Privacy Policy

Effective Date: May 20, 2026

This Privacy Policy ("Policy") is effective as of the date hereof, and outlines how DreamDEX, S.A., a company incorporated in accordance with the laws of the Republic of Panama under the Mercantile Folio No. 155782306 ("we", "us", or "our") and the operator of a front-end interface (the "Interface") that provides access to a decentralized perpetual futures trading protocol (the "Protocol") that collects, uses, and processes Personal Information of users ("you" or "users") who interact with the Protocol through the Interface based on applicable lawful bases including contractual necessity, legitimate interests, and consent as detailed herein. The Protocol operates through autonomous smart contracts deployed on a blockchain network that is not owned or operated by us. We provide the Interface to facilitate user interaction with these smart contracts but we do not custody funds, control transactions, or act as an intermediary in trades. By accessing or using the Interface or interacting with the Protocol, you agree to the terms of this Policy.

1. Introduction and Notice at Collection

The Protocol is a non-custodial, decentralized perpetual futures trading system operating through smart contracts on a blockchain network that is not owned or operated by us. We operate the Interface to enable users to interact with the Protocol but does not control, custody, or have access to user funds or private keys. All trading activity occurs directly on-chain through smart contract execution. We are incorporated under the laws of the Republic of Panama and are committed to transparency regarding data handling practices in decentralized contexts.

We may collect the following categories of information from and about you to the extent it has been provided or made available to us: identifiers (including wallet addresses and IP addresses); internet or similar network activity; and inferences drawn from other Personal Information. Importantly, blockchain wallet addresses you use to interact with the Protocol are publicly visible on the blockchain and are not collected or controlled by us as they are inherent to blockchain technology. Transaction data executed through smart contracts (including trade details, positions, liquidations, and timestamps) is permanently recorded on the public blockchain and cannot be modified or deleted by us or any other party. We collect these categories of information from you in order to operate the Interface, improve user experience, comply with legal obligations, and communicate with users who voluntarily provide contact information. We do not collect government-issued identifiers or financial account numbers as the Protocol operates on a non-custodial basis. We may have disclosed each of these categories of Personal Information for a business purpose as described below.

We will retain various categories of Personal Information based on several factors, including with respect to:

  1. 1.1
    Contact information (email addresses): 3 years from last interaction or until withdrawal of consent;
  2. 1.2
    IP addresses and security logs: 12 months from collection date;
  3. 1.3
    Interface usage data and analytics: 24 months from collection date;
  4. 1.4
    Support communications: 5 years from resolution of inquiry; and
  5. 1.5
    Marketing communications data: Until withdrawal of consent or 3 years from last engagement.

Retention periods may be extended where reasonably necessary to:

  1. 1.6
    provide our products and services or administer our relationship with a consumer;
  2. 1.7
    protect our business, employees, organization, and others;
  3. 1.8
    fulfil our legal and regulatory obligations; and
  4. 1.9
    investigate and address issues which may include safety concerns, potential security incidents or policy violations.

This Policy governs all aspects of information collection, processing, and protection across our Interface's services, including but not limited to market participation, transaction processing, and user interactions. It applies to all users accessing our Interface. By using our Interface, you acknowledge that you have read and understood this Policy and agree to be bound by its terms. If you do not agree with any aspect of this Policy, you should immediately discontinue use of our Interface. We recommend reviewing this Policy periodically as it may be updated from time to time.

For purposes of this Policy, any capitalized terms not defined herein shall have the meanings assigned to them in our Terms of Service. This Policy should be read in conjunction with our Terms of Service and any other agreements between you and us governing your use of the Interface.

We are aware of our responsibilities to handle your personal data with care, to keep it secure, and comply with privacy and data protection laws applicable to us and your Personal Information, including Law 81 of March 26, 2019, on the Protection of Personal Data and its Regulations, the Executive Decree 285 of May 28, 2021 ("Data Protection Laws").

2. Information We Collect

We collect and process two main categories of information about you when you use our Interface:

"Personal Information" refers to information that can directly or indirectly identify you as an individual. Given the non-custodial nature of the Protocol, we collect minimal (if any) Personal Information. This may include your email address if you voluntarily subscribe to communications, and any information you provide when contacting support. We do not require or collect full names, postal addresses, phone numbers, dates of birth, government-issued identification documents, banking information, or account passwords. Access to the Protocol requires only a compatible blockchain wallet, which you control independently. We may collect some or all of this information when you use the Interface or voluntarily provide it through communication channels.

"Usage Data" encompasses information about how you interact with the Interface. This includes your IP address, browser type and version, device information, operating system, time zone setting, access times and duration, pages viewed, features used, and other diagnostic data. We, or our third-party vendors, collect this information automatically when you access and navigate the Interface through cookies, pixels, web beacons, and similar tracking technologies.

We do not maintain centralized records of your trading activity. All transactions occur directly on the blockchain through smart contract execution and are recorded immutably on the public ledger. Blockchain transaction data (including wallet addresses, trade details, position sizes, timestamps, and liquidation events) is publicly accessible to anyone and is not under our control or custody. Your IP address and device identifiers are logged by the Interface for security purposes and to improve Interface functionality. This Interface-level data is separate from on-chain transaction data.

Please note that certain features of the Interface may not be accessible if you choose not to provide some of the requested information. Any Personal Information you provide will be processed in accordance with this Policy and applicable Data Protection Laws.

3. Lawful Bases for Information Collection and Processing

In accordance with the Data Protection Laws, we process your Personal Information based on the following lawful bases:

  1. 3.1
    Collection and processing of contact information necessary for Interface operation and user communications;
  2. 3.2
    Collection of Interface Usage Data based on our legitimate interest in operating, maintaining, and improving Interface functionality and user experience;
  3. 3.3
    Analysis of aggregated, anonymized usage patterns for Protocol development (legitimate interest); Communication regarding Protocol updates, security notices, and Interface changes (legitimate interest);
  4. 3.4
    Sharing your information with third parties where we have a legitimate interest in doing so (such as with service providers necessary for Interface operation) or where required by legal obligation;
  5. 3.5
    Technical support of the Interface and communications with users who voluntarily provide contact information (contractual necessity for Interface provision);
  6. 3.6
    The analysis of user behaviour and Interface performance to enhance our services, develop new features, and optimize user experience based on our legitimate interest in improving Interface functionality and user experience. This includes conducting statistical analyses, performing market research, and generating aggregated insights about Interface usage patterns. Such processing is conducted using industry-standard analytics tools with appropriate safeguards in place. On-chain transaction data used for analytics is publicly available blockchain information, not data we collect or control;
  7. 3.7
    Sending you promotional materials, newsletters, product updates, and other marketing communications that may be of interest to you. This may include personalized recommendations based on your Interface activity and preferences. You may opt out of marketing communications at any time as described in this Policy; and/or
  8. 3.8
    Processing your information to comply with applicable laws, regulations, and legal obligations (legal obligation basis), and responses to legal requests from authorities (legal obligation basis). We also use your information to detect and prevent fraud, unauthorized access, and other prohibited activities related to the Interface (legitimate interest basis). Note that the Protocol operates autonomously through smart contracts, and we have no ability to freeze funds, reverse transactions, or prevent wallet addresses from interacting with the Protocol. Compliance capabilities are limited to Interface-level access restrictions.

We do not collect sensitive personal data such as government-issued identification documents, financial account information, or biometric data. The Protocol operates on a non-custodial basis and does not require identity verification.

You have the right to withdraw your consent at any time by contacting us where consent is the lawful basis for processing. Please note that withdrawal of consent for marketing communications will not affect other processing activities that rely on different lawful bases such as contractual necessity or legitimate interests. Withdrawal of consent for certain Interface-related data collection may impact our ability to provide you with certain Interface features, but will not affect your ability to interact directly with the Protocol smart contracts using alternative interfaces or direct blockchain interaction.

We maintain records of all lawful bases provided by users in accordance with the Data Protection Laws. We may make these records available to regulatory authorities when compelled by applicable law.

Your explicit consent serves as the lawful basis for processing Personal Information for marketing communications, promotional materials, newsletters, and personalized recommendations as described in Section 3(g). This consent is separate from and independent of other lawful bases we rely on for Interface operation and security. You may withdraw your marketing consent at any time without affecting our ability to process your information for other purposes based on alternative lawful bases such as contractual necessity or legitimate interests.

The processing of your Personal Information is based on the following lawful bases: (i) contractual necessity for Interface operation and performance; (ii) compliance with applicable legal obligations; and (iii) our legitimate interests in operating, improving, and protecting the Interface, except where marketing communications require your explicit consent as specified above. You should assume that on-chain activity may be analysed and potentially linked to you at your own risk.

4. Autonomous Smart Contract Operation and On-Chain Data Processing

The Protocol operates through autonomous smart contracts deployed on a blockchain network that is not owned or operated by us. These smart contracts execute programmatically based on predefined code logic and do not require human intervention or centralized control. We did not write all smart contract code and do not control smart contract execution, transaction processing, or data recording.

When you interact with the Protocol, smart contracts automatically process and record the following data on the blockchain:

  1. 4.1
    Wallet addresses (yours and counterparties);
  2. 4.2
    Transaction types (open position, close position, add collateral, etc.);
  3. 4.3
    Trade parameters (position size, leverage, direction, entry price);
  4. 4.4
    Collateral amounts and types;
  5. 4.5
    Liquidation events and parameters;
  6. 4.6
    Profit and loss calculations;
  7. 4.7
    Timestamps of all interactions;
  8. 4.8
    Gas fees and transaction costs; and
  9. 4.9
    Oracle price data used for settlement.

This data processing occurs entirely on-chain and is not controlled by us. Smart contracts process this data according to their programmed logic, and all processing is transparent and verifiable on the blockchain. For on-chain data processing, there is no centralized data controller in the traditional sense. Smart contracts operate autonomously, and data is distributed across the blockchain network. We cannot modify smart contract logic, alter transaction data, or control how smart contracts process information without governance approval and contract upgrades, which may not be technically feasible for all contracts. The Protocol relies on third-party oracle services to provide price feeds and other off-chain data necessary for smart contract execution. Oracle providers independently collect, process, and transmit this data to the Protocol smart contracts. We do not control oracle data sources, accuracy, or timeliness. Oracle data is typically publicly observable on-chain.

Smart contracts are designed to process only the minimum data necessary for Protocol functionality. No personal identifying information is required for smart contract interaction — only wallet addresses and transaction parameters. Due to blockchain immutability, data recorded by smart contracts cannot be erased, modified, or deleted by us or any party. This is a fundamental technical limitation of blockchain technology. Users should not interact with the Protocol if they require the ability to delete transaction data. Certain Protocol smart contracts may be upgradeable through governance or other processes. Any upgrades that affect data processing will be announced through appropriate channels. However, historical data recorded by previous contract versions remains permanently on the blockchain. All smart contract code is publicly verifiable on the blockchain. Users can independently review contract logic to understand how their data will be processed before interacting with the Protocol.

Interaction with the Protocol requires a compatible blockchain wallet. Your wallet address serves as your pseudonymous identifier on the blockchain. We do not assign, control, or have custody of wallet addresses. You generate and control your wallet independently through third-party wallet software. All transactions executed through the Protocol are recorded on the public blockchain and associated with your wallet address. This data includes but is not limited to trade details, position sizes, collateral amounts, liquidation events, profit and loss, timestamps, and gas fees paid. This information is permanently recorded on the blockchain and is publicly accessible to anyone.

While wallet addresses do not inherently contain personal identifying information, they are pseudonymous, not anonymous. Blockchain analysis techniques, transaction pattern analysis, IP address correlation, exchange KYC data, and other methods may be used by third parties to link wallet addresses to real-world identities. We have no control over such analysis conducted by third parties.

We do not require or conduct identity verification (KYC) for use of the Interface or Protocol interaction. However, if you have provided Personal Information to us through other channels (such as email communications), or if you have undergone KYC with cryptocurrency exchanges or other services, third parties may be able to link your wallet address to your identity.

Users should be aware that:

  1. 4.10
    All wallet addresses you interact with (including the Protocol contracts) are visible on-chain;
  2. 4.11
    Transaction amounts, frequencies, and patterns are publicly observable;
  3. 4.12
    Wallet address clustering and analysis may reveal relationships between addresses;
  4. 4.13
    Once a wallet address is linked to your identity, all historical and future transactions from that address may be attributed to you; and
  5. 4.14
    We cannot provide anonymity or prevent third-party blockchain analysis.

Using the same wallet address for multiple transactions increases the risk of identity correlation. Users concerned about privacy should consider their address management practices, though we provide no guarantees regarding on-chain privacy.

Blockchain analytics companies, regulators, researchers, and other third parties may monitor Protocol transactions and attempt to identify users. We have no control over such activities and cannot prevent third parties from analysing publicly available blockchain data.

5. Your Rights and Choices

Depending on your state or country of residence you may have certain rights regarding your Personal Information that we collect and process. You may exercise these rights by contacting us.

Under applicable data protection laws, you may have the right to access, correct, delete, or object to the processing of your Personal Information that we collect through the Interface, subject to applicable legal limitations. Due to the immutable nature of blockchain technology, transaction data recorded on a blockchain cannot be modified or deleted.

Please note that we do not collect or process Sensitive Personal Information, as defined by applicable Data Protection Laws, except as necessary to perform our services. We also do not knowingly "sell" or "share" any Personal Information, including any Personal Information relating to consumers under the age of 18, as we understand those terms to be defined under applicable Data Protection Law.

Agents that you have authorized to act on your behalf may also submit requests as instructed below. The agent may be asked to provide evidence that they have your written permission to submit a request on your behalf. If we are unable to verify the authenticity of a request, we may ask you for more information or may deny the request.

You may opt-out of receiving marketing communications from us at any time by (i) clicking the "unsubscribe" link in any marketing email we send; or (ii) contacting us and requesting to opt-out. Please note that even if you opt-out of marketing communications, we may still send you important Interface and Protocol-related notifications and updates.

When you disconnect your wallet from the Interface, please note that some information may be retained in our records to comply with legal obligations, resolve disputes, enforce our agreements, or protect our legitimate business interests. Importantly, you do not have an "account" with us in the traditional sense as you interact with the Protocol using your self-custodied wallet. We cannot delete blockchain transaction data, which is permanently recorded on the public ledger. Deleting Interface-collected data will not affect your on-chain transaction history or your ability to interact with the Protocol through other means.

We will respond to all legitimate requests as soon as practicable and generally within ten (10) business days from the date of submission. For requests to modify data, we will process these as soon as practicable and generally within five (5) business days.

If you would like to adjust your cookie settings, you can adjust your browser to control cookies to require your affirmative acceptance for new cookies, automatically reject cookies and/or delete or disable existing cookies. How you do so depends on the type of cookie and the browser that you are using. Some browsers have "do not track" features that allow you to tell a website not to track you. These features are not all uniform and may not be implemented. We do not currently respond to "Do Not Track" or "DNT" signals from browsers, as there is no uniform standard for how such signals should be interpreted or implemented. However, you can control tracking through the cookie settings described above and by adjusting your browser privacy settings. If you block cookies, certain features of the Interface may not work. If you block or reject cookies, not all of the tracking described here will stop.

6. International Data Transfers

We may transfer, store, and process your Personal Information collected through the Interface in countries other than Panama. By using the Interface, you acknowledge and consent that your Personal Information may be transferred to and processed in countries that may have different data protection rules than your country of residence. Additionally, blockchain data is distributed across a global network of nodes and validators operating in multiple jurisdictions. We have no control over the geographic location of blockchain data or the nodes that process Protocol transactions.

We maintain appropriate technical and organizational measures to protect your Personal Information during international transfers, including encryption of data in transit and storage. Where we engage third-party service providers who may access your Personal Information from other countries, we require them to provide at least the same level of privacy protection as required under applicable Data Protection Laws. However, we cannot control the data practices of third-party oracle providers, liquidity providers, or other Protocol participants who may access publicly available blockchain data or interact with the Protocol independently.

If you are located in the European Union, you have the right to obtain information about the safeguards we use for transferring your Personal Information outside the European Economic Area. You may contact us to request such information.

7. Changes to This Policy

We reserve the right to update or modify this Policy at any time and from time to time without prior notice. We will post any revised version of the Policy on the Interface and update the "effective date" referenced at the beginning of this Policy. If we make any material changes to this Policy, we will notify you through a prominent notice on our Interface, by sending you an email to the last email address you provided to us, or through other appropriate communication channels. Note that this Policy governs only our data handling practices and that the Protocol operates through immutable smart contracts that cannot be modified without community governance processes, which are separate from this Policy.

Your continued use of the Interface following the posting of changes to this Policy will constitute your acknowledgment and acceptance of such changes. We encourage you to periodically review this Policy to stay informed about how we collect, use, and protect your Personal Information. If you do not agree with any changes to this Policy, you must discontinue using the Interface. However, you may continue to interact with the Protocol directly through alternative interfaces or blockchain interaction tools. Any changes or modifications will be effective immediately upon posting the revised Policy on the Interface. These changes will apply to all information we have about you, as well as any information we may receive in the future.

8. Third-Party Links and Services

This Policy does not apply to third-party websites, services, or applications that may be linked from or accessible through the Interface. We are not responsible for the privacy practices or content of such third-party sites or services. We encourage you to review the privacy policies and terms of service of any third-party sites or services before providing any Personal Information or using their services. Your interactions with third parties are governed solely by their respective privacy policies and terms of service.

9. California Privacy Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  1. 9.1
    Right to Know and Access: You may request information about the categories and specific pieces of Personal Information we have collected about you, the sources of such information, the purposes for collecting or using it, and the categories of third parties to whom it has been disclosed.
  2. 9.2
    Right to Delete: You may request that we delete Personal Information we have collected from you, subject to certain legal exceptions.
  3. 9.3
    Right to Correct: You may request that we correct inaccurate Personal Information we maintain about you.
  4. 9.4
    Right to Opt-Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your Personal Information (as those terms are defined under applicable law).
  5. 9.5
    Right to Limit Use of Sensitive Personal Information: Where applicable, you may request that we limit the use and disclosure of Sensitive Personal Information to permitted purposes.
  6. 9.6
    Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

You may exercise your rights by contacting us through our website. We may need to verify your identity before processing your request. You may also designate an authorized agent to act on your behalf, subject to applicable verification requirements.

We will respond to verifiable requests within 45 days, which may be extended once by an additional 45 days where reasonably necessary.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on the Interface, analyse usage patterns, and improve our services. This section explains what cookies are, how we use them, and your choices regarding their use.

Cookies are small text files stored on your device when you visit the Interface. They contain information that helps us recognize your browser and remember certain information about your preferences or past actions.

Types of Cookies We Use:

  1. 10.1
    Essential Cookies: These cookies are necessary for the Interface to function properly. They enable core functionality such as security, network management, and accessibility. You cannot opt-out of these cookies without affecting the Interface's operation.
  2. 10.2
    Analytics Cookies: These cookies help us understand how users interact with the Interface by collecting and reporting information anonymously. We use this data to improve the Interface's performance and user experience.
  3. 10.3
    Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings. They may be set by us or by third-party providers whose services we use.
  4. 10.4
    Performance Cookies: These cookies collect information about how you use the Interface, including which pages you visit most often and any error messages you receive. This information helps us optimize the Interface's performance.
  5. 10.5
    Third-Party Cookies: We may allow certain third-party service providers to place cookies on your device to provide analytics, security, and other services. These third parties have their own privacy policies governing their use of your information.

Cookies may be either "session cookies" (which expire when you close your browser) or "persistent cookies" (which remain on your device for a set period or until you delete them). The retention period for each cookie depends on its purpose and your browser settings.

Your Cookie Choices: You can control cookies through your browser settings. Most browsers allow you to:

  1. 10.6
    View what cookies are stored on your device
  2. 10.7
    Block cookies from specific sites
  3. 10.8
    Block third-party cookies
  4. 10.9
    Block all cookies
  5. 10.10
    Delete cookies when you close your browser
  6. 10.11
    Delete stored cookies

Please note that disabling certain cookies may affect the functionality of the Interface. Essential cookies cannot be disabled without impacting core Interface operations.

Do Not Track (DNT): Some browsers include a "Do Not Track" feature that signals websites not to track users. Currently, there is no universally accepted standard for how websites should respond to DNT signals. We do not currently respond to DNT signals, but we provide you with choices about cookie usage as described above.

We maintain a separate cookie policy that is available on our website and is updated from time to time.

For more information about cookies and how to manage them, visit www.allaboutcookies.org or your browser's help section.

11. Contact Us

For any questions, concerns, or requests related to your Personal Information or this Policy, you may contact us through our website.

12. Governing Law, Force Majeure and Arbitration

The governing law, force majeure and arbitration provisions of the Terms of Service apply to this Policy and are incorporated herein by reference, mutatis mutandis.

13. How to Complain

You may exercise their rights of access, rectification, cancellation, or opposition concerning their personal data, as well as request the revocation of their consent, by sending a request to us via email at hello@dreamdex.io providing your full name and address or any other data or document that allows their identification, including a legal document proving ownership, as well as the purpose of their request and/or procedure to be carried out. If the person submitting the request is the parent, mother, or guardian of the personal data owner, they must be accompanied by the minor's birth certificate and/or a legal document proving guardianship. The official identifications accepted by us are; valid Passport, Personal Identity Card, Driver's License, valid immigration document issued by the competent authority.

Nothing in this Privacy Policy shall limit your rights under the Data Protection Law, including your right to file complaints with the National Authority for Transparency and Access to Information (ANTAI) for matters related to personal data protection. However, disputes arising from other contractual matters shall be resolved through arbitration.

Privacy Policy 2