Privacy Policy

1. Information We Collect

1.1 Personal Information

We collect personal information that you voluntarily provide, including:

• Identity Information: Full name, date of birth, nationality, government-issued ID, passport details, photographs
• Contact Information: Email address, phone number, residential address, mailing address
• Financial Information: Bank account details, payment card information, tax identification numbers, investment history, net worth, income information
• Accreditation Information: Documentation verifying accredited investor or qualified purchaser status
• Professional Information: Employment status, employer name, occupation, business address

1.2 Transaction Information

We collect information about your investments, transactions, portfolio holdings, trading activity, and interactions with the Platform, including blockchain transaction data.

1.3 Technical Information

We automatically collect certain technical information, including:

• IP address and geolocation data
• Device information (type, operating system, browser type)
• Usage data (pages visited, time spent, clickstream data)
• Cookies and similar tracking technologies
• Log files and analytics data

1.4 Information from Third Parties

We may receive information from third-party service providers, including identity verification services, credit bureaus, fraud prevention services, blockchain analytics providers, and public databases.

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Provision

• Creating and managing your account
• Processing investments and transactions
• Providing customer support
• Communicating about your account and investments
• Managing your portfolio and distributing returns

2.2 Compliance and Legal Obligations

• Verifying your identity (KYC/CDD procedures)
• Screening against sanctions lists and PEP databases
• Monitoring for suspicious activity and fraud prevention
• Complying with AML/CFT regulations
• Meeting tax reporting requirements
• Responding to legal requests and court orders

2.3 Platform Improvement

• Analyzing usage patterns and improving user experience
• Developing new features and services
• Conducting research and analytics
• Testing and troubleshooting

2.4 Marketing and Communications

• Sending investment opportunities and updates
• Providing educational content and market insights
• Conducting surveys and gathering feedback
• Marketing our services (with your consent where required)

2.5 Security and Fraud Prevention

• Detecting and preventing fraud, money laundering, and other illegal activities
• Protecting against security threats and unauthorized access
• Investigating suspicious transactions or behavior
• Enforcing our Terms of Use and other policies

3. Legal Bases for Processing (GDPR/PDPA)

We process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to perform our contract with you
• Legal Obligation: Processing required to comply with laws and regulations (KYC, AML, tax reporting)
• Legitimate Interests: Processing necessary for our legitimate business interests (fraud prevention, service improvement)
• Consent: Processing based on your explicit consent (marketing communications, optional features)

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who perform services on our behalf, including:

• Identity verification and KYC providers
• Payment processors and banking partners
• Custody and insurance providers
• Cloud hosting and infrastructure providers
• Analytics and marketing platforms
• Customer support and communication tools

4.2 Legal and Regulatory Authorities

We may disclose information to government authorities, regulators, law enforcement, and courts when required by law or in response to legal process, including:

• Complying with court orders, subpoenas, or regulatory requests
• Reporting suspicious transactions to financial intelligence units
• Cooperating with investigations of fraud or illegal activity
• Responding to national security requests

4.3 Business Transfers

In connection with any merger, acquisition, financing, reorganization, or sale of company assets, your information may be transferred to the acquiring entity, subject to continued protection under this Privacy Policy.

4.4 With Your Consent

We may share your information with third parties when you have provided explicit consent for such sharing.

4.5 What We Don't Do

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256)
• Post-Quantum Cryptography: NIST-approved quantum-resistant algorithms for blockchain transactions
• Access Controls: Role-based access controls and multi-factor authentication
• Network Security: Firewalls, intrusion detection, and DDoS protection
• Monitoring: 24/7 security operations center and threat monitoring
• Audits: Regular security audits and penetration testing by independent third parties
• Employee Training: Mandatory security and privacy training for all staff
• Incident Response: Comprehensive incident response and breach notification procedures

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Account Information: Duration of account plus 7 years after closure (regulatory requirement)
• Transaction Records: 7 years from transaction date (tax and AML requirements)
• KYC Documentation: 7 years after relationship ends (AML/CFT regulations)
• Marketing Data: Until you withdraw consent or 3 years of inactivity
• Technical Logs: 12-24 months for security and troubleshooting

After the retention period expires, we securely delete or anonymize your information.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to access your personal information and request a copy in a structured, commonly used format.

7.2 Correction and Update

You can update your account information at any time through your account settings or by contacting us.

7.3 Deletion

You may request deletion of your personal information, subject to legal and regulatory retention requirements. Note that we must retain certain information for compliance purposes even after account closure.

7.4 Marketing Opt-Out

You can opt out of marketing communications at any time by clicking "unsubscribe" in emails or updating your communication preferences in your account settings.

7.5 Cookie Preferences

You can control cookie settings through your browser preferences. Note that disabling cookies may limit certain Platform functionality.

7.6 Objection and Restriction

You may object to certain processing activities or request restriction of processing in specific circumstances.

7.7 Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at privacy@provenacapital.com. We will respond to your request within 30 days.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer personal data internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for transfers to countries with adequate protection
• Binding Corporate Rules where applicable
• Explicit consent for transfers where required

9. Children's Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Essential Cookies: Required for Platform functionality and security
• Performance Cookies: Analytics and usage data to improve the Platform
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track advertising effectiveness and deliver relevant ads (with consent)

You can manage cookie preferences through your browser settings. For more information, see our Cookie Policy.

11. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and updating the "Last Updated" date. We may also send you an email notification for significant changes.

13. Complaints and Regulatory Contact

If you have concerns about how we handle your personal information, please contact us first. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority:

• Singapore: Personal Data Protection Commission (PDPC)
• EU/EEA: Your local data protection authority
• UK: Information Commissioner's Office (ICO)

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: