VollyBit Privacy Policy

For purposes of applicable data protection laws, VollyBit is the controller of your personal data processed in connection with the Services, unless stated otherwise. We may act as a processor for certain enterprise or compliance integrations as contractually agreed.

• Legal Name: VollyBit [Insert Entity Details]
• Registered Address: [Insert Address and Jurisdiction]
• Data Protection Officer (DPO): privacy@vollybit.com

We collect the following categories of information, depending on your use of the Services and your jurisdiction:

Where required, we will request your consent before collecting certain data.

• Directly from you when you create an account, complete KYC, transact, or contact support.
• Automatically collected via cookies, SDKs, and similar technologies.
• From third parties: payment providers, KYC/AML vendors, sanctions and PEP databases, analytics providers, chain analytics, and public blockchains.
• From publicly available sources where permitted by law.

We process personal data for the following purposes and under the corresponding legal bases (GDPR where applicable):

We use cookies, web beacons, pixels, local storage, and SDKs to:

• Maintain sessions, remember preferences, support security (strictly necessary)
• Measure usage, performance, and troubleshoot issues (analytics)
• Deliver and measure marketing where permitted (marketing)

You can manage cookie preferences in your account settings or browser settings. Where required by law, we will obtain consent prior to setting non-essential cookies.

We share personal data with the following categories of recipients, subject to appropriate safeguards and contractual obligations:

• Payment processors, banks, and financial partners
• KYC/AML vendors, sanctions screening providers, chain-analytics providers
• Cloud hosting, storage, customer support, analytics, and security vendors
• Professional advisors, auditors, insurers
• Regulators, law enforcement, courts, and government authorities where legally required
• Affiliates, in connection with corporate events (merger, acquisition, restructuring) subject to this Policy

We may transfer personal data to countries outside your jurisdiction. Where required, we use appropriate safeguards such as standard contractual clauses (SCCs), adequacy decisions, and technical/organizational measures to protect your information.

• Encryption in transit (TLS) and at rest for sensitive data
• Multi-factor authentication (2FA) and role-based access controls
• Network segmentation, firewalls, and continuous monitoring
• Vendor due diligence and contractual security obligations
• Security training, least-privilege principles, and code reviews
• Regular audits, vulnerability assessments, and incident response plans

No method of transmission or storage is 100% secure. We continuously improve our safeguards to mitigate risks.

We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal and regulatory obligations, resolve disputes, and enforce agreements. For example, financial transaction data and KYC records may be retained for 5–10 years or as mandated by applicable law.

You may request deletion of data that we are not legally obligated to retain, subject to technical feasibility and safety considerations.

Depending on your location, you may have the following rights:

• Access: request confirmation and a copy of your data
• Rectification: correct inaccurate or incomplete data
• Deletion: request deletion of certain data, subject to legal obligations
• Portability: obtain your data in a structured, commonly used format
• Restriction/Objection: restrict or object to certain processing, including marketing
• Consent Withdrawal: withdraw consent at any time where processing is based on consent
• Appeal/Complaint: lodge a complaint with a supervisory authority

CCPA/CPRA: You may also have the right to opt-out of “selling” or “sharing” personal information for cross-context behavioral advertising as defined by California law.

• Use in-product privacy tools: access, download, and manage your data and settings
• Contact the DPO: privacy@vollybit.com
• Identity verification may be required to process your request

We will respond within required timeframes and explain any limitations due to legal obligations or security reasons.

We use automated tools in KYC/AML screening, fraud detection, transaction monitoring, and sanctions checks to protect our platform and comply with legal obligations. These tools may impact your ability to access certain features or complete transactions.

Where required by law, you have the right to request human review, express your point of view, and contest decisions that produce legal or similarly significant effects.

Our Services are not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

Our Services may contain links to third‑party websites, services, or integrations. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any information.

We may update this Privacy Policy from time to time. We will post the updated Policy with a new “Last updated” date and, where required, seek your consent or provide additional notice.

If you have concerns about our processing of your personal data, please contact us first so we can try to resolve your issue. You also have the right to lodge a complaint with your local supervisory authority where applicable.

Risk disclaimer: Digital asset markets are volatile. Privacy protections and regulatory obligations may affect certain features, transaction limits, or availability in your jurisdiction.