PRIVACY POLICY

REWORTH GAMES PROTOCOL

Last Updated: January 28, 2026

This Privacy Policy (hereinafter referred to as "Policy") describes how the Reworth Games Protocol, operated by its designated Operator ("Operator," "we," "us," or "our"), collects, uses, processes, stores, and protects personal data and information of users ("User," "you," or "your") who access and use the Reworth Games protocol-based platform and related services (collectively, the "Service" or "Platform").

This Policy is an integral part of and should be read in conjunction with our Terms of Use. By accessing or using the Service, you acknowledge that you have read, understood, and agree to the data collection and processing practices described in this Policy.

Jurisdiction and Applicable Law: This Policy is governed by the laws of the Federative Republic of Brazil, including but not limited to the General Data Protection Law (Lei Geral de Proteção de Dados - LGPD, Law No. 13.709/2018), the Brazilian Internet Civil Rights Framework (Marco Civil da Internet, Law No. 12.965/2014), and other applicable data protection regulations.

1. OPERATOR IDENTIFICATION AND DATA CONTROLLER

Data Controller: The Operator of the Reworth Games Protocol acts as the data controller for all personal data collected through the Service.

Contact Information:

The Operator is responsible for determining the purposes and means of processing personal data in accordance with applicable data protection laws, particularly the LGPD.

2. AGE RESTRICTIONS AND ELIGIBILITY

IMPORTANT: Use of the Service is strictly prohibited for individuals under eighteen (18) years of age. By accessing or using the Service, you represent and warrant that you are at least 18 years old and have the legal capacity to enter into binding agreements under the laws of your jurisdiction.

We do not knowingly collect, process, or maintain personal data from individuals under 18 years of age. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete such information from our systems.

If you are a parent or guardian and believe that your minor child has provided personal data to the Service, please contact us immediately at contact@reworthgames.com so that we can take appropriate action.

3. INFORMATION WE COLLECT

We collect and process various categories of information necessary for the operation, security, and improvement of the Service. The information collected falls into the following categories:

3.1 Information Provided by You

3.1.1 Web3 Wallet Address (Essential Data)

Your Web3 wallet's public address (e.g., Ethereum/Polygon address from Metamask, WalletConnect, or similar providers) is essential and mandatory for:

  • Account creation and authentication
  • Game functionality and progression tracking
  • Balance (USDC equivalent) management and tracking
  • Processing deposits, withdrawals and on-chain transactions
  • Referral Program participation and commission tracking
  • Reward Pool distribution

Nature of Web3 Wallet Data: Your wallet address is a public identifier on the blockchain and does not, by itself, constitute personal data under LGPD. However, when associated with your usage patterns and Account, it may become identifiable personal data subject to data protection regulations.

3.1.2 Communication and Support Data

When you contact our support team or communicate with the Operator, we collect:

  • Email addresses or communication identifiers
  • Content of your messages and inquiries
  • Any additional information you voluntarily provide in support requests

3.1.3 Know Your Customer (KYC) and Verification Data

In accordance with Section 15.4 of our Terms of Use, the Operator reserves the right to request additional identification and verification information, including but not limited to:

  • Full legal name
  • Date of birth
  • Government-issued identification documents (e.g., CPF, RG, CNH, passport)
  • Proof of address
  • Photographs or selfies for identity verification
  • Source of funds documentation

KYC Triggers: The Operator may require KYC verification in the following circumstances:

  • Withdrawal requests exceeding specified thresholds
  • Suspicious or unusual transaction patterns
  • Detection of potential fraud, multi-accounting, or Terms violations
  • Compliance with anti-money laundering (AML) obligations
  • Requests from law enforcement or regulatory authorities

Consequences of Non-Compliance: Failure to provide requested KYC documentation may result in suspension of withdrawal privileges, Account restrictions, or Account termination as specified in our Terms of Use.

3.2 Information Collected Automatically

3.2.1 Usage and Interaction Data

We automatically collect information about your interaction with the Service, including:

  • Dates and times of access and activity
  • Duration of sessions and time spent on specific features
  • Games played, scores achieved, and progression metrics
  • Features and functions utilized
  • Click patterns and navigation paths
  • Referral activities and commission generation

Purpose: This data is essential for Platform operation, reward distribution, fraud detection, and service improvement.

3.2.2 Technical and Device Data

We automatically collect technical information about your device and connection, including:

  • IP address (may be anonymized or pseudonymized)
  • Browser type, version, and language settings
  • Operating system and device type
  • Screen resolution and device identifiers
  • Referring and exit pages
  • User agent strings

Purpose: This data is used for security monitoring, fraud detection, technical support, service optimization, and compliance with legal obligations.

3.2.3 Transaction and Economic Data

We collect and maintain comprehensive records of all Platform economic activities, including:

  • Balance (USDC equivalent) transactions and history
  • Coin (in-game currency) acquisitions and expenditures
  • Reward Pool distributions received
  • Referral Commissions earned and paid
  • Service Fees charged
  • Withdrawal and Deposits requests, and processing status
  • Marketplace transactions
  • Purchase history

Purpose: This data is essential for:

  • Executing the Terms of Use and Platform economic model
  • Processing manual withdrawals and maintaining custody records
  • Fraud detection and prevention
  • Multi-account detection
  • Tax compliance and financial record-keeping
  • Defense in legal proceedings
  • Audit and reconciliation purposes

Retention: Transaction and economic data may be retained for extended periods (potentially indefinitely) to fulfill the Operator's tax obligations, maintain financial records, and preserve evidence for potential legal proceedings, as permitted under LGPD Article 16.

3.3 Blockchain and Web3 Data

3.3.1 Public Blockchain Transactions

All on-chain transactions conducted on the Polygon blockchain network, including but not limited to:

  • USDC withdrawal and deposit transactions
  • Smart Contract interactions
  • Token transfers
  • Gas fee payments

Critical Notice: These transactions are public, permanent, and immutable by the inherent nature of blockchain technology. Once recorded on the Polygon blockchain, this information:

  • Becomes publicly visible to anyone with access to blockchain explorers (e.g., PolygonScan)
  • Cannot be modified, deleted, or anonymized by the Operator or anyone else
  • Remains permanently accessible on the blockchain
  • May be analyzed and indexed by third-party services outside the Operator's control

Operator's Limited Control: The Operator has no control over the privacy, visibility, or processing of data recorded on the Polygon blockchain. Users acknowledge and accept that blockchain transactions are inherently public and that blockchain-based privacy cannot be guaranteed by the Operator.

3.3.2 Off-Chain Association

While blockchain transactions are public, the Operator maintains off-chain records that associate your Web3 wallet address with your Account, usage data, and other personal information collected through the Service. This association enables the Operator to provide personalized services and maintain the Platform's economic model.

4. LEGAL BASIS FOR DATA PROCESSING (LGPD)

The Operator processes personal data based on the following legal bases provided by the LGPD (Article 7):

4.1 Contractual Execution (Article 7, I)

Processing is necessary for the execution of the Terms of Use and the provision of the Service, including:

  • Account management and authentication
  • Game functionality and progression
  • Balance and Coins management
  • Reward Pool distribution
  • Referral Program administration
  • Deposit and Withdrawal processing

4.2 Legitimate Interest (Article 7, IX)

Processing is necessary for the legitimate interests of the Operator, including:

  • Fraud Detection and Prevention: Monitoring for cheating, multi-accounting, exploitation of vulnerabilities, and other prohibited conduct
  • Security of the Reward Pool: Conducting manual audits and security reviews to protect community funds held in custody
  • Platform Security: Detecting and preventing unauthorized access, cyberattacks, and security breaches
  • Service Improvement: Analyzing usage patterns to optimize user experience and develop new features
  • Business Operations: Managing the Platform's economic model and operational infrastructure

Users' rights and fundamental freedoms are respected through appropriate safeguards, transparency measures, and the ability to object to processing based on legitimate interest.

4.3 Legal Obligation (Article 7, II)

Processing is necessary for compliance with legal and regulatory obligations, including:

  • Tax Compliance: Maintaining financial records for tax reporting and audit purposes under Brazilian tax law
  • Anti-Money Laundering (AML): Implementing KYC procedures and reporting suspicious activities as required by applicable AML regulations
  • Law Enforcement Cooperation: Responding to valid legal requests from Brazilian authorities
  • Judicial and Administrative Proceedings: Preserving evidence and records for defense in legal proceedings

4.4 Consent (Article 7, I - when applicable)

For certain non-essential processing activities, the Operator may rely on your explicit consent, which can be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. HOW WE USE YOUR INFORMATION

The Operator processes collected information for the following purposes:

5.1 Service Provision and Operation

  • Account creation, authentication, and management
  • Game functionality, mechanics, and progression tracking
  • Balance and Coins management and tracking
  • Reward Pool allocation and distribution
  • Referral Program commission calculation and payment
  • Processing withdrawal requests through manual review procedures
  • Customer support and technical assistance

5.2 Security, Integrity, and Compliance

  • Fraud Detection: Identifying and preventing cheating, multi-accounting, bot usage, and exploitation of vulnerabilities
  • Security Monitoring: Detecting unauthorized access attempts, cyberattacks, and security breaches
  • Manual Audits: Reviewing withdrawals and high-value transactions to ensure legitimacy and protect the Reward Pool
  • Terms Enforcement: Investigating and taking action against violations of our Terms of Use
  • KYC/AML Compliance: Verifying user identity and preventing money laundering and terrorist financing
  • Legal Compliance: Fulfilling obligations under Brazilian law, including tax, consumer protection, and data protection regulations

5.3 Communication

  • Sending transactional notifications related to your Account activity
  • Providing withdrawal and deposit status updates and processing confirmations
  • Delivering security alerts and important notices regarding the Service
  • Responding to support inquiries and communications
  • Sending administrative messages required for Platform operation

We do not send marketing or promotional communications without your explicit consent.

5.4 Analysis and Improvement

  • Analyzing usage trends, user behavior, and feature effectiveness
  • Conducting A/B testing to optimize user experience
  • Identifying and fixing bugs or technical issues
  • Developing new features and improving existing functionality
  • Generating anonymized or aggregated statistics for business purposes

5.5 Financial and Tax Purposes

  • Maintaining accurate financial records for tax compliance
  • Generating reports for tax authorities as required by Brazilian law
  • Calculating and documenting the Operator's compensation from Service Fees
  • Distinguishing between third-party funds (Reward Pool, Referral Commissions) and Operator revenue
  • Preserving evidence for potential tax audits or legal proceedings

6. SHARING AND DISCLOSURE OF INFORMATION

The Operator does not sell, rent, or trade your personal information to third parties for marketing purposes. We may share or disclose information only in the following limited circumstances:

6.1 Service Providers and Third-Party Partners

We may share information with trusted third-party service providers who perform services on our behalf, including:

  • Blockchain Infrastructure: Polygon network nodes and RPC providers for transaction processing
  • Cloud Hosting: Server infrastructure providers for Platform hosting and data storage
  • Analytics Services: Privacy-respecting analytics tools for understanding usage patterns (with data minimization and anonymization where possible)
  • Communication Tools: Email service providers for support communications
  • Payment Processors: Cryptocurrency payment gateways and withdrawal processors (if applicable)

These service providers are contractually obligated to protect your information, use it only for specified purposes, and comply with applicable data protection laws.

6.2 Legal and Regulatory Compliance

We may disclose information when required or permitted by law, including:

  • Court Orders and Subpoenas: Responding to valid legal process from Brazilian courts
  • Governmental Authorities: Complying with requests from Brazilian law enforcement, tax authorities (Receita Federal), or regulatory agencies
  • Legal Investigations: Cooperating with official investigations of fraud, money laundering, or criminal activity
  • Tax Reporting: Providing information to tax authorities as required by Brazilian tax law

We will carefully review all legal requests and disclose only the minimum information necessary to comply with the legal obligation, unless broader disclosure is required by law.

6.3 Protection of Rights and Safety

We may disclose information to protect:

  • The rights, property, and safety of the Operator, the Protocol, and the Platform
  • The rights, property, and safety of our Users and the community
  • The security and integrity of the Reward Pool held in custody for Users
  • Against fraud, abuse, or violations of our Terms of Use
  • In connection with investigating prohibited conduct as specified in Section 6 of our Terms of Use

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or other business transaction, your information may be transferred to the acquiring entity. We will notify you via email or prominent notice on the Platform before your information is transferred and becomes subject to a different privacy policy.

6.5 With Your Consent

We may share information with third parties when you provide explicit consent for such sharing.

7. DATA RETENTION

7.1 General Retention Principles

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by applicable law.

7.2 Specific Retention Periods

8.2.1 Account Data

  • Active Accounts: Retained for the duration of your Account's active status
  • Inactive Accounts: Retained for up to 365 days after last activity, after which the Account may be deactivated and data subject to deletion (except for data subject to longer retention requirements)
  • Terminated Accounts: Retained for the duration required by legal obligations and legitimate interests as specified below

8.2.2 Transaction and Financial Data

Transaction data, including Balance history, Coins transactions, Reward Pool distributions, Referral Commissions, Service Fees, deposits and withdrawal records, may be retained for extended periods, potentially indefinitely, based on the following legal bases:

  • Tax Compliance: Brazilian tax law requires the retention of financial records for a minimum of 5 (five) years from the first day of the year following the reporting period (Lei nº 8.218/1991 and regulations from the Receita Federal)
  • Accounting Obligations: Retention may extend to 10 (ten) years for accounting records under certain circumstances
  • Statute of Limitations: Retained for the duration of applicable statutes of limitations for potential legal claims (generally 5-10 years under Brazilian law)
  • Legitimate Interest: Preserved as evidence for potential legal proceedings, disputes, or regulatory inquiries

8.2.3 KYC and Verification Data

Identity verification documents and KYC data may be retained for:

  • Minimum of 5 (five) years after Account closure for AML compliance
  • Longer periods if required by legal obligations or ongoing legal proceedings

8.2.4 Communication and Support Data

Support communications and correspondence may be retained for:

  • Up to 3 (three) years for quality assurance and training purposes
  • Longer periods if related to disputes, legal claims, or Terms violations

8.2.5 Technical and Usage Data

  • IP Addresses and Technical Logs: Generally retained for up to 12 months for security purposes, unless longer retention is required for fraud investigation or legal proceedings
  • Usage Analytics: May be anonymized and retained indefinitely for statistical and business analysis purposes

7.3 Blockchain Data Retention

Data recorded on the Polygon blockchain is permanent and immutable. The Operator has no ability to delete, modify, or anonymize blockchain-recorded transactions. Users acknowledge that blockchain data persists independently of this retention policy.

7.4 Data Deletion

Upon expiration of the applicable retention period and fulfillment of legal obligations, personal data will be securely deleted or anonymized. Users may request earlier deletion of certain data by exercising their rights under Section 9 of this Policy, subject to legal retention requirements.

8. SECURITY MEASURES

8.1 Technical and Organizational Measures

The Operator implements reasonable and appropriate technical and organizational security measures to protect personal data against:

  • Unauthorized access, disclosure, or use
  • Accidental or unlawful destruction, loss, or alteration
  • Any form of unlawful or unauthorized processing

Security measures include, but are not limited to:

  • Encryption: Data transmission encryption (HTTPS/TLS) and encryption of sensitive data at rest
  • Access Controls: Role-based access controls and authentication mechanisms limiting access to personal data
  • Safe{Wallet} Custody: Use of multi-signature Smart Contract wallets for secure custody of User funds
  • Manual Review Procedures: Security reviews of withdrawals and high-risk transactions by the Operator
  • Security Monitoring: Continuous monitoring for suspicious activity, unauthorized access attempts, and security threats
  • Secure Development: Security-focused development practices and regular security assessments
  • Data Minimization: Collection and retention of only necessary data
  • Staff Training: Training of personnel with access to personal data on data protection obligations

8.2 Limitations of Security

Despite our security efforts, no internet-based service or data storage system can be guaranteed to be 100% secure. Users acknowledge and accept that:

  • Data transmission over the internet carries inherent security risks
  • Absolute security cannot be guaranteed
  • The Operator shall not be liable for security breaches resulting from circumstances beyond its reasonable control
  • Users are responsible for maintaining the security of their Web3 wallets, private keys, and Account credentials

8.3 Security Breach Notification

In the event of a security breach that compromises personal data, the Operator will:

  • Assess the nature and scope of the breach
  • Take immediate steps to contain and mitigate the breach
  • Notify the Brazilian National Data Protection Authority (ANPD) if required by LGPD (Article 48)
  • Notify affected Users without undue delay if the breach poses a risk to their rights and freedoms
  • Provide information about the nature of the breach, potential consequences, and measures taken to address it

9. YOUR RIGHTS UNDER LGPD

As a data subject under Brazilian law, you have the following rights regarding your personal data in accordance with LGPD (Articles 17-18):

9.1 Right to Confirmation and Access (Article 18, I and II)

You have the right to:

  • Confirm whether the Operator processes your personal data
  • Access your personal data held by the Operator
  • Receive information about the processing activities, purposes, and retention periods

9.2 Right to Correction (Article 18, III)

You have the right to request correction of incomplete, inaccurate, or outdated personal data.

9.3 Right to Anonymization, Blocking, or Deletion (Article 18, IV)

You have the right to request:

  • Anonymization of personal data that is no longer necessary for the purposes for which it was collected
  • Blocking of personal data pending investigation of processing irregularities
  • Deletion of personal data processed without legal basis or that is no longer necessary

Limitations: These rights are subject to legal retention requirements. The Operator may be legally obligated to retain certain data (particularly financial and transaction data) for tax compliance, legal defense, and other mandatory purposes as specified in Section 7.2.2.

9.4 Right to Portability (Article 18, V)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit this data to another controller when technically feasible.

Limitations: This right does not apply to anonymized data or data recorded on the blockchain, which the Operator cannot extract or transfer.

9.5 Right to Information About Sharing (Article 18, VI and VII)

You have the right to information about:

  • Public and private entities with which the Operator has shared your data
  • The possibility of denying consent and its consequences

9.6 Right to Object and Revoke Consent (Article 18, VIII and IX)

You have the right to:

  • Object to processing based on legitimate interest, subject to the Operator demonstrating compelling legitimate grounds
  • Revoke consent previously given for processing activities based on consent

Note: Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal of consent may affect the Operator's ability to provide certain Service features.

9.7 Right to Review Automated Decisions (Article 20)

You have the right to request review of decisions made solely based on automated processing of personal data that affect your interests, including decisions based on profiling.

9.8 Exercising Your Rights

To exercise any of these rights, please contact the Operator through one of the following channels:

Primary Contact: contact@reworthgames.com
Support Contact: support@reworthgames.com

In your request, please:

  • Clearly identify yourself and the right(s) you wish to exercise
  • Provide sufficient information to enable us to locate your data
  • Specify the personal data or processing activities to which your request relates

We will respond to your request within a reasonable timeframe in accordance with LGPD requirements (generally within 15 days, as per ANPD regulations), and free of charge, except in cases of manifestly excessive or repetitive requests.

9.9 Right to Lodge a Complaint

If you believe that the Operator is not processing your personal data in accordance with LGPD or this Policy, you have the right to lodge a complaint with:

Brazilian National Data Protection Authority (ANPD)
Website: https://www.gov.br/anpd/

10. INTERNATIONAL DATA TRANSFERS

The Service operates primarily within Brazil, and data is processed and stored in accordance with Brazilian data protection laws. However, certain service providers and infrastructure components may be located outside Brazil, which may result in international data transfers.

In the event of international data transfers, the Operator will:

  • Ensure that adequate safeguards are in place as required by LGPD (Article 33)
  • Rely on appropriate transfer mechanisms such as standard contractual clauses, adequacy decisions, or specific authorization from ANPD
  • Inform Users of the countries or international organizations to which data may be transferred upon request

Users acknowledge and consent to such international transfers as necessary for the provision of the Service.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Use of Cookies

The Platform may use cookies and similar tracking technologies to:

  • Enable essential Service functionality and authentication
  • Remember User preferences and settings
  • Analyze usage patterns and improve the Service
  • Detect and prevent fraudulent activity

11.2 Types of Cookies

  • Essential Cookies: Necessary for the operation of the Service and cannot be disabled
  • Functional Cookies: Enable enhanced functionality and personalization
  • Analytics Cookies: Help us understand how Users interact with the Service (with anonymization where possible)

11.3 Managing Cookies

You can manage cookie preferences through your browser settings. However, disabling certain cookies may affect Service functionality. The Platform does not use third-party advertising or tracking cookies for marketing purposes.

12. THIRD-PARTY LINKS AND SERVICES

The Service may contain links to third-party websites, applications, or services that are not operated or controlled by the Operator. This Policy does not apply to third-party services, and we are not responsible for the privacy practices of such third parties.

We encourage you to review the privacy policies of any third-party services you access through the Platform. The inclusion of links does not constitute endorsement of those services.

13. CHANGES TO THIS PRIVACY POLICY

13.1 Updates and Modifications

The Operator reserves the right to update, modify, or replace this Privacy Policy at any time to reflect:

  • Changes in data processing practices
  • Updates to applicable laws and regulations
  • Improvements in privacy protections and security measures
  • Changes in the Service's features or operation

13.2 Notice of Material Changes

In the event of material changes to this Policy that substantially affect how we collect, use, or protect your personal data, we will provide notice through:

  • Prominent display on the Platform
  • Email notification to the address associated with your Account (if available)
  • In-Platform notifications

Your continued use of the Service after such notice constitutes acceptance of the updated Policy.

13.3 Effective Date

Changes to this Policy become effective on the "Last Updated" date displayed at the top of this document. We encourage you to review this Policy periodically to stay informed about our data protection practices.

14. CHILDREN'S PRIVACY

As explicitly stated in Section 2 of this Policy and Section 3.1 of our Terms of Use, the Service is strictly prohibited for individuals under 18 years of age.

We do not knowingly collect, process, store, or maintain personal data from minors under 18. If we discover that we have inadvertently collected such information, we will:

  • Immediately delete all personal data related to the minor from our systems
  • Terminate the associated Account
  • Take steps to prevent future access

Parental Notice: If you are a parent or legal guardian and become aware that your minor child has provided personal information to the Service, please contact us immediately at contact@reworthgames.com. We will take prompt action to delete such information and terminate the Account.

15. DATA PROTECTION OFFICER (DPO)

The Operator is committed to data protection compliance. While not currently required to appoint a formal Data Protection Officer under LGPD, the Operator has designated responsible personnel for data protection matters.

For data protection inquiries, requests, or concerns, please contact:

Email: contact@reworthgames.com
Subject Line: "Data Protection Inquiry" or "LGPD Rights Request"

16. LEGAL BASIS SUMMARY

This section summarizes the legal bases used for processing your data, in accordance with LGPD (Article 7):

  • Account Management, Balance, and Transactions (Deposits/Withdrawals): Processed under Contractual Execution (Art. 7, I) for the purpose of providing the Service and fulfilling financial requests.
  • Fraud Detection and Security Audits: Processed under Legitimate Interest (Art. 7, IX) to ensure platform integrity and Reward Pool protection.
  • Financial Record Retention and KYC: Processed under Legal Obligation (Art. 7, II) for tax compliance (Carnê-Leão) and AML/CFT regulations.
  • Usage Analytics: Processed under Legitimate Interest (Art. 7, IX) for continuous service improvement.
  • User Communication: Processed under Contractual Execution (Art. 7, I) for support and essential notifications.

17. CONTACT INFORMATION

For questions, concerns, requests, or complaints regarding this Privacy Policy or our data processing practices, please contact the Reworth Games Protocol Operator:

Primary Contact: contact@reworthgames.com
Support Contact: support@reworthgames.com
Subject Line: Please include "Privacy Policy Inquiry," "LGPD Rights Request," or "Data Protection" as appropriate

We are committed to addressing your privacy concerns and will respond to your inquiries in accordance with applicable legal requirements.

18. ACKNOWLEDGMENT AND CONSENT

BY ACCESSING OR USING THE REWORTH GAMES PROTOCOL, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY IN ITS ENTIRETY.

YOU SPECIFICALLY ACKNOWLEDGE AND CONSENT TO:

  1. The collection and processing of personal data as described in this Policy
  2. The legal bases for processing specified in Section 5
  3. The sharing of information in the limited circumstances described in Section 6
  4. The retention periods specified in Section 8, including extended retention for tax compliance
  5. The public and permanent nature of blockchain-recorded transactions
  6. The manual processing model for withdrawals and security reviews
  7. The Operator's right to implement KYC/AML procedures as described in Section 4.1.3
  8. International data transfers as described in Section 10
  9. Your rights under LGPD as described in Section 10
  10. The processing of on-chain transaction data related to your deposits for Balance management and security audit purposes.

Privacy Policy Version: 2.0
Effective Date: January 28, 2026
Jurisdiction: Federative Republic of Brazil
Governing Law: LGPD (Law No. 13.709/2018) and Brazilian Internet Civil Rights Framework (Law No. 12.965/2014)