Effective Date: 07/02/2025

Please read carefully the terms of the Privacy Policy below. By using the site https://www.xionix.io/, you confirm that you are aware of the purposes and methods of collecting and processing the personal data, and you consent to the processing of personal data by the persons specified in this Privacy Policy.

1. General Provisions

1.1. This Privacy Policy (“Policy”) outlines how Xlab Limited, company registration number 2166381, registered address Intershore Chambers, Road Town, Tortola, VG1110 British Virgin Islands (“we”, “our”, “us”) collects, uses, stores, and protects your personal data when you use our website and associated services (collectively referred to as the “Platform”). By accessing or using the Platform, you consent to the practices described in this Policy. If you do not agree, please discontinue using the Platform.

1.2. We reserve the right to change the Privacy Policy from time to time, so we ask you kindly to regularly check the current version of the Privacy Policy at https://xionix.io/privacy-policy to ensure that you are content with the latest changes.

1.3. We comply with all rules regarding the collection, processing and storage of personal data as set out in the Privacy Policy. If you do not agree with the Privacy Policy, please leave the Platform and do not use our services.

1.4. Note that you can withdraw your consent at any time. Such withdrawal of consent would not affect the lawfulness of data processing done prior to the withdrawal of consent. Where such withdrawal of consent would prevent us from providing services to you, we will endeavor to inform you.

1.5. We do not collect or process data relating to race, political positions, religious and other beliefs and membership of social and political organizations.

1.6. Our Platform, services and products are intended for use only by adults. If you are not one, please stop using the Platform, as we do not collect or process any information about persons under the age of 18.

2. Data Collection

2.1. We typically collect or obtain your personal data because you give it to us. In some cases, we may also collect personal data about you indirectly from third parties, including but not limited to:

- Cryptocurrency exchanges like Bybit to retrieve linked account details;
- Third-party analytics tools used for Platform monitoring.

2.2. To improve your experience when you use our platforms and to ensure that it is functioning effectively, we also use cookies (small text files stored in a user’s browser) which may collect personal data.

2.3. We only collect and process personal data that is necessary to provide you with our services and to comply with legal obligations imposed on us by applicable law. This includes the following personal data:

- Email address;
- IP address (temporarily stored in logs) and other technical data (detailed in Section 3);
- Cookies (detailed in Section 3);
- Phone number;
- Telegram ID;
- Exchange data (via cryptocurrency exchanges API integration), such as Account ID, balance details, transaction history, and other personal data provided under cryptocurrency exchanges API permissions;
- Transaction data, such as details about subscription payments made via cryptocurrency wallets, wallet addresses and timestamps for audit and accounting purpose;
- Login timestamps;
Session durations and interaction history on the Platform.

2.4. You are able to change your personal account data on the Platform by submitting updated information.

2.5. We may also collect and process data contained in your feedback, comments, and requests sent to us.

3. Cookies and Analytical Tools

3.1. A cookie is a small piece of data stored on your computer or mobile device. Cookies alone cannot be used to identify you.

3.2. We collect only the necessary cookies that are required for the proper functioning of the Platform. These cannot be disabled.

3.3. You can customize your browser settings to refuse or delete cookies. However, disabling cookies may affect the functionality of the Platform.

3.4. Cookies are collected only for the essential functionality of the Platform and are automatically deleted at the end of each browser session. We do not use persistent cookies that remain on your device beyond the session.

3.5. We also use analytics tools to monitor, improve, and maintain the performance, usability, and functionality of our Platform. These tools help us identify and resolve technical issues, enhance user experience, and better understand how our Platform is used.

3.6. The analytics tools we use include Sentry Analytics, Plausible Analytics, and Zap. Sentry Analytics is used for monitoring and fixing errors, ensuring platform stability, and diagnosing performance issues. It collects technical information such as device type, operating system, browser version, error logs, and anonymized identifiers, and does not process personal or sensitive information.

Plausible Analytics collects aggregated, anonymized usage statistics, such as visited pages, session durations, and geographical regions based on anonymized IP addresses. Plausible does not use cookies and does not collect personal data.

Zap is used to automate workflows and integrations between tools, processing operational data specific to user interactions within the Platform. Zap does not collect or store additional data beyond what is required for integration functionality.

3.7. These tools may process certain technical or aggregated information, but they do not share personal data with third parties unless required to comply with applicable legal obligations. As we use privacy-focused tools that do not rely on cookies or collect personal information, there is no need for an opt-out mechanism specific to these services.

4. Purposes of and Grounds for Data Processing

4.1. Data is collected and processed to ensure the correct operation of the Platform, to provide you with our services, to comply with applicable laws, to protect our rights and interests (as well as the rights and interests of users or third parties), to detect any malicious or fraudulent activity, and for the following purposes:

- to manage and improve our products and services;
- to manage and improve our Platform (including by drawing up statistics on the usage of our Platform via analytical tools);
- to manage and respond to any request that you submit through our platforms;
- to correspond with you in relation to services you use or information you provide via our platforms. This correspondence is usually with you or public or judicial authorities with the necessary authorization;
- to fulfil requests and communications from public or judicial authorities with the necessary authorization in accordance with the applicable law;
- contacting you to receive feedback on our products or services, and for other marketing or research purposes;
- meeting our corporate and social responsibilities.

4.2. The processing of personal data is limited to the achievement of specific and legitimate purposes. We do not allow the processing of data that is incompatible with these purposes.

4.3. We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us: info@xionix.io.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

4.4. We process your personal data on lawful grounds. The grounds on which we process personal data are:

- Data subject consent: We process your personal data on the basis of your voluntary, informed and explicit consent. Please note that we may process your personal data without your knowledge or consent, in compliance with the applicable rules, where this is required or permitted by law;
- Performance of contractual obligations: We process your personal data in order to fulfill contractual obligations to which you are a party or to take measures to enter into a contract at your initiative;
- Legal compliance: We process your personal data to comply with our legal obligations under applicable law; Protection of rights, vital interests and legitimate interests: We process your personal data to protect your vital rights and interests, as well as our rights and legitimate interests and to fulfill public purposes while respecting your rights and freedoms, such as preventing fraud and other abuse.

5. Data Transfer to Third Parties

5.1. We do not share your personal data with or transfer to any third parties. However, we may disclose your personal information in accordance with requests from public authorities if such requests comply with applicable law.

6. Data Retention

6.1. All personal data you provide to us may be stored on our secure cloud-based data storage as well as on our premises, off-site based locations and network-accessible storage which include external drives only for authorized users. By providing your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

6.2. We erase/delete personal data in the event of any of the following:

- the personal data is no longer necessary in relation to the purposes for which they were collected or processed;
- you withdraw your consent or object to the processing and there is no overriding lawful basis for the processing;
- the personal data was unlawfully collected or processed in the first place;
- or in compliance with lawful directives from government regulators.

6.3. We take appropriate organizational, legal and technical measures to securely store your personal data. Given that no method or method of storing information on the Internet is completely safe and secure, we do not fully guarantee the security of any information you transmit.

6.4. We will retain personal data until you request its disposal or for no longer than required for the purposes of processing personal data and/or compliance with any legal, regulatory, tax, accounting, reporting requirements or internal policy requirements. We endeavor to dispose of your personal data once we have concluded that we no longer require your personal data in connection with the purpose for which it was collected and if disposing of such personal data would not expose us to any actions, sanctions or claims.

6.5. The retention periods for different categories of data may vary based on operational or legal requirements. Generally, we delete or anonymize data if your account has been inactive for 6 months. API keys are securely stored in an encrypted format for up to 6 months following account inactivity and are then permanently deleted.

6.6. We do not control third party websites and accept no responsibility for their privacy statements. We disclaim responsibility for their content, privacy policies and terms of use, and make no representations regarding their completeness, content or accuracy – please be cautious when using them and check their privacy policies. We are not liable for the unauthorized collection, leakage, disclosure and misuse of your personal information resulting from your use of third-party websites linked to the Platform.

6.7. It is your responsibility to maintain the security of your personal account with all possible measures to prevent others from accessing it.

7. Your Rights

7.1. Rights of access: You have the right to request access to your personal data, including obtaining copies.

7.2. Right to information: You have the right to obtain without constraint or unreasonable delay confirmation as to whether we are storing or otherwise processing personal data relating to you, and where that is the case:

- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organizations;
- where possible, the period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.

7.3. Right to amend: You have the right to request that we amend any of your personal data if you believe that the personal data we process is incorrect, inaccurate or incomplete.

7.4. Right to dispose: You have the right to request the disposal of your personal data in whole or in part. For example, if you believe that the personal data is no longer necessary for the purposes for which it was collected or if you believe that its collection and processing is unlawful.

7.5. Right to withdraw consent: You have the right to withdraw your consent to the collection and processing of your personal data or to restrict such processing at any time.

7.6. Right to lodge a complaint/claim: You have the right to lodge a complaint or claim relating to the collection and processing of your personal data, which will be promptly dealt with by us.

7.7. Other rights as per applicable laws, including a right to object to automated decision making – you can ask us to review a decision made solely by automated processing if it negatively impacts you.

7.8. To exercise any of your rights, you may contact us via channels mentioned in the Article 8.5 of the Privacy Policy.

8. Final Provisions

8.1. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. Our marketing communications have opt-out links through which you can inform us to stop processing your data for such purposes. Ideally, we would endeavor to acquire your consent before we send such marketing communications in the first place. However, where for some reason we are unable to acquire your consent before sending marketing communications or where we inadvertently send marketing communications to you, we would provide you with the option to opt-out from receiving such marketing communications.

8.2. We respect your rights regarding any issues related to the collection and processing of personal data, ensuring that any requests you make are dealt with promptly and transparently.

8.3. We do not guarantee the error-free operation of the Platform in accordance with the Privacy Policy. We use reasonable efforts to comply with the Privacy Policy and shall not be liable for any incidental, direct or consequential damages arising from your use of the Platform.

8.4. In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your personal data, we shall within 72 hours of having knowledge of such breach report the details of the breach to the appropriate government agency. Where we ascertain that such breach is detrimental to your rights and freedoms in relation to your personal data, we shall within 7 days of knowledge of the occurrence of such breach take steps to inform you of the breach incident, the risk to your rights and freedoms resulting from such breach and any course of action to remedy said breach.

8.5. For any questions arising from the collection and processing of your personal data, you may contact us by email at info@xionix.io or write to our office at Intershore Chambers, Road Town, Tortola, VG1110 British Virgin Islands.