This Privacy Policy (this “Policy”) is intended to set forth, describe, define, and elaborate, in a comprehensive, detailed, structured, and exhaustive manner, the policies, principles, procedures, and operational standards adopted by StrateFai (“StrateFai”, the “Company”, “we”, “us”, or “our”) with respect to the collection, use, processing, storage, retention, transmission, disclosure, safeguarding, and general handling of information obtained in connection with your access to, interaction with, and use of the StrateFai platform, including, without limitation, all associated websites, applications, interfaces, APIs, smart wallet infrastructure, automated trading systems, algorithmic execution layers, and any and all related features, components, or services (collectively, the “Services”).

This Policy is intended not only to inform users of how information is handled within the operational and technical scope of the Services, but also to establish a clear and structured framework for data governance, system integrity, operational necessity, and user transparency. The Company adopts a principle-based approach to data handling, emphasizing necessity, proportionality, and minimization, while ensuring that the functionality and performance of the Services remain uncompromised.

By accessing, browsing, interacting with, registering for, or otherwise using the Services in any capacity whatsoever, you expressly acknowledge, represent, and agree that you have read, understood, and accepted the terms, conditions, and provisions set forth in this Policy in their entirety. If you do not agree with any aspect of this Policy, you must immediately discontinue use of the Services.

Your continued use of the Services shall be deemed to constitute your ongoing acceptance of this Policy, including any modifications, updates, or revisions that may be implemented from time to time at the sole discretion of the Company.

This Policy applies exclusively and solely to information that is collected, processed, stored, or otherwise handled by the Company in connection with your use of the Services. It does not apply to, and the Company expressly disclaims any responsibility, liability, or obligation for, the data practices, policies, or procedures of any third-party services, platforms, or entities.

Such third-party entities may include, without limitation:

• Centralized cryptocurrency exchanges.
• Decentralized exchanges and protocols.
• Blockchain networks and distributed ledger systems.
• Wallet providers and smart account infrastructure.
• Payment processors and financial service providers.
• Analytics, monitoring, and infrastructure vendors.

Each such entity operates independently and is governed by its own legal and operational frameworks. The Company does not control, supervise, or assume responsibility for the data handling practices of such entities.

Users acknowledge that interactions with third-party services are conducted at their own discretion and risk, and that any data shared with such services is subject to their respective policies.

This distinction is fundamental to understanding the scope and limitations of this Policy, which applies only to data handled within the direct control and operational environment of the Company.

The Company collects only such information as is reasonably necessary, appropriate, and proportionate to enable the operation, maintenance, security, and continuous improvement of the Services.

Information may be collected directly from users, automatically through system processes, or via authorized integrations with third-party systems.

This includes, but is not limited to:

For the avoidance of doubt, the Company does not collect, store, process, or have access to:

• Private keys.
• Seed phrases.
• Withdrawal credentials.

Authentication data is handled using secure methods such as encryption, hashing, and access controls.

The Company processes personal, technical, and operational information on the basis of lawful, valid, and recognized legal grounds that are necessary, proportionate, and appropriate in relation to the provision, operation, maintenance, and continuous improvement of the Services.

Such processing is conducted in accordance with applicable legal and regulatory frameworks and is designed to ensure that data handling activities are aligned with both operational requirements and user expectations of privacy and transparency.

These lawful bases include, without limitation:

• The necessity of processing for the performance of contractual obligations arising from the provision of the Services, including enabling access to platform features, facilitating integrations with third-party systems, supporting automated execution of user-defined strategies, and maintaining system integrity and operational continuity.
• Compliance with applicable legal, regulatory, or statutory obligations, including those relating to fraud prevention, security monitoring, and lawful disclosure requirements.
• Legitimate business interests pursued by the Company, including improving system performance, enhancing user experience, optimizing platform functionality, ensuring system security, preventing abuse or unauthorized activity, and maintaining overall operational efficiency.

Where required under applicable law, the Company may obtain user consent prior to engaging in specific categories of data processing. Users may have the ability to withdraw such consent in accordance with applicable legal requirements, subject to certain limitations relating to the functionality of the Services.

Information collected by the Company is used exclusively and strictly for purposes that are directly related, relevant, and necessary to the operation, functionality, maintenance, security, and ongoing improvement of the Services. The Company adheres to principles of data minimization and purpose limitation, ensuring that information is not used in a manner that is inconsistent with the purposes for which it was originally collected.

Such uses include, without limitation:

• Enabling and facilitating the execution of automated trading strategies based on user-defined configurations.
• Maintaining and supporting integrations with third-party exchanges and blockchain infrastructure.
• Generating analytics, insights, and performance metrics to improve system functionality.
• Ensuring the integrity, reliability, and security of the platform.
• Detecting, preventing, and responding to unauthorized activity, misuse, or security incidents.
• Communicating with users regarding account activity, system updates, technical notifications, and support inquiries.

For the avoidance of doubt, the Company does not sell personal data, does not engage in behavioral profiling for advertising purposes, and does not use personal data to serve targeted or personalized advertisements under any circumstances.

The Services incorporate and rely upon automated data processing systems, including algorithmic, rule-based, and system-driven mechanisms designed to execute trading strategies and perform related operational functions based on predefined user configurations and parameters. Such automated processing forms a fundamental and integral component of the Services and is essential to the delivery of core platform functionality.

All automated processing is conducted strictly within the boundaries of user authorization and system-defined logic. The Company does not exercise discretion, judgment, or independent decision-making authority in relation to the execution of such processes. All automated actions are initiated and governed by the rules, inputs, configurations, and permissions established by the user.

Users acknowledge and understand that automated processing may result in outcomes that vary due to external factors, including, but not limited to, market conditions, liquidity constraints, system latency, and third-party dependencies.The Company does not modify, override, or interfere with user-defined strategy logic beyond executing the parameters provided by the user.

The Company may share information with third-party service providers solely to the extent necessary to support the operation, maintenance, and delivery of the Services. Such sharing is limited in scope and is conducted in accordance with contractual, technical, and organizational safeguards designed to ensure that such data is used only for authorized purposes.

Such third-party providers may include, without limitation:

• Cloud infrastructure providers.
• Analytics and monitoring services.
• Payment processors.
• Security and compliance service providers.

In addition, the Company may disclose information where required to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

For the avoidance of doubt, the Company does not share, sell, lease, or otherwise disclose personal data to advertisers, marketing networks, or data brokers, and does not permit third parties to use such data for independent marketing or advertising purposes.

The Company retains information only for such period as is necessary, appropriate, and proportionate to fulfill the purposes for which such information was collected, including but not limited to providing the Services, maintaining system functionality, complying with legal obligations, resolving disputes, and enforcing contractual agreements.

Retention periods may vary depending on the nature, sensitivity, and purpose of the information, as well as applicable legal or regulatory requirements. The Company periodically reviews its data retention practices to ensure that information is not retained longer than necessary.

When information is no longer required for its intended purposes, the Company undertakes reasonable and appropriate measures to securely delete, anonymize, or otherwise render such information inaccessible, in accordance with industry standards and best practices.

When The Company implements a range of technical, administrative, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, or destruction. These safeguards are intended to ensure the confidentiality, integrity, and availability of information processed within the Services.

Such measures may include, without limitation:

• Encryption of data in transit and at rest.
• Implementation of access control mechanisms.
• Monitoring and logging of system activity.
• Periodic security assessments and updates.

These safeguards are continuously reviewed and improved in response to evolving security threats and technological developments.

Notwithstanding the foregoing, users acknowledge that no system, network, or method of data transmission or storage can be guaranteed to be completely secure. Accordingly, while the Company endeavors to protect information using reasonable and appropriate measures, it does not warrant or guarantee absolute security.

Information collected through the Services may be transferred to, stored in, and processed within jurisdictions outside of your country of residence, including jurisdictions that may have different data protection laws and standards.

Such transfers may be necessary for the operation of the Services, including the use of global infrastructure providers, distributed systems, and cross-border integrations.By accessing or using the Services, you acknowledge and consent to such transfers, subject to applicable legal safeguards and requirements.

The Company takes reasonable steps to ensure that such transfers are conducted in a manner consistent with applicable data protection standards and that appropriate safeguards are implemented where required.

Depending on applicable laws and regulations within your jurisdiction, you may have certain rights with respect to your personal data.

Such rights may include, without limitation:

• The right to access and obtain a copy of your data.
• The right to request correction of inaccurate or incomplete information.
• The right to request deletion of data, subject to legal and operational limitations.
• The right to restrict or object to certain processing activities.
• The right to request that your data be provided in a structured and portable format, where applicable.

Requests to exercise such rights may be submitted through the contact details provided below.

The Company will make reasonable efforts to respond to such requests in accordance with applicable legal requirements; however, certain requests may be subject to limitations based on operational, contractual, or legal considerations.

The Company uses cookies and similar technologies for the limited purpose of supporting platform functionality, maintaining session state, enabling authentication, preserving user preferences, and performing limited analytics to improve system performance and usability.

Cookies are used in a manner that is consistent with principles of necessity and data minimization.

The Company does not use cookies for:

• Cross-site tracking.
• Behavioral profiling.
• Targeted advertising.

Users may control or disable cookies through their browser settings; however, disabling certain cookies, particularly essential cookies, may impact the functionality, availability, or performance of certain features within the Services.

The Services are not intended for use by individuals under the age of eighteen (18), and the Company does not knowingly collect personal data from minors.If the Company becomes aware that personal data has been collected from an individual under the applicable age threshold without appropriate authorization, it will take reasonable steps to delete such information in accordance with applicable laws and best practices.

The Company reserves the right to modify, update, or revise this Policy at any time to reflect changes in legal requirements, operational practices, or service offerings. Any such updates will be effective upon posting within the Services or on the Company's website.

Users are encouraged to review this Policy periodically to remain informed about how their information is handled. Continued use of the Services following any modifications constitutes acceptance of the revised Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or the Company's data practices, you may contact: support@stratefai.com