Privacy Policy

Effective Date: 27 May 2026

Last Updated: 27 May 2026

This Privacy Policy explains how personal data is collected, processed, stored, shared, and protected in connection with the AnotherApp ecosystem, website, mobile application, and related services.

Privacy Summary

Personal data is processed in accordance with GDPR and applicable data protection laws.
Certain ecosystem services may require AML/KYC verification.
Blockchain transaction data may be publicly visible and immutable.
Users may exercise GDPR rights by contacting compliance@anotherapp.io.
Appropriate technical and organisational safeguards are implemented to protect personal data.

1. DATA CONTROLLERS

1.1 Offeror

Token Technologies International Ltd
Quijano Chambers
P.O. Box 3159
Road Town, Tortola
British Virgin Islands

Email: compliance@anotherapp.io

1.2 EU Legal Representative

TIECO Fintech Solutions Ltd
11 Zinonos Sozou
3rd Floor, Office 303
1075 Nicosia, Cyprus

2. PERSONAL DATA WE MAY COLLECT

We may collect the following categories of personal data.

2.1 Identification Data

full name;
date of birth;
nationality;
username;
government-issued identification details.

2.2 Contact Data

email address;
telephone number;
residential address.

2.3 Technical Data

IP address;
browser information;
operating system;
device identifiers;
session data;
application logs;
analytics data;
wallet addresses.

2.4 Compliance Data

Where required:

passport or ID documentation;
proof of address;
source-of-funds information;
sanctions screening results;
AML/KYC verification information;
transaction monitoring information.

2.5 Blockchain Data

Blockchain networks may publicly display:

wallet addresses;
transaction hashes;
token balances;
smart contract interactions.

Blockchain records are generally immutable and cannot be deleted.

3. HOW WE COLLECT PERSONAL DATA

Personal data may be collected:

directly from users;
through website forms;
through mobile app usage;
through wallet integrations;
through onboarding procedures;
through customer support interactions;
through cookies and analytics tools;
through blockchain interactions;
through regulated third-party providers.

4. PURPOSES OF PROCESSING

We may process personal data for purposes including:

operating the Website and App;
providing ecosystem functionalities;
user authentication;
wallet integrations;
customer support;
onboarding and compliance;
fraud prevention;
AML/CFT compliance;
sanctions screening;
regulatory reporting;
analytics and platform improvement;
security monitoring;
dispute resolution;
communications and updates.

5. LEGAL BASIS FOR PROCESSING

We process personal data under one or more of the following legal bases:

Purpose	Legal Basis
Platform functionality	Legitimate interest
User onboarding	Contract
AML/KYC obligations	Legal obligation
Fraud prevention	Legitimate interest
Customer support	Legitimate interest
Marketing communications	Consent
Regulatory reporting	Legal obligation
Security monitoring	Legitimate interest

6. THIRD-PARTY SERVICE PROVIDERS

Personal data may be shared with independent third-party providers including:

EMIs;
payment service providers;
CASPs;
exchanges;
cloud providers;
analytics providers;
cybersecurity providers;
KYC/AML providers;
legal and compliance advisors;
regulators and competent authorities.

Third-party providers operate under their own privacy policies and compliance obligations.

7. INTERNATIONAL DATA TRANSFERS

Personal data may be transferred outside the European Economic Area, including to:

the British Virgin Islands;
cloud hosting providers;
infrastructure providers;
compliance service providers.

Where required, appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent lawful transfer mechanisms will be implemented.

8. COOKIES & TRACKING TECHNOLOGIES

The Website and App may use cookies and similar technologies to:

maintain platform functionality;
authenticate sessions;
improve security;
analyse usage patterns;
enhance user experience;
measure platform performance;
support analytics and operational monitoring.

Cookies may include:

essential cookies;
analytics cookies;
session cookies;
performance cookies;
security cookies.

Certain analytics or service providers may place cookies on behalf of the platform in accordance with their own privacy policies.

Users may manage cookie preferences through browser settings or cookie consent tools where available. Disabling certain cookies may affect platform functionality.

A cookie consent banner is displayed to users upon first accessing the Website or App. The banner describes the categories of cookies in use and allows users to accept or reject non-essential cookies prior to their placement. Consent preferences are recorded and can be reviewed or withdrawn at any time through the cookie preference centre accessible via the footer of the Website.

Non-essential cookies and analytics technologies are placed only with prior user consent where required under applicable law, including the ePrivacy Directive and GDPR. Essential and security cookies necessary for platform operation are placed on the basis of legitimate interest and do not require consent.

8.1 COOKIE CATEGORIES AND CONSENT BASIS

Cookie Type	Purpose	Consent Required
Essential cookies	Platform login, session management, security	No – legitimate interest
Security cookies	Fraud detection, bot prevention, CSRF protection	No – legitimate interest
Session cookies	Temporary state preservation during active sessions; deleted on browser close	No – legitimate interest
Analytics cookies	Usage statistics, page performance, user journey analysis	Yes – prior consent required
Performance cookies	Platform speed optimisation, load balancing, error monitoring	Yes – prior consent required

9. DATA RETENTION

Personal data will be retained only for as long as necessary for the purpose for which it was collected, taking into account applicable legal and regulatory obligations. The following table sets out the indicative retention periods applied to each category of personal data.

Data Category	Retention Period	Legal Basis
Account & identification data	Duration of account plus 3 years after closure	Contract; legal obligation
AML/KYC & compliance data	Minimum 5 years from end of business relationship	Legal obligation (AML/CFT law)
Transaction & blockchain data	5 years (off-chain records); blockchain records are permanently immutable	Legal obligation; legitimate interest
Technical & log data	Up to 12 months from collection	Legitimate interest (security monitoring)
Marketing & communications data	Until consent is withdrawn or 2 years of inactivity	Consent
Customer support records	3 years from last interaction	Legitimate interest; legal obligation

Where retention beyond the periods set out above is required for the establishment, exercise, or defence of legal claims, or where a competent authority directs extended retention, data may be held for such additional period as is necessary. Data that is no longer required will be securely deleted or anonymised.

10. SECURITY MEASURES

Security Notice

Users remain responsible for securing:

wallets;
private keys;
seed phrases;
passwords;
authentication credentials;
devices used to access the platform.

We implement commercially reasonable technical and organisational safeguards designed to protect personal data and ecosystem infrastructure, including:

encryption technologies;
authentication controls;
access management systems;
infrastructure monitoring;
audit logging;
cybersecurity monitoring;
incident response procedures;
vulnerability management processes;
secure cloud infrastructure practices.

Access to sensitive data is restricted to authorised personnel and service providers subject to confidentiality obligations.

Despite reasonable safeguards, no method of electronic transmission or storage can guarantee absolute security.

Users should always maintain appropriate cybersecurity practices when interacting with blockchain applications and digital assets.

10.1 DATA BREACH RESPONSE

In the event of a personal data breach that is likely to result in a risk to users’ rights and freedoms, appropriate notifications will be made in accordance with applicable GDPR requirements.

Where legally required, affected users may be notified without undue delay after the Company becomes aware of the incident.

Notifications may include:

the nature of the breach;
categories of affected data;
potential consequences;
mitigation measures undertaken;
recommended user actions where applicable.

11. USER RIGHTS

Under Regulation (EU) 2016/679 (“GDPR”), users may have the following rights regarding their personal data, subject to applicable legal and regulatory limitations:

the right to obtain confirmation as to whether personal data concerning them is being processed;
the right to access personal data and related processing information;
the right to request correction of inaccurate or incomplete personal data;
the right to request deletion of personal data (“right to erasure”);
the right to request restriction of processing;
the right to object to certain processing activities;
the right to data portability;
the right to withdraw consent at any time where processing is based on consent;
the right not to be subject to decisions based solely on automated processing, including profiling;
the right to lodge a complaint with a competent supervisory authority.

The exercise of certain rights may be limited where processing is necessary for:

compliance with legal obligations;
AML/CFT requirements;
fraud prevention;
regulatory investigations;
establishment, exercise, or defence of legal claims.

Requests relating to personal data may be submitted to:

compliance@anotherapp.io

We may request additional information to verify the identity of the requesting individual before responding to requests.

11.1 EXERCISING YOUR RIGHTS

Requests relating to personal data access, correction, deletion, restriction, portability, or objection to processing may be submitted in writing to:

compliance@anotherapp.io

We may require identity verification before processing requests to protect user privacy and security.

Responses will generally be provided within the timeframes required under applicable GDPR requirements, unless extended due to legal complexity or regulatory obligations.

Certain information may be retained where necessary for:

AML/CFT compliance;
fraud prevention;
legal obligations;
dispute resolution;
regulatory recordkeeping.

11.2 AUTOMATED DECISION-MAKING

The platform does not generally rely on solely automated decision-making or profiling that produces legal or similarly significant effects on users, except where required for:

fraud prevention;
AML/CFT compliance;
sanctions screening;
security monitoring.

12. MARKETING COMMUNICATIONS

Users may opt in to receive:

ecosystem updates;
platform announcements;
newsletters;
promotional communications;
token-related updates.

Users may unsubscribe at any time.

13. CHILDREN

The Website and App are not intended for individuals under 18 years of age.

14. BLOCKCHAIN DISCLOSURE

Users acknowledge that blockchain technology may publicly expose certain transaction-related information including wallet addresses and transaction data.

Blockchain transactions are generally irreversible and immutable.

The Offeror and EU Legal Representative cannot alter or delete blockchain records.

15. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy may be updated from time to time.

Updated versions will be published on the Website.

Continued use of the Website or App constitutes acceptance of updated versions.

16. CONTACT INFORMATION

Compliance & Privacy

compliance@anotherapp.io

Website: https://www.anotherapp.io/

EU Legal Representative

TIECO Fintech Solutions Ltd
11 Zinonos Sozou
3rd Floor, Office 303
1075 Nicosia, Cyprus

16.1 SUPERVISORY AUTHORITY

Users located within the European Union have the right to lodge complaints with their local supervisory authority.

For Cyprus, the competent supervisory authority is:

Office of the Commissioner for Personal Data Protection
1 Iasonos Street
1082 Nicosia, Cyprus
P.O. Box 23378, CY-1682 Nicosia, Cyprus
Telephone: +357 22818456