1. Introduction

1.1. This Privacy Policy outlines how Kaku Finance ("we," "us," or "our") collects, uses, shares, and protects the personal information of users ("you" or "your") who access and use the Kaku Finance Platform ("Platform").

1.2. We are committed to protecting your privacy and ensuring the security of your personal information in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data privacy laws. By using the Platform, you consent to the collection and use of your information as described in this Privacy Policy. Kaku Finance values transparency and user control over their data, and we strive to provide clear information about our data practices.

2. Information We Collect and Lawful Basis for Processing

2.1. Personal Information (for KYC/AML Compliance - Legal Obligation):

• Email Address: Necessary for account creation, communication, and password recovery.

• Full Name: Necessary for verification and identification purposes.

• Residential Address: (including Country, State, City, Zip/Postal Code, Address Line 1) Necessary for KYC/AML compliance to prevent fraud and comply with legal obligations.

• Date of Birth: Necessary for age verification and ensuring compliance with legal requirements regarding participation in the Token Sale.

• Government-issued identification documents: (e.g., passport, national ID card, driver's license) - Uploaded securely. Necessary for KYC/AML compliance to verify your identity and prevent fraud.

2.2 Usage Data (Legitimate Interest):

We may collect information about how you access and use the Platform, including:

• IP address: Pseudonymized and used for analytics purposes to understand user behavior and improve the Platform.

• Device type, Browser type, Operating system: Collected to ensure compatibility and optimize the user experience.

• Pages visited, Time spent on each page, Referral source: Pseudonymized and used for analytics to understand user journeys and improve the Platform.

• We will not collect or store your IP address in a way that directly identifies you.

2.3. Cookies and Similar Technologies (Consent):

• We use a limited number of essential cookies to ensure the proper functioning of the Platform. These cookies are necessary to:

  • Maintain user sessions and remember preferences

  • Secure the Platform and prevent unauthorized access

• These cookies do not collect any personally identifiable information (PII) and do not require your consent under GDPR regulations.

• In the future, we may use non-essential cookies for analytics and marketing purposes. We will obtain your explicit consent before using such cookies.

3. How We Use Your Information

We will only process your personal information for the following purposes and based on the following lawful bases:

• To provide and maintain the Platform (Contractual Necessity).

• To process and manage your participation in the Token Sale (Contractual Necessity).

• To verify your identity and comply with KYC/AML regulations (Legal Obligation).

• To communicate with you about your account, the Token Sale, and other relevant information (Legitimate Interest). You can manage your communication preferences in your account settings.

• To improve the Platform and personalize your experience (Legitimate Interest). You can opt-out of personalization in your account settings.

• To analyze trends and usage patterns (Legitimate Interest). Data will be pseudonymized to protect your privacy.

• To protect against fraud and other illegal activities (Legitimate Interest).

• To comply with applicable laws and regulations (Legal Obligation).

4. How We Share Your Information

4.1. Limited Sharing:

We will only share your information with third parties in the following limited circumstances and ensure they comply with GDPR:

• Service Providers: We may share your information with trusted service providers who assist us in operating the Platform and providing our services (e.g., data storage, KYC verification, customer support). We have Data Processing Agreements (DPAs) in place with these providers to ensure your data is protected.

• Regulatory Authorities: We may share your information with regulatory authorities, law enforcement agencies, or other third parties as required by law or to protect our legal rights.

4.2. We will not:

• Sell or rent your personal information to third parties for marketing purposes.

• Share your information with third-party advertisers without your explicit consent.

5. Your Rights and Data Retention

5.1. Your Rights (GDPR):

You have the following rights under the GDPR:

• Right to Access: You have the right to request a copy of the personal information we hold about you.

• Right to Rectification: You have the right to request that we correct any inaccurate personal information we hold about you.

• Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal information, subject to certain legal and regulatory restrictions.

• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information.

• Right to Data Portability: You have the right to request that we transfer your personal information to another controller in a structured, commonly used, and machine-readable format.

• Right to Object: You have the right to object to the processing of your personal information.

5.2. Data Retention:

• We will retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• We will then delete or anonymize your personal information in a secure manner.

6. Data Security

We implement a variety of technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption: We encrypt your personal information at rest and in transit using industry-standard encryption algorithms.

• Access Controls: We implement strict access controls to limit access to your personal information to authorized personnel only.

• Firewalls: We use firewalls and other security measures to protect our servers from unauthorized access.

• Regular Security Audits and Penetration Testing: We conduct regular security audits and penetration testing by qualified security professionals to identify and address potential vulnerabilities.

• Blockchain Technology: We leverage the inherent security features of blockchain technology to further enhance the protection of certain user data.

• Incident Response Plan: We have a comprehensive incident response plan in place to effectively respond to and mitigate any security incidents that may occur.

• Employee Training: We provide regular training to our employees on data protection best practices and security protocols.

7. International Data Transfers

• The Platform may be accessed from anywhere in the world. Our primary data centers are currently located in Europe (specifically Germany and Bulgaria).

• If your personal data is transferred to countries outside the European Economic Area (EEA), we will implement appropriate safeguards, such as standard contractual clauses approved by the European Commission, to ensure adequate data protection.

8. Data Breach Notification

• In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

• Our notification will include details about the nature of the breach, the data affected, and the measures we are taking to address the situation.

9. Children's Privacy

The Platform is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information as soon as possible.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the new Privacy Policy on the Platform and/or sending you an email notification.

11. Your Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (e.g., the Lithuanian State Data Protection Inspectorate) if you believe we have violated your data privacy rights under the GDPR.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Emblium Labs Limited

3rd Floor, Yamraj Building, Market Square, Road Town, VG1110, Tortola,

British Virgin Islands.

Email: legal@emblium.io

By accessing or using the Kaku Platform, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

Remember: It's always recommended to have a legal professional review your final Privacy Policy to ensure full compliance with applicable laws and regulations in your target jurisdictions.