Privacy Policy Last Revised: Nov 30, 2023 This Privacy Policy (the “Policy”) explains how Supa Labs Inc. (“Supa Labs”, “Supa”, the “Company”, “we”, “us”, or “our”) collects, stores, uses, and discloses your Personal Data (defined below) when using the supa.finance website and other websites which use subdomains of supa.finance (the "Site") and all of our other properties, products, and services (the “Services”). “Personal Data” means any information that directly or indirectly identifies a particular individual, including any other information that is subject to applicable data protection laws. Your use of the Site and Services is subject to this Policy as well as our Terms of Service. If you do not agree with any aspect of this Policy or our Terms of Service, you should immediately discontinue access or use of the Site and Services. Data We Collect The Personal Data we collect varies depending upon the nature of the Services provided or used, and our interactions with individuals. The types of data we collect may include, but are not limited to: Personal information that links back to an individual, such as name, date of birth, and other personal identification numbers. Publicly-available blockchain data, such as public wallet addresses. Contact information, such as email addresses and social media handles. Technical information, such as internet protocol (“IP”) addresses, device information, browser type, and operating system. Statistical data, such as website page views and unique visits. When We Collect Data This Privacy Policy covers any Personal Data provided to us: When you engage with our Site or Services; Under any other contractual agreement or arrangement. Some of the other ways we may collect Personal Data shall include, but is not limited to: Communications with you via telephone, letter, email, Discord, Telegram, or Twitter; When you visit the Site; When you fill out a contact form on the Site; When you contact us in person; When we contact you in person; When we collect information about you from third parties; and other channels including our support helpdesk. How We Use Data We use the data we collect in accordance with your instructions, including any applicable terms in our Terms of Service, and as required by law. We may also use data for the following purposes: Providing the Services. We use the data we collect to provide, maintain, customize and improve our Services and features of our Services. Customer support. We may use information to provide customer support for and answer inquiries about the Services. Safety and security. We may use data to protect against, investigate, and stop fraudulent, unauthorized, or illegal activity. We may also use it to address security risks, solve potential security issues such as bugs, enforce our agreements, and protect our users and Company. Legal compliance. We may use the information we collect as needed or requested by regulators, government entities, and law enforcement to comply with applicable laws and regulations. Aggregated data. We may use some of the information we collect or access to compile aggregated data that helps us learn more about how users use the Services and where we can improve your experience. How We Share Data We may share or disclose the data we collect: With service providers. We may share your information with our service providers and vendors to assist us in providing, delivering, and improving the Services. For example, we may share your wallet address with service providers like Infura and Cloudflare to provide technical infrastructure services, your wallet address with blockchain analytics providers to detect, prevent, and mitigate financial crime and other illicit or harmful activities, and your activity on our social media pages with our analytics provider to learn more about you interact with us and the Services. To comply with our legal obligations. We may share your data in the course of litigation, regulatory proceedings, compliance measures, and when compelled by subpoena, court order, or other legal procedure. We may also share data when we believe it is necessary to prevent harm to our users, our Company, or others, and to enforce our agreements and policies, including our Terms of Service. Safety and Security. We may share data to protect against, investigate, and stop fraudulent, unauthorized, or illegal activity. We may also use it to address security risks, solve potential security issues such as bugs, enforce our agreements, and protect our users, Company, and ecosystem. Business changes. We may transfer or share data to another entity in the event of a merger, acquisition, bankruptcy, dissolution, reorganization, asset or stock sale, or other business transaction. With your consent. We may share your information any other time you provide us with your consent to do so. We do not share your information with any third parties for any marketing purposes whatsoever. Third-Party Cookies Cookies are small data files that are sent from a server when you visit a website and are placed on your computer or mobile device. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information. We use cookies or similar technologies, which may be provided by third parties, on our Services to enable certain functionality and for security and fraud detection and prevention, as well as to collect usage information about our Services and the emails that we send, and to personalize content and provide more relevant ads and information. We may combine the information we collect via these technologies with other information, including Personal Data. You may indicate and choose your cookies preferences at any time through your browser settings, such as to accept certain cookies but reject others. Our policy relating to cookies complies with applicable laws. There are some internet activities that cannot take place without cookies collecting, using or disclosing Personal Data, such as those relating to security and network management. Necessary cookies also for example allow you to navigate back and forth between pages without losing your previous actions from the same session. For such necessary cookies, if you use our Site, you will be considered to have consented to the collection of Personal Data by such necessary cookies. We will get your express consent where our cookies collect Personal Data in the course of internet activities which you have not clearly requested for, or where you have not voluntarily provided your Personal Data, or where Personal Data collected from such cookies are used for advertisements directed at you. Third-Party Links and Sites We may integrate technologies operated or controlled by other parties into parts of the Services. This Policy does not apply to third-party websites that are accessible through the Site or Services. When you interact with these other parties, including when you leave the Site, those parties may independently collect information about you and solicit information from you. We encourage you to learn more about how those parties collect and use your data by consulting their privacy policies and other terms before providing any Personal Data. Security The security of your Personal Data is important to us. We implement and maintain appropriate and reasonable technical and organizational security measures designed to protect the security of any Personal Data we process. Despite our safeguards and efforts to secure your Personal Data, transmission via the internet is not completely secure and we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. You are responsible for all of your activity on the Site or Services, including the security of your blockchain network addresses, cryptocurrency wallets, and their cryptographic keys. International Data Transfers We may transfer your Personal Data anywhere in the world, including but not limited to the United States or other countries that may have data protection laws that are different from the laws in the country where you live. We will take all necessary measures to protect your personal information in accordance with this Policy and applicable law. Data Retention Except to the extent prohibited by law, and subject to this Policy, we will retain and use your Personal Data for as long as it is needed to provide you with any Services, communications, information you have requested, or access to the Services, to document our business relationship with you, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. When we have no ongoing legitimate business need to retain your Personal Data, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. Age Requirements The Services are intended for a general audience and are not directed at children. We do not knowingly solicit Personal Data from or market to users under 18 years of age (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”). Should we discover that we have collected Personal Data from a child who is under 18, we will promptly delete that Personal Data. If you believe we have received Personal Data about a child under the age of 18, please contact us at privacy@supa.finance. California Privacy Rights The California Consumer Privacy Act of 2018 (“CCPA”) requires certain businesses to provide a CCPA Notice to California residents to explain how we collect, use, and share their personal information, and the rights and choices we offer California residents regarding our handling of their information. Privacy Practices. We do not “sell” personal information as defined under the CCPA. Please review the “How We Share Data” section above for further details about the categories of parties with whom we share information. Privacy Rights. The CCPA gives individuals the right to request information about how we have collected, used, and shared your personal information. It also gives you the right to request a copy of any information we may maintain about you. You may also ask us to delete any personal information that we may have received about you. Please note that the CCPA limits these rights, for example, by prohibiting us from providing certain sensitive information in response to access requests and limiting the circumstances under which we must comply with a deletion request. We will respond to requests for information, access, and deletion only to the extent we are able to associate, with a reasonable effort, the information we maintain with the identifying details you provide in your request. If we deny the request, we will communicate the decision to you. You are entitled to exercise the rights described above free from discrimination. Submitting a Request. You can submit a request for information, access, or deletion to privacy@supa.finance. Identity Verification. The CCPA requires us to collect and verify the identity of any individual submitting a request to access or delete personal information before providing a substantive response. Authorized Agents. California residents can designate an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming their authority. Disclosures for European Union Data Subjects If you are located in the EU or UK, this section applies to you. The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your Personal Data. As such, we may rely on the following legal bases: Consent. We may process your Personal Data if you have given us permission (i.e., consent) to use your Personal Data for a specific purpose. You can withdraw your consent at any time. Performance of a Contract. We may process your Personal Data when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you. Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to: Send users information about special offers and discounts on our Services Analyze how our Services are used so we can improve them to engage and retain users Diagnose problems and/or prevent fraudulent activities Understand how our users use our Services so we can improve user experience Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved. Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person. Your rights under the General Data Protection Regulations (“GDPR”) include the right to: (i) request access and obtain a copy of your Personal Data, (ii) request rectification or erasure of your Personal Data, (iii) object to or restrict the processing of your Personal Data; and (iv) request portability of your Personal Data. Additionally, you may withdraw your consent to our collection at any time. Nevertheless, we cannot edit or delete information that is stored on a particular blockchain. Information such as your transaction data, blockchain wallet address, and assets held by your address that may be related to the data we collect is beyond our control. To exercise any of your rights under the GDPR, please contact us at privacy@supa.finance. We may require additional information from you to process your request. Please note that we may retain information as necessary to fulfill the purpose for which it was collected and may continue to do so even after a data subject request in accordance with our legitimate interests, including to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements. Changes to this Policy If we make material changes to this Policy, we will notify you via the Services. Nevertheless, your continued use of the Services reflects your periodic review of this Policy and other Company terms, and indicates your consent to them. Contact Us Please contact us with questions or requests regarding this Policy at privacy@supa.finance.