Privacy Notice

Last Updated: January 7, 2026

This Privacy Notice describes how dextoro and its affiliates (collectively, "dextoro," "we," "us," "our") collect, use, and share information in connection with our websites, applications, and related services (collectively, the "Services"). It also explains the rights and choices available to individuals regarding their information.

Please read this Privacy Notice carefully. If you do not agree, do not use the Services. By accessing or using the Services, you acknowledge and agree to this Privacy Notice.

We may update this Privacy Notice to reflect changes in law, regulation, industry standards, or the Services. If we make changes that materially affect your privacy rights, we will take appropriate steps to inform you.

The Services are not directed to individuals under 18, and we do not knowingly collect personal data from anyone under 18. If a parent or guardian believes a child has provided information to us, please contact us.

1) Controller and contact

"Personal Data" means information that relates to an identified or identifiable person. It does not include information that has been aggregated or de-identified so that a person can no longer reasonably be identified.

Controller: DexToro Trading Inc.

Contact email: privacy@dextoro.com

2) Information we collect

A. Wallet and blockchain information

• Wallet address and public blockchain identifiers.
• Public blockchain activity associated with your wallet address, including transaction hashes and token interactions.
• Activity you initiate through the Services that results in on-chain transactions.

We do not collect your wallet seed phrase or private keys.

B. Usage and device information

• IP address, approximate location derived from IP, browser type, operating system, device identifiers, language, and timezone.
• Logs and usage data such as pages viewed, features used, clicks, and error reports.

C. Communications

• Information you send to us, including support messages and any content you provide.

D. Compliance and risk information (only if required)

• If required by applicable law or risk controls, we may request additional information to comply with legal obligations such as sanctions, fraud prevention, or anti-money laundering requirements.

E. Information from third parties and public sources

• Public blockchain data and other publicly available information.
• Information from service providers that support security, fraud prevention, analytics, and customer support.

Mandatory vs optional data

Unless a field is marked optional, information we request may be required to provide the Services. If you do not provide required information, some features may not function or may be unavailable.

3) Cookies and similar technologies

We use cookies and similar technologies ("Cookies") for:

• Strictly necessary: required for the Services to function, including security and session integrity.
• Functionality: remember preferences, for example saving your one-time acknowledgement of an onboarding modal so it does not reappear.
• Performance and analytics: understand usage and improve reliability and user experience.
• Attribution: understand which sources drive traffic and usage, measured at a device or browser level.

Where required by law, we will request consent before placing non-essential cookies. Under EU cookie rules, strictly necessary cookies are generally exempt, and non-essential cookies typically require prior consent.

You can control Cookies through your browser settings. Disabling certain Cookies may cause parts of the Services to not work properly.

4) How we use information

We use information to:

• Provide, operate, and maintain the Services.
• Enable user-requested actions, including wallet connection flows and transaction experiences.
• Provide customer support and communicate with you.
• Monitor performance, fix bugs, and improve the Services.
• Detect, prevent, and investigate fraud, abuse, and security incidents.
• Comply with legal obligations, enforce our terms, and respond to lawful requests.

5) Legal bases for processing (EEA and UK)

Where the GDPR or UK GDPR applies, we process Personal Data when we have a lawful basis, including performance of a contract, legitimate interests, consent, and legal obligation.

6) How we share information

We may share information in the following ways.

A. Service providers

We share information with vendors that help us operate the Services. They are permitted to process information only as instructed by us and only for the purposes we authorize. Categories can include:

• Hosting, content delivery, and web security.
• Database, file storage, and backend infrastructure.
• Error monitoring, debugging, and performance monitoring.
• Wallet infrastructure and transaction orchestration tooling.
• Blockchain RPC and data infrastructure providers.
• Embedded third-party widgets used in the UI, for example charts.
• AI features you choose to use, for example generating images or content.
• Email delivery for transactional messages.
• Customer support tooling, if enabled.

B. Affiliates

We may share information within our corporate group for purposes consistent with this Privacy Notice.

C. Legal, compliance, and safety

We may disclose information to comply with law, respond to lawful requests, protect rights and safety, and investigate fraud or security incidents.

D. Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.

7) Blockchain transactions

Your use of digital assets may be recorded on a public blockchain. Public blockchains are intended to immutably record transactions and may be subject to forensic analysis that can enable re-identification when combined with other data. We do not control decentralized networks and generally cannot erase, modify, or alter data recorded on-chain.

8) International transfers

We may process and store information in countries other than where you live, including the United States. Where required, we use appropriate safeguards for cross-border transfers, such as transfer mechanisms recognized under applicable law. The UK ICO describes mechanisms used for restricted transfers under Article 46, including use of the UK IDTA or Addendum where applicable.

9) Retention

We retain information as long as necessary to fulfill the purposes described in this Privacy Notice, including to comply with legal, regulatory, accounting, or reporting requirements. Retention depends on the amount, nature, sensitivity, and purpose of the data, as well as legal requirements.

Because blockchain data is public and typically immutable, we may not be able to delete information recorded on-chain.

10) Security

We use reasonable administrative, technical, and physical safeguards designed to protect information. No method of transmission or storage is fully secure. You are responsible for safeguarding your devices and wallet credentials. We will never ask for your seed phrase.

11) Your rights and choices

A. EEA and UK rights

Where applicable, you may have rights to access, correct, delete, restrict processing, object, and request portability of your Personal Data, and to withdraw consent where processing is based on consent.

B. California rights (CCPA and CPRA)

If you are a California resident, you may have rights including the right to opt out of the sale or sharing of personal information, plus rights to correct and delete, subject to legal exceptions.

How to exercise your rights

Email us at privacy@dextoro.com with (i) enough information to identify you and (ii) the request you are making. We may request information to verify your identity. Verification information is used only for verification.

Complaints

If you believe we have not handled your information appropriately, contact us and we will investigate and respond within a reasonable time. You may also have the right to lodge a complaint with your local data protection authority.

12) Third-party links

The Services may contain links to third-party websites and services. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

13) Contact

For questions about this Privacy Notice or your information, contact us at privacy@dextoro.com.