Privacy Policy of Aegis Vault Ltd.

Contents

Last Updated: December 10, 2024

1. INTRODUCTION

This Privacy Policy (“Policy”) explains how Aegis Vault Ltd. (“Company,” “we,” “us,” or “our”), a company incorporated in the British Virgin Islands with registration number 2163500, collects, uses, shares, and protects your personal information. This Policy applies to all users of our services, website, applications, and platforms (collectively, “Services”).

2. DATA CONTROLLER AND CONTACT INFORMATION

2.1. Data Controller:

Aegis Vault Ltd.
Registration Number: 2163500
Address: Quijano Chambers, P.O. Box 3159, Road Town, Tortola, British Virgin Islands

2.2. For privacy-related inquiries, contact our Data Protection Officer at [email protected]

3. ELIGIBILITY AND JURISDICTIONAL RESTRICTIONS

3.1. Restricted Jurisdictions
The Company does not provide services or process the personal data of persons who are:

Residents, citizens, or located in the United States of America
Residents, nationals, or located in jurisdictions subject to comprehensive sanctions, including:
Cuba
Iran
North Korea
Syria
The Crimea, Donetsk, and Luhansk regions
Russia and Belarus (subject to applicable sanctions programs)
Listed on restricted party lists, including:
US Treasury OFAC’s SDN List
UN Security Council Consolidated List
EU Consolidated Financial Sanctions List
UK HM Treasury Consolidated List
Any other applicable sanctions lists

3.2. User Obligations
Users must:

Confirm they are not subject to jurisdictional restrictions
Notify us immediately of any change in status
Not attempt to circumvent these restrictions
Comply with all applicable sanctions regulations

4. INFORMATION WE COLLECT

4.1. Information You Provide

Account registration details
Identity verification information (KYC/AML)
Blockchain addresses and transaction data
Communication records
Support requests
Compliance documentation

4.2. Information Automatically Collected

Device and browser information
IP address and geolocation data
Usage patterns and analytics
Platform interaction data
Network and connection information
Cookie and tracking data

4.3. Blockchain Data

Public wallet addresses
Transaction records
Smart contract interactions
Governance participation data
On-chain activity

4.4. Compliance Information

Sanctions screening results
Risk assessment data
Transaction monitoring alerts
Compliance verification records
Regulatory reporting information

5. LEGAL BASIS FOR PROCESSING

5.1. We process your data based on:

Contract performance
Legal obligations
Legitimate business interests
Your consent
Public interest requirements
Regulatory compliance

5.2. Specific Legal Bases:

KYC/AML compliance: Legal obligation
Transaction processing: Contract performance
Marketing: Consent
Security measures: Legitimate interests
Regulatory reporting: Legal obligation

6. HOW WE USE YOUR INFORMATION

6.1. Core Service Purposes:

Account management
Transaction processing
Security and fraud prevention
Customer support
Platform maintenance

6.2. Compliance Purposes:

KYC/AML verification
Sanctions screening
Transaction monitoring
Regulatory reporting
Legal obligations

6.3. Business Operations:

Service improvement
Analytics and research
Performance monitoring
Technical support
Business development

7.1. Within Aegis Ecosystem

Aegis DAO Foundation for governance
Affiliated entities under data protection agreements
Service providers and contractors
Technical infrastructure providers

7.2. Third-Party Service Providers

KYC/AML service providers
Cloud storage providers
Security services
Analytics providers
Professional services

7.3. Legal and Regulatory

Regulatory authorities
Law enforcement agencies
Courts and tribunals
Professional advisors
Government authorities

7.4. International Transfers
We may transfer data internationally:

Within the Aegis ecosystem
To service providers globally
Subject to appropriate safeguards
Following international data protection standards
In compliance with transfer regulations

8. DATA SECURITY

8.1. Technical Measures

Encryption at rest and in transit
Access controls and authentication
Firewalls and security monitoring
Regular security assessments
Incident response procedures

8.2. Organizational Measures

Staff training and policies
Access restrictions
Security protocols
Regular audits
Vendor assessment

9. DATA RETENTION

9.1. Retention Periods:

Account data: Duration of relationship plus 5 years
Transaction data: 7 years minimum
Communication records: 5 years
Compliance documents: As required by law
Technical logs: 2 years

9.2. Deletion Criteria:

Legal requirements satisfied
Business purpose fulfilled
User request (where applicable)
Technical feasibility

10. YOUR RIGHTS

10.1. You have the right to:

Access your personal data
Correct inaccurate information
Request data deletion
Restrict processing
Data portability
Object to processing
Withdraw consent
Lodge complaints

10.2. Exercise of Rights:

Submit requests to [email protected]
Verify identity for requests
Receive response within 30 days
No fee (unless excessive requests)

11. COOKIES AND TRACKING

11.1. We use:

Essential cookies
Analytics cookies
Preference cookies
Marketing cookies (with consent)

11.2. Cookie Control:

Browser settings management
Cookie preference center
Opt-out mechanisms
Do Not Track support

12. CHANGES TO THIS POLICY

12.1. We may update this Policy:

With prior notice
For regulatory compliance
To reflect service changes
Following industry standards

12.2. Notification:

Email notification
Website announcement
In-app notification
30 days’ notice for material changes

13. DISPUTE RESOLUTION

13.1. Resolution Process:

Internal review
Independent mediation
Regulatory authorities
BVI courts as final resort

13.2. Governing Law:

BVI law applies
International data protection standards
Regulatory requirements
Industry best practices

Updated on December 10, 2024