Effective Date: June 19, 2025

1. Introduction

Thank you for choosing the MuseWallet application ("the Application"), operated and provided by Musetech UAB (company registration number: 306291601, registered address: J. Basanaviciaus g. 26, Vilnius, Lithuania, LT‑03224).

As part of our daily business operations, we collect personal information from clients and prospective clients to provide them with the Application's products and services and to ensure that their needs are met in the provision of these products and services (including the provision of service-related information).

Your privacy is of utmost importance to us. Our policy is to protect and respect the confidentiality of personal information and individual privacy. This Privacy Policy sets out how we collect, use, and manage the personal information we receive from you or third parties, in connection with your use of the Application or our services and/or website. This policy also informs you of your rights regarding the processing of your personal information.

Where used herein, "the Company," "we," or "our" refers to Musetech UAB and its product MuseWallet.

2. How We Protect Personal Information?

The Company respects the privacy of any user visiting its website and is therefore committed to taking reasonable measures to protect the information of existing or potential clients, applicants, and website visitors. The Company retains any personal data of its clients and prospective clients in accordance with applicable privacy and data protection laws and regulations.

We have implemented necessary and appropriate technical and organizational measures to ensure your information always complies with industry security standards. We conduct regular training for all employees to raise their awareness of maintaining, protecting, and respecting your personal information and privacy. We take violations of personal privacy very seriously and will impose appropriate disciplinary measures, including dismissal.

We have also appointed appropriate personnel to ensure the Company manages and processes your personal information in accordance with applicable privacy and data protection laws and regulations and this Privacy Policy.

The personal information you provide to us when applying to open an account, applying for a position with the Company, or using our website is classified as registration information and is protected in various ways. You can access your registration information by logging into your account with your chosen username and password. You are responsible for ensuring that your password is known only to you and is not disclosed to anyone.

Registration information is securely stored in a secure location, accessible only to authorized personnel via username and password. All personal information is transmitted to the Company via secure connections, and we therefore take all reasonable measures to prevent unauthorized parties from viewing any such information. Personal information provided to the Company that is not part of registration information is also kept in a secure environment, accessible only to authorized personnel via username and password.

3. Information We May Collect About You

To open an account with us, you must first complete and submit a "Create Account" form with the required information. By completing this form, you are deemed to consent to the disclosure of personal information to enable the Company to evaluate your application and comply with relevant laws (including their regulations).

The information we collect from you (as applicable) is as follows:

Information You Provide Directly:

• Full name, current residential address, and contact details (e.g., email address, phone number, etc.).
• Date of birth, place of birth, gender, citizenship.
• Bank account information, credit card details, including details of your source of funds, assets and liabilities, and OFAC (Office of Foreign Assets Control) information.
• Trading account balances, trading activity, your inquiries, and our responses.
• Information about whether you hold a prominent public function, such as a Politically Exposed Person (PEP).
• Verification information, including information required to verify your identity, such as passport, driver's license, or government-issued ID.
• Other personal or business and/or identification information – any information we deem necessary in our sole discretion to fulfill our legal obligations under various Anti-Money Laundering (AML) obligations (e.g., pursuant to applicable EU AML Directives).

Information We Collect Automatically:

• Browser Information: Information automatically collected from your browser via analytics system providers, including your IP address and/or domain name and any external pages that referred you to us, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
• Device Identifiers: Including, but not limited to, device model, operating system version, and unique device identifiers (such as IMEI, MAC address, OAID, IDFA, GAID). This information may be collected by third-party marketing and analytics SDKs integrated into our services, for statistical analysis and service improvement purposes. We do not directly collect or store this information ourselves.
• Log Information: Information automatically generated and stored in our server logs when you use services provided by Pandodigital. This may include, but is not limited to, device-specific information, location information, system activity, and any internal and external information related to the pages you access, including the full Uniform Resource Locators (URL) clickstream (to, through, and from our website or application, including date and time; page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to navigate away from the page).

Information We Receive About You From Other Sources:

We may obtain your information through your use of our services, including through any of our websites, account opening processes, webinar registration forms, event subscriptions, news and update subscriptions, and during ongoing support service communications. We may also receive your information from third parties (such as your payment providers, payment channels, and public sources). For example:

• The bank you use to transfer funds to us may provide us with your basic personal information (such as your name and address) and your financial information (such as your bank account details).
• Your business partners may provide us with your name and address and financial information.
• Advertising networks, analytics providers, and search information providers may provide us with anonymized or de-identified information about you, such such as confirming how you found our website.
• Credit reference agencies will not provide us with any personal information about you but may be used to corroborate information you provide to us.

4. Disclosure of Your Personal Information

The Company will not disclose any client's confidential information to third parties, unless:

• Disclosure is required by any applicable law, rule, or regulation.
• There is an obligation to disclose.
• Our legitimate business interests require disclosure.
• It is consistent with our Terms of Service.
• At your request or with your consent, or to entities described in this Privacy Policy.

The Company will endeavor to make such disclosures on a "need-to-know" basis, unless otherwise instructed by a regulatory authority. In such cases, the Company will notify the third party of the confidential nature of any such information.

As part of using your personal information for the purposes mentioned above, the Company may disclose your personal information to the following entities:

• Any member of the Company: meaning any of our affiliates and subsidiaries may receive such information.
• Any of our service providers and business partners: for commercial purposes, such as professional advisors contracted to provide us with administrative, financial, legal, tax, compliance, insurance, IT, debt recovery, analytics, research, or other services.

If the Company may need to disclose your personal information to service providers and business partners to perform services you have requested as our client, such providers and partners may store your personal information in their own systems to comply with their legal and other obligations. We require service providers and business partners who process personal information to acknowledge the confidentiality of this information, commit to respecting the privacy rights of any client, and comply with all relevant privacy and data protection laws and this Privacy Policy.

5. Where We Store Your Personal Data

Our operations are supported by computers, servers, and other infrastructure and information technology networks, including, but not limited to, third-party service providers. We and our third-party service providers and business partners store and process your personal data in, but not limited to, the European Union (including Lithuania) and the United Kingdom.

6. Transfer of Personal Information Outside the European Economic Area (EEA) and the United Kingdom (UK)

We may transfer your personal information to other company subsidiaries, service providers, and business partners (i.e., data processors) outside the EEA and UK, which are engaged by us. To the extent we transfer your personal information outside the EEA and UK, we will ensure that the transfer is lawful and that any such data processors in these jurisdictions must comply with the applicable EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. If personal information is processed in the United States, we may sometimes rely on Standard Contractual Clauses to ensure data protection.

7. Transfer of Personal Information Outside Your Country/Region

By using our products and services, you consent to the transfer of your personal data to other countries, including those with different levels of privacy and data protection laws than your country/region. In all such transfers, we will protect your personal information as described in this Privacy Policy and ensure that appropriate information sharing contractual agreements are in place to ensure the secure transfer and processing of data.

8. Privacy When Using Digital Assets and Blockchain

Your contributions of Bitcoin, MX, Ethereum, and other digital assets may be recorded on public blockchains. Public blockchains are distributed ledgers designed to immutably record transactions across a wide network of computer systems. Many blockchains are open to forensic analysis, which may lead to de-anonymization and inadvertent disclosure of private financial information, especially when blockchain data is used in conjunction with other data.

Since blockchains are decentralized or third-party networks not controlled or operated by us or our affiliates, we cannot delete, modify, or alter personal data from these networks.

9. Data Retention

Protecting the privacy of your personal information is paramount to us, whether you interact with us in person, by phone, email, internet, or any other electronic medium.

As long as we have a business relationship with you, we will retain personal information in secure computer storage facilities and take reasonable and necessary measures to protect the personal information we hold from misuse, loss, unauthorized access, modification, or disclosure.

When we deem personal information is no longer necessary for the purpose for which it was collected, we will delete any details that identify you, or securely destroy the records. However, we may need to retain records for a considerable period (after you are no longer our client). For example, we are subject to Anti-Money Laundering regulations, which may require us to retain the following information for up to 5 years after the end of our business relationship with you, or for other periods as instructed by regulatory authorities:

• Copies of records we used to fulfill our client due diligence obligations.
• Supporting documents and records related to your transactions and your relationship with us.

Additionally, personal information held by us in the form of recorded information (by phone, electronic, or otherwise) will be retained in accordance with applicable local regulatory requirements (i.e., 5 years after the end of your business relationship with us, or longer if you have a legitimate interest (e.g., resolving a dispute with you)). If you have opted out of receiving marketing communications, we will retain your details on our suppression list so that we know you do not wish to receive these communications. If we are unable to delete your data due to legal, regulatory, or technical reasons, we may retain your data for longer than 5 years.

10. Cookies

When you use our products and services, we may use the standard practice of placing small data files called Cookies, Flash Cookies, pixel tags, or other tracking tools (hereinafter "Cookies") on your computer or other devices you use when you interact with us. The purposes for which we use Cookies are:

• To help us recognize you as a client and collect information about your use of our products and services so we can better tailor our services and content to you.
• To collect information about your computer or other access device to ensure we comply with our Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) obligations.

11. Your Rights Regarding Personal Information

Your rights regarding the personal information we hold about you are outlined below:

• Right to Access Information: If you request, we will confirm whether we are processing your personal information, and if so, what information we are processing, and, if requested, provide you with a copy of that information within 30 days of your request.
• Right to Rectification: It is crucial for us that your personal information remains up-to-date. We will take all reasonable steps to ensure your personal information remains accurate, complete, and current. If the personal information we hold about you is inaccurate or incomplete, you have the right to request its correction. If we have disclosed your personal information to others, we will inform them of the correction where possible. If you request, and where possible and lawful, we will also inform you with whom we have shared your personal information so that you can contact them directly. Please refer to Section 14 below (Contact Us Regarding Privacy Questions or Concerns) to submit your request.
• Right to Erasure: In certain circumstances, you can ask us to delete or remove your personal information, for example, when we no longer need it, provided we have no legal obligation to retain that data. Such requests will be subject to your contract with us and any retention periods specified by applicable laws and regulations we must comply with.
  • If we have disclosed your personal information to others, we will inform them of the deletion request where possible. If you request, and where possible and lawful, we will also inform you with whom we have shared your personal information so that you can contact them directly.
• Right to Restriction of Processing: In certain circumstances, you can ask us to block or suppress the processing of your personal information, for example, if you dispute the accuracy of that personal information or object to our processing of it. This will not prevent us from storing your personal information. We will notify you before deciding not to agree to any request for restriction.
  • If we have disclosed your personal information to others, we will inform them of the processing restriction where possible. If you request, and where possible and lawful, we will also inform you with whom we have shared your personal information so that you can contact them directly.
• Right to Data Portability: In certain circumstances, you may have the right to request to obtain personal information you have previously provided to us (in a structured, commonly used, and machine-readable format) and to reuse it elsewhere or to request that we transmit this information to a third party.
• Right to Object: You can ask us to stop processing your personal information, and we will do so if:
  • We are relying on our own legitimate interests or those of others to process your personal information, unless we can demonstrate compelling legal grounds for the processing.
  • We are processing your personal information for direct marketing purposes.
  • We are processing your personal information for research purposes, unless we reasonably believe such processing is necessary or prudent for the performance of a public interest task (e.g., performed by a regulatory or law enforcement agency).
• Automated Decision-Making and Profiling: If we have made a decision about you that affects your ability to access our products and services or otherwise has a significant impact on you, based solely on automated processing (e.g., through automated profiling) without human intervention, you can ask not to be subject to such a decision, unless we can demonstrate to you that such a decision is necessary for entering into or performing a contract between you and us. Even if a decision is necessary for entering into or performing a contract, you can object to that decision and request human intervention. If we agree to such a request (i.e., terminate our relationship with you), we may not be able to provide you with our products or services.

12. Mobile Application Permissions Description

To provide you with better services and experience, our application may request the following permissions. Please note that we will never sell any of your personal information. All permissions are obtained and used in strict compliance with relevant laws and regulations and are only for providing the functions and services you need.

Photo Album Permission

• Purpose: To access your device's photo album so you can upload payment vouchers and custom user avatars.
• Specifics: When you need to submit payment screenshots or change your personal avatar within the app, we will request access to your photo album to select and upload the required images. We commit to strictly adhering to privacy regulations, and will only use this permission when you actively trigger the relevant function. Your personal photos and private information will not be stored or shared with third parties.

Location Information Permission

• Purpose: To collect your approximate location information to meet Anti-Money Laundering (AML) and Know Your Customer (KYC) regulatory requirements, as well as for fraud detection, ensuring transaction compliance, and providing localized services.
• Specifics: When you register an account, conduct transactions, or log in, we may collect your approximate location information. This helps us identify potential fraudulent activities and provide appropriate services based on the laws and regulations in your region. This information will not be used for other unrelated purposes and will not be sold to third parties.

Camera Permission

• Purpose: For document capture during identity verification (KYC), scanning QR codes, and capturing transaction vouchers.
• Specifics: During the identity verification (KYC) process, you may need to take photos of identification documents. Additionally, when you need to scan specific QR codes (e.g., payment QR codes) or take photos of transaction vouchers as proof for upload, we will request access to your camera. This permission is only enabled when you actively use the relevant function.

13. Specific Rights Under Different Jurisdictions

A. Your Rights If Your Personal Data Is Subject to the General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area ("EEA"), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal data we collect and the specific context in which we collect it. We may process your personal data because:

• We need to use your personal data to enter into a contract with you or fulfill our obligations under a contract.
• You have given us consent to do so.
• The processing is in our legitimate interests or is necessary to comply with our legal obligations.
• To comply with applicable laws and regulations.

If you are a resident of the EEA, you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data. Please refer to Section 14 below (Contact Us Regarding Privacy Questions or Concerns).

In certain circumstances, you have the following data protection rights:

• The right to access, update, or delete the information we have on you.
• The right of rectification: You have the right to have your information rectified if that information is inaccurate or incomplete.
• The right to object: You have the right to object to our processing of your personal data.
• The right of restriction: You have the right to request that we restrict the processing of your personal information.
• The right to data portability: You have the right to be provided with a copy of the information we have on you.
• The right to withdraw consent: You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

B. Your Rights If You Are a Resident of California or Certain U.S. States

Under the laws of California, Colorado, Connecticut, Utah, and Virginia ("Applicable States"), you may have the right to ask us to:

• Provide access to and, in certain cases, portability of certain information we hold about you, if technically feasible.
• Update or correct your information.
• Delete certain information we hold about you.
• Opt-in or opt-out of the use of certain sensitive information we hold.

You also have the right to designate an authorized agent to help you exercise these rights. To ensure the security of your account, we will typically require you to verify your request or that of your authorized agent using the contact information you have already provided.

If you wish to exercise any of these rights, or appeal a decision related to your rights, please refer to Section 14 below (Contact Us Regarding Privacy Questions or Concerns).

Do Not Sell Personal Information: We do not sell any personal information to anyone.

No Discrimination: We will not discriminate against any individual for exercising their rights under California or other Applicable State privacy laws.

California: The following are additional disclosures required by the California Consumer Privacy Act and the California Privacy Rights Act (collectively, "CCPA"), effective January 1, 2023.

Categories of Personal Information Collected:

In the past twelve months, we may have collected the following categories of consumer personal information as identified by the CCPA, depending on how you interact with us:

• Identifiers: such as your name, email, address, phone number, or IP address.
• Personal information described in California Civil Code Section 1798.80(e): such as credit card number.
• Protected classification characteristics under California or federal law: such as age or gender (if we conduct user surveys or analysis).
• Commercial information: such as purchasing activity.
• Internet or other electronic network activity information: including content interaction information, such as content downloads, streams, and playback details.
• Geolocation data: such as the location of your device or computer as determined from your IP address or mobile device's GPS, depending on your device settings.
• Audio, electronic, visual, or similar information: including when you communicate with us by phone or otherwise.
• Professional or employment-related information: such as information you may provide about your business.
• Inferences drawn from other personal information: such as information about your preferences.

Categories of Personal Information Disclosed for a Business Purpose:

In the past twelve months, we may have disclosed the following categories of consumer personal information for a business purpose as identified by the CCPA, depending on how you interact with us:

• Identifiers: such as your name, email, address, phone number, or IP address.
• Personal information described in California Civil Code Section 1798.80(e): such as credit card number.
• Protected classification characteristics under California or federal law: such as age or gender (if we conduct user surveys or analysis).
• Commercial information: such as purchasing activity.
• Internet or other electronic network activity information: including content interaction information, such as content downloads, streams, and playback details.
• Geolocation data: such as the location of your device or computer (if you enable location services to enhance your experience with applications we provide).
• Audio, electronic, visual, or similar information: including when you communicate with us by phone or otherwise.
• Professional or employment-related information: such as information you may provide about your business.
• Inferences drawn from other personal information: such as information about your preferences.

Sensitive Personal Information: The categories of information we collect and disclose for business purposes include "sensitive personal information" as defined by the CCPA. We do not use sensitive personal information for any purpose not expressly permitted by the CCPA.

14. Contact Us Regarding Privacy Questions or Concerns

If you have any questions about this Privacy Policy or the use of your personal data, including requests for data access, updates, rectification, deletion, data portability, or withdrawal of consent, please contact us by sending an email to service@musepay.io with the subject line "DATA INQUIRY."

We will process your request as soon as possible. Please understand that in some cases (e.g., for legal or compliance purposes), we may not be able to fully comply with your deletion request. Furthermore, if you withdraw consent or fail to provide the information we require, we may not be able to provide or continue to provide services/products to you.

To ensure security, we will verify the identity of the requesting party. We typically respond to such requests free of charge, but we reserve the right to charge a reasonable fee for repetitive or burdensome requests.

15. Changes to This Privacy Policy

We regularly review and update this Privacy Policy to ensure it takes into account any new obligations and technologies, as well as changes in our business operations and practices, and keeps pace with the evolving regulatory environment. Any personal information we hold will be subject to our latest Privacy Policy. If there are significant changes to our Privacy Policy, we will publish these changes in this policy and provide notice elsewhere as we deem appropriate.

16. Data Protection Authority

If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the relevant data protection authority.

17. Language

If this agreement is translated from English into any other language, the English version shall prevail in case of any inconsistency.