Tondi Foundation Privacy Notice

Tondi Foundation ("Tondi," "we," "us," or "our") builds blockchain and Web3 infrastructure and applications. We offer products and services to users, creators, and developers under the Tondi brand (and other brands we may own), including:

• Our websites and documentation portals (e.g., https://tondi.org and subdomains) (the "Sites");
• Tondi Wallet Mobile (mobile wallet application);
• Tondi Wallet Chrome Extension (browser extension);
• Any other applications, products, or services we release or operate (together with the Sites, the "Offerings").

We understand your personal information is important. We process personal information responsibly and in accordance with applicable laws and regulations.

This Privacy Notice (and any supplemental notices referenced or incorporated here) describes how we process personal information when you access or use the Offerings. When you leave the Offerings, this Privacy Notice no longer applies. Any subsequent website, application, or service you access is subject to its own terms of service and privacy notice.

This Privacy Notice also explains your rights and choices regarding your personal information and how to contact us with questions or concerns. "Personal Information" means any information relating to an identified or identifiable natural person.

1. Our Relationship With You

Tondi Foundation provides the Offerings and determines the purposes and means of processing your Personal Information (often called the "controller" under applicable law). Your use of the Offerings is subject to our Terms of Use. Some Offerings may be used by organizations; if you use the Offerings on behalf of an organization, that organization may own the associated accounts and may manage your access and permissions.

2. Personal Information We Collect

We collect Personal Information that you provide to us and some information that we collect automatically. All collected information is used only for the purposes described in Section 3.

A. Personal Information You Provide to Us

• Account & Profile Information. For Offerings that require an account or profile, we may collect your name, password, email address, mobile phone number, account history, and other information needed to create and maintain the account or profile.
• Contact Information & Communications. If you contact us via forms, email, or other channels, we process your name, contact details, and the content of your communications.
• Support Information. When you request support, we process the contact details you use and information related to your request, the support provided, and (where relevant) how you interact with the Offerings to improve support services.
• Payment Information. If you purchase paid Offerings, payment information is processed solely to fulfill your purchase.
• Wallet/On-Chain & User-Provided Content. Depending on context, you may provide your wallet address, transaction-related information, preferences, settings, and any content you create or upload within the Offerings.
• Additional Information. Feedback, survey responses, or identity verification data required for certain features. We will inform you if additional Personal Information is necessary.

B. Information Collected Automatically

We may automatically collect certain information to enable core functionality and protect the Offerings. Where feasible, we seek to de-identify, aggregate, and/or anonymize such information.

• Single Sign-On (SSO). If you use third-party SSO to access the Offerings, we may receive Personal Information from those providers. Your interactions with those tools are governed by their privacy notices.
• Device & Usage Information. We may collect timestamps, usage statistics, IP address, general location (e.g., city/state inferred from IP), OS version/type, browser type, device identifiers, device events, crash data, cookie data, and your interactions with the Offerings. Some of this information could identify you or your device.
• Cookies & Similar Technologies. We may use cookies, pixel tags, and similar technologies on the Offerings. See our Cookie Notice (if available) for details.
• Location Information. We may infer general location from your IP address.
• Information from Other Sources. We may receive information from marketing partners (e.g., if you participate in campaigns) and researchers (e.g., if you participate in UX research) and combine it with information we collect.

3. How We Use Personal Information

We use Personal Information only for the purposes for which it was collected, including:

• Create Accounts/Profiles (where applicable).
• Provide, Operate & Support the Offerings.
• Personalization & Regionalization to improve your experience and enable interactions with third-party platforms (see Section 10).
• Product Improvement & New Features.
• Communications by phone, text, email, or chat for administrative messages, requested services and information, responses to inquiries, policy updates, and support.
• Marketing (with consent where required) to send updates, features, and promotions. You may opt out at any time (e.g., unsubscribe links, or contacting us).
• Customer & Third-Party Relationship Management (e.g., tracking communications with prospects, customers, and partners).
• Aggregation/De-Identification for statistics and analytics.
• Administrative & Legal Purposes, including enforcing terms, complying with legal obligations (e.g., sanctions compliance), and internal policies.
• Safety, Security & Integrity, including investigating good-faith allegations of violations, preventing unauthorized access, and mitigating abuse.
• Use of AI Tools. We may responsibly use AI-enhanced tooling (e.g., to summarize support content and improve response efficiency).

4. Who We Share Personal Information With

We must share Personal Information in limited cases to provide and protect the Offerings. We do not sell your Personal Information.

• Affiliates. We may share with Tondi affiliates and subsidiaries (if any) for business and service delivery.
• Service Providers. For hosting, storage and disaster recovery, network operations and security, feature rollouts and testing, product analytics, communications, and support; payment processors for purchases; providers assisting with sanctions and abuse prevention.
• Native Integrations. If you choose to share data through native integrations with other applications, we will share data as you instruct. We do not share data from integrated apps with unrelated services or clients.
• Legal. We may disclose information if required by law or in good faith to comply with legal obligations, enforce terms, resolve security/technical issues, or protect rights, property, or safety.
• Strategic Business Partners (with consent). Limited sharing for marketing/advertising where you have provided consent.
• Third-Party Platforms. If you request to interact with third-party services or platforms, we may disclose necessary information. Where permitted and feasible, we seek to minimize sharing through proxies.

5. Service Providers

We engage unaffiliated service providers for the purposes described in Section 4 (e.g., cloud hosting, analytics, payments, security, experimentation). Where required by law, we will disclose key categories or lists of such service providers.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access/Right to Know.
• Rectification/Correction.
• Erasure/Deletion/Anonymization (where no overriding legitimate basis applies).
• Object to Processing (including where based on legitimate interests or for direct marketing).
• Restrict Processing (in certain circumstances).
• Data Portability (for data processed based on contract or consent).
• Withdraw Consent at any time (without affecting prior lawful processing).
• Lodge a Complaint with a supervisory authority.
• Non-Discrimination for exercising your rights.
• Opt-Out of Targeted Advertising, "Sale," or "Sharing" where required by law.

We may request identity verification before responding. We may refuse requests where legally permitted and will inform you if so. Subject to applicable rules, you may appoint an agent to act for you; we may require written authorization and verification. To appeal a refusal, contact: support@tondi.org (if/when enabled).

7. Retention of Information

We retain Personal Information for as long as necessary to fulfill the purposes described in this Notice, to make the Offerings available to you, or as instructed by you, unless a longer retention period is required or permitted by law (e.g., for legal claims, complaints, litigation, or regulatory proceedings).

8. Security and Storage

We implement reasonable security measures designed to protect Personal Information against loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no internet or email transmission is ever fully secure. If you believe your privacy has been breached through use of the Offerings, contact us immediately.

For more details about how we protect data in Tondi Wallet Mobile and the Tondi Wallet Chrome Extension, see our Security page (if available). Your Personal Information may be stored and processed in the United States or other jurisdictions where we or our service providers maintain facilities, and may be transferred across borders in accordance with applicable law and appropriate safeguards.

9. Data Analytics and Advertising

With your consent where required, we may use first-party and third-party analytics (e.g., Google Analytics) to provide and improve the Offerings and, where applicable, for marketing:

• Performance analysis, error diagnostics, and experience optimization;
• Advertising and re-marketing (e.g., showing Tondi ads based on prior visits).

Third parties may use cookies and web beacons to collect information about your activities on the Offerings and show you ads across the internet. You can learn more or opt out of interest-based advertising via industry self-regulatory programs (e.g., NAI/DAA), where available.

10. Third-Party Links and Platforms

The Offerings may enable interactions with third-party services, decentralized applications (dApps), and third-party platforms (collectively, "Third-Party Platforms"). This Privacy Notice does not address—and we are not responsible for—the privacy practices of such third parties. Links do not imply endorsement of their practices. Your use of Third-Party Platforms and their use of your information are governed by their terms and privacy notices.

Where you choose to interact with a Third-Party Platform through the Offerings and share Personal Information as required for such interaction, we will, where permitted and feasible, seek to limit the Personal Information shared (e.g., via proxying).

11. Co-Branded Websites

If our Sites link to other websites that display Tondi branding but are operated by others, this Privacy Notice does not apply to those sites. Please review each site's own privacy notice.

12. Eligibility

If you are under the age of majority in your jurisdiction of residence, you may use the Offerings only with the consent of or under the supervision of your parent or legal guardian. Consistent with COPPA, if we learn that we have received information directly from a child under 13 without verified parental consent, we will use that information solely to respond directly to that child (or their parent/guardian) to inform them that the Sites cannot be used, and we will then delete that information.

13. Change of Ownership

In the event of a change in ownership, merger, acquisition, or transfer/sale of all or a portion of our assets, we reserve the right to transfer all Personal Information to the successor entity. We will use reasonable efforts to notify you of a transfer to an unaffiliated third party (e.g., a posting on our homepage or an email to the address you provided, at our discretion).

14. Changes to This Privacy Notice

We may amend this Privacy Notice at any time to reflect changes in law, our data practices, or technology. The revised Notice will be made available through the Offerings. Please review it periodically. The Date of Last Revision above indicates when it was last updated. By continuing to access or use the Offerings, you confirm you have read and understand the latest version.

15. Complaints

If you wish to lodge a complaint about how we process your Personal Information, please contact us as described below. We will endeavor to respond as soon as possible. You may also lodge a complaint with the applicable supervisory authority in your place of residence, workplace, or where you believe an incident occurred.