Stocex

English

简体中文
繁体中文
日本語
한국어

English

简体中文
繁体中文
日本語
한국어

Breeding Pulsewave Software LLC Privacy Policy

Version: V2.0 Effective Date: [May 1, 2026] Applicable Regions: United States, Japan, South Korea, and relevant Southeast Asian markets

This Breeding Pulsewave Software LLC Privacy Policy (this “Policy”) explains how we collect, use, share, store, cross-border transfer, protect, and delete your personal information, customer financial information, device data, on-chain data, and transaction-related information, as well as how you may exercise your related rights.

This Policy is drafted based on cross-border fintech and digital asset derivative trading scenarios and applies to Stocex and its websites, mobile applications, embedded services, APIs, and customer support channels. If certain services are actually provided by locally licensed entities, relevant local privacy supplements, local account opening documents, or local legal notices shall apply together with this Policy; in case of any conflict, local mandatory rules and local supplements shall prevail.

1. Legal Bases for Our Information Processing

Depending on the jurisdiction and specific circumstances, we may rely on one or more of the following legal bases:

  1. Your consent or separate consent;
  2. Necessary for entering into or performing a contract with you;
  3. Necessary for complying with legal or regulatory obligations;
  4. Necessary for preventing fraud, protecting system security, or safeguarding legitimate interests;
  5. Necessary for public interests, law enforcement assistance, or exercising, establishing, or defending legal claims;
  6. Other bases permitted by applicable laws.

2. Sensitive Information and Financial Information

  1. In the financial services context, we may process sensitive information, including identification documents, biometric results, account information, transaction records, position and settlement records, source of funds, tax information, sanctions screening results, wallet association information, and other information that may materially affect your rights and interests.
  2. We process such information only for a clear purpose and when necessary, and adopt enhanced protection measures.
  3. In Japan, South Korea, Indonesia, the Philippines, Malaysia, certain states of the United States, or other regions requiring enhanced notice, consent, or separate consent, we will fulfill corresponding obligations through separate notices, pop-ups, authorization pages, or local supplements.

3. Cross-Border Transfers

  1. As we operate in multiple countries and regions, your information may be transferred to servers, group entities, service providers, or regulatory recipients outside your country or region.
  2. We will take contractual, technical, and organizational measures to ensure the security and lawfulness of cross-border transfers in accordance with applicable laws.
  3. For Japan, South Korea, Singapore, Indonesia, Malaysia, the Philippines, and other regions with special requirements for outbound transfers, we will provide the following when necessary: a. Information about the recipient’s country/region; b. Category of recipient; c. Purpose of transfer; d. Protection measures; e. Separate consent or additional notice when applicable.

4. Special Note on Public Blockchain Data

  1. If you use on-chain deposit, withdrawal, wallet binding, on-chain settlement, or other blockchain functions, the relevant wallet addresses and transaction records may be permanently visible on public blockchains.
  2. Even if we delete certain associated information in our internal systems, records on public blockchains themselves cannot usually be deleted, modified, or withdrawn unilaterally by us.
  3. We may use third-party on-chain analytics tools to conduct risk scoring, sanctions screening, suspicious activity monitoring, and transaction path analysis on wallet addresses.

5. Automated Decision-Making, Risk Control, and Profiling

  1. We may use automated tools to analyze trading risk, fraud risk, device risk, marketing preferences, account security, and product access.
  2. Such processing may include rule engines, anomaly detection, behavioral analysis, sanctions matching, fraud scoring, on-chain address scoring, wallet profiling, position risk engines, and recommendation models.
  3. If required by applicable laws, we will explain the basic logic and potential impacts of automated decision-making to you and provide channels for appeal, manual review, or opting out of certain marketing profiling.

6. Data Retention

  1. We retain information only for the period necessary to fulfill the purposes described in this Policy.
  2. However, in the financial services context, we usually need to extend retention for the following reasons: a. Financial regulatory archiving requirements; b. Anti-money laundering, sanctions, tax, and audit obligations; c. Disputes, complaints, litigation, arbitration, or investigations; d. Cybersecurity and anti-fraud tracking requirements.
  3. Specific retention periods shall be determined by local laws and business license requirements in each target market. Before official launch, it is recommended to prepare a Data Retention Period Table and incorporate it into this Policy or internal policies.

7. Cookies, SDKs, and Similar Technologies

  1. We may use cookies, SDKs, pixel tags, local storage, device fingerprinting, or similar technologies to maintain login sessions, monitor security, analyze performance, attribute marketing, and optimize products.
  2. Common third-party SDKs in mobile Apps may include authentication, push notifications, analytics, crash monitoring, risk control, electronic signature, payment, customer service, on-chain analytics, and wallet security tools.
  3. Before official launch, it is recommended to list third-party SDK names, collected fields, purposes, service provider names, privacy links, and whether cross-border transfer is involved in an SDK List and display it prominently in the App.

8. Security Measures

We implement reasonable technical, organizational, and administrative measures to protect your information, including but not limited to:

  1. Encryption for transmission and storage;
  2. Access control, least privilege, and audit logs;
  3. Two-factor authentication, anomaly detection, and anti-fraud mechanisms;
  4. Backup, disaster recovery, and business continuity controls;
  5. Vendor due diligence and data processing agreements;
  6. Staff training, internal policies, and incident response mechanisms.

No network transmission or storage can be guaranteed absolutely secure. In the event of a security incident that may materially affect you, we will fulfill notification, reporting, and remedial obligations in accordance with applicable laws.

9. Policy Updates

We may update this Policy due to changes in laws, regulatory requirements, service upgrades, business expansion, or risk control adjustments. For changes that materially affect your rights and interests, we will notify you through App pop-ups, emails, in-app announcements, or other prominent means.

10. Items to Be Supplemented Before Official Launch

  1. List of actual operating entities and local licensed entities in each country;
  2. Data flow diagram by country/region;
  3. Data Retention Period Table;
  4. List of third-party SDKs/service providers;
  5. Cross-border transfer explanation and consent mechanism;
  6. U.S. state privacy supplements;
  7. Local supplementary privacy clauses for Japan and South Korea;
  8. Local supplementary privacy clauses for Singapore, Indonesia, Malaysia, and the Philippines;
  9. Data subject request handling process;
  10. Data breach notification process;
  11. List of on-chain analytics, wallet security, and sanctions screening service providers;
  12. Explanation of processing wallet addresses, transaction hashes, and on-chain risk labels.