AGGX

Legal

Privacy Policy

This Privacy Policy explains how AGGX collects, uses, discloses, and safeguards personal data when you access our website and services.

Last Revised on November 23, 2025

Introduction

This Privacy Policy (“Policy”) for AGGX and its affiliates (collectively, “AGGX,” “we,” “our,” or “us”) describes the basis on which we process personal data collected from users of our website aggx.io (including any subdomains, the “Website”), and any tools, services, features, and functionalities available through the Website (collectively, the “Services”), in accordance with applicable laws. For purposes of applicable data protection laws, AGGX acts as a controller. “you” and “your” refer to you as the user of the Services.

Please read this Policy carefully so that you understand your rights in relation to your personal data and how we collect, use, disclose, and safeguard it. If you do not agree to this Policy, please do not use, access, connect to, interact with, or download any of the Services or otherwise provide your information to us.

Personal Data We Collect, Why We Process It, and the Legal Basis

When you access, use, connect to, or interact with the Services, we may collect certain categories of information about you, including personal data, from a variety of sources.

1) Information You Provide to Us

We may collect the following categories of personal data that you voluntarily provide:

  • Identifiers and contact details – name, username/handle, email address, phone number, mailing address.
  • Government or verification data – where permitted, documents/tokens for KYC/AML or eligibility checks.
  • Security credentials – passwords, PINs, MFA data, security question responses (if any account/portal exists).
  • Financial and transaction-related information – limited details needed to facilitate payments via third-party providers (AGGX does not store full payment instruments).
  • Network, wallet, and on-chain associations – IP address, public wallet address(es), smart-contract interactions, on-chain hashes, and related metadata (“Wallet” information).
  • Profile and preferences – display name, avatar, marketing opt-ins, interests, notification and language settings.
  • Communications – content of correspondence you send us and any personal data contained therein.

Purposes & legal bases. We process the above to:

  • Perform a contract / provide the Services – accounts, features, transactions, support.
  • Legitimate interests – service security, abuse prevention, analytics/research, improvements, relationship management.
  • Consent – marketing communications where you opt in (withdrawable at any time).
  • Legal obligations – recordkeeping, KYC/AML (if applicable), sanctions screening, tax, and regulatory compliance.

2) Information We Collect Automatically

When you visit the Website or access, use, connect to, or interact with the Services, our servers may log:

  • IP address of the requesting device;
  • internet service provider name;
  • date and time of access;
  • pages viewed, URL path, and files retrieved;
  • referring page and search terms;
  • country/region of access;
  • operating system and browser (provider, version, language);
  • transmission protocol (e.g., HTTP/1.1, HTTP/2).

Purposes & legal bases. We process this data to:

  • Provide and secure access to the Services (contract performance, legitimate interests).
  • Assess eligibility or identify if you are likely a prohibited person under our Terms and sanctions rules (contract performance, legal obligations, legitimate interests).
  • Protect users and infrastructure – security, stability, troubleshooting, testing, analytics, optimization (legitimate interests).
  • Create aggregated/de-identified insights to improve the Services (legitimate interests).

3) Cookies, Pixels, and Similar Technologies

We and our partners may use cookies, pixels, tags, SDKs, scripts, local storage, and related technologies (“Tracking Technologies”) to collect information about your interactions with the Services (“Usage Data”). Where required by law, we request your consent before placing non-essential cookies.

  • Essential – strictly necessary for core functionality, security, or legal compliance (no consent required).
  • Functionality – remember preferences and enhance experience.
  • Performance/Analytics – measure usage and improve the Services.
  • Social media – enable integrations and measure interactions with our social presence.

Most browsers accept cookies by default. You can adjust settings to refuse or delete cookies; doing so may limit functionalities. Learn more at allaboutcookies.org.

4) Information from Third-Party Wallet Extensions or Connections

Certain transactions require connecting a compatible third-party Wallet. Your use of a Wallet is governed by the Wallet provider’s terms and privacy policy. Wallets are not maintained, controlled, or supported by AGGX. We disclaim liability for actions arising from third-party Wallets, including their use and/or disclosure of personal information.

When You Apply for a Job

If you apply for a role (e.g., via email or a third-party portal we use), we process the personal data you submit (e.g., name, contact details, resume/CV, work history, education, and other information) to evaluate your candidacy, arrange interviews, and conduct lawful background/reference checks. Legal bases include pre-contractual steps, performance of an employment/service contract, legitimate interests in recruiting/security, and compliance with applicable laws. You may object at any time, though doing so may affect our ability to consider your application.

Your Rights

Depending on your jurisdiction (e.g., EEA/UK under the GDPR, or other global privacy laws), you may have some or all of:

  • Access – obtain a copy of personal data we hold about you.
  • Rectification – correct inaccurate or incomplete personal data.
  • Erasure – request deletion in certain circumstances.
  • Restriction – request we limit processing in certain situations.
  • Portability – receive data in a structured, commonly used, machine-readable format and request transfer to another controller.
  • Object – object to processing based on legitimate interests and opt out of direct marketing at any time.
  • Withdraw consent – where we rely on consent, withdraw it at any time without affecting prior processing.

To exercise these rights, contact cto.jo@aggx.io. We may take reasonable steps to verify your identity. Rights may be limited by law (e.g., to protect others’ rights, trade secrets, or for public interests). Where required, we respond without undue delay within the statutory period (extendable in complex cases).

Sharing of Personal Data

We may share your personal data as follows:

  • Service providers and vendors – analytics, cloud/hosting/CDN, security/anti-fraud, developers, KYC/AML/sanctions screening (if applicable), communication platforms, and professional services; all under appropriate contracts.
  • Upon your request or consent – sharing where you ask or agree.
  • Professional advisors – auditors, law firms, cybersecurity firms, consultants, accountants.
  • Legal and security – regulators, law enforcement, and public authorities to comply with law, protect users/the public/our rights, enforce terms, or resolve disputes.
  • Affiliates – within our group for operational and compliance purposes.
  • Corporate transactions – merger, sale, financing, acquisition, bankruptcy, or reorganization, with appropriate protections.

International Data Transfers

Your personal data may be transferred to, stored in, or processed in countries outside your jurisdiction (including outside the EEA/UK and in the United States). We implement appropriate safeguards as required by law (e.g., EU SCCs, UK IDTA/Addendum) unless an adequacy decision applies.

Retention

We retain personal data for the following periods:

  • Account and profile data – while your account is active or as needed to provide the Services.
  • Support inquiries and communications – generally up to 12 months after your last contact, unless longer is required by law or to establish, exercise, or defend legal claims.
  • Technical usage/Website analytics – generally up to 12 months (often shorter), unless required for security or compliance.

We may retain information as necessary to comply with legal obligations, resolve disputes, enforce agreements and policies, investigate security incidents, and protect our rights. Where feasible, we store information in aggregated, anonymized, or de-identified form for longer periods.

Children’s Privacy

The Services are not intended for children under eighteen (18). We do not knowingly collect personal data from children under thirteen (13) (or sixteen (16) in the EEA/UK). If we learn we collected such data, we will take reasonable steps to delete it. Parents or guardians may contact cto.jo@aggx.io.

Security Measures

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, no method of transmission or storage is completely secure; information transmitted over the internet is at your own risk.

Cookies, Scripts, and Related Technologies

We and our partners receive and record personal data and Usage Data via Tracking Technologies. Where applicable, non-essential Tracking Technologies are used only with your consent (withdrawable at any time). You may also manage Tracking Technologies via your browser or device settings. Disabling some cookies may impact availability or functionality.

Tracking Tools

Website Analytics. We may use analytics services employing cookies and similar tools to understand how the Services are used. These tools may collect:

  • navigation paths and pages visited;
  • session duration and user engagement;
  • exit pages and errors encountered;
  • geographic region (country, region, city);
  • device and browser characteristics (type, version, resolution);
  • whether you are a new or returning visitor;
  • referrer URLs and timestamps;
  • IP address (which may be truncated or anonymized where required).

You can often opt out via browser controls or provider plugins. If you delete cookies, you may need to repeat opt-out steps.

Content Delivery Networks (CDNs). We may use a global CDN and DNS services to improve speed and reduce latency. These services process data such as IP addresses, request/error logs, and operational metrics to fulfill their obligations and help protect the Services.

Social Media and Other Third-Party Websites

The Website may include links to third-party platforms (e.g., X/Twitter, Medium) or ecosystem contributors’ websites. We do not own or control these sites and are not responsible for their content, privacy, or security practices. If you follow such links, review their policies. Social platforms may receive your IP address and notice that you visited our Website when you click a link. If you prefer, log out before clicking.

Information you post on public or semi-public venues (including social platforms) may be viewable by others and accessible even after removal through caching, archiving, or third-party tools.

Periodic Reviews and Updates to This Policy

We may review and update this Policy from time to time. Updates apply only to information collected after the date of the change. If we make material changes, we will update the Last Revised date at the top of this page and, where appropriate, provide additional notice (e.g., on the Website or via email). Please review this Policy periodically to stay informed.

If you are located in the EEA or UK, you may lodge a complaint with your local data protection authority or the UK ICO. We encourage you to contact us first so we can attempt to resolve your concerns.

Contact

Questions or complaints about our privacy practices, your personal data, or this Policy? Contact cto.jo@aggx.io.

Contact: cto.jo@aggx.io