At Brale, we take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data. By using or accessing our IO Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and share your information as described in this Privacy Policy.

Remember that your use of Brale's IO Services is at all times subject to our Brale.IO Terms of Service, which incorporates this Privacy Policy.

Definitions

Certain terms used in this document are defined in the IO User Agreement, available at https://brale.io/legal/io-user-agreement, which is incorporated by reference. For your convenience, key terms include:

"Authentication" means the process by which Brale verifies your identity to grant you access to the Services. Authentication does not create an account.

"IO Services" means a self-directed input and output workflow that enables digital asset transactions where users maintain full control and custody of their digital assets at all times.

"Self-Custodial" means a method of managing digital assets where you, not Brale, maintain exclusive control and possession of your private keys and digital assets at all times.

For all other capitalized terms used in this document, please refer to the Definitions section of the IO User Agreement.

What This Privacy Policy Covers

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. "Personal Data" means any information that identifies or relates to a particular individual and also includes information referred to as "personally identifiable information" or "personal information" under applicable data privacy laws, rules, or regulations. This Privacy Policy does not cover the practices of companies we don't own or control or people we don't manage.

Identity Verification and Regulatory Compliance

Authentication via email enables persistent access to IO Services. This does not constitute the creation of a Brale-managed user account or the custody of a wallet or balance. Even though you maintain full control and custody of your digital assets at all times, we must still facilitate identity verification to meet legal obligations. To accomplish this, we share certain Personal Data with trusted third-party identity verification service providers. These services help us confirm your identity, assess risk, and meet our legal obligations. The information shared for these purposes may include your name, address, date of birth, government-issued identification documents, and other information necessary to verify your identity. Our identity verification partners are contractually obligated to use this information solely for verification purposes and in compliance with applicable laws.

Personal Data

Categories of Personal Data We Collect

We collect the following categories of Personal Data:

Profile or Contact Data

• Email address

Device/IP Data

• Domain server

• Type of device/operating system/browser used to access the Services

Web Analytics

• Web page interactions

• Referring webpage/source through which you accessed the Services

• Non-identifiable request IDs

• Statistics associated with the interaction between device or browser and the Services

Other Identifying Information that You Voluntarily Choose to Provide

• Identifying information in emails or letters you send us

Categories of Sources of Personal Data

We collect Personal Data about you from the following categories of sources:

You

• When you provide such information directly to us.

  • When you use our interactive tools and Services.

  • When you voluntarily provide information in free-form text boxes through the Services or through responses to surveys or questionnaires.

  • When you send us an email or otherwise contact us.

• When you use the Services and such information is collected automatically.

  • Through Cookies (defined in the "Tracking Tools and Opt-Out" section below).

  • If you use a location-enabled browser, we may receive information about your location.

Public Records

• From the government or other sources.

Our Commercial or Business Purposes for Collecting Personal Data

Providing, Customizing and Improving the Services

• Processing transactions or other instructions.

• Providing you with the products, services, or information you request.

• Meeting or fulfilling the reason you provided the information to us.

• Providing support and assistance for the Services.

• Improving the Services, including testing, research, internal analytics, and product development.

• Personalizing the Services, website content, and communications based on your preferences.

• Doing fraud protection, security, and debugging.

• Verifying your identity to comply with regulatory requirements, including Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.

• Carrying out other business purposes stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws, such as the California Consumer Privacy Act (the "CCPA").

Marketing the Services

• Marketing and promoting the Services.

Corresponding with You

• Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about Brale or the Services.

• Sending emails and other communications according to your preferences or that display content that we think will interest you.

Meeting Legal Requirements and Enforcing Legal Terms

• Fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting, and investigating security incidents and potentially illegal or prohibited activities.

• Protecting the rights, property, or safety of you, Brale, or another party.

• Enforcing any agreements with you.

• Responding to claims that any posting or other content violates third-party rights.

• Resolving disputes.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice.

How We Share Your Personal Data

We disclose your Personal Data to the categories of service providers and other parties listed in this section. Depending on state laws that may be applicable to you, some of these disclosures may constitute a "sale" of your Personal Data. For more information, please refer to the state-specific sections below.

Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Service Providers These parties help us provide the Services or perform business functions on our behalf. They include:

• Hosting, technology, and communication providers

• Identity verification and KYC (Know Your Customer) service providers

• Analytics providers such as Google Analytics

• Fraud detection and prevention service providers

Business Partners These parties partner with us in offering various services. They include:

• Businesses that you have a relationship with.

• Banks or regulatory bodies that require us to provide the Personal Data of authorized users in order to do business with them.

Legal Obligations We may share any Personal Data that we collect with third parties in conjunction with any of the activities set forth under "Meeting Legal Requirements and Enforcing Legal Terms" in the "Our Commercial or Business Purposes for Collecting Personal Data" section above.

Business Transfers All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.

Data that is Not Personal Data We may create aggregated, de-identified, or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified, or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build, and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you.

Tracking Tools & Opt-out

The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, "Cookies") to enable our servers to recognize your web browser, tell us how and when you visit and use our Services, analyze trends, learn about our user base, and operate and improve our Services. Cookies are small pieces of data – usually text files – placed on your computer, tablet, phone, or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that because of our use of Cookies, the Services do not support "Do Not Track" requests sent from a browser at this time.

We use the following types of Cookies:

Essential Cookies Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to access secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.

Analytics Cookies We use third-party analytics providers, including Google Analytics, to collect information about your use of the Services and enable us to improve how the Services work. The information allows us to see the overall patterns of usage on the Services, helps us record any difficulties you have with the Services, shows us whether our advertising is effective or not, and allows us to use responses to advertisements to optimize ad performance. Google Analytics uses cookies to collect information and report website usage statistics without personally identifying individual visitors to Google. For more information on Google Analytics, please visit www.google.com/policies/privacy/partners/.

Identity Verification Cookies We use cookies to help verify your identity when you access our Services. These cookies help ensure that your identity verification details remain associated with your session while you complete the verification process.

You can decide whether or not to accept Cookies through your internet browser's settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website, and some of the Services and functionalities may not work.

To explore what Cookie settings are available to you, look in the "preferences" or "options" section of your browser's menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/.

Data Security And Retention

We seek to protect your Personal Data from unauthorized access, use, and disclosure using appropriate physical, technical, organizational, and administrative security measures based on the type of Personal Data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your authentication credentials; limiting access to your computer or device and browser; and signing off after you have finished accessing the Services. Although we work to protect the security of the information we maintain, please be aware that no method of transmitting data over the internet or storing data is completely secure.

We retain Personal Data about you for as long as necessary to provide you with our Services. In some cases, we retain Personal Data for longer if doing so is necessary to comply with our legal obligations, resolve disputes, or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

Personal Data of Children

We do not knowingly collect or solicit Personal Data about children under 18 years of age; if you are a child under the age of 18, please do not attempt to use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 18 years of age, we will delete that information as quickly as possible. If you believe that a child under 18 years of age may have provided Personal Data to us, please contact us at support@brale.io.

State Law Privacy Rights

California Resident Rights

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties' direct marketing purposes; in order to submit such a request, please contact us at support@brale.io.

Nevada Resident Rights

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting us at support@brale.io with the subject line "Nevada Do Not Sell Request" and providing us with your name and the email address associated with your use of the Services. We do not sell Personal Data.

Changes To This Privacy Policy

We're constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time, but we will alert you to any such changes by placing a notice on the Brale.io website, by sending you an email, and/or by some other means. Please note that if you've opted not to receive legal notice emails from us (or you haven't provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.

Contact Information

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data, or your choices and rights regarding such collection and use, please do not hesitate to contact us at:

support@brale.io