Last updated: 28 august 2025

1. General Provisions

   1.1. Identity of the Data Controller

   This Privacy Policy is issued by Streamflow Research Inc., a company incorporated and existing under the laws of Panama, (“Streamflow,” “we,” “us,” or “our”). For the purposes of applicable data protection legislation, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK General Data Protection Regulation as incorporated into UK law by the Data Protection Act 2018 (“UK GDPR”), and applicable United States federal and state privacy laws, Streamflow acts as the Data Controller when determining the purposes and means of processing Personal Data.

   Please read this Policy carefully so that you understand your rights in relation to your personal data and how we will collect, use, and process your personal data. If you do not agree to this Policy, please do not use, access, connect to, interact with, or download any of the Services or otherwise provide your information to us.

   1.2. Applicability of this Privacy Policy

   This Privacy Policy governs all processing of Personal Data collected from or about individuals (“Users,” “you,” or “your”) who access or use our website https://streamflow.finance/, smart contracts, web applications, APIs, and all associated services, regardless of the means of access (collectively, “Services”). Where we process Personal Data strictly on behalf of a third-party business partner in accordance with their instructions, we act as a Data Processor, and the privacy policy of such partner will apply to that processing.

   1.3. Purpose of the Privacy Policy

   The purpose of this Privacy Policy is to explain in a clear and transparent manner:

   • the types of Personal Data we collect;
   • the legal bases on which we process such Personal Data;
   • the purposes for which we use Personal Data;
   • the circumstances in which we may share Personal Data with third parties; and
   • the rights and choices available to you in relation to your Personal Data.

   1.4 Consent and Agreement to Terms

   By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. In jurisdictions where consent is the lawful basis for certain processing activities (including, without limitation, the placement of non-essential cookies and the sending of marketing communications), you consent to such processing by providing your explicit opt-in in the manner described herein.

2. Definitions

   2.1. Personal Data — Any information relating to an identified or identifiable natural person, including:

   • direct identifiers such as your name, email address, or blockchain wallet address;
   • indirect identifiers such as IP address, device identifiers, and transaction metadata, which, when combined with other information, can reasonably be used to identify you; and
   • pseudonymous data, such as blockchain wallet addresses or smart contract interaction history, where such information can be reasonably linked to you.

   2.2. Sensitive Data — Certain categories of Personal Data afforded enhanced protection under applicable law, which may include:

   • financial account details and payment credentials;
   • blockchain transaction histories revealing asset holdings or trading activity;
   • precise geolocation;
   • government-issued identification numbers; and
   • any other category designated as “special category” or “sensitive personal information” under applicable law.

   2.3. Processing — Any operation performed on Personal Data, whether automated or not, such as collection, storage, use, disclosure, transmission, alteration, restriction, erasure, or destruction.

   2.4. Controller — The entity determining the purposes and means of Processing Personal Data.

   2.5. Processor — The entity Processing Personal Data on behalf of the Controller.

3. Legal Bases for Processing Personal Data

   We process Personal Data only where we have a lawful basis under applicable data protection laws. These include:

   3.1. Contractual Necessity — To enter into and perform a contract with you, including creating and managing your account, providing technical support, facilitating blockchain transactions, and enabling other core functions of the Services.

   3.2. Legal Obligation — To comply with obligations imposed by law, regulation, or court order, including but not limited to anti-money laundering (AML) and counter-terrorist financing (CTF) requirements, tax reporting, and responding to lawful governmental requests.

   3.3. Consent — Where you have explicitly agreed to the processing of your Personal Data for one or more specific purposes, such as receiving marketing communications or enabling non-essential cookies.

   3.4. Legitimate Interests — Where processing is necessary for our legitimate interests or those of a third party, provided these interests are not overridden by your fundamental rights and freedoms. Examples include fraud prevention, network security, and improving the Services.

4. Categories of Personal Data We Collect

   4.1. Automatically Collected Personal Data

   • Technical Data — IP address, browser type, device identifiers, operating system, and other system configuration details.
   • Usage Data — Pages visited, features used, transaction activity, and the timing of your interactions.
   • Location Data — Approximate location derived from IP address or device settings.
   • Cookies and Similar Technologies — Essential cookies for core functionality are set automatically; non-essential cookies require your consent where mandated by law.

   4.2. Personal Data Provided by You

   • Account and Registration Data — Name, email address, phone number, blockchain wallet address, and project details you voluntarily provide.
   • Communications Data — Content of support requests, inquiries, and related metadata.
   • Marketing Preferences — Your preferences regarding receipt of marketing communications.

   4.3. Sensitive Data — Collected only where necessary for the provision of Services, compliance with legal obligations, or with explicit consent where required.

5. Purposes of Processing

   5.1. Primary Purposes for Service Provision

   We process Personal Data primarily to operate and deliver the Services, which includes:

   • Account Establishment and Management — verifying identity, maintaining accurate records, and processing updates you request;
   • Transaction Facilitation — initiating, recording, and verifying blockchain transactions, including smart contract execution;
   • Security and Fraud Prevention — monitoring for suspicious activity, implementing anti-fraud measures, and defending against cyber threats;
   • Customer Service — responding to inquiries, resolving technical issues, and providing requested assistance;
   • Regulatory Compliance — fulfilling AML/CTF and other legal requirements;
   • Communication Recording — where permitted by law and, where required, with your consent, recording customer support calls or similar communications for accuracy, quality assurance, compliance, and training.
   • Recruitment process — If you submit an application by email, then we may process your personal data in order to consider your application and if your application proceeds, to contact you for interviews and engage in internal deliberations, discussions, negotiations, and planning. We may also request personal data as necessary to perform a background, reference, or other check, solely as permitted by applicable law.

   5.2. Secondary Purposes (With Consent Where Required)

   • Analytics and Service Improvement — collecting aggregated metrics on feature usage to inform platform improvements;
   • Marketing Communications — sending newsletters, promotional offers, or event invitations according to your preferences;
   • Product Research and Development — testing new features, integrations, and service enhancements.

   5.3. Purpose Limitation — We will not process Personal Data in a manner that is incompatible with the purposes for which it was collected unless otherwise permitted by applicable law.

6. Cookies and Tracking Technologies

   6.1 Categories of Cookies and Similar Technologies

   6.1.1. Essential Cookies

   • Strictly Necessary Cookies — Required for the operation of the Services, enabling core functionality such as security authentication, session management, and facilitating blockchain transactions. We do not need to obtain your consent in order to use these cookies, and they cannot be turned off as we cannot provide the Services without them.

   6.1.2. Non-essential Cookies

   • Performance and Analytics Cookies — Collect aggregated data on how Users interact with the Services to help us improve functionality, identify usability issues, and measure engagement; requires opt-in consent for Users in the EEA/UK;
   • Targeting and Advertising Cookies — Enable delivery of personalised advertising and measurement of campaign effectiveness; require opt-in consent in the EEA/UK;
   • Functionality Cookies — Store User preferences (such as language and region) to personalise the Service experience;
   • Web Beacons and Tracking Pixels — Embedded objects used to monitor engagement with content (e.g., email open rates).

   6.2. Consent Management

   No Non-Essential Cookies (as in 6.1.2. above) are set without your consent. However, if we introduce any of Non-Essential Cookies, the following will apply:

   • Upon your first visit to the Services (including on mobile devices), we present a clear and prominent cookie banner or consent management tool;
   • You may choose to: (i) accept all cookies; (ii) reject all non-essential cookies; or (iii) manage preferences at a granular level;
   • In jurisdictions requiring opt-in consent, all non-essential cookies are disabled by default until explicitly enabled by you.

   6.3. Withdrawal of Consent

   You may change or withdraw your cookie preferences at any time via our cookie management interface, which is accessible from every page of our website.

   6.4. Retention of Cookie Data

   Data collected through cookies and tracking technologies is retained only for as long as necessary to fulfil the stated purpose and is securely deleted or anonymised thereafter.

7. Disclosure and Sharing of Personal Data

   7.1. General Principles of Disclosure

   We do not sell or share your Personal Data to third parties. We disclose Personal Data only in compliance with this Policy, applicable laws, and contractual safeguards. Any such disclosure is limited to what is strictly necessary for the stated purpose.

   7.2. Categories of Recipients

   • Service Providers (Processors) — Third-party vendors providing hosting, cloud storage, analytics, customer support, compliance (e.g., KYC/AML verification), marketing, and security services, bound by Data Processing Agreements;
   • Professional Advisors — External lawyers, auditors, and accountants engaged under confidentiality obligations;
   • Affiliates and Subsidiaries — For operational or administrative purposes under equivalent protections;
   • Regulatory and Law Enforcement Authorities — Where disclosure is required to comply with a legal or regulatory obligation, court order, or to protect our legal rights;
   • Transaction Counterparties — In the context of mergers, acquisitions, financing, or corporate restructuring, provided appropriate confidentiality arrangements are in place;
   • Third-Party Services Chosen by You — Blockchain explorers, wallet providers, or integrations you elect to use.

   7.3. Vendor Transparency

   We maintain and make available a list of categories of third parties with whom we regularly share Personal Data.

   7.4. Cross-Border Disclosures

   Where such sharing involves transfer of Personal Data across national borders, safeguards described in Section 8 will apply.

8. International Data Transfers

9. Your Rights

10. Security and Retention

11. Minors’ Privacy

12. Changes to this Policy

13. Contact Us