SMELTOR PRIVACY POLICY

1. WHO WE ARE

This Privacy Policy is issued by Smeltor Ltd, a company incorporated in the Cayman Islands (“Smeltor”, “Company”, “we”, “us”, or “our”). Our registered office is at [Registered Office Address], Grand Cayman, Cayman Islands. For privacy enquiries, contact us at [privacy@smeltor.xyz].

This Policy is incorporated by reference into our Terms of Use. It is governed by the laws of the British Virgin Islands. Where you are located in a jurisdiction with applicable data protection laws, additional rights and obligations may apply as described in Section 9.

2. INFORMATION WE COLLECT

2.1 Information You Provide

• Wallet addresses when you connect to the Platform. We collect public wallet addresses only. We never collect private keys, seed phrases, or passwords.
• Creator profile information if you register as a Creator, including display name and profile details you voluntarily provide.
• Communications including email address and message content if you contact us for support or other enquiries.
• Survey and feedback responses if you participate in voluntary surveys or feedback requests.

2.2 Information Collected Automatically

• Device and browser information including device type, operating system, and browser version.
• Usage data including pages viewed, features used, actions taken, time spent, and referring URLs.
• Log data including access times, browser type, and pages visited.
• IP address — used for geolocation (country or region level) for compliance purposes. We store a hashed version of your IP address, not the raw value.
• Cookies and similar technologies — see Section 7.

2.3 Consent Records

When you accept the Terms of Use by signing with your wallet (EIP-712 signature), we store your wallet address, the version of the Terms accepted, a timestamp, and a hashed IP address. This record is maintained for legal compliance purposes and cannot be deleted on request as it forms part of our regulatory audit trail.

2.4 Blockchain Data

When you execute transactions through the Platform, your wallet address and transaction details are broadcast to the relevant blockchain network and become publicly visible. This is inherent to how blockchain technology operates and is not within our control. We may read and display on-chain data associated with your wallet address to provide Platform features including Verified Track Records.

2.5 Screening Data

We screen wallet addresses against applicable sanctions lists through third-party on-chain analytics providers. Screening results are logged for compliance purposes. We do not share individual screening results except as required by law.

3. HOW WE USE INFORMATION

3.1 Platform Operation

• To provide, operate, and maintain the Platform and its features.
• To process transactions and display your positions and activity.
• To enable Creator features including strategy publication and performance tracking.
• To display Verified Track Records and on-chain performance data.

3.2 Compliance and Safety

• To conduct sanctions screening and compliance checks as required by law.
• To enforce our Terms of Use including detecting and blocking Disqualified Persons.
• To maintain our legal audit trail including consent records.
• To detect, prevent, and address fraud, abuse, and harmful activities.
• To respond to legal requests from governmental authorities.

3.3 Platform Improvement

• To analyse usage patterns and improve Platform features.
• To conduct analytics on aggregated, anonymised data.
• To respond to your communications and support requests.

3.4 Legal Basis (EEA and UK Users)

If you are located in the European Economic Area or United Kingdom and access the Platform in breach of our Terms (you are a Disqualified Person from these jurisdictions), the following legal bases apply to any processing that occurs: (a) contract performance for transaction processing; (b) legitimate interests for fraud prevention, security, and compliance; (c) legal obligation for sanctions screening and regulatory compliance; and (d) consent where specifically obtained. Note that EEA and UK users should not be accessing the Platform — see Terms of Use Section 4.

4. HOW WE SHARE INFORMATION

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Infrastructure and hosting providers (including Vercel, Supabase).
• Wallet connection services (including Privy).
• Sanctions screening and on-chain analytics providers (including Chainalysis — wallet addresses screened against OFAC SDN list on connection).
• Analytics providers used for platform usage analysis.
• Customer support and communication services.

These service providers are contractually obligated to use information only for the purposes of providing services to us and in accordance with this Policy.

4.2 Third-Party Integrations

When you execute transactions through the Platform, your wallet address and transaction information are shared with the relevant Third Party Services (protocols, aggregators, bridges, and other infrastructure) as necessary to complete those transactions. This sharing is inherent to the technical execution of transactions and is described further in the Third Party Integrations and Disclaimer Policy.

4.3 Legal Requirements

We may disclose information if required to do so by law or in response to valid requests by public authorities, including to comply with legal process, to respond to regulatory requests, to protect the rights, property, or safety of Smeltor, our users, or others, and to enforce our Terms of Use.

4.4 Business Transfers

If the Company is involved in a merger, acquisition, sale of assets, or other business transaction, your information may be transferred as part of that transaction. We will provide notice if your information becomes subject to a materially different privacy policy.

4.5 Aggregated Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for any purpose, including product development, research, and public reporting.

5. DATA RETENTION

We retain information for as long as necessary to: (a) provide the Platform to you; (b) comply with legal obligations; (c) resolve disputes and enforce agreements; and (d) protect our legitimate business interests. Consent records (EIP-712 signatures) are retained indefinitely as part of our compliance audit trail. Information recorded on blockchain networks is permanent and cannot be deleted by us or anyone else. When information is no longer needed, we delete or anonymise it in accordance with our retention policies.

6. DATA SECURITY

We implement appropriate technical and organisational measures to protect information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls and authentication requirements, regular security assessments, and incident response procedures.

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the security of your wallet and private keys.

7. COOKIES AND TRACKING TECHNOLOGIES

7.1 What We Use

• Essential cookies: necessary for the Platform to function. Cannot be disabled.
• Analytics cookies: help us understand how users interact with the Platform. May be disabled.
• Preference cookies: remember your settings. May be disabled.

7.2 Your Choices

Most browsers allow you to control cookies through settings. Disabling non-essential cookies may affect Platform functionality. We display a cookie consent notice on first access. Your continued use of the Platform following dismissal of that notice constitutes acceptance of our essential cookies.

8. YOUR RIGHTS

8.1 Access and Correction

You may request access to information we hold about you and request correction of inaccurate information by contacting us at [privacy@smeltor.xyz]. We will respond within a reasonable time. Note that we may not be able to identify you beyond your wallet address, as we do not conduct KYC.

8.2 Deletion and Anonymisation

You may request that we delete or anonymise personal information we hold about you by contacting us at [privacy@smeltor.xyz]. We will respond within a reasonable time. Our standard response to deletion requests is anonymisation — replacing identifying information (including wallet addresses) with a randomised, non-reversible identifier, such that the remaining data can no longer be attributed to you. Anonymised data is not personal data and is retained for operational and compliance purposes. We consider anonymisation to be equivalent to deletion for the purposes of satisfying data subject requests under applicable law. Full deletion is available only where: (a) applicable law in your jurisdiction specifically requires deletion and does not permit anonymisation as an alternative; or (b) the data is not subject to our legal retention obligations under applicable law. The following data cannot be deleted or anonymised under any circumstances: (i) consent records (EIP-712 signatures), which form part of our legal compliance audit trail; (ii) sanctions screening logs, retained under CIMA AML obligations for a minimum of 5 years; (iii) blockchain transaction data, permanently recorded on-chain and outside our control; and (iv) any data we are required by law or regulatory order to retain.

8.3 Blockchain Data

Information recorded on blockchain networks is permanent and publicly visible. We cannot delete or alter on-chain data. This is an inherent characteristic of blockchain technology that you accept by using the Platform.

8.4 Jurisdiction-Specific Rights

If you are located in a jurisdiction with specific data protection rights (such as GDPR rights for EEA residents), you may have additional rights including the right to restrict processing, the right to data portability, and the right to object to processing. Note that EEA and UK users should not be accessing the Platform. To exercise any rights, contact us at [privacy@smeltor.xyz].

9. INTERNATIONAL DATA TRANSFERS

The Company is incorporated in the Cayman Islands and operates through infrastructure that may be located in various countries. By using the Platform, you acknowledge that your information may be transferred to and processed in countries outside your jurisdiction, including countries that may not provide the same level of data protection as your home jurisdiction. Where required by applicable law, we implement appropriate safeguards for international data transfers.

10. CHANGES TO THIS POLICY

We may update this Privacy Policy at any time. Updated versions will be posted at [smeltor.xyz/privacy] with a revised effective date. Your continued use of the Platform after posting constitutes acceptance of the revised Policy. For material changes, we will use reasonable efforts to provide advance notice.

11. CONTACT

For privacy enquiries, complaints, or to exercise your rights:

Smeltor Ltd

[Registered Office Address]

Grand Cayman, Cayman Islands

Privacy: [privacy@smeltor.xyz]

Legal: [legal@smeltor.xyz]