Last Revised: March 10, 2026

1. Purpose and Applicability

This Privacy Policy (the "Policy") describes how Coin Combo Ltd ("Company," "we," "us," or "our") collects, processes, uses, discloses, and protects personal information when you access or use our mobile applications, websites, and other related features or services (collectively, the "Services").

By accessing or using the Services, you acknowledge that your personal information will be processed as described in this Policy. Our processing of personal information is conducted in accordance with applicable privacy and data protection laws in the specific regions where the Services is available.

2. Categories of Information We Collect

Personal information is obtained through various channels and generally falls into the following categories:

2.1 Information You Provide

When you create an account, complete a transaction, or contact our support team, or in any way to use the Services, you may voluntarily provide:

• (a) Account Registration Information: Such as your name, email address, telephone number, and mailing address.

• (b) Login and profile Information: Including your username, password, social media account information, profile image.

• (c) Personal Characteristics: Such as date of birth, age, gender, and general geographic location.

• (d) User-generated content: Including comments, photographs, livestreams, audio recordings, videos, text, hashtags, and virtual item videos that you upload, distribute or stream on the App when you use our services ("User Content") and the associated metadata, such as when, where, and by whom the content was created.

• (e) Facial data and Audio Information: Certain features of the Services may involve processing facial or audio information when you create or interact with User Content, such as applying visual effects to images or livestreams, or using voice-related features in audio or video content. Such information is used only to operate the relevant features and maintain platform integrity. We do not use facial or audio information for marketing or advertising purposes, and we do not sell, share, or disclose such information to third parties unless required by law or with your explicit consent or after it has been converted into de-identified data. Such information is processed solely for feature functionality and is not used for biometric identification or verification purposes, except where explicitly disclosed and permitted by applicable law.

• (f) Financial Information: Including billing address and postal code, country of residence, transaction amount, selected payment method, and payment details such as credit or debit card information or other data required to process a payment.

• (g) Social Media Account Information: Information shared from third-party social media services when you sign up or log in using a linked account (such as Facebook, Instagram, X, or Google), or when you connect your App account with a third-party social media account.

• (h) User Communications: Information contained in inquiries, support requests, feedback submissions, or other communications with us.

• (i) Preference Data: Your selections related to marketing messages, notifications, or communication settings.

• (j) Information related to your preferences, settings, and communications with us.

• (k) Information provided to verify your account, such as age or identity confirmation details.

• (l) Any other information you choose to share through surveys or by participating in activities, promotions, research, or events.

2.2 Information Collected Through Automated Means

When you access or use the Services, certain information may be collected automatically, including:

• (a) Device and Technical Data: Such as device model, operating system, browser type, IP address, and device identifiers.

• (b) Activity and Usage Data: Including pages or screens viewed, gameplay activity, time spent, transaction records, and interaction logs.

• (c) Operational and Diagnostic Data: Including crash reports, system logs, error data, and performance analytics.

• (d) Metadata: Information associated with the User Content you submit, which provides contextual details about the content, such as how and when it was created, its technical format, and descriptive elements like hashtags, keywords, or captions.

• (e) Cookies and Similar Technologies: Small data files used by us or our partners to enable certain features, understand how the Services and related web pages are used, and improve the overall user experience, including measuring interactions with pages and features that you access.

2.3 Information Obtained from Third Parties

We may also receive information from third-party sources, including:

• (a) Social Networking Services: If you link a third-party account (such as Facebook or Google), we may receive limited profile information consistent with your privacy settings on those platforms.

• (b) Vendors and Verification Partners: Including identity verification services, fraud prevention providers, and payment processors.

• (c) Advertising and Measurement Partners: Information related to ad delivery, attribution, and engagement metrics.

3. Purposes for Using Personal Information

We process personal information for legitimate business and operational reasons, including:

• (a) User Communications: To communicate with you regarding your use of the Services, including delivering service-related notices, policy updates, and security alerts; responding to your inquiries, requests, or customer support issues; and, where permitted by applicable law and your communication preferences, sending marketing or promotional communications related to our Services.

• (b) Personalization and Service Experience: To customize and enhance your experience on the Services, including personalizing content presentation, recommendations, and in-app features, and adapting the Services to your preferences, settings, or interactions, in order to provide a more relevant and engaging user experience.

• (c) Service Development and Improvement: To understand how the Services are used, analyze usage trends and performance, test new features and functionalities, conduct internal research and analytics, and improve the reliability, functionality, security, and overall performance of the Services.

• (d) Security, Legal, and Compliance Purposes: To maintain the safety and integrity of the Services, including monitoring for suspicious or fraudulent activity, preventing misuse or abuse, enforcing our Terms of Service and other applicable policies, protecting the rights, property, and safety of users and the Company, and complying with applicable legal, regulatory, and law enforcement requirements.

• (e) We may process your Personal Information for more than one lawful basis depending on the specific purpose for which the information is used.

4. Geographic Restrictions

To comply with applicable laws and regulatory requirements, we may restrict access to our Services in certain geographic locations. This currently includes the following U.S. states: Delaware, Indiana, Louisiana, Maine, Michigan, Montana, South Carolina and Tennessee.

We may also use technical measures to detect and prevent access from restricted location. VPNs or related tools are prohibited during your usage of our Services.

5. Identity Verification (KYC)

To comply with applicable laws and regulations, as well as to prevent fraud and protect the integrity of our Services, we may require users to complete identity verification (commonly referred to as "Know Your Customer" or "KYC") in certain circumstances.

For this purpose, we may collect or process certain personal information necessary to verify your identity. This may include your full name, date of birth, nationality, and information from government-issued identification documents (for example, passport, driver's license, or ID card). We may also collect selfie images or video recordings submitted as part of the identity verification process.

Such information is used solely for legitimate purposes, including compliance with applicable laws and regulations, prevention of fraud and money laundering, and protection against misuse of our Services.

We may engage trusted third-party identity verification providers, such as Sumsub or similar service providers, to carry out verification on our behalf. These providers are contractually required to process personal information only for verification and compliance purposes and to implement appropriate safeguards to protect your data.

Identity verification information is retained only for as long as necessary to fulfill the purposes described above or as required by applicable law. Where possible, we retain verification outcomes or status indicators rather than full copies of identification documents.

We do not sell, lease, trade, or otherwise monetize biometric information. Any biometric data that may be processed is used solely for identity verification purposes and is retained only for the period necessary to complete the verification process and comply with applicable legal requirements.

6. Disclosure of Personal Information

We do not sell or share personal information. Disclosure occurs only under the following circumstances:

• (a) Service Providers: We may share information with trusted third-party vendors that support our operations, such as hosting providers, payment processors, analytics services, customer support vendors, marketing partners, and fraud detection providers. These entities are bound by contractual obligations to safeguard the information and use it solely for authorized purposes.

• (b) Legal and Regulatory Requirements: Information may be disclosed where required by applicable law, regulation, legal process, or governmental request, or where necessary to protect legal rights, investigate wrongdoing, or ensure the safety of users or others.

• (c) Corporate Transactions: In the event of a merger, acquisition, restructuring, financing, insolvency, or asset sale, personal information may be transferred as part of the transaction, subject to appropriate confidentiality protections.

• (d) With User Authorization: Information may be shared for additional purposes when you expressly direct us to do so or provide specific consent.

7. Cookies

We and our partners employ cookies, SDKs and comparable tracking technologies to gather information about interactions with the Services and other online properties.

Use Cases: These tools are used to authenticate users, store preferences, analyze traffic, deliver tailored content or advertisements, and evaluate campaign performance.

User Controls: Most browsers provide options to manage or disable cookies. Please note that restricting certain cookies may affect Service functionality. You may also opt out of interest-based advertising through recognized industry programs such as the Digital Advertising Alliance (DAA) or Network Advertising Initiative (NAI).

8. Information Security Measures

We maintain reasonable administrative, technical, and physical safeguards intended to protect personal information against unauthorized access, loss, misuse, or alteration. Such measures include data encryption, access management, security monitoring, regular assessments, and employee training. Despite these efforts, no system can be guaranteed to be completely secure.

9. Individual Privacy Rights

Subject to your jurisdiction, you may have certain rights relating to your personal information, which may include:

• (a) Access: The ability to request information about the personal data we collect and maintain.

• (b) Correction: The ability to request updates to inaccurate or incomplete data.

• (c) Deletion: The ability to request deletion of personal information, subject to legal exceptions.

• (d) Opt-Out: You have the right to opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising, as interpreted under applicable laws and regulations. At this time, we do not sell or share personal information for cross-context behavioral advertising.

• (e) Sensitive Data Limitations: The right to restrict the use or disclosure of sensitive personal information in certain circumstances.

• (f) Data Portability: The right to receive a copy of your personal data in a commonly used, machine-readable format.

• (g) Consent Withdrawal: The right to withdraw previously granted consent where processing is based on consent.

Requests may be submitted using the contact details in Section 12. Identity verification may be required before fulfilling requests, and responses will be provided within legally mandated timeframes.

10. Children's Privacy

For the avoidance of doubt, minors who are under the age of 18 are strictly prohibited from registering for, accessing, using, or appearing in any content on the Services, as further described in our Terms of Service and our other policies. We do not knowingly collect personal information from anyone under 18 years of age. If you believe that we may have collected personal information from a minor under the age of 18, please contact us, and we will take appropriate steps to promptly delete such information.

11. Data Retention Rules

We retain your personal information for no longer than needed to support the purposes set out in this Policy, except where retention is required or authorized by law. Retention periods are assessed based on the category of information involved, its intended use, and any applicable legal or business requirements.

12. Notice to California Residents

Under the California Consumer Privacy Act, as amended by the CPRA, California residents are entitled to additional privacy rights. During the preceding 12 months, we have collected the categories of personal information described in Section 2 for the purposes described in Section 3. We do not "sell" or "share" personal information for cross-context behavioral advertising as defined by California law. We may share limited information with service providers for measurement or analytics purposes, which does not constitute "selling" or "sharing" under the CPRA. Users will not be subject to discriminatory treatment for exercising their privacy rights.

13. Updates to This Policy

This Policy may be revised periodically to reflect changes in our practices, technology, or legal obligations. The "Last Updated" date indicates the most recent revision. We encourage regular review of this Policy. Significant changes will be communicated through the Services or other appropriate means.

14. Contact Information

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a security concern, please contact us at: [email protected].