Privacy Policy

Infini Labs and its related entities responsible for operating this service (hereinafter referred to as "Infini", "we" or "the Company") attach great importance to and are committed to protecting the privacy rights of users ("you", "your" or "user"), and strictly in accordance with applicable laws, regulations and regulatory requirements, take reasonable and appropriate measures to ensure the security of users' personal information and privacy.

This Privacy Policy applies to situations where you access or use related products and services through our websites, mobile applications, API interfaces or other digital tools operated by us (collectively referred to as the "Services"), and explains how we collect, use, store, share, protect and process your personal information in the above scenarios in accordance with the law. This Privacy Policy outlines:

• The types of personal information we collect, including basic personal information, identity verification information, financial information, payment information, device and usage information, and information obtained from third parties under the premise of complying with legal requirements;
• How we use, share and protect this information within the legitimate, justifiable and necessary scope for account management, service delivery, compliance and risk management, service improvement, security maintenance, internal operations, and related communications where applicable laws permit and necessary consents are obtained;
• Your rights and choices, including rights to access, correct, delete, restrict processing, data portability, object to processing and withdraw consent; how to contact us, and how we handle your inquiries and complaints.

We may revise this Privacy Policy from time to time and update the "Last Updated" date at the top of the policy. If the revisions involve substantive changes to the way personal information is used, we will send notifications via the latest email you provided, post announcements in prominent positions on the website or application, or use other methods that comply with applicable laws to inform you, and obtain your consent where necessary. Unless otherwise provided by applicable laws, your continued use of the Services after the new version is published shall be deemed as your awareness and understanding of the updated Privacy Policy content.

We adopt reasonable technical, administrative and physical security measures to protect your personal information from unauthorized access, loss, misuse or alteration. However, internet transmission is not absolutely secure, and we cannot guarantee the absolute security of data. Nevertheless, we will evaluate and improve our security measures from time to time in accordance with business needs and requirements of applicable laws to address potential security risks.

Please note that this Service may link to third-party websites, applications or services. We are not responsible for the privacy practices of these third parties and recommend that you review their privacy policies. We only assume corresponding data protection responsibilities for personal information that we directly collect and process within our control. We encourage you to carefully evaluate your privacy terms before accessing any third-party services to ensure that your personal information is properly protected.

If you have any questions about this Privacy Policy or the way we handle personal information, please contact us through the methods provided in the "Contact Us" section below. We will respond to your inquiries within a reasonable period in accordance with applicable legal requirements and provide necessary assistance.

1. Basic Definitions

In this Privacy Policy, unless the context clearly indicates otherwise, the following terms have the following meanings: "Infini", "we" or "the Company": refers to Infini Labs and its related entities responsible for operating this Service, specifically subject to the entity providing the relevant services to you. "User" or "you": refers to natural persons who access, browse, register, log in or otherwise use this Service, or their legally authorized representatives. "Services": refers to websites, mobile applications, API interfaces or other digital tools operated by us, as well as related products and services provided to you through the above channels. "Personal Information": refers to various information recorded electronically or otherwise that relates to an identified or identifiable natural person, excluding information that has been anonymized and cannot identify a specific natural person and cannot be restored. "Basic Personal Information": refers to personal information necessary for providing services or account management to you, such as name, contact information, account identification information, etc., specifically subject to the actual service scenario. "Identity Verification Information": refers to information collected for verifying user identity, fulfilling compliance obligations or conducting risk management, such as identity proof document information, identity verification results, etc. (if applicable). "Financial Information": refers to information related to user funds, accounts or transactions, such as account balances, transaction records, etc. (if applicable). "Payment Information": refers to information required for completing payments or fund settlements, such as payment tool-related information or payment transaction records (if applicable). "Device and Usage Information": refers to information related to devices or usage behavior generated during the user's use of the Services, such as device type, operating system, IP address, access time, usage logs, etc. "Third Party": refers to any individual, company or organization other than us and the related entities responsible for operating this Service. "Processing": refers to any operation performed on personal information, including but not limited to collection, use, storage, sharing, protection, deletion or other processing. "Applicable Laws": refers to laws, regulations, regulatory provisions and related norms that are binding on us for the collection, use, storage, sharing, protection and processing of personal information.

3. Types of Personal Information We Collect

We only collect personal information when necessary and within the scope permitted by applicable laws, to provide services, fulfill compliance obligations or achieve other legitimate purposes directly related to the foregoing. Personal information may be collected through the following methods: directly provided by you, automatically collected, or obtained from legitimate third-party sources. We will follow the principle of data minimization in accordance with the requirements of applicable laws, and inform you of the corresponding processing purposes when collecting personal information. We may collect and process your personal information within the scope permitted by applicable laws, based on specific purposes or for the needs of providing related services. In the process of actually using the Services, some personal information may be automatically collected by the system (such as data generated when you interact with our Services), or may be directly provided by you to us. Under the premise of complying with laws and regulations, we may also obtain your personal information from legitimate sources or third parties related to the Services before direct interaction with you. The categories of personal information we collect may vary depending on the service functions and applicable laws and compliance requirements (such as KYC, AML, CDD), specifically including the following categories.

4. How We Use Personal Information

We use personal information to provide, maintain and improve the Services, and to fulfill applicable legal obligations. The processing of relevant personal information is based on legitimate grounds provided by applicable laws, such as performing contracts, complying with legal obligations, our legitimate interests, or based on your consent where necessary.

Specific purposes include:

• Account Management and Operations: Registration, verification, account maintenance, providing customer support, managing your account and its daily operations, processing your applications, subscribing and registering for our products and services, managing your account, and providing our products and services to you.
• Service Delivery: Processing transactions, payments, earnings distribution, providing content and information related to service functions, and providing relevant service information to you through our websites, applications or other legitimate communication channels, providing our services to you, including through in-person events, social media, email and other online venues.
• Compliance and Risk Management: KYC/AML checks, anti-fraud, reporting to regulatory authorities, complying with legal obligations, complying with court orders, subpoenas or other legal processes (regardless of jurisdiction), complying with applicable laws and regulations, complying with requirements from government authorities, law enforcement agencies or similar institutions (regardless of jurisdiction), conducting customer due diligence, anti-fraud and risk assessments under applicable legal requirements, and submitting or verifying necessary information to regulatory authorities or authorized compliance service providers in accordance with the law.
• Service Improvement: Analyzing trends, usage behavior, testing new features, diagnosing issues, managing, providing, maintaining, improving and personalizing our products and services, including identifying you and remembering your personal information when you return to our Services, helping us facilitate transactions and personal benefits and services, including customer support, contests, sweepstakes and promotions, identifying and analyzing how you use our Services, helping us monitor and analyze trends, usage and activities related to our Services, helping us improve and customize our Services to meet the needs and interests of our user base and other individuals who interact with us, helping us test, enhance, update and monitor the Services, or diagnose or fix technical issues.
• Marketing and Communication: Sending updates and promotions based on your interests (with consent), managing contests/sweepstakes, through email or phone marketing functions, products or special events, sending updates or promotional information related to our Services to you where applicable laws permit and your explicit consent is obtained, and supporting the marketing and advertising efforts of our Services, generating and analyzing data about users and their usage of our Services, we will not use your personal information for third parties' independent marketing purposes without your consent.
• Security and Integrity: Detecting malicious activities, maintaining system security, helping us maintain the security, reliability and integrity of the Services, technical assets and business, helping us detect, prevent, investigate or notify malicious, deceptive, fraudulent, illegal or criminal activities.
• Internal Operations: Auditing, data analysis, business development, testing changes and developing new features and products for our Services, resolving issues you may encounter related to our Services, including providing support and resolving disputes, managing service platforms, including support systems and security, preventing, investigating and responding to fraud, unauthorized access or use of our Services, violations of terms and policies or other improper activities, complying with legal obligations and applicable retention periods, establishing, exercising or defending our rights in legal proceedings.

We will not use personal information for activities inconsistent with the collection purposes. We may also inform you of other uses when collecting personal information. If the legal jurisdiction (including country or region) where you are located has special requirements for the use or protection of personal information, we will comply with these requirements unless otherwise provided by applicable laws. If GDPR or other laws apply, we will clearly inform you of the processing basis (see Section 16 for details).

5. How We Share Personal Information

We only share personal information when necessary and within the scope permitted by applicable laws. Within the scope permitted by law, third parties assume corresponding responsibilities for their independent processing of your personal information. Sharing recipients include:

• Service Providers: Sharing personal information with third-party service providers that provide services on our behalf (such as payment processing, cloud infrastructure, data storage, technical support or compliance service providers), and limited to the scope necessary for them to fulfill their contractual obligations with us.
• Within the Group: If applicable, we may share your personal information within the company group for internal management or to support the provision of Services, and strictly follow the processing purposes described in this Privacy Policy.
• Regulatory Authorities: Under applicable legal requirements, we may disclose personal information to regulatory authorities, law enforcement agencies, courts or other competent institutions, such as fulfilling anti-money laundering reporting obligations, responding to legitimate judicial or regulatory requests.
• Business Transfers: In the event of mergers, acquisitions, reorganizations or asset transfers of the company, personal information may be transferred as part of the transaction, but will continue to be bound by applicable data protection laws and this Privacy Policy or privacy arrangements with equivalent protection levels.
• Others: Sharing with your consent, or in other necessary circumstances permitted by law, for protecting relevant rights or security.

When sharing personal information, we will require recipients to take reasonable and appropriate data protection measures in accordance with applicable legal requirements, and sign data processing or confidentiality agreements where necessary. We may need to retain, process and/or disclose your personal information to agents, contractors or other third-party service providers, and for the processing of personal information under their independent control by third parties, they shall assume corresponding responsibilities in accordance with applicable laws.

6. Cookies and Similar Technologies

When you access or use Infini's websites or applications, we may use Cookies and similar technologies to automatically collect some information. Cookies are small text files stored on your device. In addition, we may also use similar technologies, such as web beacons, pixel tags, embedded scripts and log files (hereinafter collectively referred to as "Cookies and Similar Technologies"), to help us understand the usage of the Services, enhance website performance and optimize user experience. We and authorized third-party service providers may use the above Cookies and Similar Technologies (i) Cookies or small data files stored on your device, and (ii) other similar technologies (including web beacons, pixel tracking, embedded scripts, location identification technologies and logging technologies, collectively referred to as "Cookies"), to automatically collect information related to your use of the Services, and use such information only within the scope of achieving the purposes described in this Privacy Policy. The purposes for which we use cookies and similar technologies include: ensuring the normal operation of the websites and services, including authentication and session management; analyzing website traffic and usage behavior to identify popular content and improve navigation; improving functionality and overall performance, such as remembering your preferences and settings; enhancing security and preventing fraudulent behavior, such as detecting abnormal logins; supporting content display or promotional activities related to the Services with your explicit consent. For the above purposes, we may entrust third-party service providers to assist in providing related analytics services. Such third parties may process relevant information in accordance with their own privacy policies, and you may manage or opt out of their data collection activities through options provided by the relevant service providers.

7. Choices for Managing Cookies

You have the right to disable non-essential Cookies at any time. However, please note that disabling some Cookies may affect some functions or Services of the website, such as inability to remember login status or personalized recommendations. If you do not wish to receive cookies, most browsers support the following operations: (i) prompt you when receiving cookies by adjusting settings, allowing you to decide whether to accept them autonomously; (ii) disable existing cookies; or (iii) set the browser to automatically reject cookies. Please note that these operations may affect the website usage experience, and some functions or Services may experience abnormalities or even be completely unusable. Depending on your device and operating system version, it may not be possible to completely clear all cookies. In addition, if you want to uniformly reject cookies on all browsers and devices, you need to set them separately in each browser on each commonly used device. You can also prevent the system from automatically downloading images that may contain technical codes through email option settings—these codes can help us identify whether you have accessed the email and performed related operations. You can manage Cookies through browser settings, including accepting or rejecting Cookies and deleting existing Cookies. For marketing information sent via email, you can choose to unsubscribe at any time through the methods provided in the relevant communications. Most browsers support the above Cookie management options, and you can regularly check and adjust relevant settings according to your own preferences.

The legal basis for setting cookies is the legitimate interests under Article 6(1)(f) of the General Data Protection Regulation (hereinafter "GDPR") (if applicable), and your consent under Article 6(1)(a) of the GDPR under the premise of complying with legal requirements. Where the use of cookies is necessary for fulfilling a contract in initiating or continuing a contractual relationship, the legal basis is Article 6(1)(b) of the GDPR. For situations where GDPR applies, the processing of relevant personal data will be based on legitimate interests (Article 6(1)(f) of the GDPR) or the data subject's consent (Article 6(1)(a)), or necessary for fulfilling a contract (Article 6(1)(b)).

8. Blockchain Public Information

The data we collect comes from publicly visible and/or accessible activities on the blockchain. This may include blockchain addresses and information about token holdings, purchases, sales or transfers, which may be associated with other information you provide to us under the premise of complying with laws and regulations and where necessary for fulfilling compliance or risk management obligations. We may use this information for compliance checks, risk assessments and service optimization, but will ensure compliance with privacy regulations.

9. Children's Personal Information

Our Services are not directed at, nor intended to collect or actively solicit personal information from children under 18 years old. If an individual is under 18 years old (or the age of majority under local laws), they should not use this Service or provide personal information to us in any way. If children under 18 have provided personal information to us, we recommend that their parents or guardians contact us to request that we delete the relevant data from the system. If we discover that the collected personal information is indeed provided by children under 18, we will delete it immediately. We do not intentionally collect children's information and will take measures to prevent such occurrences.

10. Third-Party Websites and Services

Our Services may contain links to third-party websites, plugins and applications. Unless we publish, link or explicitly adopt/reference this Privacy Statement, this Statement does not apply to the personal information processing methods of third-party websites and online services, and Infini assumes no responsibility for any consequences caused by the independent actions of any third parties or their privacy policies. Nor does it assume related responsibilities. To understand the personal information processing methods of third parties, please review their respective privacy statements. We recommend that you review their applicable privacy policies before accessing any third-party websites or services.

11. Third-Party Wallet Extensions

Certain transactions conducted through this Service require you to associate your wallet with this Service. Using such third-party wallets for transactions means that you agree that your interactions with the third-party wallet are governed by its privacy policy. For any consequences arising from the use of third-party wallets, including but not limited to the use or disclosure of personal information by third-party wallets, the relevant responsibilities shall be borne by the third-party wallet service provider in accordance with applicable laws.

12. Cross-Border Transfer of Personal Information

For one or more of the above purposes, we may transfer your personal information to specific third-party service providers outside your jurisdiction. These service providers include agents, contractors or partners that provide us with technical support, data storage, data analysis, payment processing, customer support and related operational services, which may be located in different countries or regions. Where there are related affiliated entities and there is a business need, we may also share your personal information within the Infini company group to provide you with the requested products or services, or for internal management and operational purposes directly related to the purposes at the time of collection. Data sharing within the group will be limited to what is necessary and bound by appropriate privacy and data protection measures.

When your personal information is transferred to other countries or regions, we will take appropriate safeguards in accordance with applicable data protection laws to ensure that your personal information is adequately protected. These measures may include signing applicable standard contractual clauses with relevant recipients, or adopting other recognized cross-border data transfer mechanisms. Where required by applicable laws, we may also conduct relevant data transfers based on your explicit consent. We will require all third parties processing personal information on our behalf to take reasonable and appropriate technical and organizational measures to prevent personal information from unauthorized or illegal access, disclosure, alteration, loss or destruction, and ensure that personal information is retained only for the period necessary to achieve the relevant purposes.

We may rely on your consent for data transfers, or adopt contracts and/or other means to ensure that agents, contractors or other third-party data processors processing personal information on our behalf will take all reasonable steps (i) to protect the personal information they hold from unauthorized or accidental access, processing, deletion, loss or use; and (ii) to ensure that personal information is not retained longer than necessary. For one or more of the above purposes, we may transfer your personal information to any agents, contractors or other third-party service providers outside your jurisdiction, these third-party service providers in different countries or regions provide us with administration, telecommunications, computer, payment, debt collection, data processing, data storage, data analysis or other services, as well as other third parties notified at the time of collection.

13. Protection of Personal Information

All personal information you provide to us will be securely stored, and all personal information will be protected through reasonable technical and administrative measures, with access limited to authorized personnel only within the necessary scope. We may use encryption or other industry-standard security measures to protect the security of data during transmission and storage, to protect your data in a secure encrypted format, ensuring its privacy and security, preventing unauthorized access or disclosure, accidental loss, alteration or destruction. In addition, we may prevent any risks to personal information transferred to data processors through obtaining your consent or adopting contractual agreements, etc.: (i) retention beyond the time required for data processing; (ii) unauthorized or accidental access, processing, deletion, loss and use, if we choose to cooperate with data processors.

We will comprehensively apply globally accepted data security standards and relevant data protection laws and regulations in the user's location, in accordance with the specific circumstances of users in different countries and regions, to fulfill corresponding data compliance obligations in accordance with the law and take necessary data security safeguards. For data processors located in the EU or UK (if any), we need to impose mandatory contractual obligations on them in accordance with the requirements of the EU General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (GDPR).

Although we will make every effort to protect your personal information, we cannot guarantee that data transmitted to this website is completely secure. Once we receive your personal information, we will use strict procedures and security features to prevent unauthorized access, including multi-factor authentication, intrusion detection systems and regular security audits.

If you suspect that your personal information has been misused, lost or accessed without authorization, please inform us immediately, see the "Contact Us" section below for details. We will investigate and take appropriate action.

14. Retention of Personal Information

Unless applicable laws, regulations and ordinances require or permit longer retention periods, we will not retain your personal information longer than necessary to achieve the purposes for which it was collected. The specific retention period will depend on the data type, our legitimate business needs and other legal requirements that may require us to retain data for a minimum period.

We may need to retain certain data for tax filings or to respond to tax inquiries. In other cases, there may be other legal or risk management requirements to retain data, including certain data that may be related to any potential litigation (considering relevant statutes of limitations).

When determining appropriate retention periods for different types of personal information, we will always consider the following factors: the amount, nature and sensitivity of the personal information involved; the potential risks of unauthorized use or disclosure of the personal information; the purposes for which we need to process the data; and whether these purposes can be achieved through other means (of course, in addition to ensuring that we comply with the above legal and risk management obligations).

Once we determine that we no longer need to retain your personal information, we will delete it from our systems or anonymize it.

We will take commercially reasonable measures to ensure the accuracy of your personal information. If we become aware that your personal information is inaccurate, we will not use such data and will notify any third parties that such personal information has been removed.

15. Your Rights

Under applicable data privacy laws, you have the right to request access to your personal information, obtain a copy of your personal information, correct any inaccurate personal information, and delete or stop collecting, processing or using any personal information. You may also request that we inform you of the types of personal information we hold. To access and correct personal information, or to learn about our policies, practices and types of data held, please contact us in writing by mail or email to the details listed in the "Contact Us" section below. We have the right to charge reasonable fees for processing any data access requests in accordance with applicable legal provisions.

In addition, data protection laws applicable in some jurisdictions (such as GDPR and other international regulations) provide multiple protection measures and clearly grant individuals relevant rights in data privacy. Therefore, even if you have provided relevant data to us, you still have multiple rights to such data in accordance with the law.

In addition, the EU and UK GDPR provide multiple protection measures and clarify the rights of EU or UK citizens and individuals in data privacy. This means that when the law applies, even if you have provided data to us, you still retain multiple rights to these data.

Please submit requests through contact@infini.money. We will respond within legal time limits and may charge reasonable fees. If refused, we will explain the reasons. You may complain to regulatory authorities.

16. Notice for California Residents

In addition to the information and rights described in this Privacy Policy, California residents have additional rights and may obtain specific information regarding personal information under the California Consumer Privacy Act (hereinafter or referred to as "CCPA"). If you are a California resident (i.e., a "consumer" as defined by CCPA), the relevant provisions of this Privacy Policy apply to you; if you are not a consumer, this section does not apply to you, please do not rely on its content.

17. Supplemental Disclosures for European Personal Information Involving GDPR

If you are located in a region where GDPR applies or in related circumstances, the European Economic Area ("EEA"), the United Kingdom or Switzerland, you have certain legal rights and protections regarding the processing of personal information, and this section applies to you. Infini's Services are not targeted at individuals in the European Economic Area (EEA), the United Kingdom or Switzerland, nor are they actively directed at the above regions for promotional or business operations. Therefore, unless otherwise provided by applicable laws, Infini has not established a data protection representative in the above jurisdictions in the sense of GDPR.

18. Updates to This Privacy Policy

We will update this Privacy Policy from time to time. When modifications are made to this Privacy Policy, we will indicate the update date at the beginning of the Privacy Policy. If major revisions are made to this Privacy Policy, we will send notifications through your registered email, post notices in prominent positions on the service pages or inform you through other appropriate communication channels. Unless otherwise stated, all changes take effect from the date of publication. We encourage you to periodically review this policy to understand the latest changes.

19. Contact Us

If you have any questions or requests regarding this Privacy Policy or other privacy-related matters, please send an email to contact@infini.money. We will respond to inquiries in a timely manner and process your requests within a reasonable time. If necessary, we may request additional information to verify your identity.