KIBOV — Institutional Credit Infrastructure

1. INTRODUCTION AND DATA CONTROLLER. KIBOV Pte. Ltd. ("KIBOV," "we," "us") operates the KIBOV Platform. This Privacy Policy describes how we collect, use, store, and share personal data in connection with the Platform. We process data in accordance with applicable data protection laws and our contractual obligations. Capitalized terms not defined here have the meaning in our Terms of Service.

2. DATA WE COLLECT. Depending on your role and jurisdiction, we may collect: (a) blockchain identifiers, such as public wallet addresses and transaction hashes; (b) account and authentication data processed by our identity and wallet providers (e.g., email, OTP events, wallet linkage) as needed to operate login and compliance flows; (c) KYC/KYB information, which may include name, date of birth, nationality, government identification numbers, proof of address, corporate formation documents, beneficial ownership information, and facial or document imagery when required by our verification partners; (d) financial and transaction data relating to subscriptions, settlements, and positions for reconciliation and regulatory purposes; (e) communications you send to us and support tickets; (f) technical data such as IP address, device type, browser type, and timestamps for security, fraud prevention, and service improvement. We collect personal data only where necessary for the purposes in Section 3 or as required by law.

3. PURPOSES AND LEGAL BASES. We process data to: provide and secure the Platform; perform our contract with you; comply with AML, CTF, sanctions screening, and KYC/KYB obligations; enforce our terms; detect and prevent fraud; maintain audit trails for institutional and regulatory expectations; improve reliability and security; and communicate service-related notices. Legal bases may include contract, legal obligation, legitimate interests (where not overridden by your rights), and consent where required.

4. SERVICE PROVIDERS. We use subprocessors for hosting, identity verification, analytics (aggregated where possible), email delivery, and compliance tooling. They are contractually required to protect data and use it only for instructed purposes. A current list may be provided upon request where required by law.

5. INTERNATIONAL TRANSFERS. Your data may be processed in Singapore and other countries where we or our providers operate. Where transfers require safeguards (e.g., standard contractual clauses), we implement appropriate measures consistent with applicable law.

6. RETENTION. We retain data for as long as necessary for the purposes above, including statutes of limitation, regulatory retention periods, and ongoing legal holds. KYC records may be retained for extended periods as required by AML laws.

7. SECURITY. We implement administrative, technical, and organizational measures designed to protect personal data, including access controls, encryption in transit and at rest where appropriate, and logging of access to sensitive systems. No system is perfectly secure; you should protect your credentials and devices.

8. ACCESS CONTROLS FOR SENSITIVE FILES. Identity documents and institutional dossiers are subject to role-based access. Only authorized personnel—and, where applicable, external auditors or regulators under confidentiality—may access such materials for compliance or examination purposes. Access is logged in line with internal policy.

9. YOUR RIGHTS. Depending on your jurisdiction, you may have rights to access, rectify, delete, restrict processing, object, or port your data, and to withdraw consent where processing is consent-based. To exercise rights, contact us through the channels provided on the Platform. We may need to verify your identity. We may deny requests where permitted by law (e.g., overriding legal obligations). You may lodge a complaint with a supervisory authority where applicable.

10. COOKIES AND SIMILAR TECHNOLOGIES. We use cookies and local storage as needed for session management, security, and preferences. We do not use third-party advertising trackers for cross-site behavioral profiling as part of core Platform operation. You may control cookies through browser settings; disabling certain cookies may limit functionality.

11. CHILDREN. The Platform is not directed at individuals under the age of majority in their jurisdiction. We do not knowingly collect children's data for marketing purposes.

12. CHANGES. We may update this Privacy Policy; the "Last updated" date will change. Material changes will be communicated as required by law or through the Platform.

11. CHILDREN. The Platform is not directed at individuals under the age of majority in their jurisdiction. We do not knowingly collect children's data for marketing purposes.

12. CHANGES. We may update this Privacy Policy; the "Last updated" date will change. Material changes will be communicated as required by law or through the Platform.