Privacy Policy.

Effective Date: May 1, 2025

Yumanist Ai (“Company”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains what personal data we collect from users (“you” or “your”), how we use and share that data, and your rights concerning that data. This policy applies to all users of the Yumanist Ai platform, website, and services (collectively, the “Service”). By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

We encourage you to read this policy carefully. If you have any questions, you can always contact us at stepan.gritsun@yumanist.xyz.

Information We Collect

We collect several types of information from or about you in order to provide and improve our Service, to communicate with you, and to comply with legal requirements. This information generally falls into a few categories:

1. Personal Data You Provide to Us

You may provide personal information directly to Yumanist Ai when you engage with our Service. This information includes:

• Contact Information: When you create an account or communicate with us, you may give us personal details such as your name, email address, and possibly your phone number or username/handle.

• Account Credentials: If the Service uses a login system separate from third-party logins, we collect the username and password you create. (Passwords are stored in a protected form and never in plain text.)

• Crypto Wallet Address: If you choose to link or register a cryptocurrency wallet with the Service (for example, to track airdrops or verify tasks), we collect your public wallet address and any associated network information. Importantly, we do not collect your private keys or seed phrases. We only receive the public information needed to identify your wallet (e.g., the public address and perhaps the blockchain networks you use).

• Content You Submit: If you participate in any interactive features of the Service, such as community forums, chat, or support requests, we collect any information you choose to share. This could include text posts, images, or other media. Specifically, if you submit screen recordings, screenshots, or videos (for example, as part of a help request or a tutorial submission), we will collect those files and any information they contain. These might inadvertently include personal data if, for instance, your screen recording shows other personal information. We will use such submissions only for the purposes for which you provided them (e.g., support or feature feedback) and treat any personal data within them in accordance with this Policy.

• Profile Information: We may offer optional profile customization where you can add information about yourself (such as a profile picture, bio, or social media links). Any such profile data is collected and stored by us.

• Payment Information: If you upgrade to a paid subscription, you might provide payment details. Note that we typically use third-party payment processors (such as Stripe, PayPal, or cryptocurrency payment gateways) to handle payment transactions. We do not store your full credit card numbers or financial account details on our systems. We will receive confirmation of payment and basic billing information (like the last four digits of your card, card type, expiration, or transaction IDs) from the payment processor for record-keeping.

Providing personal data is often necessary to use key features of the Service. If you choose not to provide certain information (like contact or account details), you may not be able to create an account or use some features.

2. Information from Wallets and Browser Integrations

When you connect a crypto wallet or use a browser-based integration with Yumanist Ai, we may collect certain data automatically or with your permission:

• Wallet Data (with your consent): If you connect your digital wallet to our Service (for example, via WalletConnect or a browser extension like MetaMask), we may access certain information from the wallet provider. This typically includes your public wallet address, the network or blockchain you are connected to (e.g., Ethereum, Binance Smart Chain), and possibly your wallet’s public profile information like account name or avatar if provided by the wallet. We might also query the blockchain via your address (or use third-party APIs) to retrieve relevant information for the Service, such as which airdrop-related transactions you have performed or what tokens you hold that might qualify you for an airdrop. We do not ever receive your private key, seed phrase, or any ability to initiate transactions on your behalf.

• Browser and Device Information: When you use our website or app, certain standard technical information is collected by us or our analytics partners. This includes your browser type and version, device type, operating system, IP address, language preference, and cookie identifiers or other tracking technologies (see “Cookies and Tracking Technologies” below). If you use a specific web3-enabled browser or extension, we might detect its presence to streamline wallet connections.

• Usage Data: We automatically collect data about how you interact with the Service. For example, we may log when you login and logout, the pages or screens you view, the features you click or use, the time spent on each part of the Service, and any error reports or crash logs. If you complete an airdrop checklist or click on an external airdrop link through our platform, we may record that action to update your progress.

• Referral Information: If you arrived at Yumanist Ai via a referral link or partner link, we may record information about the source that referred you (e.g., an ID in the URL or the site that you came from) to credit the referrer or understand our marketing effectiveness.

3. Information from Third Parties and Partners

In some cases, we might receive information about you from third-party sources, which we treat with the same care as data you provide directly:

• Third-Party Account Login: If we allow login via third-party accounts (for example, “Sign in with Google” or “Sign in with Facebook”), we will receive certain profile information from those third parties, such as your name, email, and profile picture, as authorized by you through those services. We do not receive your passwords for those third-party accounts.

• Airdrop Partners: If Yumanist Ai collaborates with crypto projects or airdrop providers, we may receive data confirming your participation or eligibility. For example, an airdrop partner might tell us that a particular wallet address (yours) completed their required tasks, so we can mark the step as done on our platform. Alternatively, if you win or receive an airdrop distributed by a partner through our Service, the partner might share that information so we can notify you or update statistics. Such exchanges of data will only occur for legitimate purposes and in compliance with applicable law and (where necessary) with your consent.

• Analytics and Advertising Partners: We use analytics tools (like Google Analytics or similar) that provide us with aggregated information about our user base and usage patterns. These partners may use cookies and device identifiers to gather data about your usage of our Service and other sites (see Cookies section below). This data typically does not identify you personally but provides insights such as which pages are most visited, how users flow through the site, general geographic regions of users, etc. We use this to improve the Service. We currently do not serve third-party advertisements within the Service, but if we ever do, we will update this policy and ensure compliance with relevant privacy rules (such as providing opt-outs for targeted advertising).

• Public Sources: To the extent applicable, we might supplement our records with information from public databases or social media platforms (for instance, to verify identity or prevent fraud, if you are involved in any promotional contests or referrals).

We do not intentionally collect any special categories of personal data about you (such as race, ethnicity, political opinions, religious or philosophical beliefs, health information, or genetic data), nor do we want any such information submitted on the platform. Please refrain from providing this type of sensitive data on the Service. Yumanist Ai is focused on crypto and education-related data.

4. Cookies and Tracking Technologies

We and our third-party partners use cookies and similar tracking technologies (such as web beacons, pixels, and device identifiers) to collect and store information when you use our Service. These technologies help us recognize you, remember your preferences, and understand how you interact with our Service. For example:

• Authentication Cookies: to keep you logged in as you navigate through different pages.

• Preference Cookies: to remember your settings and preferences (like language or dark mode).

• Analytics Cookies: to collect information about traffic to our Service and how users use the Service. The information gathered via cookies may include your device’s IP address, browser type, referring URLs, and pages visited.

• Third-Party Cookies: Some third-party services that we use (like Google Analytics, or an embedded video player) may set their own cookies in your browser. These cookies are managed by those third parties and are subject to their own privacy policies.

Your Choices: Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, please note that if you delete or disable cookies, certain features of our Service might not function properly (for instance, you may need to log in again or your preferences might be lost).

How We Use Your Information

Yumanist Ai uses the collected information for various purposes in order to operate our Service effectively, to improve and personalize your experience, and to protect our users and comply with the law. Specifically, we use your information in the following ways:

• To Provide and Maintain the Service: We use personal data to create and manage user accounts, authenticate users when they log in, and provide the core functionality of our platform. For example, we use your wallet address to fetch your airdrop-related data and update your progress dashboard, and we use your submitted information to display personalized content (like recommended airdrops or tutorials).

• To Process Transactions and Actions: If you perform actions through the Service (like clicking a “Join Airdrop” button or completing a checklist), we use your data to facilitate those actions. For paid subscribers, we use contact and payment information to process subscription fees and renewals (through our payment processor).

• To Communicate with You: We use your contact information (email and/or phone, if provided) to send Service-related communications. This includes confirmations of account actions (registrations, password resets), notifications about airdrop opportunities or status updates (e.g., “You’ve completed 3 of 5 tasks for Airdrop X”), important security or support messages, and administrative messages about your account or changes to our terms or policies. We may also send you promotional communications about new features, newsletters, offers, or events we think may interest you. You can opt out of marketing emails at any time by using the unsubscribe link in those emails or contacting us. (Transactional or account-critical emails, however, may be sent even if you opt out of marketing, as they are necessary for Service use.)

• To Provide Customer Support: If you contact us for help or submit a support ticket (including sending screen recordings or other diagnostic info), we will use the information you provided to troubleshoot, resolve your issues, and improve our support responses. We may also follow up with you to ensure your issue is resolved.

• To Personalize Your Experience: We may use data about your usage and profile to customize the Service for you. For example, we might prioritize showing you airdrops related to projects you’ve interacted with before, or provide tooltips and guides based on your experience level. We might use AI tools to analyze your interactions (like questions you ask an AI assistant on the platform) to better tailor responses or content recommendations.

• To Improve and Develop the Service: Usage data, analytics, and feedback are critical for us to understand what works and what doesn’t. We analyze this data to debug software (e.g., investigating a crash log tied to a particular device type), to optimize user flow (e.g., see where users drop off in a tutorial to make it clearer), and to develop new features (e.g., demand for a particular integration). In doing so, we typically use aggregate or pseudonymized data wherever possible. For instance, we might run statistics like “What percentage of users who start Airdrop X complete it?” without needing to know your name or identify you personally.

• To Ensure Security and Prevent Fraud: We are serious about keeping accounts and data secure. We may use your information to monitor for suspicious or fraudulent activity, to enforce our Terms of Service, and to protect the rights and safety of our users and third parties. For example, we might detect multiple accounts from the same IP attempting to abuse a referral program, or we might log IP addresses to help us identify and mitigate distributed attacks. If necessary, we’ll use data (which can include personal identifiers) to investigate violations and cooperate with law enforcement or regulatory inquiries.

• To Comply with Legal Obligations: We process personal data when we need to meet obligations under applicable laws or regulations. For example, accounting laws might require us to keep records of transactions (which include personal data like names and payment history); data protection laws may require us to document our processing; or if we receive a lawful subpoena or order, we may need to provide data as required by law. Additionally, if the company operates in certain jurisdictions or if certain airdrop projects require it, we might conduct KYC (Know Your Customer) checks or sanctions list screening for compliance (though generally, Yumanist Ai itself does not ask for such information unless absolutely required by a specific program; we would inform you at the time and likely use a specialized third-party KYC provider).

• To Share Updates via Integrations: If you link external accounts or services with Yumanist Ai, we may use your data to facilitate those connections at your request. For instance, if you ask us to send a success notification to your Google Calendar or to a messaging app, we will use the necessary data to fulfill that.

• Anonymized and Aggregated Uses: We may also strip personal identifiers from data and use it in aggregate form for various purposes. For example, we might aggregate data to publish insights like “Total airdrop rewards claimed by Yumanist Ai users this year” or “Percentage of users who prefer X blockchain for airdrops”. These aggregated statistics will not identify individuals, and we may use them for research, marketing, or industry analysis.

If we plan to use your personal data for a purpose that is materially different from the ones listed in this Privacy Policy, we will seek your consent or provide notice as required by law.

Legal Bases for Processing (EEA/UK/Andorra Users)

For individuals in the European Economic Area (EEA), United Kingdom, Andorra, or other jurisdictions that require a legal basis for processing personal data, Yumanist Ai relies on the following legal bases:

• Contractual Necessity: We process personal data on this basis when it is necessary to fulfill our contract with you. For example, when you create an account and agree to our Terms of Service, we need to process your login information, provide the Service, and respond to your requests. If you are a paid subscriber, processing your payment details and subscription data is necessary to perform our contract with you.

• Legitimate Interests: We process certain data as needed for our legitimate business interests, provided that those interests are not overridden by your data protection rights. Our legitimate interests include: improving and personalizing the Service, securing our platform, preventing fraud, and communicating with you about relevant products and services. When relying on this basis, we consider and balance any potential impact on you (both positive and negative) and your rights. For example, using your usage data to enhance features benefits both you and us, and has minimal privacy impact under proper safeguards.

• Consent: In some cases, we rely on your explicit consent to process personal data. For instance, we would obtain your consent before sending marketing emails if required by law, or before processing any sensitive personal data (which is not typical for our Service). If we integrate certain third-party features (like an AI analysis of your input that sends data to an external provider), we might ask your consent first. Where we rely on consent, you have the right to withdraw your consent at any time (for example, by unsubscribing from marketing communications or disconnecting an integrated service via settings).

• Legal Obligation: Sometimes, we need to process data to comply with a legal obligation. This could include retaining transaction records for tax/audit, responding to legal processes (like a court order or lawful request by public authorities), or honoring your data rights under privacy laws.

• Vital Interests and Public Interest: These bases are less likely to apply, but if necessary, we could process data to protect someone’s vital interests (e.g., if there was some kind of emergency) or for a task in the public interest or official authority (though Yumanist Ai is a private service, so this would be rare).

If you have questions about the legal basis of how we process your personal data, feel free to contact us at stepan.gritsun@yumanist.xyz.

How We Share Your Information

We understand that your personal information is important, and we are not in the business of selling it. We do not sell or rent your personal data to third parties for their own marketing purposes. However, we do share your information in certain circumstances, as outlined below, to operate our business and provide our Service:

1. Service Providers (Processors)

We employ trusted third-party companies and individuals to help us provide, analyze, and improve the Service on our behalf. These service providers may process personal data in the following contexts:

• Hosting and Infrastructure: We may use cloud hosting providers (for example, Amazon Web Services, Google Cloud, or others) to store and process data securely. These providers may have access to personal data for storage, backup, and retrieval purposes.

• Analytics Services: As mentioned, we use analytics tools like Google Analytics to collect and analyze usage data. These tools process data about your interactions with our Service (often in aggregated form) to provide us reports and insights.

• Email and Communication Services: We might use email delivery services (such as SendGrid, Mailchimp, or similar) to send out verification emails, newsletters, and notifications. These processors handle your email address and sometimes your name and language preferences to send communications on our behalf. Similarly, if we offer support chat or ticketing (e.g., using Zendesk or Intercom), those service providers will process any data you provide via support interactions.

• Payment Processors: If you make purchases or subscribe to a paid plan, third-party payment processors (e.g., Stripe, PayPal, or crypto payment gateways) will process your payment information. They may receive personal data necessary to process the transaction (such as your name, billing address, and payment details). These processors are responsible for your financial data and have their own privacy and security obligations.

• Artificial Intelligence Services: If our Service includes features powered by third-party AI (like OpenAI’s GPT or Google Cloud AI APIs), certain data might be sent to those services to generate responses or insights. For example, if you ask an AI assistant within Yumanist Ai a question, the content of your query (and possibly contextual information) will be sent to the AI provider’s servers to compute an answer. We will take steps to minimize the personal data included in such requests (focusing on the relevant question content). These AI service providers are contractually prohibited from using your data for purposes other than providing services to us, and we will only integrate those that commit to privacy and security standards. However, any output (the AI’s answer) is provided to you as part of our Service and we might store it to display to you or improve the feature.

• Other Tools: We use various other tools to run our business, which might incidentally process data (for example, project management or collaboration tools for our team that might include some user data when troubleshooting an issue, or a service that helps us manage scheduling of content or social media with aggregated user interactions).

These service providers are given access to your information only as necessary to perform their functions, and we require them to process it securely and in accordance with applicable data protection laws. We have agreements in place with our processors that restrict how they can access, use, and disclose your data.

2. Business Partners and Airdrop Projects

In certain cases, we may share some information with partners when that is necessary to provide the Service or an integrated feature:

• Airdrop Partnership Collaborations: If Yumanist Ai teams up with a specific crypto project to bring an airdrop opportunity to our users, we may need to share a limited amount of data with that project. For example, we might send them a list of wallet addresses or user IDs who qualified for the airdrop through our platform, so the project can distribute tokens or verify eligibility. We will limit the data shared to what is necessary (often just blockchain addresses or unique identifiers, not names or emails, unless those are needed and you have consented). We will also only enter such partnerships with parties that agree to protect your data.

• Referral or Affiliate Programs: If someone referred you to Yumanist Ai or vice versa (and we have a referral program), we might share the fact that a subscription or a certain action took place with the referrer in order to credit them. For instance, if you signed up using a friend’s invite code, we might inform your friend that their referral was successful (without sharing sensitive personal details).

• Social Media or Community Features: If the Service offers social features (like linking your account with a social media profile, or participating in a public leaderboard or forum), information you choose to share in those contexts will, by nature, be visible to others. For example, if you opt into a leaderboard of “top airdrop earners”, your chosen display name and some stats might be visible to other users. This is voluntary and within your control.

We will not broadly share your personal data with third parties for their own purposes without your consent. Any partner integration that involves your data will either be under your control or communicated to you.

3. Legal Requirements and Safety

We may disclose your information if required to do so by law or if we believe in good faith that such action is necessary to:

• Comply with a legal obligation: This includes responding to subpoenas, warrants, or court orders, or cooperating with lawful requests by public authorities (such as for national security or law enforcement).

• Protect and defend the rights or property of Yumanist Ai: If there is a legal claim or dispute involving you, we may use or disclose your information to the extent necessary to protect our rights.

• Prevent fraud or other wrongful activities: We may share information when investigating potential fraud, abuse, or security issues. For example, if you attempt to hack the Service or engage in criminal activity, we may share data with appropriate authorities.

• Protect the personal safety of users or the public: If someone’s safety is at risk, we may share data to prevent harm (for instance, providing information to law enforcement in an emergency).

• Enforce our Terms of Service and legal agreements: If necessary, we will use or disclose data to address breaches or violations of our Terms.

We will carefully review any legal requests for personal information and will push back when appropriate (for example, we might insist on a court order if a request is overly broad or not legally binding). Where permitted, we may notify affected users of requests for their data.

4. Business Transfers

If Yumanist Ai (or its parent company) is involved in a merger, acquisition, investment, financing, reorganization, bankruptcy, or sale of some or all of our assets, your personal data may be transferred to or shared with the parties involved in the transaction as part of that process. For example, if another company acquires Yumanist Ai, your information will likely be one of the assets transferred.

In such events, we will ensure that the successor entity honors the commitments we have made in this Privacy Policy with respect to your personal data (or we will seek your consent if required by law for any new uses or disclosures).

You will be notified via email and/or a prominent notice on our Service of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data as a result of the business transfer.

5. With Your Consent

Apart from the situations above, we will share your personal data with third parties only with your consent. For instance, if you ask us to share your information with a third-party adviser or if you opt-in to a feature that explicitly states it will share data externally.

Rest assured, we do not sell your personal information to third parties. If in the future we consider a program to monetize data in a way that falls outside of the scope of this Policy, we will implement it only in compliance with applicable laws (for example, following opt-in consent requirements under laws like the CCPA or GDPR, if applicable).

Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria we use to determine retention periods include:

• Duration of Use: We will keep your information while your account is active or as long as needed to provide you with the Service. For example, your profile data and airdrop progress will be retained as long as you maintain an account with us.

• Account Deletion: If you choose to delete your account (or if we delete it due to inactivity or violation of terms), we will initiate the process of removing or anonymizing your personal data. In active systems, your profile and personal info will be removed or de-identified such that it no longer identifies you. However, please note:

• Residual Copies and Backups: It may take a short period of time to completely remove your information from our live servers and backups. Our standard practice is to delete or anonymize data from backups and archives within a reasonable period within 30-60 days after account deletion, barring any legal requirement to retain it.

• Content Shared with Others: Any content you have shared with others (for example, posts in a community forum or messages to other users) may remain visible to those users after your account is deleted, as we cannot retroactively delete data from others’ devices or accounts. However, we can anonymize it or indicate that the user has deleted their account.

• Legal and Business Needs: We may retain certain information for longer if we have a legitimate business interest or legal obligation to do so. Examples include:

• Financial Records: We may retain transaction records, invoices, and payment history to comply with accounting, tax, and financial regulations for a minimum required period at least 5 years, as required by tax law.

• Security & Fraud Prevention: If we disable an account due to fraud, abuse, or security concerns, we might retain certain information to prevent that user from opening a new account in the future, or as part of investigating the incident.

• Litigation Holds: If we are involved in a legal dispute or receive a legal request, we may retain data relevant to that matter until it is resolved, as part of evidence preservation.

• Analytics Data: In some cases, we may retain aggregated or de-identified analytics data (which no longer identifies you) indefinitely, to help us understand long-term usage trends.

When we no longer have a legitimate need to retain your personal data, we will securely delete or anonymize it. If deletion or anonymization is not feasible (for example, because your personal data has been stored in backup archives), then we will securely store and isolate it from any further processing until deletion is possible.

Your Rights and Choices

You have certain rights and choices regarding your personal data. These rights may vary based on your location and applicable privacy laws. We are committed to enabling these rights and have described how you can exercise them below:

• Access Your Information: You have the right to request access to the personal data we hold about you. This includes details on what data we have, how we use it, and who we share it with. You can usually view basic information (like your profile details and settings) by logging into your account. For a more comprehensive report, you can contact us at stepan.gritsun@yumanist.xyz and we will provide a copy of your personal data, subject to verification of your identity and any legal limitations.

• Rectification (Correction): If any of your personal data is inaccurate or incomplete, you have the right to request correction or update. Much of your basic info can be edited directly in your account profile settings (e.g., you can update your email or name). For any data not editable by you, contact us and we will correct any inaccuracies.

• Deletion (Right to be Forgotten): You have the right to request the deletion of your personal data. You can delete your account via the account settings or by contacting support. Upon your request, we will delete or anonymize your personal data (as outlined in the “Data Retention” section) unless we are required or permitted to keep it by law. Note that deleting your data is irreversible, and if you wish to use our Service again, you may need to create a new account.

• Restriction of Processing: In certain circumstances (for example, if you contest the accuracy of your data or object to our processing), you have the right to ask us to restrict processing of your data. This means we would continue to store it securely but not use it until the issue is resolved (e.g., verifying the accuracy or our legitimate reasons override your interests).

• Data Portability: You have the right to request a copy of certain data in a machine-readable format. Where applicable and required (typically for data processed by automated means based on consent or contract), we can provide your personal data in a structured, commonly used, and machine-readable format (for example, JSON or CSV) so you can transfer it to another service. This might include data like your profile info, activity logs, or other personal data you provided.

• Object to Processing: You have the right to object to certain types of processing:

• Direct Marketing: You can always opt out of direct marketing communications. If you receive promotional emails from us, you can unsubscribe using the link in the email or adjust your preferences in your account settings. We will promptly honor these requests.

• Legitimate Interests: If we are processing your data based on our legitimate interest, you can object to that processing if you feel it impacts your rights. If you raise an objection, we will consider whether we have compelling legitimate grounds to continue processing (for example, a strong security reason); if not, we will stop the processing in question.

• Withdraw Consent: If we process any of your personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you consented to receive a newsletter, you can revoke that consent by unsubscribing. Withdrawing consent will not affect the lawfulness of processing we conducted prior to withdrawal, and it may affect your ability to use certain features that require that data.

• Automated Decision-Making: Yumanist Ai generally does not make any decisions that have legal or similarly significant effects on you solely by automated means (without human involvement). In the event we do, you would have the right to human review of that decision, to express your point of view, and to contest the decision.

• Non-Discrimination: If you choose to exercise any of your privacy rights, we will not discriminate against you. For example, we will not deny you services or charge different prices solely because you exercised your data rights. However, deleting or restricting your data might affect our ability to provide the Service (for instance, if you ask us to delete all your data, we cannot provide your account anymore).

How to Exercise Your Rights: To exercise any of the above rights, please contact us at stepan.gritsun@yumanist.xyz with your request. We may need to verify your identity (for example, by confirming control of your email address or asking for additional info) before fulfilling the request, to ensure we don’t disclose or modify information to the wrong person. We will respond to your request within a reasonable timeframe, and in any event within the timeframe required by law (usually within 30 days for most jurisdictions, with an extension if necessary which we would communicate to you).

Please note, some requests may be limited or declined if they conflict with our legal obligations, if they affect the rights of others, or if they are manifestly unfounded or excessive. We will always explain the reason if we do not fulfill a request, or if certain data must be retained for specific reasons.

Your Privacy Settings: In addition to formal requests, we also empower you via settings:

• You can update your profile and contact information.

• You can opt in or out of certain features or data sharing (for example, toggling certain integrations or deciding whether to appear on leaderboards).

• You can manage cookie preferences through your browser or provided interfaces.

We strive to make your preferences clear and honored in our systems.

Complaints

If you believe your privacy rights have been violated or you have concerns about our data practices, we encourage you to contact us first so we can address the issue. However, if you are in a jurisdiction where you have the right to complain to a data protection authority, you may do so. For example, individuals in the EEA can contact their local data protection supervisory authority.

For Andorra, the data protection authority is the Andorran Data Protection Agency (Agència Andorrana de Protecció de Dades - APDA). For EU residents, you can find your supervisory authority’s contact information online (e.g., on the European Data Protection Board website).

Exercising your right to complain will not affect any other rights or remedies you have.

Data Security

We take the security of your personal data seriously and have implemented a variety of technical and organizational measures to protect it from unauthorized access, use, alteration, and disclosure. However, no method of transmission over the internet or method of electronic storage is 100% secure, so we cannot guarantee absolute security. We strive to protect your information to the best of our ability.

Security Measures We Employ:

• Encryption: We use encryption protocols to protect data in transit (e.g., HTTPS/TLS for data transmitted between your browser and our servers). Sensitive information (like passwords) is stored encrypted or hashed. For instance, user passwords are hashed with a strong algorithm and not stored in plaintext.

• Access Controls: Access to personal data within our organization is restricted on a need-to-know basis. Only authorized personnel, who are bound by confidentiality obligations, have access to personal data, and only to the extent necessary for those individuals to perform their job duties (for example, customer support personnel may access your account details to assist you).

• Secure Infrastructure: Our servers are hosted in secure facilities with measures like firewalls, intrusion detection systems, and monitoring to guard against external threats. We regularly update our systems and apply security patches to address potential vulnerabilities.

• Testing and Auditing: We perform periodic security assessments, which may include vulnerability scanning, penetration testing, and security audits, to evaluate and improve our security posture. We also maintain a security incident response plan.

• Employee Training: We train our team members about the importance of protecting personal data, and we have internal policies in place to ensure data is handled correctly. Employees are required to adhere to these policies and are subject to disciplinary measures if they fail to do so.

• Data Minimization: We collect and process only the data that we need for the purposes described. By limiting what we store, we reduce the risk exposure. When data is no longer needed, we dispose of it securely.

• Anonymization: Where feasible and appropriate, we anonymize or pseudonymize personal data (replace identifying fields with artificial identifiers) to minimize risk to individuals in case of any unauthorized access.

User Responsibilities: You also play an important role in keeping your information secure. We urge you to use a strong, unique password for your Yumanist Ai account and to keep it confidential. Do not share your password with others, and change it immediately if you suspect any unauthorized access to your account. Be cautious with phishing attempts; Yumanist Ai will never ask you for your password or private keys via email or unsolicited messages. Always verify you are on our legitimate website or app.

Incident Response: In the event of a data breach or security incident that affects your personal data, we will act promptly to identify the cause, mitigate the effects, and notify affected users and relevant authorities as required by law. We will take steps to prevent similar incidents in the future.

While we are dedicated to securing our systems, please remember that you provide personal data at your own risk. If you have reason to believe that your data is no longer secure (for example, if you feel your account has been compromised), please contact us immediately at stepan.gritsun@yumanist.xyz.

International Data Transfers

Yumanist Ai is a service based in [Andorra/Spain], but we may process data in other countries. When you use the Service, your personal data may be transferred to, and processed in, countries other than your country of residence. These countries may have data protection laws that are different from (and potentially less protective than) the laws of your jurisdiction.

European Users: If you are in the EEA, UK, Switzerland, or another region with data transfer restrictions, know that we may transfer personal data to countries outside those regions (for example, to our servers in another country or to service providers located elsewhere). In such cases, we take steps to ensure that appropriate safeguards are in place to protect your personal data:

• Adequacy Decisions: Whenever possible, we transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or relevant authorities. (As of the last update, Andorra has been recognized by the EU as providing adequate data protection, aligning with GDPR principles.)

• Standard Contractual Clauses: For transfers to countries not considered adequate, we rely on European Commission-approved Standard Contractual Clauses (SCCs) or equivalent legal mechanisms. These are contractual commitments between parties transferring data, binding them to protect the privacy and security of the data according to EU standards. For example, if we use a US-based provider for cloud storage, we would have an SCC in place in the contract with that provider.

• Additional Safeguards: Where appropriate, we implement supplementary measures on top of SCCs, such as encryption of data in transit and at rest, and careful review of government access laws in the destination country, to ensure data is afforded a level of protection essentially equivalent to that in the EU.

• User Consent: In some limited cases, we may rely on your explicit consent for certain cross-border data transfers, after informing you of possible risks.

Other Regions: For users in other countries, we similarly ensure that international data transfers comply with local requirements. If local law requires your data to stay within a certain territory, we will respect that.

Regardless of where your data is processed, we will treat it securely and in accordance with this Privacy Policy. Our service providers are contractually bound to handle personal data in compliance with applicable law and to provide adequate protection.

If you have questions about our international data transfers or need more information about the safeguards in place, please contact us at stepan.gritsun@yumanist.xyz.

Children’s Privacy

Yumanist Ai is not intended for use by children or minors. We do not knowingly collect or solicit personal data from anyone under the age of 18 (or the age of majority in your jurisdiction, if different). As noted in our Terms of Service, users must be of legal age to use the Service, or in certain cases, use it under the supervision of a parent or guardian (with that adult’s consent).

If you are under 18: Please do not attempt to register for an account or send any personal data about yourself to us. If we learn that we have collected personal data from an individual under the applicable age without appropriate consent, we will take steps to delete that information as soon as possible.

If a parent or guardian becomes aware that their child has provided us with personal information without their consent, they should contact us at stepan.gritsun@yumanist.xyz. We will then work to delete the minor’s information from our records.

We may, in rare cases, offer educational content that could be useful for younger audiences on a strictly informational basis (like public blog posts about learning crypto basics). However, our interactive services and accounts are directed toward adults given the financial nature of the content.

If our policy on children changes in the future (for example, if we create a teen-friendly version of the Service with parental consent), we will update this section accordingly and comply with all relevant laws (such as obtaining verifiable parental consent under COPPA, if ever applicable, or equivalent laws elsewhere).

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We encourage you to review this page periodically for the latest information on our privacy practices.

When we make changes: We will update the “Effective Date” at the top of this Privacy Policy to indicate when the revisions become effective. If the changes are significant, we will also provide a more prominent notice (such as on our website’s homepage, via email notification, or via an in-app alert).

Examples of significant changes might include: changing the types of personal data we collect, altering how we use personal data in a way that you wouldn’t expect under the previous policy, or changing who we share data with (such as adding a new category of third party).

Your acceptance of changes: By continuing to use the Service after the updated Privacy Policy has been posted (and after any effective date), you acknowledge that you have read and understood the current version of the Privacy Policy. If you do not agree to the changes, you should stop using the Service and may request us to delete your personal data if applicable.

We will keep prior versions of this Privacy Policy available for review (for instance, by maintaining an archive or by noting the changes in an update notice), so you can see how our policy has evolved.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

• By Email: stepan.gritsun@yumanist.xyz

• By Phone: Only Enterprise Admins, that are provided with our number in the registration process.

We will do our best to address and resolve any privacy issues you have. Your privacy is important to us, and we welcome feedback that helps us improve.

By using Yumanist Ai, you trust us with your learning journey and your personal information – and we take that responsibility seriously. Thank you for reading our Privacy Policy.