GDPR Notice

Identity of Controller and Contact

AI Native Finance Portal ("AINFP", "we", "us") is operated in the United States by its owner, Bruce Pea.

Controller: AI Native Finance Portal, c/o Bruce Pea

Postal address: 2800 E Spring Creek Pkwy, Plano, TX 75074, United States

Email: [email protected]

Scope and Relationship to United States Law

This GDPR Notice explains our processing of personal information in connection with the AI Native Finance Portal website and services in the United States. We comply with applicable U.S. federal and state privacy laws and implement GDPR-aligned controls for individuals located in the European Economic Area (EEA) and the United Kingdom. Where laws differ, we apply the obligations required in our place of operation while honoring the rights described herein to the extent applicable.

Categories of Personal Information We Process

Information You Provide

• Contact details (e.g., name, email address).
• Account credentials and profile information (if account functionality is offered).
• Newsletter subscriptions, communication preferences, and survey responses.
• Support requests, feedback, and content you submit (including prompts and outputs within AI-assisted research tools).

Information Collected Automatically

• Device and usage data (IP address, browser type, operating system, language, time zone, pages viewed, referring/exit pages, clickstream data, and session timestamps).
• Cookie identifiers, pixels, and similar technologies for essential functionality, analytics, and, where applicable, advertising measurement.
• Approximate location derived from IP address for security, fraud prevention, and localization.

Information from Third Parties

• Service providers and partners (e.g., hosting, analytics, email delivery, security) that furnish aggregated or pseudonymized insights.
• Public sources and community platforms you choose to interact with in connection with our Services.

Public Blockchain and On-Chain Data

We may process publicly available blockchain data (e.g., wallet addresses, transaction hashes, token holdings) to provide research tools, market analysis, or on-chain insights. Such data is inherently public and immutable; requests to delete or rectify on-chain records cannot be fulfilled on the underlying ledger. Where feasible, we can dissociate or cease further linkage of such data to your account or contact details under applicable law.

Purposes of Processing

• Provide, operate, and maintain the website, tools, and features (including AI-assisted research and market analysis).
• Communicate with you regarding updates, newsletters, and administrative messages.
• Personalize content, measure engagement, and improve the user experience.
• Conduct analytics, research, testing, and service development.
• Ensure security, prevent fraud/abuse, and protect the integrity of the Services.
• Comply with legal obligations and enforce our terms, policies, and rights.
• Carry out marketing and promotional activities where permitted by law or with consent.

Legal Bases for Processing (EEA/UK)

• Consent: for non-essential cookies, certain marketing communications, and where required for specific processing (you may withdraw at any time).
• Contract: to provide Services you request and perform our agreements with you.
• Legitimate Interests: to secure the Services, prevent abuse, analyze and improve functionality, and engage in compatible business operations, provided these interests are not overridden by your rights.
• Legal Obligation: to comply with laws, regulations, or lawful requests.
• Vital Interests/Public Interest: only where strictly necessary and as permitted by law.

Sharing and Disclosure of Personal Information

• Service Providers: hosting, cloud, analytics, security, email delivery, and support vendors processing data under our instructions.
• Professional Advisors: legal, tax, compliance, and accounting advisors.
• Legal and Safety: to comply with applicable law, lawful requests, or to protect rights, safety, and security.
• Business Transfers: in connection with mergers, acquisitions, or similar transactions, subject to appropriate safeguards.
• Public Data: information published on public blockchains remains publicly accessible.

We do not sell personal information as the term “sell” is defined under certain U.S. state privacy laws. We may share identifiers and internet activity with partners for targeted advertising or measurement where permitted by law; you may opt out as described below.

Cookies, Tracking Technologies, and Targeted Advertising

We use cookies and similar technologies to enable core site functions, perform analytics, and, where permitted, support advertising measurement. You can manage cookies via your browser settings and, where required by law, we obtain consent before setting non-essential cookies. You may request to opt out of the sharing of personal information for targeted advertising by contacting us. If you clear cookies, your preferences may need to be renewed.

Retention of Personal Information

We retain personal information for as long as necessary to fulfill the purposes described in this Notice, including to meet legal, accounting, or reporting requirements. Typical retention periods include: operational logs for approximately 12–24 months; marketing preferences until you opt out or until they become inactive; account data for the life of the account plus a reasonable period thereafter. Public blockchain data persists indefinitely on the underlying ledger.

Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. No security controls are absolute; residual risk remains inherent to online systems.

International Data Transfers

We process data in the United States. When transferring personal information from the EEA/UK to the United States, we rely on appropriate safeguards such as standard contractual clauses and supplementary measures where applicable. You may contact us for more information on such safeguards.

Your Rights

Rights Under GDPR (EEA/UK)

• Access your personal data and obtain a copy.
• Request rectification of inaccurate or incomplete data.
• Request erasure (subject to legal and technical limitations, including on-chain data immutability).
• Request restriction of processing in certain circumstances.
• Object to processing based on legitimate interests, including direct marketing.
• Data portability for information you provided, where technically feasible.
• Withdraw consent at any time without affecting prior lawful processing.
• Lodge a complaint with a supervisory authority in your habitual residence, place of work, or place of alleged infringement.

Rights Under U.S. State Privacy Laws

Depending on your state of residence (e.g., California, Colorado, Connecticut, Utah, Virginia), you may have the right to:

• Know/access the categories and specific pieces of personal information we collect, use, disclose, and share.
• Request deletion of personal information, subject to exceptions.
• Request correction of inaccurate personal information.
• Opt out of the sale or sharing of personal information and of targeted advertising.
• Limit the use and disclosure of sensitive personal information (we generally do not collect sensitive categories for our Services).
• Appeal a decision regarding your privacy request.

How to Exercise Your Rights

To exercise your rights, contact us at [email protected]. We will verify your request using information reasonably necessary to confirm your identity (e.g., verifying control of your email address or other account-related information). We will respond within the timelines required by applicable law (generally 30 days under GDPR and 45 days under certain U.S. state laws, with extensions where permitted).

Authorized Agents (California)

If you are a California resident, you may designate an authorized agent to submit a request on your behalf. We may require proof of the agent’s authorization and verification of your identity.

Non-Discrimination

We will not discriminate against you for exercising any privacy rights granted by applicable law.

Automated Decision-Making and Profiling

Our AI-assisted tools may analyze prompts, preferences, and usage patterns to personalize content and improve the Services. We do not engage in automated decision-making that produces legal or similarly significant effects about you. If such processing is introduced, we will provide required notices and, where applicable, offer an opportunity to obtain human review or to opt out.

Children’s Privacy

Our Services are not directed to children under 13 years of age, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child contrary to law, we will take appropriate steps to delete it.

Do Not Track and Global Privacy Controls

Some browsers transmit “Do Not Track” signals; we do not respond to these signals. Where required by applicable U.S. state laws, we honor recognized browser or device-based opt-out signals (such as certain Global Privacy Control signals) for opting out of sale/sharing or targeted advertising.

Changes to This Notice

We may update this Notice from time to time to reflect changes in our practices, technologies, or legal requirements. Material changes will be indicated by updating the effective date below. Your continued use of the Services after an update constitutes acknowledgment of the revised Notice.

Effective Date

October 9, 2025