Wavist Privacy Policy

Last Updated:May 31, 2025

This Privacy Policy (“Policy”) describes how Witchverse Inc. (Registration Number: 155763430) and its affiliates (“Witchverse,” “WITCH,” “we,” “us,” or “our”) collect, use, and disclose information about you, and the choices you have regarding your information. Please read this Policy carefully. If you have any questions, you can contact us at contact@wavist.io.

Applicability of This Policy

This Policy applies to your use of the Wavist platform and related services (collectively, the "Platform and Services"), including any websites, mobile applications, tools, interfaces, or features we operate or make available. This includes access to tokenized investment opportunities, blockchain-based interactions, subscription and participation in smart contracts, and any other integrations with third-party applications or blockchain systems that rely on the Platform and Services.

IF YOU DO NOT AGREE WITH THE TERMS OF THIS POLICY, PLEASE DO NOT ACCESS OR USE THE PLATFORM OR SERVICES.

This Policy does not apply to personal information collected in the context of employment or recruitment by Witchverse. This Policy is not a contract and does not create any legal rights or obligations. We may also provide additional notices where required by law or specific features, and such notices supplement—not replace—this Policy.

SUMMARY OF KEY POINTS

WHAT PERSONAL INFORMATION DO WE PROCESS? When you visit, use, or navigate our Platform and Services, we may process personal information depending on how you interact with us and the Platform and Services, the choices you make, and the products and features you use.

DO WE PROCESS ANY SENSITIVE PERSONAL INFORMATION? Some of the information may be considered 'Special' or 'Sensitive' ; in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We do not process sensitive personal information.

DO WE COLLECT ANY INFORMATION FROM THIRD PARTIES? We may collect information from third parties when there is a legitimate business need.

HOW DO WE PROCESS YOUR INFORMATION? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.

IN WHAT SITUATIONS AND WITH WHICH PARTIES DO WE SHARE PERSONAL INFORMATION? We may share information in specific situations and with specific third parties when there is a legitimate business need.

HOW DO WE KEEP YOUR INFORMATION SAFE? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

WHAT ARE YOUR RIGHTS? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

HOW DO YOU EXERCISE YOUR RIGHTS? The easiest way to exercise your rights is by visiting wavist.io or by emailing us at contact@wavist.io. We will consider and act upon any request in accordance with applicable data protection laws.

WANT TO LEARN MORE ABOUT WHAT WE DO WITH ANY INFORMATION WE COLLECT? Review the Privacy Policy in full.

What We Collect

The categories of information we collect depend on how you interact with the Wavist Platform and Services. We collect information that you provide directly to us, information collected automatically as you use the Platform, and information obtained from third parties.

Information You Provide

Contact Information: Your name, email address, physical address, and communication preferences.
Financial Information: Your blockchain addresses, connected wallet details, asset holdings, transaction history, and any associated fees.
Transaction Information: Details of your activity on the Platform, including transaction types, amounts, timestamps, and related metadata.
KYC and Compliance Information: Documents and data required for identity verification or regulatory checks, including passport scans, utility bills, proof of income, incorporation documents, tax IDs, and photos.
Interaction Information: Any content you provide during your interactions with us, including inquiries, support requests, feedback, survey responses, or live chat transcripts.

Information We Collect Automatically

Online Identifiers: IP addresses, geolocation, browser type, OS, mobile network info, device identifiers, referring/exit pages.
Usage Data: Pages visited, time spent on Platform, navigation paths, links clicked, interaction logs.
Location Information: IP-based city-level inference for fraud prevention, support, optimization.
Cookies and Tracking Technologies: Cookies, pixels, embedded scripts to analyze usage and monitor performance.

Information from Third Parties and Other Sources

Affiliates: Shared information from companies under Witchverse.
Social Media Platforms: Public info from your profile and interactions.
Identity Verification Providers: For fraud prevention and user verification.
Data Analytics Providers: Analyze trends and behavior.
Other Service Providers: Marketing, technical vendors, support collection.
Information Providers: Contact or background data from sources like credit bureaus.
Public Sources: Blockchain and other public directories.

Blockchain Information We Collect

As part of your interaction with the Wavist Platform, we may collect and analyze information from public blockchains or connected wallets:

Account Address: The public blockchain address linked to your activity on the Platform.
Wallet Provider: The type of wallet used (e.g., MetaMask, WalletConnect, Ledger).
Account Balance and Assets: Your current token holdings and asset types linked to your account.
Transaction Details: Hashes, timestamps, gas fees, transaction types, and sender/recipient addresses.

This information may be combined with your other account data, for example, when connecting a wallet to your profile or verifying transaction eligibility.

How We Use Information

Providing Platform and Services

We may use the blockchain and account information to:

Identify your wallet and asset holdings
Track transaction history
Link wallets with user profiles

Safety and Security

Detect and prevent fraud or illegal activity
Verify identity and access
Monitor abuse or malware
Run diagnostics and issue resolution
Protect users, systems, IP, and enforce policies
Comply with legal obligations

User Support

Route inquiries to the appropriate team
Respond to support requests and comments
Analyze issues and improve experience
Evaluate and improve service quality

Research and Development

We use data to test, analyze, and enhance our Services. This helps us:

Improve user experience and platform performance
Prevent misuse or abuse of the Platform
Develop and refine new tools, products, or features

Legal and Regulatory Compliance

We may use your information to meet regulatory and legal obligations, including:

Identity verification, KYC, or customer due diligence
Cross-checking your information with third-party databases or public records
Conducting background checks as required
Investigating disputes or responding to official regulatory inquiries
Facilitating business transactions or organizational changes
Complying with financial, tax, or data-related regulations

Direct Marketing

We may use your information to send you updates and marketing communications about the Platform and Services, including promotions, product updates, events, and surveys. You can opt out at any time by clicking"unsubscribe" in our emails or by contacting us atcontact@wavist.io.

How We Share & Disclose Information

We may share personal and blockchain-related information in the following circumstances:

With Affiliates

We may share your information with companies owned or controlled by Witchverse, or under common ownership, particularly when collaborating to provide or support the Wavist Platform and Services.

At Your Direction

We may share information with third parties when you request or authorize us to do so. For example, you may choose to share personal data with other participants or partners through your interaction on the Platform. Please note that their use of your information will be governed by their own privacy policies.

To Comply with Legal Obligations

We may disclose your information as required to:

Cooperate with law enforcement or regulatory authorities
Respond to subpoenas, court orders, or similar legal processes
Prevent physical or financial harm, or fraud
Report suspected illegal activity
Investigate potential violations of our Terms of Service or related policies

With Service Providers

We engage service providers to assist with operational, technical, compliance, and marketing tasks. These providers are contractually required to use your information only to provide services on our behalf.

With Identity Verification Providers

When identity verification is required (e.g., for KYC/AML compliance), we may share the necessary information with trusted third-party verification providers to facilitate the process.

On Public Blockchains

Transaction-related information (e.g., blockchain address, amount, timestamp) may be recorded and visible on public blockchains. This data is inherently public and may be accessible by anyone, depending on the blockchain protocol.

During a Business Change

If Witchverse or Wavist undergoes a merger, acquisition, restructuring, financing, asset sale, or similar corporate event, your information may be transferred to the relevant party, subject to standard confidentiality terms.

With Legal and Professional Advisors

We may share your information with legal counsel, accountants, or law enforcement if:

Necessary to obtain legal or regulatory advice
In connection with the defense or enforcement of legal claims or rights
To comply with applicable laws or legal requests from authorities
To detect, prevent, or investigate fraud or illegal activity
To protect the safety and security of our users, employees, or platform

With Respect to Aggregated or De-Identified Data

We may share aggregated or anonymized data (that cannot reasonably be linked back to you) with third parties for analytical, research, or commercial purposes.

No Sale for Marketing/Advertising

We do not sell your personal information to third parties for their own marketing or advertising purposes. This means we do not engage in direct sale of personal data for third party advertising.

Legal Bases for Using Your Information

Where required under applicable law, we rely on specific legal bases to process your personal information as outlined in this Privacy Policy. These include:

Contractual necessity: Where the use of your information is necessary to perform a contract with you or to take steps at your request prior to entering into such a contract (for example, enabling access to the Wavist Platform or facilitating transactions).
Legitimate interests: Where it is necessary for our legitimate business interests or those of a third party, and those interests are not overridden by your rights or interests.
Legal obligations: Where we are required to use your information to comply with legal or regulatory obligations under applicable laws and regulations.
Consent: Where you have provided consent for specific processing activities, which you may withdraw at any time.

Your Rights and Choices

Subject to applicable data protection laws, you may have certain rights with respect to your personal information. If you would like to exercise any of your rights, please contact us at contact@wavist.io.

Depending on your jurisdiction, your rights may include the ability to:

Access the information we hold about you and request a copy.
Update or correct inaccurate or outdated personal information.
Request deletion of your personal information, subject to legal or operational requirements.
Restrict processing of your information under certain conditions.
Withdraw consent for processing where we rely on your consent.

We will review and respond to your request within the timeframe required by applicable law. Please note that in some cases, certain data may be exempt from these rights, such as where continued processing is required for legal compliance or our legitimate business needs.

To protect your privacy, we may request additional information to verify your identity before acting on any rights request.

Information for EU Residents

You are not legally required to provide us with the personal information described in this Privacy Policy. Further, the contractual relationship that you might have entered into with us by using the Platform and Services does not imply any obligation to provide your personal information.

However, you might not be able to use the Platform and Services to the full extent, or in some cases you may not be able to use the Platform and Services at all, if you do not provide us with certain data or object to the use of this data.

Legal Basis for Processing

We process your personal information in accordance with the General Data Protection Regulation (“GDPR”) and other applicable data protection laws. Our legal bases for processing your information include:

Contractual necessity: We process your information as necessary to perform our contract with you, or to take steps at your request prior to entering into a contract (for example, when you register for an account or use our Platform and Services).
Legitimate interests: We process your information to pursue our legitimate business interests, such as improving and securing the Platform and Services, provided that these interests are not overridden by your rights and interests.
Legal obligations: We may process your information to comply with legal or regulatory requirements, including responding to lawful requests from authorities.
Consent: In certain cases, we process your information based on your consent, which you may withdraw at any time.

We may also be required to disclose your information to regulatory or law enforcement authorities in accordance with applicable law.

International Data Transfers

Our primary business operations are based in the United States. When we transfer your personal information outside the EEA, United Kingdom, or Switzerland, we implement appropriate safeguards, such as standard contractual clauses, to ensure your information is protected in accordance with applicable law.

Profiling

We may use your information to personalize your experience on the Platform and Services, including providing tailored offers or recommendations. We do not make decisions based solely on automated processing that produce legal or similarly significant effects for you.

Your Rights

Subject to applicable law, you have the following rights regarding your personal information:

Right of access to your information (Article 15 GDPR)
Right to rectification (Article 16 GDPR)
Right to erasure (Article 17 GDPR)
Right to restrict processing (Article 18 GDPR)
Right to data portability (Article 20 GDPR)
Right to object to processing, including profiling and direct marketing (Articles 21 and 22 GDPR)
Right to withdraw consent at any time, where processing is based on consent

To exercise these rights, or if you have questions about how we process your information, please contact us at contact@wavist.io. We may request additional information to verify your identity before responding to your request.

You also have the right to file a complaint with your local data protection authority if you believe our processing of your personal information violates applicable law.

Your Privacy Rights in the United States

Depending on your state of residence, you may have certain rights regarding your personal information under applicable privacy laws, including those in California, Colorado, Connecticut, Nevada, Utah, Virginia, and other states with similar requirements.

Right to Correction

You may request that we correct inaccurate personal information we hold about you. If your information changes or you believe it is incorrect, please notify us and we will update our records as appropriate.

Right to Deletion

You may request that we delete personal information we have collected from you, subject to certain exceptions. In response, we may delete, deidentify, or aggregate your information as permitted by law. We will confirm the information to be deleted and notify you upon completion of your request. Please note that we may not be able to delete certain information maintained on behalf of third parties or as required by law.

Right to Disclosure

You may request details about our collection and use of your personal information, including:

The categories of personal information we have collected about you,
The categories of sources of that information,
The business or commercial purposes for collecting, using, or sharing your information,
The categories of third parties with whom we share your information,
If applicable, whether we have sold or shared your information and the categories of recipients.

Right to Opt-Out of Sale or Sharing

We do not sell your personal information or share it with third parties for cross-contextual behavioral advertising purposes. Where required by law, you may opt out of certain types of data sharing by adjusting your cookie preferences or contacting us.

Right to Limit Use and Disclosure of Sensitive Personal Information

We do not use or disclose sensitive personal information to infer characteristics about you. If our practices change, we will update this Privacy Policy and provide you with options to limit such use and disclosure.

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights. This includes denying services, charging different prices, or providing a different level or quality of services, except as permitted by law.

Right to Disclosure of Marketing Information

California residents may request information about our disclosures of personal information to third parties for their direct marketing purposes in accordance with the "Shine the Light" law.

How to Exercise Your Rights

To exercise your privacy rights, please submit a verifiable request to contact@wavist.io. We may need to verify your identity before processing your request. If you are a California resident, only you or your authorized representative may make such a request. For requests related to non-affiliated third parties, please contact those third parties directly.

If you have questions about your rights or our privacy practices, please contact us at contact@wavist.io.

Collection of Information from Children

The Platform and Services are not intended for use by children under the age of 13. We do not knowingly collect personal information from individuals under 13 years of age. If you are under 13, please do not use the Platform and Services or provide any personal information to us.

If we become aware that personal information has been provided by or collected from a child under 13, we will take reasonable steps to delete such information from our records.

Parents and guardians who believe that their child has provided us with personal information may contact us at contact@wavist.io. Upon verification, we will promptly delete the relevant information.

For additional control, parents may wish to use available parental control tools to help manage their child's online activities and prevent the disclosure of personal information without parental consent.

Data Retention

We retain your personal information for as long as you use the Wavist Platform and Services and for at least five (5) years thereafter, as required to comply with legal obligations, resolve disputes, or protect our legal rights. Even after you stop using the Platform, we may continue processing your information as necessary to prevent fraud, assist law enforcement, or fulfill other obligations described in this Policy. To view or update your personal information, you may contact us at contact@wavist.io.

Security

We implement administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access or disclosure. However, no system is entirely secure. You are responsible for maintaining the security of your blockchain addresses and connected wallets, and for all activity conducted through them.

Age Limitations

The Wavist Platform is not intended for use by individuals who are under eightteen (18) years old, or the legal age in their jurisdiction, whichever is greater. If you become aware that someone under the applicable legal age has provided us with personal data, please contact us at contact@wavist.io. We will take appropriate steps to delete such data and restrict access.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Platform or via the email associated with your account. The "Last Updated" date at the top of this Policy reflects the date of the latest revision. We encourage you to review this Policy periodically.

We regularly updates our Platform and websites to make improvements, including improvements that better serve your privacy rights. to ensure that this Privacy Policy accurately reflects your use of our Aervices you will need to ensure that you are using the most recent release of our Platform and websites.

If you have any questions about this Privacy Policy, or if you would like to exercise your rights under applicable data protection laws, please contact us at contact@wavist.io. We will respond within a reasonable timeframe, in accordance with applicable legal requirements.