Grove Online Privacy Policy

Last Updated: March, 2026

This Online Privacy Policy ("Policy") sets forth the privacy practices of Deodar Grove Inc. and its affiliates (together, "Company", "we", "us", "our") as they relate to the collection, use, and disclosure of personal information relating to:

Visitors to, and users of, Company-owned websites and applications and the services and products we provide (the foregoing, collectively, the "Products").
Individuals who are interested in contacting Company or are being contacted by Company.

This Policy explains our general practices. However, where local laws or regulations require that we process personal information differently, or refrain from such processing, we will comply with applicable law, including Law 81 of 2019 on the Protection of Personal Data and Executive Decree No. 285 of 2021 (together, the "Panama Data Protection Law"), and the British Virgin Islands ("BVI") Data Protection Act, 2021 ("DPA"), to the extent applicable.

When we use the term "personal information" in this Policy, we mean any information which could identify you either directly (e.g., your name) or indirectly (e.g., a unique ID number). The term does not include aggregated information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual and does not apply to other information that is excluded from privacy protections under applicable law.

By using the Products, you acknowledge that your personal information may be collected, used, and shared as described in this Policy. If you provide personal information about another individual, you represent that you have the authority to do so and that you have informed that individual of this Policy.

Who is the controller (or equivalent) of your personal information?

Deodar Grove Inc. (domiciled in Province of Panama, district of Panama, Betania, Vía Ricardo J. Alfaro, PH The Century Tower, office three hundred seventeen (317)) and Grove (BVI) Ltd (Suite 5, Oleander Building, Port Purcell, Tortola, VG1110, British Virgin Islands) are the controllers (or equivalent) of your personal information processed in connection with this Policy.

Depending on the Product and the relationship involved, either or both entities may determine the purposes and means of processing your personal information. For purposes of the Panama Data Protection Law and the DPA, the Company and its affiliates may act as data controllers, and our service providers may act as data processors when processing personal data on our behalf and under our instructions.

Contact information

If you want to exercise your privacy rights or have any questions about this Policy, need more information, or would like to raise a concern, you can contact us via legal@grove.finance. If you are not satisfied with our response, you can also contact your local data protection authority or privacy regulator to lodge a complaint. In Panama, you may submit a complaint to the Autoridad Nacional de Transparencia y Acceso a la Información (ANTAI), through its Dirección de Protección de Datos Personales.

What personal information do we collect about you?

The personal information we collect, and process may include:

Identification information – information you voluntarily provide to us that identifies you, such as your name or other identifying details where required to access certain features of the Products.
Contact information – email address or other contact details you provide when communicating with us, requesting support, subscribing to updates, or otherwise interacting with the Products.
Account information – information associated with your user account or authentication credentials used to access certain features of the Products.
Technical and network activity information – information about your device and your use of the Products. This may include your IP address, device ID, hardware model and version, mobile network information, operating system and other online identifiers, browser type, browsing history, access times, pages viewed, links or URLs clicked, forms submitted, and general location (such as city or country) inferred from your IP address.
Financial information – digital asset wallet addresses, publicly available blockchain transaction information associated with those wallets, and information derived from blockchain analytics or compliance screening tools used to support sanctions screening, fraud prevention, or other legal and security processes.
Product usage information – information about how you interact with the Products, including activity data, functionality usage, and diagnostic or performance information generated when using the Products.

Some of the information we process may be obtained from publicly available blockchain networks or from third-party analytics or compliance providers that analyze blockchain activity for purposes such as sanctions screening, fraud prevention, and security monitoring.

You can choose not to give us personal information when we ask you for it. If you decide not to provide certain personal information, it may restrict our relationship with you. For example, we may not be able to provide you with the Products or information that you have requested.

How do we collect your personal information?

Directly from you, when you:

Create an account or profile via our Products.
Connect a digital wallet.
Register with us to use Company's authentication or sign-in services.
Use our Products.
Share or use your social media profile to contact Company.
Sign up with us to receive newsletters or other promotional material.
Get in touch with us for support or to provide feedback (such as contacting our customer service).

Automatically:

We and our third-party providers may collect certain personal information from your device when you visit or use our Products (e.g., technical and network activity information). We and our third-party providers may use cookies and other related technologies such as web beacons to automatically collect this information. For more information about these practices and your choices regarding cookies, please see our Cookie Policy.

From other sources, such as:

Risk and compliance service providers – external service providers may analyze blockchain activity or wallet addresses and provide information relevant to sanctions screening, fraud prevention, security monitoring, or other compliance processes.
Publicly accessible sources – such as blockchains or other publicly available ledgers, public databases, directories, or information that you make publicly available.
Transactions – information received from third parties in connection with corporate transactions, such as mergers, acquisitions, financing transactions, or similar business transfers.
Information vendors – companies that license or sell your data to us (e.g., marketing list providers).
Social media platforms – if you interact with us through social media or publicly reference the Products on such platforms, we may collect information that you choose to make publicly available.

Any personal information provided to us by a third party may also be subject to that third party's privacy policy.

We may combine information about you from various sources. For example, we may combine information you provide to us with information collected through your interactions with the Products. By bringing this data together, we are able to better understand how the Products are used and improve our services.

How do we use your personal information?

Subject to applicable law, we use your personal information for the purposes and in reliance on the legal bases described below.

Purposes for Processing	Categories of Personal Data	Legal Basis for Processing
Screen access and verify eligibility	Technical and network activity information; Financial information; Product usage information	Where necessary for our legitimate interests in ensuring the security and integrity of our Products. Where necessary to comply with our legal obligations.
Provide our Products to you	Account information; Technical and network activity information; Financial information; Product usage information	Where necessary for the performance of a contract entered into with you. Where necessary to comply with our legal obligations.
Create and manage user accounts	Account information; Contact information; Technical and network activity information	Where necessary for the performance of a contract entered with you.
Operate our Products, including enabling the functionality and performance of our Products through cookies and similar technologies	Technical and network activity information; Product usage information; Account information	Where necessary for our legitimate interests in operating our Products. Where you have provided your consent (for non-essential cookies and similar technologies).
Identify you and authenticate your access rights to our Products	Account information; Technical and network activity information; Financial information	Where necessary for our legitimate interests in ensuring the security of our Products. Where necessary to comply with legal obligations relating to security.
Respond to your queries and provide you with information	Contact information; Account information; Technical and network activity information; Product usage information	Where necessary for our legitimate interests in responding to your queries and providing customer support. Where necessary for the performance of a contract entered with you. Where necessary to comply with legal obligations relating to consumer protection.
Publish leaderboards of wallet addresses that have accrued the most points	Financial information; Product usage information	Where necessary for our legitimate interests in operating, promoting and improving our Products, including fostering user engagement, incentivizing participation, and supporting adoption of the protocol.
Personalize your experience when interacting with us or other third-party websites or platforms	Technical and network activity information; Product usage information; Account information	Where necessary for our legitimate interests in providing essential Product functionality. Where you have provided your consent, where required.
Perform analytics, market research and segmentation	Technical and network activity information; Product usage information	Where necessary for our legitimate interests in understanding user preferences and improving our Products. Where you have provided your consent, where required.
Manage our network and information systems security	Technical and network activity information; Account information; Financial information; Product usage information	Where necessary for our legitimate interests in protecting our information systems security. Where necessary to comply with legal obligations relating to information security.
Prepare and perform management reporting and analysis	Technical and network activity information; Product usage information; Financial information	Where necessary for our legitimate interests in managing and improving our business operations.
Respond to requests from competent public authorities	All categories as relevant	Where necessary to comply with our legal obligations. Where necessary for our legitimate interests in complying with requests from authorities and protecting the interests of the business.
Exercise or defend Company against potential, threatened or actual litigation	Identification information; Contact information; Account information; Technical and network activity information; Financial information; Product usage information	Where necessary for our legitimate interests in exercising or defending legal claims. Where necessary to comply with legal obligations.
Investigate and act against illegal or harmful behaviour of users	Technical and network activity information; Financial information; Product usage information; Account information	Where necessary for our legitimate interests in investigating and acting against illegal or harmful activities and protecting the interests of the business. Where necessary to comply with legal obligations.
Help maintain the safety, security and integrity of our property, technology assets, and business	Technical and network activity information; Account information; Product usage information	Where necessary for our legitimate interests in protecting our property, technology assets and business.
When we sell, assign or transfer all or part of our business	All categories as relevant	Where necessary for our legitimate interests in carrying out a corporate transaction. Where necessary to comply with legal obligations.

Depending on where you or we are located, you have a right to object to the processing of your personal information where that processing is carried out for our legitimate interests.

How do we protect your personal information?

We use a variety of security measures and technologies to help protect your personal information. However, there are no guarantees that a data transmission or storage system is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us using the details in the 'Contact information' section.

If we become aware of a security incident affecting personal data, we will take appropriate steps to investigate and mitigate it and, where required under applicable law, we will notify affected individuals as soon as possible.

What are your rights regarding your personal information?

The rights available to you depend on our reason for processing your personal information, applicable law, your or our location and there are exceptions to some rights. Depending on this you may have the right to:

Withdraw your consent to us processing your personal information e.g., for direct marketing purposes. Your withdrawal of consent would not affect the lawfulness of processing based on consent before it was withdrawn.
Ask us about the processing of your personal information including to be provided with copies of your personal information.
Ask us to correct information you think is inaccurate or incomplete.
Ask us to delete or cancel your personal information.
Ask us to restrict the processing of your information.
Object to our processing of your personal information.
Ask that we transfer information you have given us to another organization (known as data portability).
Not be subject to solely automated processing, where those decisions produce legal effects or similarly significant impacts.

To exercise any of the above rights, please contact us using the details in the "Contact information" section. For your protection, and to protect the privacy of others, we may need to verify your identity before completing what you have asked us to do. We will consider and respond to any request in accordance with applicable law, and within the timeframes established under applicable law. Certain rights may be limited in some circumstances, for example where we are required to retain data for legal or regulatory purposes, or where data has been made public on a blockchain and cannot be erased or altered by us.

How long do we keep your personal information?

Personal information will be kept as long as needed to carry out the purposes described in this Policy or as otherwise required by applicable laws. When determining the retention period, we consider various criteria, such as the type of service / product requested by or provided to you, the nature and length of our relationship with you, the impact on the services we provide if we delete some personal information from or about you, and any mandatory retention periods provided by applicable law.

Unless we are required or permitted by law to keep your personal information for a longer period of time (e.g., in pending litigation matters or where the law requires us to), when this personal information is no longer necessary to carry out the purposes for which we collected it, we will delete your personal information or keep it in a form that does not permit identifying you. If there is any personal information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of that personal information.

With whom do we share your personal information?

We will share your personal information with:

Affiliates: We share your personal information with relevant teams and personnel within Company and its affiliates around the world who need to access it to perform their jobs.
Service Providers: We use third-party service providers to perform business / operational services for us or on our behalf and to whom we will disclose personal information. These third parties include, for example, providers of website hosting, IT and technology services, analytics services, marketing and advertising agencies and compliance and risk management providers. Our service providers may act as data processors when they process personal data on our behalf, under our instructions.
Professional Advisors: We may share your personal information with professional advisors such as auditors, accountants and lawyers.
Advertising Partners and Ad Networks: We work with third-party ad networks and advertising partners to deliver advertising and personalized content on our websites. These parties may collect personal information directly from a browser or device when a user visits our websites e.g., through cookies. This personal information is used to provide and inform targeted advertising, as well as to provide advertising-related services such as reporting, attribution, analytics, and market research. Please see our Cookie Policy for more information.
Transactions: We may disclose personal information to a third party during negotiation of, in connection with, or as an asset in a corporate business transaction. Personal information may also be disclosed in the event of a transfer, sale or merger of all or a portion of our assets, in the event of an insolvency, bankruptcy, or receivership or other corporate change involving us or our affiliates.
As Required by Law or Similar: We may disclose personal information (1) if we are required to do so by law, regulation, or legal process, such as a court order or subpoena; (2) in response to requests by government agencies, such as law enforcement authorities; (3) when we believe a disclosure is necessary or appropriate to protect against or respond to physical, financial or other harm and injury; (4) in connection with an investigation or suspected or actual unlawful activity.

If you would like to obtain information regarding the names and contact details of the parties with whom we share your personal information, their processing purpose and method, the categories of personal information shared with them, and the method and procedures for exercising your rights with them, please contact us using the contact details set out in the 'Contact information' section.

In what instances do we transfer your personal information outside of your home country?

We operate all over the world. This means your personal information may be transferred to and stored in countries other than your own. For example, information collected from you in your home country may be transferred to our headquarters or to other affiliates or service providers in different countries. Some of these countries may have data protection laws that are different from (and in some cases less protective than) the laws of the country where you initially provided the information.

Whenever we transfer your personal information outside of your home country or region, we implement appropriate measures to protect it such as entry into data transfer agreements that incorporate standard data protection clauses approved by relevant authorities, or other legally recognized data transfer mechanisms such as Binding Corporate Rules, the EU-US Data Privacy Framework.

Please be aware that when your personal information is stored or processed in another country, it may be accessible to courts, law enforcement, and national security authorities in that country under its laws. In such cases, we will still ensure that any request for access to your information is handled according to the applicable legal procedures and that only the necessary information is disclosed.

If you would like additional information about the safeguards we implement to legitimize cross-border transfers, please contact us using the contact details set out in the 'Contact information' section.

Information about children

To use our products and services, you must be 18 years of age and legally be able to enter into an agreement with us according to applicable laws. Our products and services are intended for general audiences and not directed at children. If you are a parent or guardian and you believe we may have inadvertently collected information about a child without proper consent, please contact us so we can delete the information or obtain the necessary consent.

Cookies

Our websites use cookies and similar technologies. To the extent that your local laws consider the information collected by cookies and other technologies as personal information, we will treat that information to the standards set out in this Policy.

For more information on our use of cookies, please read our Cookie Policy.

Our website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies to analyze use patterns and may collect information about your use of the website, including your IP address. More information on Google Analytics can be found here. If you would like to opt-out of having your data used by Google Analytics, you can opt out here.

How do we update this Policy

From time to time, we will update this Policy. Any changes become effective when we post the revised Policy on the website. This Policy was last updated as of the "Last Updated" date shown above. If changes are significant, we will provide a more prominent notice to let you know what the changes are or send you a notification. We encourage you to review this Policy periodically to stay informed about our privacy practices. If you continue to use our Products, or otherwise interact with us, we will assume that you have read and understood the latest version of this Policy.

Our responsibility regarding websites that we do not own or control

Our websites and applications may contain links to websites or mobile applications we do not own or control. Our Policy does not cover them. Please read the privacy notices on those websites and mobile applications if you would like to find out how they collect, use and share your personal information.