Privacy Policy

Introduction and Overview

This Privacy Policy (the "Privacy Policy") provides a comprehensive description of how Hecto Finance Limited, a British Virgin Islands company ("Hecto", "we," "our," or "us") collects, uses, and shares personal information when providing services to you, including through our website https://hecto.finance (the "Site"), and its subdomains, our online or offline offerings, and our Services.

Please read this Privacy Policy carefully. By using, accessing, connecting to, or using any of the Services, you agree and consent to the collection, use, disclosure, retention and security of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, you should immediately discontinue the use of the Services and refrain from accessing the Site. If you have any questions or wish to exercise your rights and choices, please contact us at the email set forth in the "Contact Us" section below.

Changes to Privacy Policy

We reserve the right to revise and reissue this Privacy Policy at any time. If there are any material changes to this Privacy Policy, we will update the "Last Updated" date at the top of the policy. If we make material changes to the way in which we use or disclose information we collect, we will use reasonable efforts to notify you by posting notice of such changes on the Services, or by other means consistent with applicable law.

You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use our Services after the new Privacy Policy takes effect.

Information Collection

The categories of Personal Data we collect depend on how you interact with us, our Services, and the requirements of applicable Data Protection Laws. We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services, as described below.

Information You Provide

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features. Personal Data that you may directly submit through our Services includes:

• Basic identifying details you provide, such as your name, age and email address.
• Third-party digital wallet information you provide, such as your Wallet Provider, your wallet address and your publicly accessible blockchain activity data (such as information relating to public transactions or other on-chain activity associated with your wallet).
• Your communications with us, including when you contact us through the Site, Services or otherwise.
• Your marketing preferences for receiving our communications and details about your engagement with them.
• Your Promotion data, including information you share when you enter a competition, promotion or complete a survey.
• Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

We do not generally require you to disclose any sensitive Personal Data (for example, details of race, religious belief, sexual orientation, or membership of a trade union) to us. If you do provide us with sensitive Personal Data for any reason, you consent to us collecting that information and then using and disclosing that information for the purpose for which you disclosed it to us.

Information Collected Automatically

We may automatically collect information from you when you access the Services. We would utilize this information to operate and ensure the security, reliability, and robust performance of our Services.

We may also use analytics and tracking technologies to automatically collect information including the following:

• Log Files, which are files that record events that occur in connection with your use of the Services. Log files are created when you view content or otherwise interact with the Services.
• Device information, such as device type, operating system, unique device identifier, internet protocol (IP) address, and geographical location information.
• Cookies, which are small data files stored on your device that act as a unique tag to identify your browser. We will only use strictly necessary cookies in connection with the Site and Services. For the avoidance of doubt, the cookies that we include are essential for you to browse the Site and use its features, including accessing secure areas of the Site.

Information from Other Sources

We may obtain information about you from outside sources, including information that we collect directly from third parties and information from third parties that you choose to share with us. Such information may include:

• Public sources, such as public records, social media platforms, public blockchains, and other publicly available sources.
• Partners, such as marketing, development and software partners, or other third parties with which we integrate or otherwise connect in order to provide the Services.
• Third-party services, such as social media services, that you use to log into, or otherwise link to the Services, and any virtual asset wallet(s) or services that you link to the Services.

Use of Information

We may process personal information for the following purposes or as otherwise described at the time of collection:

• Operating and managing the Services.
• Performing services requested by you, such as responding to your comments, questions, and requests, and providing information support.
• Sending you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.
• Protecting the security and integrity of the Services.
• Improving the Services and other websites, apps, products and services.
• Conducting promotions, such as hack-a-thons, including to verify your eligibility and deliver prizes in connection with your entries.
• Fulfilling any other business purpose, with notice to you and your consent.
• Detecting, preventing, and addressing fraud, breach of Terms, and threats, or harm.
• Compliance with legal and regulatory requirements.

Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law.

If and to the extent you use the Site to facilitate access to any blockchain-based services, please note that we do not have any control over and are not responsible for any of your information that is processed on the blockchain.

Sharing and Disclosure of Information

We may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy, including the following categories of third parties:

• Third-party blockchain networks, applications, platforms and systems, including third-party wallet providers.
• Third-party service providers, including providers of price data, software development kits, payment processing, payment networks, user support, web analytics, security, marketing, analytics and cloud storage.
• Third-party entities affiliated with us, whether or not part of the same corporate group.
• Third-party advisors, such as auditors, law firms or accounting firms.
• Third parties in connection with or anticipation of an asset sale, merger or other business transaction, including in the context of a liquidation or bankruptcy.
• Third parties to whom you request or direct us to disclose information, including through your use of social media widgets or login integration.

We may also disclose your Personal Data as needed to comply with applicable law or any obligations thereunder or to cooperate with law enforcement, judicial orders, and regulatory inquiries, to enforce any applicable Terms of Use, and to ensure the safety and security of our business, employees, and users.

We and our service providers may process your Personal Data outside of your home country. We take adequate measures such as contractual and technical measures to safeguard your data abroad.

Cookies

A cookie is a small data file that is placed on your browser or your hardware to allow a website to recognize you when you return to it. This can either be for the duration of your visit (using a "session cookie") or for repeat visits (a "persistent cookie"). Cookies can be created through a variety of web-related protocols and technologies, such as HTTP (sometimes referred to as "browser cookies"), HTML5, or Adobe Flash.

Most web browsers allow you to control cookies through your settings. You can set your browser to notify you when a cookie is being set or to block or delete all cookies; however, blocking or deleting cookies may cause some of the Services, including certain features and general functionality, to work incorrectly.

Links to Third-Party Apps or Sites

Our Site may contain links to websites or apps that are not operated by us. If you click a third-party link, you will be directed to that third party's site or app. These links are not an endorsement of, or representation that we are affiliated with, any third party. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Analytics

We may use third-party analytics and monitoring tools on our website to understand how users interact with the Site, improve functionality, and optimize our services. These tools may use cookies and similar technologies to collect information about your device, browsing activity, and interactions with the Site, including IP address, browser type, pages visited, time spent on pages, and other usage data.

Data Security and Retention

We take reasonable technical and organizational security measures that we deem appropriate in order to protect your stored data against manipulation, loss, or unauthorized third-party access. Our security measures are continually adapted to technological developments.

We also take internal data privacy very seriously. Our employees and the service providers that we retain are required to maintain confidentiality and to comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate.

The security of your personal data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We recommend that you use antivirus software, a firewall, and other similar software to protect your system. Nevertheless, in the event of a data security incident occurring, we follow our internal procedure to respond to the incident and notify you as quickly as possible.

We store the personal data we collect for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws. To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

Children

The Services are intended for general audiences and are not directed at children. To use the Services, you must legally be able to enter into the terms. We do not knowingly collect personal information from children.

Data Protection Rights

Depending on your home country, you have the following rights. Please note that we may ask you to verify your identity before responding to such requests.

• Right of access: You have a right to request a copy of your personal data, which we will provide to you in an electronic form.
• Right to amendment: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
• Right to withdraw consent: If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent, including opting out from marketing communications.
• Right to erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected, or when it was unlawfully processed. We cannot edit or delete information that is stored on a particular blockchain.
• Right to restriction of processing: You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose but cannot delete it due to legal obligations.
• Right to portability: You have the right to request that we transmit your personal data to another data controller in a common format where this is data you provided to us and where we process it on the legal basis of your consent or in order to perform our contractual obligations.
• Right to object to processing: Where the legal basis for our processing is our legitimate interest, you have the right to object on grounds relating to your particular situation.
• Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

To exercise any of these rights, please contact us via the "Contact Us" section below and specify which right you are seeking to exercise. We will respond to your request within thirty (30) days. We may require specific information from you to help us confirm your identity and process your request.