Privacy Policy

At Gnosis Ecosystem (Cayman) Ltd (“Gnosis”), we understand that confidentiality and security of the personal information ("Personal Information") that you share with us is important. Gnosis is committed to protecting the privacy of Personal Information, including Personal Information related to individuals who may be clients, agents or others inside or outside of Gnosis. That is why we have developed specific policies and practices designed to protect the privacy of your Personal Information. By opening an account at Gnosis or by utilising the products, services and applications available through Gnosis, you have consented to the collection, use and disclosure of your Personal Information in accordance with this privacy policy ("Privacy Policy" or "Policy"). We encourage you to read this Privacy Policy carefully.

This Policy is based on the privacy and data protection principles common to the countries in which we operate. This Policy is intended to summarize Gnosis' data protection practices generally and to advise our clients, prospective clients, website visitors and other third parties about Gnosis' privacy policies that may be applicable to them.

This Policy is specifically addressed to those who provide Personal Information to Gnosis or who visit or use Gnosis' websites, software application and social media sites.

Your Information and the Blockchain

Blockchain technology, also known as distributed ledger technology (or simply “DLT”) is at the core of our business. Blockchains are decentralized and made up of digitally recorded data in a chain of packages called “blocks”. The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several “nodes” which usually replicate the ledger) this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralized place where it is located either.

Blockchain records are “immutable” by design, meaning they cannot be changed or deleted. Immutability can impact users’ ability to exercise rights such as rights to erasure (“right to be forgotten”) or to object or restrict processing of Personal Information. Data on the blockchain cannot be erased and cannot be changed. Although smart contracts may be used to revoke certain access rights, and some content may be made invisible to others, it is not deleted.

In certain circumstances, in order to comply with our contractual obligations to you (such as delivery of tokens), it will be necessary to write certain Personal Information, such as your Gnosis Chain wallet address, onto the blockchain. This is done through a smart contract and requires you to execute such transactions using your wallet’s private key.

In most cases, the ultimate decisions to (i) transact on the blockchain using your Gnosis Chain wallet address, as well as (ii) share the public key relating to your Gnosis Chain wallet address with anyone (including us) rests with you.

IF YOU WANT TO ENSURE YOUR PRIVACY RIGHTS ARE NOT AFFECTED IN ANY WAY, YOU SHOULD NOT TRANSACT ON BLOCKCHAINS AS CERTAIN RIGHTS MAY NOT BE FULLY AVAILABLE OR EXERCISABLE BY YOU OR US DUE TO THE TECHNOLOGICAL INFRASTRUCTURE OF THE BLOCKCHAIN. IN PARTICULAR, THE BLOCKCHAIN IS AVAILABLE TO THE PUBLIC AND ANY PERSONAL INFORMATION SHARED ON THE BLOCKCHAIN WILL BECOME PUBLICLY AVAILABLE.

Who is responsible for your Personal Information?

Gnosis, a company incorporated in the Cayman Islands, with its registered address – PO Box 144, 3319 9 Forum Lane, Camana Bay, George Town, Grand Cayman KY1-9006, Cayman Islands – is responsible for the Personal Information that we may collect in the manner discussed below.

How do we collect your Personal Information?

Gnosis collects Personal Information from you depending on how you use our services. This may include, among other things, information:

• From users - account creation and login details (name, email).

• From viewers - data like email addresses when accessing user content, stored on users’ behalf.

• Automated collection - technical device data such as IP address, device type, OS.

• User-generated data - voluntarily provided information such as text, photos, attachments tied to your account.

• Transactional data - details when entering transactions such as service requested, payment information, dates.

Additional sources may include agreements, interactions with our team or other contacts. Data may be combined with information from other sources for the purposes listed in this policy. This policy does not cover third-party data collection outside of Gnosis’ control.

What Personal Information do we collect?

Gnosis may collect the following Personal Information from you:

• Contact and registration information (including, name, DOB, email, phone).

• Location information (including, nationality, residence).

• Employment details (including the identity of your employer, salary information, payment and bank details).

• Usage data of website and services.

• Technical information such as IP addresses and browser details.

• Blockchain wallet identifiers.

• Accounting and billing data.

• Card transactions.

• Support interactions (including, emails and chat logs).

• Aggregated anonymized statistical data.

• Social media identifiers (for example, Facebook, Discord) where relevant.

• Third-party features (our website may include social media sharing/liking, which collect data pursuant to their policies).

• National ID numbers.

• Any other information you provide.

For what purposes will we use your Personal Information?

We may use your Personal Information for the following purposes (“Permitted Purposes”):

• Providing requested services.

• Identity verification.

• Sending updates, newsletters and responding to requests.

• Business intelligence and data analytics.

• Managing customer relationships.

• Internal records and account authorization.

• Financial reporting.

• Identity verification as legally required.

• Personalizing user experience.

• Security enforcement and compliance.

• Handling subscriptions, legal obligations and disputes.

• Improving our website and services.

• Tailoring content and advertisements.

• Contacting you regarding your use of services.

• Other incidental business purposes related to the above.

We may also process your Personal Information for the following purposes (after obtaining your consent where such consent is legally required) in accordance with applicable data privacy laws in your jurisdiction and your preferences as legally required:

• To communicate with you through the channels you have approved to keep you up to date on the latest developments, announcements and other information about Gnosis services, products and technologies;

• To conduct client surveys, marketing campaigns, market analysis or promotional activities;

• To collect information about your preferences to create a user profile to personalize and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics).

Where legally required, with regard to marketing-related communication, we will only provide you with such information after you have opted in or had an opportunity to object and we will also provide you with the opportunity to opt out at any time if you do not wish to receive further marketing-related communication from us. We like to keep our clients, personnel and other interested parties informed of company developments, including news relating to Gnosis that we believe is of interest to you. If you do not wish to receive publications or details of events or seminars that we consider may be of interest to you, please let us know by emailing us at: dataprotection@gnosis.io.

Depending on which of the above Permitted Purposes we use your Personal Information for, we may process your Personal Information on one or more of the following legal grounds:

• Because processing is necessary for the performance of your instruction or other contract with you or to take steps prior to entering into any such contract;

• To comply with our legal obligations (for example, to keep records for tax purposes);

• Because processing is necessary for the purposes of our legitimate interest or those of any third party recipients that receive your Personal Information, provided that such interests are not overridden by your interests or fundamental rights and freedoms.

In addition, the processing may be based on your consent where we have expressly sought and you have expressly given that to us.

Who we share your Personal Information with and in what circumstances

• Access is limited to staff who need it to provide services or respond to inquiries. Teams may include marketing, events, product development and customer support. Access is on a strict need-to-know basis.

• Personal Information may be disclosed to trusted third parties who we instruct to process Personal Information for the Permitted Purposes on our behalf and in accordance with our instructions and based on our legitimate interest to provide, maintain and improve our products and services. These may include agents, contractors, advisers (auditors, lawyers), and third party providers such as those set out in the next section below, Use of Third Party Applications. Gnosis generally requires these service providers to enter into confidentiality agreements with Gnosis that limit their use of the information that they receive. Such agreements prohibit the service provider from using Personal Information that they receive other than to carry out the purposes for which the information was disclosed. If required by law, Gnosis will retain control over and will remain responsible for your Personal Information and will use appropriate safeguards to ensure the integrity and security of your Personal Information when engaging service providers.

• Consistent with applicable law, we may share your Personal Information with courts, law enforcement authorities, regulators or attorneys or other parties for the establishment, exercise or defence of a legal or equitable claim or for the purposes of a confidential alternative dispute resolution process.

• We may also use aggregated Personal Information and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.

Otherwise, we will only disclose your Personal Information when you direct us or give us permission to do so, when we are allowed or required by applicable law or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.

Use of third party applications

• Support channels - In order to provide user support we will use different channels like Discord and an email address gnosishq@gnosis.io to facilitate the resolution of any questions and concerns should these arise. By accepting this Privacy Policy, you are deemed to consent to providing the following Personal Information to persons looking to resolve any dispute: name and surname; wallet address; detailed enquiry description; the date and time that the issue arose; the outcome sought. Please note that these channels may use and/or collect your Personal Information. Thus, we recommend to view their privacy policies publicly available on their websites on a periodic basis.

• Mixpanel - We use Mixpanel to monitor the actions of internet users who interact with Gnosis to analyze, test, observe and deploy new features in the app. The data we collect through Mixpanel are detailed here: The user’s wallet address; and Gnosis Pay address, if applicable. If you want to read more about how Mixpanel uses your data, please check https://mixpanel.com/legal/privacy-policy/.

• Loops - We use Loops to send marketing and transactional emails from our app, API and integrations. If you want to read more about how Loops uses your date, please check https://loops.so/privacy.

• Sentry - We use Sentry for error monitoring and crash reporting in to help us identify and resolve technical issues efficiently. The data we collect through Sentry includes: Details about the user's device, operating system and browser; technical details related to crashes or issues encountered in the app; IP Address: Used for debugging and identifying regional issues. This data is used solely for error diagnostics and improving Gnosis' performance. It is not used for tracking or profiling users. If you want to read more about how Sentry uses your data, please check Sentry’s privacy policy.

Personal Information about other people that you provide to us

You must only provide third-party Personal Information if allowed under the Terms of Service. If you provide Personal Information to us about someone else you must ensure that you are entitled to disclose that Personal Information to us for processing as described in this Privacy Policy. You otherwise warrant that you have obtained consent from individuals for us to collect and use their data for the stated purposes. You agree to use our forms/documents for obtaining consent where requested. You warrant data accuracy and authority to share the data.

Keeping Personal Information about you secure

To the extent required by law, we will take appropriate technical and organizational measures to keep your Personal Information confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to Personal Information. Personal Information may be kept on our Information Technology systems, those of our contractors or in paper files.

Transferring your Personal Information outside of the European Economic Area ("EEA"), the United Kingdom, Gibraltar or the Cayman Islands

For Personal Information subject to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), the Gibraltar General Data Protection Regulation (“Gibraltar GDPR”) or the Data Protection Law (2017) (“DPL”) we may transfer your Personal Information outside of the UK, EEA, Gibraltar or the Cayman Islands for the Permitted Purposes as described above. This may include countries that do not provide the same level of protection as the laws of your home country. We will ensure that any such international transfers are made subject to appropriate or suitable safeguards if required by GDPR, UK GDPR, Gibraltar GDPR, DPL or other relevant laws. You may contact us at any time using the contact details below if you would like further information on such safeguards.

Updating your Personal Information

If any of the Personal Information that you have provided to us changes, for example if you change your email address or if you wish to cancel any request that you have made of us, please let us know by contacting us using the contact details below. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Information that you provide to us.

How long do we retain your Personal Information?

We retain your Personal Information in an identifiable form in accordance with our internal policies which establish general standards and procedures regarding the retention, handling and disposition of your Personal Information. Personal Information is retained for as long as necessary to meet legal, regulatory and business requirements. Retention periods may be extended if we are required to preserve your Personal Information in connection with litigation, investigations and proceedings.

Further rights

You have a number of legal rights under the DPL in relation to the Personal Information that we hold about you. These rights include:

• Obtaining information regarding the processing of your personal information and access to the personal information that we hold about you. Please note that there may be circumstances in which we are entitled to refuse requests for access to copies of personal information, (in particular, information that is subject to legal professional privilege);

• Requesting that we correct your personal information if it is inaccurate or incomplete;

• Requesting that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information but we are legally entitled to retain it;

• Objecting to and requesting that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request;

• Withdrawing your consent, although in certain circumstances it may be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so;

• Obtaining computerized personal information collected from you in a structured, commonly used and technological format (right to data portability).

We may request that you prove your identity in order for us to comply with our security obligations and to prevent unauthorized disclosure of data. We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data and for any additional copies of the Personal Information you request from us.

We will consider any requests or complaints that we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you may take your complaint to the Office of the Ombudsman of the Cayman Islands.

Updates to the Privacy Policy

This Privacy Policy was last updated on 25 August 2025. We reserve the right to update and change this Privacy Policy from time to time, for example, in order to reflect any changes to the way in which we process your Personal Information or changing legal requirements. In case of any such changes, we will post the changed Privacy Policy on our website or publish it otherwise. The changes will take effect as soon as they are posted on our website.

How to contact us

We welcome your views about our website and our Privacy Policy. If you have any questions about this Policy, please contact dataprotection@gnosis.io.