Privacy Policy

Users outside the European Economic Area, United Kingdom, and Switzerland consent to this Privacy Policy by accessing our Services. Those located in the EEA, UK, or Switzerland are subject to additional protections described in Section 16.

Consent may be withdrawn at any time by contacting us using the information provided in Section 15. Please note that withdrawing consent may limit or prevent access to certain Services.

"Personal information" means any information relating to an identified or identifiable individual. Depending on your jurisdiction, this may include information associated with a specific household or device.

Hectare Tech Ltd. (BVI), a subsidiary of Acre Foundation ("Hectare," "we," or "us"), may collect the following categories of information:

• Publicly available blockchain addresses when you connect a wallet to our Services
• Tracking data including cookies and web beacons used for personalization and analytics
• Information received from service providers for compliance and verification purposes
• Survey responses and biographical information you voluntarily provide
• Correspondence submitted via email, support channels, or social media
• Employment application data when you apply for a role with us
• User-provided identifiers and device information

We also collect non-personal information such as operating system details, crash analytics, and general usage patterns that cannot be used to identify you individually.

We use personal information for the following purposes:

• Account creation and relationship management
• Sending promotional materials and service news, subject to your consent
• Customizing Services to your preferences
• Fraud prevention and security monitoring
• Product research and development
• Legal and regulatory compliance

We obtain your consent before sending promotional emails and other electronic messages, except where local law permits otherwise. You may unsubscribe from promotional communications at any time using the opt-out mechanism included in each message.

Service-related transactional communications — such as security alerts or account notifications — are necessary for the operation of the Services and cannot be opted out of while your account remains active.

We may share your personal information with the following categories of recipients:

• Communication service providers supporting our operations
• IT infrastructure providers hosting or processing data on our behalf
• Professional advisors including lawyers, accountants, and financial consultants
• Third parties involved in business transactions such as mergers or acquisitions
• Law enforcement or government authorities when required by applicable law

Users outside the EEA, UK, and Switzerland consent to third-party disclosure by providing information through the Services.

We may share non-identifying, aggregated information with customers, partners, advertisers, and service providers. This information does not identify any individual and is not subject to the same protections as personal information.

We retain personal information for as long as reasonably necessary to complete our business with you, or as required by law, whichever is longer. When information is no longer required, we take reasonable steps to destroy or de-identify it.

We maintain commercially reasonable physical, technological, and procedural safeguards appropriate to the sensitivity of the personal information we hold. However, no method of transmission over the internet or electronic storage is completely secure.

If you become aware of any security incident affecting your information or account, you must report it to us immediately using the contact details in Section 15.

Subject to applicable law, you may have the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — request that inaccurate or incomplete data be corrected
• Erasure — request deletion of your personal information in certain circumstances
• Restriction — request that we limit how we process your information
• Withdrawal of consent — withdraw consent where processing is consent-based
• Opt-out of direct marketing — object to receiving promotional communications
• Objection — object to processing carried out on the basis of legitimate interests
• Data portability — receive your information in a structured, machine-readable format
• Lodge a complaint — contact your applicable supervisory authority

To exercise any of these rights, please contact us at [email protected].

Accessing or using our Services constitutes your consent to this Privacy Policy, unless you are located in the EEA, UK, or Switzerland or have otherwise advised us of a different basis for processing.

You may withdraw your consent at any time by contacting us as described in Section 15. Withdrawal of consent does not affect the lawfulness of processing that occurred prior to withdrawal.

Our Services may contain links to third-party websites, applications, or resources provided for your convenience only. We have no control over the content or privacy practices of these third parties and assume no responsibility for them.

You access third-party resources at your own risk. We encourage you to review the privacy policies of any third-party services you visit.

We use cookies, web beacons, and similar tracking technologies to estimate audience size, store your preferences, and recognize returning visitors. These technologies help us improve the Services and deliver a more personalized experience.

We honor Global Privacy Control (GPC) signals that meet applicable format requirements as a valid opt-out of sale or sharing of personal information where required by law. You may configure your browser to refuse cookies, though this may affect the functionality of certain features.

We may update this Privacy Policy from time to time. Updated versions will be posted on our website with a revised "Last modified" date. We encourage you to review this policy periodically. Continued use of the Services following the posting of changes constitutes your acceptance of the updated policy.

Questions, concerns, or requests regarding this Privacy Policy or your personal information should be directed to [email protected].

This section applies to individuals in the European Economic Area, United Kingdom, and Switzerland and supersedes any conflicting provisions above. Hectare acts as data controller under the GDPR and applicable Swiss data protection law.