Heurist Digital Assets

Heurist Digital Assets - Global Privacy Policy

This Privacy Policy sets out the basis on which we process the personal data of users of the Heurist Digital Assets website and platform.

Last Updated: July 17, 2025

Introduction

Heurist AI Inc. (“Heurist,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it through our compliance with this privacy policy (this "Privacy Policy").

This Privacy Policy sets out the basis on which we process the personal data of users (“User,” “you,” or “your”) of the Heurist Digital Assets website and platform (collectively, the “Platform”). For information regarding the general use of our services, please see our Terms of Service, of which this Privacy Policy forms a part and is incorporated by reference.

Please read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it. If you do not agree with our policies and practices, your only choice is not to use our Platform. By accessing or using the Platform, you agree to this Privacy Policy. This policy may change from time to time, and your continued use of the Platform after we make changes is deemed to be acceptance of those changes.

01.Definitions

“Applicable Law” means all laws, regulations, and mandatory legal standards applicable to the processing of Personal Data under this Policy, including but not limited to the British Virgin Islands' Data Protection Act.

“GDPR” means the General Data Protection Regulation (EU) 2016/679, a regulation in EU law on data protection and privacy. While Heurist is not an EU entity, we adopt its principles as a high standard for data protection.

"Personal Data" means any information relating to an identified or identifiable natural person.

The terms “controller,” “processor,” and “processing” shall have the meanings understood under globally recognized data protection principles like the GDPR.

02.Data Controller

The data controller for all Personal Data processed through the Platform is:

Heurist AI Inc. A company incorporated in the British Virgin Islands Registration No: 2144371 Address: Asia Leading Chambers, Road Town, Tortola VG1110, British Virgin Islands Contact Email: legal@heurist.ai

For any specific data protection inquiries, you can contact our Data Protection Officer at: dpo@heurist.ai

03.Third-Party Services: KYC/AML and Authentication

Your interaction with certain core functions of our Platform is facilitated by specialized third-party services. It is crucial that you understand their role:

Identity Verification (KYC/AML): To comply with legal and regulatory obligations, Heurist requires all users to complete a Know-Your-Customer (KYC) and Anti-Money Laundering (AML) check. This process is managed and conducted entirely by an integrated third-party service provider. When you undergo this verification, you will provide your Personal Data directly to them, and your interaction will be governed by their Privacy Policy and Terms of Service, which you must agree to before proceeding. Heurist does not collect or store your sensitive identification documents; we only receive a confirmation (e.g., "verified" or "rejected") from our provider.

Authentication and Sign-In: You may be able to create an account and sign in using third-party services, such as a Web3 wallet (e.g., MetaMask) or social media accounts (e.g., Google, X). These authentication services are powered by third-party SDKs. When you use these methods to sign in, you are subject to the Terms of Service and Privacy Policy of that specific provider (e.g., Google's Privacy Policy). We only receive basic profile information from these services, such as your email address or wallet address, to create and manage your Heurist account.

04.Information We Collect About You

To provide our services and meet our legal obligations, we collect and process certain Personal Data. This includes:

Account Data: When you create an account, we collect your name, email address, and password, or the identifier provided by a third-party authentication service (such as a public wallet address).

Financial & Transactional Data: To facilitate your use of the Platform, we collect information related to your source of funds, bank account details, crypto-wallet addresses, and a history of your transactions and investments made through the Platform.

Communications Data: We collect information when you communicate with us, including records and copies of your correspondence (including email addresses) if you contact our support team.

Technical & Navigational Data: As you navigate through and interact with our Platform, we may use automatic data collection technologies to collect usage details, IP addresses, device information (including identifier, name, and operating system), and standard weblog information, such as your browser type and the pages you accessed. This is collected via cookies and other tracking technologies. For more information, please see our separate Cookie Policy.

How We Collect This Information:

  • Directly from you when you fill in forms on our Platform, create an account, or correspond with us.
  • Automatically as you navigate the Platform through cookies and analytics tools.
  • From third parties, such as our authentication partners when you sign in using their services, or our KYC/AML provider who gives us verification status.

Heurist processes your Personal Data based on the following legal grounds:

To Provide Our Services: We process your Account, Financial, and Transactional Data to manage your account and facilitate your transactions on the Platform. The legal basis for this is the Performance of a Contract (our Terms of Service with you).

To Comply with Legal Obligations: We facilitate the KYC/AML process through our third-party provider to meet our legal and regulatory requirements. The legal basis is Compliance with a Legal Obligation.

For Platform Security & Integrity: We process Technical and Account Data to protect our Platform and users from fraud, abuse, and security threats. The legal basis is our Legitimate Interest.

To Provide Customer Support: We use Account and Communications Data to respond to your inquiries and resolve issues. The legal basis is the Performance of a Contract and our Legitimate Interest in providing effective support.

For Platform Improvement & Analytics: We use aggregated and/or anonymized Technical & Navigational Data to understand how our Platform is used and to improve its functionality. The legal basis is our Legitimate Interest.

For Marketing Communications: We may use your email address to send you updates or promotional materials. The legal basis is your Consent, which you can provide at sign-up and withdraw at any time via the "unsubscribe" link in any marketing email.

06.Data Retention Periods

We will only retain your Personal Data for as long as reasonably necessary to fulfill the purposes for which it was collected. Our retention periods are determined by the following criteria:

Account Data: Retained for the duration that you maintain an active account with us.

Transactional & KYC Confirmation Data: The confirmation status from our KYC provider and your transaction history are retained for a period of at least five years after the termination of our business relationship, as required by applicable AML/CTF laws.

Communications Data: Retained for as long as necessary to resolve your inquiry and for our internal record-keeping.

When no longer needed, your data will be securely deleted or anonymized.

07.Disclosure of Your Information

We do not sell your Personal Data. However, we may share your information with the following categories of trusted third parties to provide our services:

Our Affiliates and Group Companies: To provide integrated services.

Third-Party Service Providers: Companies we engage as processors to perform services on our behalf, such as cloud hosting services (e.g., AWS, Google Cloud) and data analytics providers. We have data processing agreements in place with these providers.

Governmental & Regulatory Authorities: As required to comply with applicable law, a court order, or a legal process.

In Case of Merger or Sale: If Heurist is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred as a business asset.

International Data Transfers: Your Personal Data may be transferred to, and stored at, a destination outside your country of residence. Where this is the case, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy by using appropriate legal safeguards, such as Standard Contractual Clauses.

08.Security Measures

We have implemented robust security measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. These measures include technical, physical, and procedural safeguards. The safety and security of your information also depend on you. You are responsible for keeping your account password and any credentials for third-party sign-in services confidential.

09.Your Data Protection Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Data. We are committed to upholding these rights for all our users:

  • Right to Access: You have the right to request a copy of the Personal Data we hold about you.
  • Right to Rectification: You have the right to request the correction of any inaccurate or incomplete Personal Data.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your Personal Data, subject to our legal and regulatory retention obligations.
  • Right to Restrict Processing: You have the right to request that we temporarily or permanently stop processing all or some of your Personal Data.
  • Right to Data Portability: You have the right to request a copy of your Personal Data in a machine-readable format.
  • Right to Object: You have the right to object to us processing your Personal Data on the basis of our legitimate interests.
  • Right to Withdraw Consent: Where we process your data based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at dpo@heurist.ai. We may need to request specific information from you to help us confirm your identity.

10.Policy Towards Minors and U.S. Persons

Our Platform is not intended for individuals under the age of 18 or for any U.S. Person. We do not knowingly collect Personal Data from minors or U.S. Persons. If we become aware that we have collected such data, we will take steps to delete it immediately.

11.Changes to Our Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. If we make material changes, we will notify you through a notice on the Platform's home page or by email.

These documents are governed by the laws of the British Virgin Islands. For questions, contact legal@heurist.ai