PayProtocol Privacy Policy

Last Updated: April 30, 2025

PayProtocol AG (hereinafter "PayProtocol", "we", "us", or "company") prioritizes the protection of personal information and complies with the Swiss Federal Data Protection Act (FADP) and other relevant laws. This Privacy Policy explains how we collect and use personal information of our website visitors and service users (hereinafter "users", "you").

Terms not specifically defined in this policy have the same meaning as in the Terms of Service posted on our website.

1. Application of this Policy

This Privacy Policy applies to the PayProtocol website and related services. If you do not agree with this policy, please do not use our website or services.

We protect your personal information through appropriate technical and organizational security measures. However, this policy does not apply to anonymized data (data that cannot identify individuals).

Our services may connect to third-party service providers (e.g., centralized or decentralized exchanges, payment service providers). In such cases, third-party service providers may collect and use your personal information, and their processing methods are not subject to this policy. You should review the privacy policies of third-party service providers before deciding whether to provide personal information.

PayProtocol is the data controller that processes your personal information in accordance with this Privacy Policy.

We may use servers located inside or outside the EU and Switzerland, or outsource personal information processing to third-party service providers to provide services. In such cases, we manage personal information through strict protective measures, and these service providers must securely process personal information according to our instructions.

2. Personal Information We Collect

We may collect the following personal information:

(1) Information Collected When Creating an Account and Using Services

• Contact Information: Name, address, email address, phone number, country information
• Account Information: User ID, encrypted authentication information

(2) Information Collected When Using Wallet Services

• Wallet Information: Digital asset wallet address, counterparty wallet address, transaction history, transaction data, and fee information
• Transaction Information: Transaction type, transaction amount, transaction time

(3) Information Automatically Collected When Visiting Website and Using Services

• Device Information: IP address, operating system, browser type, etc.
• Log Information: Internet service provider, date/time stamps, clickstream data, user preferences, crash logs, etc.

In addition to information collected directly from you, we may collect personal information from public databases to comply with legal requirements and combine it with existing information to fulfill our legal obligations.

3. Purpose of Using Personal Information

We use personal information for the following purposes:

• Service Provision: Account management, transaction processing, and customer support
• Security and Safety Management: Detection and prevention of illegal activities, blocking spam and malware
• Legal Compliance: Compliance with legal requirements in Switzerland and other jurisdictions
• Customer Support and Marketing: Service updates, promotional offers

You can opt out of marketing communications by contacting support@payprotocol.io.

4. Sharing and Disclosure of Personal Information

We do not share your personal information with third parties without your consent, except in the following exceptional cases:

• For Service Provision Purposes: Retained during the service usage period and may be maintained for a certain period after termination.
• For Legal Compliance Purposes: May be retained for up to 10 years in accordance with Swiss law.

When a request for personal information deletion is received, it will be processed within 30 days unless there are legal requirements or legitimate business purposes. However, some information may be retained for up to 10 years to comply with legal obligations.

In the event of a personal data breach, we will immediately notify users in accordance with relevant laws and regulations and take appropriate protective measures.

5. Storage and Protection of Personal Information

We protect personal information using industry-standard security measures and require appropriate protective measures from third-party service providers when necessary. The retention period of personal information may vary depending on legal requirements and service provision purposes.

• For Service Provision Purposes: Retained during the service usage period and may be maintained for a certain period after termination.
• For Legal Compliance Purposes: May be retained for up to 10 years in accordance with Swiss law.

6. Your Rights

You have the following rights:

• Request access to and correction of personal information
• Request deletion of personal information
• Request restriction of processing
• Request personal information portability

Requests can be submitted to support@payprotocol.io, and identity verification procedures may be required.

We may perform automated decision-making or profiling in some service processes, such as Know Your Customer (KYC). You have the right to request an explanation or manual processing, and you can contact support@payprotocol.io or dpo@payprotocol.io to make such requests.

7. Cookie Policy

Currently, our website does not use cookies, and we will provide separate notice if the cookie policy changes.

8. Changes to the Privacy Policy

This policy may change, and changes will be posted on the website. If you continue to use the service after changes, it is considered that you have agreed to the new policy.

9. Compliance with GDPR and Swiss Federal Data Protection Act

PayProtocol complies with the GDPR and the Swiss Federal Data Protection Act (FADP), and EU and Swiss residents have rights related to personal information protection. You can exercise the following rights:

• Request access to, correction, and deletion of your personal information
• Request restriction or objection to specific personal information processing
• Exercise the right to data portability
• Object to automated decision-making and profiling

Requests can be submitted to support@payprotocol.io, and we will process them in accordance with relevant laws.

10. Compliance with Other Country-Specific Regulations

PayProtocol complies with data protection laws in Switzerland and other jurisdictions. California residents in the United States can request access to, deletion of, and restriction of processing of personal information in accordance with the California Consumer Privacy Act (CCPA).

Additionally, additional personal information protection measures may apply to comply with legal requirements in specific countries, and information about these will be posted in accordance with the laws of those countries.

11. Data Protection Officer (DPO) Contact Information