AIRAS Privacy Policy

This Privacy Policy (the "Policy") is made and entered into by and between AIRAS, a subsidiary of GPT Protocol Ltd. (hereinafter, "AIRAS," "we," "us," or "our"), and you, the end user (hereinafter, the "User" or "you"). By accessing or utilizing our services (the "Services"), you hereby acknowledge and consent to the collection, use, and disclosure of your personal data as described herein, subject to the terms and conditions set forth below.

1. Collection of Information

1.1 Personal Information

Pursuant to applicable laws and regulations, AIRAS may, at its sole discretion, collect certain Personal Data that you voluntarily provide. Such Personal Data may include, but is not limited to:

• Identity Information: Name, contact details (including, without limitation, email address, telephone number, and postal address), and any governmental identifiers.
• Authentication Credentials: Usernames, passwords, and any ancillary security tokens or codes.
• Financial Information: Payment card data, billing information, and transactional records.
• Preferences: Communication and marketing preferences as explicitly indicated by you.
• Blockchain-Related Data: Wallet addresses and any related blockchain transaction identifiers.
• Miscellaneous Data: Any additional information provided by you in the course of engaging with our Services.

1.2 Automatically Collected Information

In the course of your interaction with our Services, AIRAS shall automatically capture certain technical and usage-related data, including but not limited to:

• Device and Log Data: Device identifiers, operating system details, hardware configurations, and application logs.
• Network Information: IP addresses, browser types, language preferences, and connection metadata.
• Usage Metrics: Details regarding your interaction with the Services, such as access times, pages viewed, and other navigational data.
• Blockchain Transaction Data: Publicly available data related to blockchain transactions as applicable to the Services.

2. Use of Collected Information

The Personal Data and Automatically Collected Information (collectively, "Data") shall be utilized by AIRAS solely for the following purposes:

• Service Provision and Maintenance: To deliver, operate, and enhance the Services in a secure and efficient manner.
• Transaction Processing: To facilitate and manage payment and financial transactions in compliance with applicable financial regulations.
• Security Measures: To detect, prevent, and remediate unauthorized or illicit activity, and to ensure the integrity and security of our Services.
• Regulatory Compliance: To comply with all applicable statutory, regulatory, and legal obligations.
• Communications: To notify you of changes, updates, and promotions, subject to your preferences regarding marketing communications.
• Data Analytics: To conduct analyses that may inform the ongoing development and optimization of the Services.

3. Disclosure and Sharing of Information

Subject to the limitations and conditions herein, AIRAS may disclose Data as follows:

• Service Providers and Partners: To third parties providing services on our behalf, provided such parties are contractually bound to protect your Data in a manner consistent with this Policy.
• Legal and Regulatory Authorities: To any governmental or regulatory body, or pursuant to any lawful process, wherein such disclosure is necessary to comply with legal obligations.
• Consent-Based Disclosures: To other Users or third parties upon your explicit consent or as otherwise expressly permitted by you.
• Corporate Affiliates: To other entities within the GPT Protocol Ltd. corporate group, subject to equivalent data protection obligations.
• Aggregated Data: To third parties in a form that does not permit identification of individual Users, for purposes including statistical analysis and market research.

4. Data Security and Protective Measures

AIRAS shall employ commercially reasonable and industry-standard technical and organizational safeguards designed to protect Data from unauthorized access, use, or disclosure. Such measures include, but are not limited to:

• Encryption: Utilization of advanced encryption protocols (e.g., TLS/SSL) for the transmission and storage of sensitive information.
• Access Controls: Implementation of strict access controls, including multi-factor authentication and role-based access limitations.
• Periodic Security Audits: Regular security assessments and vulnerability testing to ensure ongoing data protection.
• Incident Response Protocol: An established procedure for prompt response, notification, and remediation in the event of a data breach or security incident.
• Data Minimization: Adherence to the principle of collecting only data that is strictly necessary for the purposes set forth in this Policy.

5. International Data Transfers

In connection with the provision of the Services, your Data may be transferred to, and processed in, jurisdictions outside of your country of residence. AIRAS shall ensure that such transfers are conducted in accordance with applicable data protection laws and that adequate safeguards (e.g., Standard Contractual Clauses) are implemented to maintain the security and integrity of your Data.

6. Rights and Remedies

Subject to applicable law, you are hereby granted certain rights with respect to your Data, including the right to:

• Access: Obtain confirmation as to whether your Data is being processed, and access to such Data.
• Rectification: Request correction of any inaccurate or incomplete Data.
• Erasure: Request deletion of your Data under circumstances where such action is mandated by law.
• Restriction: Object to or request restrictions on the processing of your Data.
• Portability: Obtain your Data in a structured, commonly used, and machine-readable format.
• Withdrawal of Consent: Withdraw your consent to the processing of your Data where consent has been the legal basis for processing, without affecting the lawfulness of processing prior to withdrawal.

7. Data Retention

AIRAS shall retain your Data only for the duration necessary to fulfill the purposes for which it was collected or as otherwise required by applicable law. Upon expiration of such periods, your Data shall be either securely destroyed or rendered permanently anonymized.

8. Third-Party Websites and Embedded Content

Our Services may contain links to third-party websites or embedded content for which this Policy does not apply. AIRAS bears no responsibility for the privacy practices or content of such external sites. We advise you to review the privacy policies of any third-party sites you access.

9. Amendments to This Policy

AIRAS reserves the right to amend this Policy at any time. Any amendments shall be effective immediately upon publication on our website, with the revised "Last Updated" date reflecting such changes. Your continued use of the Services subsequent to any such modifications shall constitute your acceptance thereof.

10. Limitation of Liability

Notwithstanding any provisions to the contrary, in no event shall AIRAS be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or in connection with the use of the Services or the inability to use the Services, even if advised of the possibility of such damages.

11. Governing Law and Dispute Resolution

This Policy shall be governed by and construed in accordance with the laws of the applicable jurisdiction without regard to any conflict of law principles. Any disputes arising out of or in connection with this Policy shall be resolved through binding arbitration in accordance with the rules of the designated arbitration body, unless otherwise required by applicable law.

12. Contact Information

For any inquiries, claims, or concerns regarding this Policy or your Data, please contact us at: