Privacy Policy

The data controller for personal data collected via this Platform is Caput Mundi Group, a company incorporated in the UAE Free Zone. For data protection enquiries, contact our Data Protection Officer at privacy@caputmundi.io.

We collect the following categories of data:

• Blockchain data: Your public wallet address, transaction history, and token balances — all publicly available on-chain.
• Technical data: IP address, browser type, device type, operating system, and access timestamps, collected automatically when you access the Platform.
• KYC data: If required, identity documents (passport, government ID), selfie/liveness verification, and proof of address — collected by our KYC provider on our behalf.
• Usage data: Pages visited, features used, click paths, and session duration, collected via analytics cookies (with your consent).
• Communications: Any messages or enquiries you send us by email or through social channels.

We do not collect names or email addresses unless you voluntarily provide them via our contact channels.

We use your personal data to:

• Administer your presale allocation and process USDC purchases;
• Conduct KYC/AML screening as required by applicable law;
• Comply with legal and regulatory obligations, including sanctions screening;
• Detect, prevent, and investigate fraud or abuse;
• Operate, maintain, and improve the Platform;
• Respond to your enquiries and communications;
• Send operational updates regarding your allocation or Genesis Day (no marketing without separate consent).

We process your data on the following legal bases:

• Contract performance: Processing necessary to administer your token purchase and allocation;
• Legal obligation: AML/KYC screening and sanctions checks required by applicable law;
• Legitimate interests: Fraud prevention, platform security, and aggregate analytics;
• Consent: Analytics cookies and marketing communications (where separately obtained).

We engage the following categories of third-party processors:

• KYC / Identity Verification: Sumsub — processes identity documents on our behalf under a signed data processing agreement.
• Infrastructure:Cloudflare — provides CDN, DDoS protection, and DNS services under Cloudflare's data processing addendum.
• Blockchain: On-chain transaction data is publicly available and inherently visible to all Solana network participants.
• Analytics: Privacy-first analytics with IP anonymisation. No cross-site tracking. No advertising profiles.

We do not sell your personal data to third parties for advertising purposes under any circumstances.

We retain your personal data only as long as necessary for the stated purposes:

• Purchase and allocation records: 7 years (AML/legal compliance);
• KYC documents: 5 years from the date of collection or as required by applicable law;
• Technical/access logs: 90 days;
• Communications: 2 years from last contact.

Blockchain transaction data (wallet addresses, token amounts) is permanently stored on the Solana blockchain and cannot be deleted. This is an inherent property of public blockchain technology.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you;
• Rectification: Correct inaccurate or incomplete data;
• Erasure: Request deletion of your data, subject to legal retention requirements;
• Restriction: Request we restrict processing in certain circumstances;
• Portability: Receive your data in a structured, machine-readable format;
• Objection: Object to processing based on legitimate interests;
• Withdraw consent: Withdraw consent at any time where processing is consent-based.

To exercise any of these rights, contact privacy@caputmundi.io. We will respond within 30 days.

For privacy-related enquiries, contact our Data Protection Officer at privacy@caputmundi.io.

If you believe your rights have been infringed, you have the right to lodge a complaint with your local data protection authority. EU/EEA residents may contact their national supervisory authority as listed on the European Data Protection Board website.