This Privacy Policy (“Policy”) describes how FOUNDATION NETWORK and its affiliates (Foundation,” “we,” “us” or “our”) may collect, use and disclose information, and your choices regarding this information.

Please read this Policy carefully and contact us with questions at info@foundation.network.

Applicability of This Policy

This Policy applies to the Sites and the Services (in each case, as defined in the Terms of Use). If you do not agree with the terms of this Policy, do not access or use the Services, the Sites, or any other aspect of our business.

What We Collect

When you interact with our Services, we may collect:

• Contact Information, including your name, email address, physical address and country information.

• Financial Information, including your Ethereum network address, any other cryptocurrency address that Foundation deems it requires, cryptocurrency wallet information, transaction history, trading data, and associated fees paid.

• Transaction Information, including information about the transactions you make on our Services, such as the type of transaction, transaction amount, and timestamp.

• Correspondence, including your feedback, questionnaire, and other survey responses, and information you provide to our support teams, including via our help chat or social media messaging channels.

• Online Identifiers, including your username, Twitter ID, Discord ID, geo-location or tracking details, browser fingerprint, operating system, browser name and version, and IP addresses.

• Usage and Diagnostics Data, including conversion events, user preferences, crash logs, device information, and other data collected via cookies and similar technologies.

• Information We Get from Others. We may get information about you from other sources as required or permitted by applicable law, including public databases. We may combine the information collected from these sources with the information we get from this Site in order to comply with our legal obligations and limit the use of our Services in connection with fraudulent or other illicit activities.

• Information from cookies and other tracking technologies. We, and third parties we authorize, may use cookies, web beacons, and similar technologies to record your preferences, track the use of our Sites, including our mobile applications, and collect information about the use of the Services, as well as about our interactions with you. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, device information, date or time stamp, and clickstream data, and information about your interactions with the communications we send to you. We may combine this automatically collected log information with other information we collect about you. You may choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. If you do so, do note that some parts of our Services may not function properly.

How We Use Information

We use your information in accordance with your instructions, including any applicable terms in the Terms of Use, and as required by applicable law. We may also use the information we collect for:

• Providing Services and Features. We may use the information we collect to provide, personalize, maintain, and improve our products and Services, including as we described in the Terms of Use. This includes using the information to:

1. operate, maintain, customize, measure, and improve our Services, and manage our business;

2. create and update user accounts;

3. process transactions;

4. send information, including confirmations, notices, updates, security alerts, and support and administrative messages; and

5. to create de-identified or aggregated data.

• Safety and Security. We may use your information to help maintain the safety, security, and integrity of you and our Services, including to:

1. protect, investigate, and deter against fraudulent, unauthorized, or illegal activity;

2. monitor and verify identity or service access, combat spam, malware or security risks;

3. perform internal operations necessary to provide our Services, including to troubleshoot issues such as software bugs and operational problems;

4. enforce our agreements with third parties, and address violations of our Terms of Use or agreements for other products or services; and

5. comply with applicable security laws and regulations.

• Customer Support. We may use information we collect to provide customer support, including to:

1. direct questions to the appropriate customer support personnel;

2. investigate and address user concerns; and

3. monitor and improve our customer support responses and processes.

• Research and Development. We may use the information we collect for testing, research, analysis, and product development to improve your experience. This helps us to improve and enhance the safety and security of our Services, improve our ability to prevent the use of our Services for illegal or improper purposes and develop new features and products relating to our Services.

• Legal and Regulatory Compliance. We may verify your identity by comparing the personal information you provide against third-party databases and public records. We may use the information we collect to investigate or address claims or disputes relating to use of our Services, or as otherwise allowed by applicable law, or as requested by regulators, government entities, trade repositories, clearing houses and/or official inquiries.

• Direct Marketing. We may use the information we collect to market our Services to you. This may include sending you communications about our Services, features, promotions, surveys, news, updates, and events, and managing your participation in these promotions and events. If you do not want us to send you marketing communications, you have the option of opting out by selecting “unsubscribe” to any marketing email sent by us or by contacting us at info@foundation.network.

Sharing and Disclosing of Information

We may share your information in the following circumstances:

• With Your Consent. For example, you may let us share personal information with others for their own marketing uses. Those uses will be subject to their privacy policies.

• To Comply with Our Legal Obligations. We may share your information: (a) to cooperate with government investigations; (b) when we are compelled to do so by a subpoena, court order, or similar legal procedure; (c) when we believe in good faith that the disclosure of personal information is necessary to prevent harm to another person; (d) to report suspected illegal activity; or (e) to investigate violations of our Terms of Use, agreements for other products or services, or any other applicable policies.

• With Service Providers or Other Third Parties. We may share your information with service providers or other third parties who help facilitate business and compliance operations, such as marketing and technology services.

• During a Change to Our Business. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all of your information may be shared or transferred, subject to standard confidentiality arrangements.

• Aggregated or De-identified Data. We may share aggregated or anonymized data with other persons for their own uses.

Data Retention

To view or update your information, contact us at info@foundation.network. We store your information throughout the life of your use of the Services and thereafter.

Security

We maintain administrative, technical and physical safeguards designed to protect the personal information we maintain against unauthorized access or disclosure and require our third-party service providers to have appropriate safeguards. No system can be completely secure. Therefore, although we take steps to secure your information, we cannot guarantee that your information, searches, or other communication will always remain secure. You are responsible for all activity on the Foundation protocol relating to any of your Ethereum network addresses or cryptocurrency wallets.

Age Limitations

To the extent prohibited by applicable law, we do not allow use of our Services or Sites by anyone younger than 18 years old. If you learn that anyone younger than 18 years old has unlawfully provided us with personal data, please contact us at info@Foundation.network and we will take necessary steps, including deleting such information, closing any such accounts, and, to the extent possible, preventing the user from continuing to use our Services.

Third-Party Matters

Any TradingView charts and cryptocurrency news displayed on the Site are governed by this Policy and, for the avoidance of doubt, are not governed by that third party’s privacy policy. Foundation may, if it deems necessary, include additional third-party information displayed on the Site to be governed by this Policy.

Amendments to This Policy

Foundation has the complete discretion to amend this Policy when it sees fit. The most updated version of this Policy will be made available on the Platform for you to view. We encourage you to review this Policy to stay informed. If we make material changes, we will provide additional notice, such as via the email specified in your account or through the Services or Sites.

DATA PROTECTION NOTICE IN ACCORDANCE WITH THE PERSONAL DATA PROTECTION ACT (“PDPA NOTICE”)

In accordance with the Personal Data Protection Act 2012 of Singapore (“PDPA”), we are providing this PDPA Notice to set out the basis which we may collect, use, disclose, retain or otherwise process personal data of our customers. This PDPA Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

Collection, Use and Disclosure of Personal Data

We may collect, process, disclose, use and retain your personal data in accordance with applicable privacy laws and regulations, and/or as described in this PDPA Notice. By accessing and using the Sites and/or the Services, and providing your personal data to us through the Sites and/or through your access and/or use of the Services, you acknowledge and agree that you have read, understand and agree to the terms of this PDPA Notice and the collection, use, disclosure and/or processing of your personal data by us as described in this PDPA Notice. If you do not agree to be bound by this PDPA Notice, you should not access or use the Sites and/or the Services, or provide any Personal Data to us through the Sites and/or the Services.

Subject to our Policy, we may collect and use your personal data for any or all of the following purposes:

a) performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;

b) verifying your identity;

c) responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;

d) managing your relationship with us;

e) processing payment or credit transactions;

f) sending your marketing information about our goods or services including notifying you of our marketing events, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions;

g) complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;

h) any other purposes for which you have provided the information;

i) transmitting to any unaffiliated third parties including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and

j) any other incidental business purposes related to or in connection with the above.

We may disclose your personal data: (a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you; or (b) to third-party service providers, agents and other organisations we have engaged to perform any of the functions listed above for us.

The purposes listed above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

Withdrawing Your Consent

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing or via email to our Data Protection Officer.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

Access to and Correction of Personal Data

If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.

We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

Protection of Personal Data

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

Accuracy of Personal Data

We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.

Retention of Personal Data

We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

Transfer of Personal Data Outside Singapore

We may transfer, store, process and/or deal with your personal data outside Singapore as we may share your personal data within Foundation and/or to other external third-party service providers, as the case may be, which will involve transferring your personal data outside Singapore or the origin of where your personal data is collected.

In any event, we will comply with PDPA and other applicable data protection and privacy laws and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

Third Party Websites and Social Media

The Sites and the Services may contain plug-ins or share buttons to social media sites, links to Foundation’s social media sites and/or to third-party websites not operated or controlled by Foundation. If you are connected to a social media site while accessing or using the Sites or the Services, your activity may also be made available to such social media sites. Please read the privacy policies of such social media sites for further information about the collection and transfer of personal data, and privacy settings.

You may change your browser settings to delete and block the use of cookies. Please note that if you choose to block, remove or reject cookies, some areas of the Sites and/or the Services may not function properly or be accessible. You may also be required to indicate your preferences on each visit to the Sites and/or the Services.

Data Protection Officer

You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner:

Email address: info@foundation.network

NOTICE TO EUROPEAN UNION RESIDENTS ("GDPR NOTICE")

In accordance with the General Data Protection Regulation (the “GDPR”), we are providing this GDPR Notice to European Union (“EU”) residents to explain how we collect, use and share their personal data (as defined in the GDPR), and the rights and choices we offer EU residents regarding our handling of their personal information.

We process personal data for the purposes described in the How We Use Information section of this Policy. As an EU resident, you have various rights in connection with the processing of your personal data as follows:

• You have the right to information about your personal data processed by us and to the following information: (a) the processing purposes; (b) the categories of personal data being processed; (c) the recipients or categories of recipients to whom the personal data have been or are being disclosed, in particular recipients in third countries or international organizations; (d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration; (e) the existence of a right to rectification or deletion of your personal data, to restricting the processing of your personal data or to objecting to such processing; (f) the existence of a right of appeal to a supervisory authority; (g) if the personal data is not collected from you, all available information about the origin of the data; (h) the existence of automated decision-making and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject; and (i) in the case of the transfer of personal data to a third country or an international organization, on the appropriate safeguards in relation to the transfer.

• You have the right to immediately request the rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, the completion of incomplete personal data, by means of providing a supplementary statement.

• You have the right to request the immediate erasure of personal data concerning you and we are obliged to delete this data immediately if one of the following reasons applies: (i) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) you revoke your consent on which the processing was based under Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing; (iii) you object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for processing or you object to the processing pursuant to Article 21(2) of the GDPR; (iv) your personal data has been processed unlawfully; (v) the deletion of your personal data is necessary to fulfill a legal obligation under EU law or the law of the member states to which we are subject; (vi) the personal data have been collected in relation to information society services provided in accordance with Article 8(1) of the GDPR. If we have made personal data public and are obliged to erase personal data in accordance with Article 17(1) of the GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform controllers who process the personal data you have requested the erasure by such controllers of any links to or copies or replications of, such personal data.

• The rights in the foregoing paragraph do not apply to the extent that processing is necessary (A) to exercise the right of freedom of expression and information; (B) to fulfill a legal obligation required for processing under EU law or the law of the member states to which we are subject; or (C) to assert, exercise or defend legal claims.

• You have the right to request us to restrict processing if one of the following conditions is met: (1) the accuracy of the personal data is contested by you, for a period of time that enables us to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose to delete the personal data and instead requests the restriction of the use of your personal data; (3) we no longer need your personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims; or (4) you have objected to the processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate interests of our company override your legitimate interests.

• You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller without hindrance, provided that the processing is based on a consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means. When exercising your right to data portability, you have the right to have your personal data transferred directly by us to another controller, to the extent that such transfer is technically feasible.

• You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on these provisions. We will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing that override your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

• You have the right to revoke your consent to the processing of your personal data at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation.

If you wish to assert your rights to information, correction, deletion or restriction of processing, object to data processing or revoke your consent to data processing, please send an email to info@foundation.network. If you consider that the processing of personal data concerning you infringes the GDPR, then you can lodge a complaint with a supervisory authority.

Additional Disclosure for Our Consumers and Customers ("Additional Disclosure")

This Additional Disclosure governs our collection, use and sharing of personal information that users provide to us to initiate or complete the process of trading on the Foundation protocol. To the extent there are conflicting provisions between this Additional Disclosure and other sections of this Policy, this Additional Disclosure will govern.

The types of personal information we collect and share can include:

• Contact details

• IP addresses

• Trading history

• Cryptocurrency balances and wallets

• Conversion events

Notwithstanding anything to the contrary in this Policy, when you are no longer our customer, we continue to share your information as described in this Additional Disclosure.

Protection of Personal Information

In order to protect your personal information from unauthorized access and use, we use security measures in compliance with the applicable law, including computer safeguards and secured files and databases.

Contact Us

Please contact us if you have any questions about this Policy. We will respond within a reasonable timeframe. You may contact us at info@foundation.network.