Privacy Policy

This Privacy Policy describes how the Platform collects, uses, stores, and shares personal information of Users. By creating an account or using the Platform, the User authorizes the processing of personal data as described in this document.

This Policy operates in conjunction with the Platform's Terms of Service. Capitalized terms not defined here carry the meaning assigned in the Terms of Service.

Account information: email address, display name, preferred interface language, optional avatar.

Authentication identifiers: depending on the chosen authentication method — email and password hash, Telegram identifier, or Google identifier. Authentication identifiers from third-party providers are stored in hashed form.

Operational data: records of deposits, withdrawals, distributions, referral relationships, account balance changes, and other actions performed within the Platform.

Technical data: IP addresses, device identifiers, browser type and version, session timestamps, and event logs related to security and operational integrity.

Verification data: when required for compliance purposes, identity documents and supporting materials submitted by the User during identity verification procedures.

The Platform does not intentionally collect special categories of personal data as defined under applicable data protection law.

Processing of personal data is performed on the following legal grounds:

— Performance of a contract — processing necessary to provide the services described in the Terms of Service. — Legal obligation — processing required to comply with anti-money-laundering, counter-terrorist-financing, tax, and other regulatory requirements. — Legitimate interest — processing required for security, fraud prevention, dispute resolution, and operational integrity of the Platform. — Consent — processing of optional data, including non-essential analytics, performed only where the User has provided explicit consent.

Personal data is processed for the following purposes:

— Operation of the Platform and provision of services to the User — Crediting of distributions and processing of withdrawal requests — Identity verification and compliance with regulatory requirements — Detection and prevention of fraud, abuse, and unauthorized activity — Communication regarding account activity, security events, and material updates — Calculation and distribution of referral compensation — Resolution of disputes and enforcement of the Terms of Service

Personal data is not sold, rented, or transferred to third parties for marketing purposes.

Personal data may be shared with the following categories of recipients:

Payment processors — for the processing of fiat-to-crypto conversion and related payment operations.

Identity verification providers — for compliance with regulatory requirements when verification procedures are initiated.

Infrastructure providers — for hosting, data storage, and operational continuity of the Platform.

Regulatory and law enforcement authorities — when disclosure is required by applicable law, court order, or formal regulatory request.

Professional advisors — including legal, audit, and compliance specialists, bound by confidentiality obligations.

All third-party recipients are bound by contractual obligations regarding the protection and confidentiality of personal data.

The Platform operates across multiple jurisdictions, and personal data may be processed outside the User's country of residence, including outside the European Economic Area.

Where personal data of Users located in the European Economic Area is transferred to jurisdictions not recognized as providing an adequate level of protection, the Platform implements appropriate safeguards, including Standard Contractual Clauses adopted by the European Commission.

Personal data is retained for the periods strictly necessary for the purposes described in this Policy:

Account data — for the duration of the active account, and for 30 calendar days following final settlement after account closure, in accordance with the Terms of Service.

Transaction records — for periods required by applicable financial and regulatory legislation, typically between five and ten years depending on the jurisdiction.

Security and audit logs — for up to five years, as required for fraud prevention, dispute resolution, and regulatory inquiries.

Verification documents — for the period required by applicable anti-money-laundering legislation.

Upon expiry of the applicable retention period, personal data is permanently deleted or anonymized in a manner that prevents reidentification.

The Platform uses essential cookies necessary for authentication, session management, and operational security. These cookies cannot be disabled without affecting the functionality of the Platform.

Optional analytics cookies are used to measure aggregate usage patterns and improve the service. Analytics processing is performed by privacy-focused providers that do not employ cross-site tracking. Optional cookies are activated only after explicit User consent and may be disabled at any time through the cookie settings interface.

The Platform employs automated systems for the detection of fraudulent activity, the verification of transaction patterns, and the calculation of distributions. These systems do not produce decisions that result in legal or similarly significant effects on the User without human review.

When automated assessment results in restrictions on account activity, the User has the right to request human review of the decision.

Subject to applicable law, the User holds the following rights regarding personal data:

— Right of access — to obtain confirmation of the processing of personal data and a copy of the data being processed — Right of rectification — to request correction of inaccurate or incomplete personal data — Right of erasure — to request deletion of personal data, subject to retention obligations — Right of restriction — to request limitation of processing under specified circumstances — Right of data portability — to receive personal data in a structured, machine-readable format — Right to object — to object to processing based on legitimate interest — Right to withdraw consent — to revoke previously granted consent without affecting the lawfulness of prior processing

Requests for the exercise of these rights may be submitted to the contact address in Section 14. Responses are provided within 30 calendar days of a verified request.

The User also retains the right to lodge a complaint with the relevant data protection supervisory authority.

The Platform implements technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, monitoring of operational systems, and regular security review procedures.

While the Platform applies industry-standard practices, no system can guarantee absolute security. The User is responsible for maintaining the confidentiality of authentication credentials and for promptly reporting any suspected unauthorized access to the Account.

In the event of a personal data breach likely to result in a risk to the rights and freedoms of Users, the Platform notifies the relevant supervisory authority without undue delay and, where required by applicable law, no later than 72 hours after becoming aware of the breach.

Where a breach is likely to result in a high risk, affected Users are notified directly through the registered communication channels.

This Policy may be updated to reflect changes in service functionality, regulatory requirements, or operational practices. Material changes are communicated through email and in-application notification not less than 30 calendar days before the effective date.

Continued use of the Platform after the effective date of an updated Policy constitutes acceptance of the revised version.

Inquiries regarding this Policy, requests related to personal data, and data protection concerns may be directed to:

privacy@poly4you.app

For general support inquiries unrelated to data protection: support@poly4you.app.

Poly4You · Privacy Policy · Version 1.0 · Effective 5 May 2026