Terms of use

Welcome to NUMTECH.IO "NUMTECH.IO", "we", "us", or "our"). We operate in the FinTech and blockchain space, building digital finance products and platforms that rethink how people interact with money and digital assets. We are committed to protecting your personal data and being fully transparent about how we collect, use, and protect it.

These Terms of Use apply to all NUMTECH.IO websites, web applications, mobile applications, APIs, blockchain-related services, and any other interactions you may have with NUMTECH.IO (collectively, the "Services"). By accessing or using our Services, you agree to the terms of these Terms of Use. If you do not agree, please discontinue use of our Services.

This Policy is designed to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), and other applicable data protection laws across the jurisdictions where we operate.

NUMTECH.IO is the data controller responsible for your personal data. Our Services are directed to individuals and businesses globally, including users in the European Economic Area (EEA), the United States, and beyond. You can reach us through the following channels:

‍General Privacy Inquiries: privacy@numtech.io

3.1 Data You Provide Directly

When you register, transact, seek support, or otherwise interact with NUMTECH.IO, you may provide us with:

• Identity & Contact Data: your name, email address, phone number, company name, and job title — collected via registration forms, account creation, and support requests

• Financial & Blockchain Data: wallet addresses, transaction IDs, tokenized payment method details, and KYC/AML documents such as government-issued ID — collected during onboarding, transaction execution, and regulatory compliance flows

• Communication Data: messages, support tickets, feedback, uploaded files, and survey responses — collected via in-app chat, email, and contact forms

• Recruitment Data: CVs, LinkedIn profiles, portfolios, and references — submitted through our careers page or directly by email

3.2 Data We Collect Automatically

When you use our Services, we automatically collect certain technical and behavioral data:

• Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, language settings, and time zone — collected via cookies, server logs, and SDKs

• Usage Data: pages visited, features used, clicks, session duration, referrers, and error logs — collected via analytics tools and application logs

• On-Chain Data: public blockchain activity linked to wallets that interact with our smart contracts — derived from publicly available on-chain data

We do not intentionally collect special-category data (such as racial or ethnic origin, health information, or political opinions). KYC/AML documents collected for regulatory compliance are processed under strict data minimization principles and stored with enhanced security controls. If we inadvertently receive other sensitive data, we will delete it promptly.

We process your personal data only where we have a valid legal basis to do so. The bases we rely on, by purpose, are as follows:

• Account creation & service delivery: Contract performance — processing is necessary to provide the Services you have requested

• KYC/AML compliance: Legal obligation — we are required to verify identity and monitor transactions under applicable financial regulations

• Transaction processing: Contract performance — necessary to execute the financial and blockchain operations you initiate

• Fraud detection & security: Legitimate interest — protecting our platform, users, and the integrity of financial systems

• Customer support: Contract performance and legitimate interest — resolving issues and maintaining service quality

• Marketing communications: Consent — we only send marketing emails where you have explicitly opted in

• Analytics & product improvement: Consent for non-essential cookies; legitimate interest for aggregated, privacy-preserving analysis

• Legal claims & compliance: Legal obligation and legitimate interest — meeting regulatory requirements and defending or asserting legal rights

• Recruitment: Consent and legitimate interest — assessing candidates for open roles

We use your personal data for the following purposes:

• Create and manage your NUMTECH.IO account and provide access to our Services

• Process financial transactions, execute blockchain operations, and manage digital assets on your behalf

• Conduct Know Your Customer (KYC) and Anti-Money Laundering (AML) verification as required by applicable regulations

• Detect, investigate, and prevent fraud, unauthorized access, and other illegal or prohibited activities

• Send transactional and service messages such as account alerts, security notifications, and transaction confirmations — these communications are essential and cannot be opted out of

• Send marketing and promotional communications where you have provided explicit prior consent

• Improve, personalize, and optimize our Services, interfaces, and user experience

• Comply with applicable financial regulations, tax obligations, and reporting requirements

• Process job applications and manage the recruitment pipeline

• Respond to legal requests, cooperate with regulatory inquiries, and enforce our Terms of Service

NUMTECH.IO uses third-party payment service providers such as Stripe or PayPal to process payments on our behalf. NUMTECH.IO does not directly collect or store full payment card numbers or banking credentials. Payment-related data — including your name, billing address, and tokenized card details — is processed and stored by these providers, subject to their own privacy policies and PCI-DSS compliance obligations.

NUMTECH.IO and its payment processors share a legitimate interest in using this data for order fulfillment, fraud prevention, and regulatory compliance.

We do not sell or rent your personal data. We share data with third parties only where necessary and as described below:

• Cloud & infrastructure providers: such as AWS and Google Cloud, for hosting, computing, and backup services

• Analytics providers: such as Mixpanel, Amplitude, and GA4, for product and usage analytics on a consent basis

• Payment processors: such as Stripe and PayPal, for handling financial transactions

• KYC/AML verification providers: such as Onfido or Jumio, for identity verification and regulatory compliance

• Blockchain infrastructure providers: including node providers and indexers, for transaction execution and on-chain monitoring

• CRM and communication tools: such as HubSpot and Intercom, for customer relationship management and communications

• Security and monitoring tools: such as Datadog and Sentry, for error tracking and platform security

• Professional advisers: including lawyers, accountants, and auditors, for legal, financial, and compliance services

• Public authorities: such as regulators and law enforcement agencies, where we are legally required to disclose data

All third-party data processors operate under written data processing agreements. They are permitted to use your personal data only in accordance with our documented instructions and must implement appropriate technical and organizational security measures.

NUMTECH.IO operates globally, and your personal data may be transferred to and processed in countries outside your country of residence, including the United States and other jurisdictions that may not provide the same level of data protection as your home country.

When transferring personal data from the EEA or the UK, we rely on the following safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission

• Adequacy decisions issued by the European Commission, where applicable

• Your explicit consent or contract necessity in specific, limited circumstances

We conduct Transfer Impact Assessments (TIAs) where required and implement supplementary technical and organizational measures to protect transferred data in jurisdictions that do not benefit from an adequacy decision.

We use cookies and similar tracking technologies across our Sites and Services. On your first visit, a cookie consent banner gives you the choice to accept all cookies, reject non-essential ones, or customize your preferences by category. You may revisit and update your choices at any time via the "Cookie Settings" link in our website footer, or by adjusting your browser settings.

We use four categories of cookies:

• Strictly Necessary: required for core site functionality, security, and session management — examples include session cookies, CSRF tokens, and Cloudflare security cookies. These cannot be disabled

• Analytics: used to understand how users interact with our Services and to improve the product — examples include GA4 (_ga), Mixpanel, and Amplitude

• Functional: used to remember your preferences and personalization settings — examples include language and theme preferences

• Marketing & Targeting: used to measure advertising performance and enable retargeting — examples include Google Ads conversion cookies and the LinkedIn Insight Tag

We honor the Global Privacy Control (GPC) signal as a do-not-sell and opt-out-of-sharing request for California residents.

We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy, comply with our legal obligations, and resolve any disputes. Our standard retention periods are:

• Account & identity data: for the duration of your account plus 5 years, in line with regulatory requirements

• KYC/AML records: 5 to 7 years from the end of the business relationship, as required by anti-money laundering regulations

• Transaction records: 5 to 7 years for tax, accounting, and financial regulatory compliance

• Blockchain data: indefinitely, as on-chain data is immutable by design and cannot be deleted from public ledgers

• Support communications: up to 2 years after the resolution of your request

• Marketing contact lists: until you withdraw consent or unsubscribe

• Analytics logs: 14 months on a rolling basis (GA4 default)

• CVs and recruitment data: up to 6 months following the end of a hiring cycle, or longer where you have given explicit consent

• Non-essential cookies: per your consent — typically session-length or up to 13 months

After the applicable retention period, personal data is securely deleted or anonymized. You may request deletion of your data at any time by contacting privacy@numtech.io , subject to any overriding legal retention obligations.

NUMTECH.IO takes the security of your personal data seriously. We implement industry-standard technical and organizational measures to protect your data against unauthorized access, loss, misuse, or unauthorized disclosure, including:

• TLS 1.3 encryption for all data transmitted over the internet

• AES-256 encryption for data stored at rest

• Multi-factor authentication (MFA) and role-based access controls for all internal systems

• Smart contract security audits and code reviews for our blockchain components

• Regular penetration testing and vulnerability assessments

• Automated data masking for diagnostic and crash reporting, ensuring personal data is stripped before transmission to monitoring tools

• Annual privacy and security training for all staff who handle personal data

• A documented incident response and breach notification procedure

In the event of a data breach that presents a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required by law, inform affected individuals without undue delay.

Our Services are intended for users aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a minor, we will take prompt steps to delete it. If you believe we may have collected data from someone under 18, please contact us at privacy@numtech.io.

13.1 Rights Under GDPR (EU/EEA and UK Users)

• Right of access — request a copy of the personal data we hold about you

• Right to rectification — ask us to correct inaccurate or incomplete data

• Right to erasure — request deletion of your data where it is no longer necessary or where processing was unlawful

• Right to restriction of processing — ask us to pause processing in certain circumstances

• Right to data portability — receive your data in a structured, commonly used, machine-readable format

• Right to object — to processing carried out on the basis of legitimate interests or for direct marketing

• Right to withdraw consent — at any time, where processing is based on your consent, without affecting the lawfulness of prior processing

• Right to lodge a complaint — with your local supervisory authority, such as the ICO (UK), CNIL (France), or BfDI (Germany)

13.2 Rights Under CCPA/CPRA (California Residents)

• Right to know — the categories and specific pieces of personal information we have collected about you

• Right to delete — request that we delete your personal information, subject to certain exceptions

• Right to correct — request correction of inaccurate personal information

• Right to opt out — of the sale or sharing of personal information (we do not sell data, and we honor GPC signals)

• Right to limit use of sensitive personal information

• Right to non-discrimination — we will not discriminate against you for exercising any of your privacy rights

• Right to use an authorized agent — to submit privacy requests on your behalf

13.3 How to Exercise Your Rights

To submit a privacy request, email privacy@numtech.iowith the subject line "Privacy Request" and clearly state which right you wish to exercise and the nature of your request. We may ask you to verify your identity before processing your request. We aim to respond within 30 days, or within the timeframe required by applicable law.

We may update these Terms of Use from time to time to reflect changes in our Services, business practices, or applicable legal obligations. For material changes that affect your rights, we will provide prominent notice on our website or notify you directly by email. The effective date at the top of this page always indicates when the policy was last revised.

Your continued use of our Services after any update constitutes your acceptance of the revised Terms of Use.

If you have any questions, concerns, or requests relating to these Terms of Use or our data practices, please get in touch:

• General privacy inquiries: privacy@numtech.io

• Data deletion or access requests: privacy@numtech.io— Subject: "Privacy Request"