarks
• Our text, graphics, images, videos, and other media content
• Our documentation, reports, and educational materials

You may not copy, modify, distribute, sell, or lease any part of our services or included software, nor may you reverse engineer or attempt to extract the source code of that software, unless laws prohibit those restrictions or you have our written permission.

You are granted a limited, non-exclusive, non-transferable license to access and use our services for personal or internal business purposes, subject to the terms and conditions of our User Agreement.

Any feedback, comments, or suggestions you may provide regarding our services is entirely voluntary, and we will be free to use such feedback, comments, or suggestions without any obligation to you.

Our services may contain links to third-party websites, applications, or services that are not owned or controlled by HedgrAI. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy and terms of use of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Our platform may integrate with third-party cryptocurrency exchanges to execute trades. While we select these partners carefully, we cannot guarantee their security practices or financial stability. You should review the terms and privacy policies of these exchanges before connecting your accounts.