Privacy Policy

We collect information you provide directly to us when you create an account, use our services, or communicate with us. This includes: • Account information: name, email address, business name, website URL, and password • Business verification: government-issued ID, business registration documents for KYC compliance • Transaction data: payment amounts, cryptocurrency addresses, order IDs, and IP addresses associated with transactions • Technical data: browser type, operating system, referring URLs, device identifiers, and log data • Communications: emails and messages you send to our support team We also automatically collect certain information when you use our services, including log data, device information, and cookies.

We use the information we collect to: • Provide, maintain, and improve our services • Process transactions and send related information • Send transactional and promotional communications • Monitor and analyze usage patterns and trends • Detect, investigate, and prevent fraudulent transactions and other illegal activities • Comply with legal obligations, including AML/KYC requirements • Respond to your comments, questions, and customer service requests

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We may share your information: • With service providers who assist in our operations (under confidentiality agreements) • With blockchain analytics providers for AML compliance screening • When required by law, subpoena, or other legal process • To protect the rights, property, or safety of JOVEpay , our users, or the public • In connection with a merger, acquisition, or sale of assets (with notice)

We implement industry-standard security measures to protect your personal information, including: • TLS 1.3 encryption for all data in transit • AES-256 encryption for sensitive data at rest • Regular security audits and penetration testing • Two-factor authentication for account access • Role-based access controls for internal systems • SOC 2 compliant infrastructure However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

We retain your information for as long as your account is active or as needed to provide you services. For AML/KYC compliance, we are required to retain transaction records and identity verification documents for a minimum of 5 years following the end of the business relationship, as required by applicable regulations. You may request deletion of your account and personal data by contacting [email protected], subject to legal retention requirements.

Depending on your location, you may have the right to: • Access the personal information we hold about you • Correct inaccurate personal information • Request deletion of your personal information • Object to or restrict processing of your information • Data portability — receive your data in a structured format • Withdraw consent where processing is based on consent To exercise these rights, contact us at [email protected]. We will respond within 30 days.

We use cookies and similar tracking technologies to track activity on our services and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Essential cookies required for the service to function cannot be disabled. Types of cookies we use: • Essential: Required for the website to function • Analytics: Help us understand how visitors interact with our service • Preferences: Remember your settings and preferences

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will send an email notification to registered account holders at least 30 days before the change takes effect.