Privacy Policy

42: EVENTS CONTRACT ASSET ISSUANCE PROTOCOL

PRIVACY POLICY

Effective Date: 2 Feb 2026

WE DO NOT SELL YOUR PERSONAL INFORMATION. You are already opted out from sharing personal information with third parties for their direct marketing purposes.

1. INTRODUCTION

This Privacy Policy ("Policy") describes how Deep Thought Labs Inc. and its affiliates (collectively, "Company," "we," "us," or "our") collect, use, disclose, and protect information when you access or use our events contract asset issuance platform, websites, mobile applications, and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Policy. If you do not agree with this Policy, please do not access or use our Services.

This Policy applies to information collected through the Services. It does not apply to information collected by third parties, including any websites, services, or applications that may link to or be accessible from the Services. We encourage you to review the privacy policies of any third-party services you access.

2. INFORMATION WE COLLECT

We strive to collect as little personal information as possible, within the legal requirements applicable to us. However, due to the general operation of internet protocols, some information (e.g. your IP address) may be passed onto us inadvertently.

We collect information in multiple ways: directly from you, automatically when you use our Services, and from third-party sources.

2.1 Information You Provide Directly

When you register for an account, complete verification, or otherwise interact with our Services, we may collect:

• Identity Data

  • Full legal name, date of birth, gender

  • Government-issued identification numbers (e.g., Social Security Number, passport number, national ID)

  • Copies of identification documents for verification purposes

• Contact Data

  • Email address, mailing address, telephone number

  • Communication preferences

• Financial Data

  • Bank account details and payment card information

  • Account balances and transaction history

  • Credit history and credit scores (where applicable)

  • Tax information

• Blockchain and Wallet Data

  • Wallet addresses you connect to our Services

  • On-chain transaction data associated with your wallet

  • Smart contract interaction history

• Profile and Usage Data

  • Username, password, and account preferences

  • Trading history, orders, and positions

  • Interests, preferences, and survey responses

  • Content you submit, including feedback and support requests

2.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information:

• Device and Technical Data

  • IP address, browser type and version, operating system

  • Device type, unique device identifiers, mobile network information

  • Time zone setting, language preferences

  • Hardware and software information

• Location Data

  • Approximate location derived from IP address

  • Wi-Fi access point and cell tower data (where available)

• Usage and Interaction Data

  • Pages viewed, features used, links clicked

  • Date, time, and duration of visits

  • Referring URLs and search terms

  • Error logs and performance data

2.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information and enhance your experience. The types of cookies we use include:

• Essential Cookies: Required for the Services to function properly, including authentication, security, and session management. These cannot be disabled.

• Preference Cookies: Remember your settings, language preferences, and personalization choices.

• Analytics Cookies: Help us understand how visitors interact with our Services, allowing us to improve functionality and user experience.

• Marketing Cookies: Used to deliver relevant advertisements and track the performance of marketing campaigns.

You can manage cookie preferences through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Services, including authentication functionality.

2.4 Information from Third Parties

We may receive information about you from third-party sources, including:

• Identity Verification Services: Consumer reporting agencies, identity verification providers, and government databases to verify your identity and comply with regulatory requirements.

• Financial Service Providers: Banks and payment processors (such as Plaid, Stripe) to facilitate deposits, withdrawals, and account linking. By using these services, you agree to their respective privacy policies.

• Authentication Services: If you log in using third-party services (e.g., Google, Apple), we receive profile information as authorized by your privacy settings with that service.

• Blockchain Data: Publicly available blockchain transaction data associated with wallet addresses you use.

• Marketing Partners: Business partners and data providers who help us understand our users and improve our marketing efforts.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for purposes described in this Policy or as otherwise disclosed to you, including:

3.1 Providing and Operating the Services

• Creating and managing your account

• Verifying your identity and eligibility

• Processing transactions, trades, and settlements

• Providing customer support and responding to inquiries

• Administering contests, promotions, and rewards programs

3.2 Communication

• Sending transactional messages (confirmations, alerts, account updates)

• Delivering technical notices, security alerts, and support messages

• Providing newsletters and marketing communications (with a separate consent where required)

• Conducting surveys and collecting feedback

3.3 Security and Compliance

• Detecting, preventing, and investigating fraud, unauthorized access, and illegal activity

• Enforcing our Terms of Use and other agreements

• Complying with legal and regulatory obligations, including anti-money laundering (AML) and know-your-customer (KYC) requirements

• Responding to legal process and government requests

• Market surveillance and maintaining market integrity

3.4 Improvement and Analytics

• Analyzing usage patterns and trends

• Improving and optimizing our Services

• Developing new features and products

• Conducting research and generating anonymized statistical data

3.5 Recording of Communications

We may monitor, record, retain, and use information and data that you communicate during your use of the Services, including via email, chat, and telephone. Such recordings may be used for quality assurance, training, compliance, dispute resolution, and as evidence of suspected criminal activity or policy violations.

4. DISCLOSURE OF INFORMATION

We are committed to maintaining your trust. We may share your information in the following circumstances:

4.1 Service Providers

We share information with authorized third-party service providers who perform services on our behalf, including payment processing, identity verification, data hosting, analytics, customer support, and marketing. These providers are contractually obligated to maintain confidentiality and use information only for the purposes for which it was disclosed.

4.2 Legal and Regulatory Compliance

We may disclose information to comply with applicable laws, regulations, legal processes, or governmental requests. This includes responding to subpoenas, court orders, and requests from regulatory authorities such as [relevant regulators, e.g., CFTC, SEC, financial regulators]. We may also disclose information to protect the rights, property, or safety of the Company, our users, or the public.

4.3 Business Transfers

In connection with any merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share information for other purposes disclosed to you and with your consent.

4.5 Aggregated and Anonymized Data

We may share aggregated or anonymized information that does not reasonably identify you for research, analytics, business purposes, or public reporting.

4.6 Employer or Affiliated Entity Disclosure

If you are employed by or affiliated with a regulated entity (such as a financial institution, exchange, or self-regulatory organization), we may disclose information about your activity to your employer or affiliated entity as required by applicable securities and commodities laws.

5. THIRD-PARTY TRACKING AND ADVERTISING

We participate in interest-based advertising and use third-party advertising companies to serve targeted advertisements based on your online activity and interests. These third parties may collect information through cookies and similar technologies.

You can opt out of interest-based advertising through:

• Network Advertising Initiative: http://www.networkadvertising.org/choices

• Digital Advertising Alliance: http://www.aboutads.info/choices

• Your mobile device settings ("Limit Ad Tracking" on iOS or "Opt Out of Interest-Based Ads" on Android)

• Google Ads Preferences: https://google.com/ads/preferences

5.1 Google Analytics

We use Google Analytics to understand how users interact with our Services. Google uses various technologies to collect information about your use, and may link activity across devices. For information on how Google uses data, visit: http://www.google.com/policies/privacy/partners/. You can opt out using the Google Analytics Browser Add-on: https://tools.google.com/dlpage/gaoptout/

6. DATA RETENTION

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, provide our Services, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements.

Specific retention periods include:

• Account Information: Retained for the duration of your account and for a reasonable period thereafter.

• Transaction Records: Retained for at least five (5) years after the end of our business relationship, or longer as required by applicable law (including financial recordkeeping requirements).

• Identity Verification Documents: Retained as required by AML/KYC regulations.

• Marketing Preferences: Retained to honor your opt-out requests.

• Communications Records: Retained for periods required for compliance and dispute resolution.

When information is no longer needed, we will securely delete or anonymize it.

7. DATA SECURITY

We implement technical, administrative, and physical safeguards designed to protect your information from unauthorized access, use, alteration, and disclosure. Our security measures include:

• Encryption of data in transit and at rest

• Access controls limiting personnel access to personal information

• Data masking and anonymization where appropriate

• Secure development practices and regular security assessments

• Segregation of customer data across multiple databases

• Monitoring and logging of access to sensitive systems

IMPORTANT: While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and wallet private keys.

8. YOUR RIGHTS AND CHOICES

8.1 Account Information

You may access and update certain account information by logging into your account settings. For information that cannot be updated through your account, please contact us using the information provided below.

8.2 Communication Preferences

You can opt out of promotional emails by clicking the "unsubscribe" link in any promotional message. You may not opt out of service-related communications (such as account verification, transaction confirmations, security alerts, and regulatory notices).

8.3 Device and Location Permissions

You can control access to device features (such as location services, camera, contacts) through your device or browser settings.

8.4 Data Subject Rights

Depending on your location and applicable law, you may have the following rights:

• Right to access your personal information

• Right to rectify inaccurate or incomplete information

• Right to erasure (deletion) of your personal information, subject to legal retention requirements

• Right to restrict or object to processing

• Right to data portability

• Right to withdraw consent (where processing is based on consent)

• Right to lodge a complaint with your local data protection authority

To exercise these rights, please contact us at [email protected]. We may need to verify your identity before responding to your request.

9. GRAMM-LEACH-BLILEY ACT (GLBA) NOTICE

Our Services are not directed to individuals resident in the United States or its overseas territories, as well as other restricted jurisdictions listed in our Terms of Use. We do not knowingly collect personal information from individuals in such jurisdictions.

If such individuals or legal entities attempt to use our services, some information may be automatically collected. If such information is collected from US individuals attempting to use our services or to circumvent our location restrictions, the following notices shall apply:

Applicable privacy laws, including the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act, provide you with the right to opt out of certain information sharing with affiliated and non-affiliated companies for their marketing purposes.

YOU ARE ALREADY OPTED OUT. We do not share your nonpublic personal information with any third parties that would trigger this opt-out right.

10. NOTICE TO CALIFORNIA RESIDENTS

This section provides additional information for California residents under the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA").

Note: The CCPA does not apply to nonpublic personal information collected by financial institutions that is subject to the GLBA. As a result, the CCPA may not apply to most information we collect.

For information subject to the CCPA, California residents have the right to:

• Request disclosure of the categories and specific pieces of personal information collected

• Request deletion of personal information

• Opt out of the "sale" or "sharing" of personal information

• Not be discriminated against for exercising these rights

We do not sell personal information. We may allow third parties to collect information through our Services for advertising purposes as described in Section 5.

To submit a request, contact us at [email protected]. You may designate an authorized agent to make a request on your behalf, but we may require proof of authorization and verification of your identity.

11. DO NOT TRACK SIGNALS

Some browsers transmit "Do Not Track" (DNT) signals to websites. We do not currently respond to DNT signals because there is no industry-standard approach to DNT. You can manage tracking preferences through the opt-out mechanisms described in this Policy.

12. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to, stored, and processed in the United States or other countries where we or our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

By using the Services, you consent to the transfer of your information to these countries. Where required by applicable law, we will implement appropriate safeguards for cross-border transfers, such as standard contractual clauses or other mechanisms.

13. CHILDREN'S PRIVACY

Our Services are not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children under 13 (or under 16 in certain jurisdictions).

If we become aware that we have collected personal information from a child, we will promptly delete that information unless we are legally required to retain it. If you believe a child has provided us with personal information, please contact us at [email protected].

14. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this Policy

• Notify you by email to the address associated with your account

• Post a prominent notice on our Services

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.

15. RELATIONSHIP TO OTHER AGREEMENTS

Users of our Services are also bound by our Terms of Use, any applicable Participant Agreement/Member Agreement, and applicable market rules. In the event of any conflict between this Privacy Policy and those agreements regarding the handling of your information, the provisions of the applicable agreement shall govern.

Data Controller: Deep Thought Labs Inc. is the data controller responsible for the processing of your personal information under this Privacy Policy.

SUMMARY OF DATA PRACTICES