Privacy Policy

3.1 Blockchain Data

All interactions occur directly through your wallet on decentralized networks, and all transactions are recorded on the public blockchain. The data we may access or process includes:

• —Wallet Addresses: Public blockchain addresses you connect to our Protocol
• —Transaction Data: On-chain transactions, including amounts, timestamps, and smart contract interactions
• —Token Holdings: Information about tokens in connected wallets relevant to protocol functionality

Note: While this transaction data is used for analytics and performance improvement, blockchain transactions are inherently public and accessible via blockchain explorers.

3.2 Technical Information

We may automatically collect certain technical data through your use of the Protocol, either directly or via third-party service providers, including:

• —Log File Data: Internet protocol (IP) addresses, browser type, device identifiers, operating system version, crash data, and cookie data
• —Usage Analytics: How you interact with our interface, including pages visited, time spent on pages, drop-off points, features used and other behavioral data
• —Performance Data: Error logs, loading times, and system performance metrics

3.3 Communication Data

We may collect information you voluntarily provide when interacting with us, including:

• —Support Inquiries: Information you provide when contacting our support team
• —Community Participation: Posts in our forums, Discord, or other community platforms
• —Newsletter Subscriptions: Email addresses for updates and announcements

3.4 Third-Party Collaborations

If you interact with third-party providers (e.g., KYC/KYB service providers, fiat on/off-ramp providers, decentralized applications, or external authentication services), such providers may independently collect and process data under their own privacy policies. We do not control or assume responsibility for how third parties handle your data, and you are encouraged to review their privacy terms before engaging with them.

3.5 Information We Do NOT Collect

• —We do not collect private keys or seed phrases
• —We do not store personal identification documents
• —We do not track your activity across other websites or protocols

4.1 To Provide Access to our Protocol and Services

We use the data we collect to provide our Services, including to allow access to the Protocol and to operate and support our Services. We may also use the data we collect to assess, analyse and improve the performance of the Protocol and Services and to perform maintenance work from time to time.

We continuously analyse user interaction data to refine our Protocol's functionality, improve navigation, and create a seamless trading experience. Specifically, we use this data to:

• —Identify areas where users drop off before completing actions: Understanding where users abandon processes allows us to refine workflows, reduce friction, and enhance ease of use.
• —Assess how long users take to navigate certain features: Measuring time spent on different sections of the Protocol helps us determine which features are intuitive and which may require additional user guidance or redesign.
• —Improve Protocol design and ease of use: By analysing navigation behaviour, we can make data-driven improvements to our Protocol interface, simplify complex processes, and enhance the overall user journey.
• —Enhance overall Protocol performance: Understanding how users interact with our Services enables us to optimize system responsiveness, reduce latency, and provide a smoother trading experience.
• —Market & regional analysis: Tracking IP addresses allows us to gain insights into our global user base — identifying geographic trends, tailoring outreach strategies, and optimizing language support and customer assistance.
• —Security, fair trading & compliance: We monitor transactional data and user activity to ensure fair trading practices and detect fraudulent behaviour, unauthorized access attempts, and other forms of malicious activity.

4.2 To Communicate with You

We may use the data we collect to communicate with you to:

• —Respond to your support requests and inquiries
• —Send important protocol updates and security notifications
• —Provide educational content about DeFi and our protocol
• —Deliver newsletters and promotional materials (with consent)
• —Provide support requested by you

4.3 For Administrative and Legal Purposes

We may use the data we collect for administrative and legal purposes, such as for compliance purposes. This includes enforcing our Terms and Conditions, defending legal rights, complying with applicable laws and regulations, and preventing the Protocol and Services from being accessed by individuals in sanctioned territories or by sanctioned individuals.

We will not process your personal data for any purpose that is incompatible with the purposes listed above.

5.1 Third-Party Service Providers

We engage third-party service providers to support the operation, security, and improvement of our Services. These providers process personal data only on our behalf and under binding contractual obligations. Categories include:

• —Analytics Providers: Services such as Google Analytics to help us understand how users interact with our website and applications.
• —Infrastructure Providers: Cloud hosting services, CDNs, and data storage providers that enable a reliable, scalable, and secure platform.
• —Security and Monitoring Services: Vendors providing fraud detection, risk scoring, penetration testing, and vulnerability monitoring.
• —Communication Tools: Email and notification delivery services for updates, newsletters, and user communications.

5.2 Legal and Regulatory Requirements

We may disclose information when required by law, including to:

• —Comply with valid legal obligations such as court orders, subpoenas, or regulatory requests
• —Respond to lawful requests from public or governmental authorities, including national security or law enforcement requirements
• —Protect and defend our rights, property, or safety, or that of our users, affiliates, or others
• —Detect, prevent, or investigate fraud, security incidents, technical issues, or potential violations of our Terms and Conditions

5.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of the transaction. In such cases:

• —We will ensure the receiving entity is bound by confidentiality and data protection obligations consistent with this Policy.
• —Users will be notified in advance of any transfer where required by law or where the transaction materially changes the way their data is processed.
• —If the new entity intends to process personal data for materially different purposes, users will be given the opportunity to opt out or exercise applicable rights.

6.1 Technical Safeguards

• —Encryption of data in transit and at rest
• —Regular security audits and penetration testing
• —Multi-factor authentication for administrative access
• —Secure coding practices and regular updates

6.2 Operational Security

• —Limited access to personal data on a need-to-know basis
• —Employee training on data protection and security
• —Incident response procedures for data breaches
• —Regular backup and disaster recovery procedures

6.3 User Responsibilities and Shared Risk

Certain risks remain outside our control, especially in decentralized environments:

• —Wallet Security: We do not collect or store private keys, seed phrases, or authentication credentials. Users are solely responsible for securing their own wallets, devices, and credentials.
• —Privacy Settings: Users are advised to review and adjust their privacy settings within the Protocol to control data-sharing preferences.
• —Third-Party Integrations: We cannot control the security practices of external providers. Users should review third-party privacy and security policies before use.
• —Reporting Security Issues: Users are encouraged to report suspected vulnerabilities, breaches, or privacy concerns promptly.

7.1 Retention Periods

We retain your personal data only for as long as necessary for the purposes for which it has been collected, in accordance with applicable laws. Specific retention practices include:

• —Transaction and On-Chain Data: Information recorded on public blockchains is permanent and cannot be altered or erased. Off-chain records are retained only as long as necessary to provide the Services or comply with legal obligations.
• —Analytics Data: Aggregated and/or pseudonymised analytics data is retained for up to twenty-four (24) months, after which it is deleted or anonymised.
• —Support Communications: Correspondence is retained for up to three (3) years after resolution, unless a longer period is required to comply with legal obligations or resolve ongoing disputes.
• —Marketing Communications: Retained until you unsubscribe or withdraw consent. Minimal records of opt-out status may be kept for compliance purposes.

7.2 Data Deletion

You may request deletion of personal data we control by contacting us. We will honor such requests subject to the following limitations:

• —Legal and Regulatory Requirements: We may be required to retain certain information to comply with applicable laws, tax obligations, or lawful requests from authorities.
• —Legitimate Business Purposes: We may retain limited information necessary to protect the integrity of the Services, resolve disputes, enforce agreements, or prevent fraud.
• —Blockchain Immutability: Data permanently recorded on public blockchains cannot be deleted by us or any third party. Where feasible, we store personal data off-chain to provide greater control.

Where full deletion is not possible, we will take steps to anonymise or aggregate personal data so it can no longer reasonably be linked to an identifiable individual.

8.1 Access and Control

• —Right of access: You have the right to request confirmation of whether we hold any off-chain personal data about you and to obtain a copy of that data.
• —Right of rectification: You have the right to ask us to rectify or complete any personal data in our possession that you consider inaccurate or incomplete.
• —Right of erasure: You can ask us to delete your personal data if it is no longer necessary for the processing we carry out, subject to legal obligations. Data recorded on public blockchains is immutable and cannot be deleted.
• —Right to restriction of processing: You may request that we restrict or limit the processing of your personal data under certain conditions, such as pending verification of accuracy.
• —Right to object: You may object at any time to our processing of your personal data, including for marketing or analytics purposes. We will stop processing unless there are overriding legitimate grounds.
• —Right to data portability: Where applicable and technically feasible, you may request your personal data in a readable and structured format for transfer to another service provider.
• —Right to withdraw consent: You have the right to withdraw consent at any time for processing based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• —Right to complain: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Office of the Information Commissioner (OIC) in the British Virgin Islands.

8.2 Communication Preferences

• —Unsubscribe from marketing communications
• —Opt out of non-essential analytics tracking
• —Adjust notification preferences in your account settings

8.3 Exercising Your Rights

To exercise these rights, contact us at contact@getrxusd.com with:

• —Clear identification of your request
• —Proof of identity (wallet signature or other verification)
• —Specific information about the data in question

To process your request efficiently, we may ask you to provide additional information to confirm your identity and/or help us retrieve the relevant personal data.