JIGGLE PRIVACY, DATA USE AND RETENTION POLICY

Please read our Privacy, Data Use and Retention Policy (hereinafter the “Policy” or the “Privacy Policy) carefully to know what personal information we (hereinafter “we”, “us”, “our”, “Jiggle”, “the Company”) collect, for what purposes we use it, how we use it and how the person using the App (hereinafter “you”, “your”, the “user”) can change, receive, or delete it.

Appia Solutions DMCC (licensed by the DMCC as a Distributed Ledger Technology Service, under License number DMCC-870964, whose address is Unit No: BA12, DMCC Business Centre, Level No 1, Jewellery & Gemplex 3, Dubai, United Arab Emirates) is the Data Controller, which independently determines the purposes and means of processing personal data when using the Jiggle app (hereinafter the “App”).

By installing and using the App, you accept this Policy and the practices between us as described in this Policy, and expressly consent to the processing and storage of personal information. We may use your personal information in accordance with this Privacy Policy. If you do not agree to this Policy, do not access and use the App, otherwise, your use is deemed unauthorized.

1. DEFINITIONS.

"Account" means an account in the App, created upon registration, which provides the ability to use the functions of the App and which is owned by a specific User.

"Personal Data" - information about a living individual who can be identified from that information (either by itself or when it is combined with other information).

"Processing of personal data" - any manual or automated action in relation to personal data, including: collection, receipt, recording, systematization, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.

"Jiggle" is a mobile application (cryptocurrency wallet), using which you can have the ability to receive, store, send cryptocurrencies and access resources for their exchange, purchase, sale, as well as, get the ability to otherwise manage your cryptocurrencies. "User" means a person of sufficient legal capacity to comprehend and comply with this Privacy Policy, and of at least 18 years of age.

2. SCOPE OF THE PRIVACY POLICY.

This Policy applies only to the use of www.jiggle.app or the App where this Policy is posted.

The Policy is applicable only in relations to the use of www.jiggle.app or the App, and does not apply to data that comes from third party companies or other organizations.

This Policy sets out the basis on which we process any personal data that we receive from you or third parties.

We collect and process various categories of personal information at the start of, and for the duration of, your relationship with us.

We ask for your personal data that is adequate and appropriate and we limit the collection and processing of information to that information necessary to achieve one or more legitimate purposes as identified in this Policy (data minimization principle).

Your data is processed in a lawful, fair and transparent manner.

Our Policy focuses on personal information - information that identifies you or could reasonably be linked to information that identifies you. For example, when you use our App and services, we may collect personal information such as your IP address and email, your device and browser information.

Employees of our organization are responsible for ensuring compliance with this Policy. We require everyone who manages our App users’ personal information to do so properly and in accordance with our policies and the provisions set forth in Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("General Data Protection Regulation" or "GDPR").

In addition, this Privacy Policy also serves to fulfil the obligations set forth in the Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data

3. WHAT DATA WE PROCESS AND FOR WHAT PURPOSE.

3.1 What we process

We process several types of information, our goal being to limit the information we collect to the information we need to support our business.:

a) information we receive from you; information that we gather from the technology which you use to access our services (for example location data from your mobile phone, IP address or telephone number) and how you use it (for example pattern recognition).

You share information with us in various ways through our services and online. For example, you share information when you:

- download our App;

- create an Account in the App;

- participate in our programs and promotions on social networks;

- get in touch with us;

- post a review or comment on one of our social media pages, write a review or other content on our website or mobile service.

When you take these actions, you may give us different types of personal information, such as:

- your name;

- your email address;

- physical or mailing address;

- telephone number;

- date of birth;

- person's biometric data, which is processed by a neural network and converted by the server into a static preset depersonalized key.

b) information we receive from other sources (to help us supplement our records, improve the personalization of our services to you, and detect fraud), including services and automated programs from other companies of our group, third parties who provide services to you or us, credit reference, fraud prevention or government agencies, and other financial institutions (where permitted by law), first party and third party cookies when you access our services, for more details please read our Cookie Policy.

c) We process technical information when you use our App or services.

This may include information such as:

City ($ city) - The city of the sender event is parsed from the IP property or the latitude and longitude of the property. Refer to Geo Source ($geo_source) for more information.

Region ($region) - The region of the event sender, parsed from the IP property or latitude and longitude properties. See Geo Source ($geo_source) for more information.

Country (mp_country_code) - The country of the event sender, parsed in the IP property or the Latitude and Longitude properties. See Geo Source ($geo_source) for more information.

Geo Source ($geo_source) is a method for specifying values for the Country, Region, and City properties. If the value is zero, the location properties were defined via the IP property ($ip). If "reverse_geocoding", the location properties were defined using the Latitude ($latitude) and Longitude ($longitude) properties.

Time Zone ($timezone) - The time zone of the event sender, parsed by IP.

Browser version ($browser_version) - Browser version number.

Browser ($browser) - Browser version number (not versioned).

Initial Referrer ($initial_referrer) - The referring URL on the first entry.

Initial Referring Domain ($initial_referring_domain) - The referring domain on the first arrival.

Operating System ($os) - The operating system of the event sender.

Last Seen ($last_seen) - The last time the User profile property was set or updated (should not be set manually).

Device Name ($device) - The name of the event sender's device, if it is on the mobile Internet.

iOS Device Model ($ios_device_model) - ID of the device model, in the format "iPad 3,4", etc.

iOS Version ($ios_version) - The current iOS version on the device.

Device ID ($device_id) - A unique string that identifies the User before the authentication or identification flow. By default, the javascript client-side SDK packages generate $device_id for each unique browser or device. When using the client-side SDKs, $device_id is an event property that requires no additional work. $device_id does not change on the same device.

Account ID ($device_id) - Account number in the Jiggle App.

App version ($app_version) - the version of the App that the User uses.

Backup biometric ($backup biometric) - whether the Account access backup procedure was performed using the person's biometric parameters.

Backup paper ($backup paper) - whether the QR code was saved to restore access.

Currency balance ($BTC, ETH, etc.) - the balance of currencies in your Account.

Some of the above information (but not only) that you provide to us is obtained by us through automated technologies (services) such as "Firebase" (https://firebase.google.com and https://analytics.google.com). When the App allows you to use its functions and features, as well as the collection and processing of information is carried out within the framework of these rules and in accordance with the rules of use and policies described in the links https://firebase.google.com/terms and https://policies.google.com/privacy,а also https://policies.google.com/privacy?hl=ru and https://policies.google.com/terms?hl=ru. You agree to these policies when you use the App.

We use third party services to provide certain features of the App. Such services include those available at: https://waltzer.io. When you use certain features of our App, you agree to the terms of use and information processing that apply to such services and are published at https://waltzer.io/terms.pdf.

The App is capable of using automatically collected information using the device's camera and the TrueDepth API provided by Apple

If you use the TrueDepth API, images from the camera can only be used to back up access to your Account. No information collected by the TrueDepth API ever leaves the User's device. We do not share information with third parties, nor do we store or otherwise process data that we have accessed and used through the TrueDepth API. For more information about TrueDepth API technologies, you can visit

For this feature to be possible, the App requires access to your device's camera. This access can be enabled or disabled at any time in your device settings. Camera images and acquired depth data are used only for backup Account access purposes. The live video stream is never used and its data is never stored locally or remotely. Access to the camera is necessary to retrieve depth data from the Apple API. This data is only stored on the device for the duration of your current session. Each time the home screen is displayed or the App is closed, the data is deleted.

3.2 For what purpose

By submitting your personal information, you consent to its processing in order for the Company to, for instance, fulfil its obligations to you, to enable you to use the App, to keep it secure, to provide you with products and services, or to personalize our information-sharing relationships. Here are some examples of the purposes for which data about you is used, but not limited to :

- To assess and process your applications for products or services, for instance when you apply for an Account, including to comply with legal requirements. Application decisions may be taken based solely on automated checks of information, for example from fraud prevention agencies and our internal records. We use your personal information to help us make decisions on verifying your Account, as well as transaction limits on your Account, by looking at information such as biometric data (including photograph and/or facial scan), information regarding your location, age, nationality and/or citizenship and other information which enables us to verify your identity and perform a risk assessment for money laundering and fraud prevention purposes. You have rights in relation to the automated decision-making used in the verification process, including a right to attempt account verification again, or contact our customer support team if your application is refused. We will also profile your Account to assign a risk rating for the purposes of fraud and unusual transaction monitoring and unauthorised access prevention. The information we will use to profile you will include your age, bank country of residence and status as a politically exposed person or otherwise. We will continue to collect and monitor information about how you manage your Account including your account balance, payments into your Account, the regularity of payments being made, and any default in making payments, while you have a relationship with us. This information may be made available to other organisations (including fraud prevention agencies and other financial institutions) so that they can take decisions about you. If false or inaccurate information is provided and/or fraud is identified or suspected, details will be passed to relevant fraud prevention agencies. Law enforcement agencies and other organisations may access and use this information. We cooperate fully to the extent of our legal obligations in the prevention of fraud, money laundering and counter-terrorism. If we, or a fraud prevention agency, determine that you pose a fraud, money laundering or other criminal risk, we may refuse to provide the services you have requested, or we may stop providing existing services to you. A record of any fraud, money laundering or other criminal risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. Fraud prevention agencies can hold your information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. When fraud prevention agencies process your information, they do so on the basis that they have a legitimate interest in preventing fraud and money laundering, and to verify your identity, in order to protect their business and to comply with laws that apply to them.

- To provide and administer those products and services throughout your relationship with us, including opening, setting up or closing your Account; collecting and issuing all necessary documentation; executing your instructions; transferring money/cryptocurrencies between Accounts; resolving any queries or discrepancies and administering any changes. Communications with our online helplines may be recorded and monitored for these purposes;

- To contact you with information relevant to the operation and maintenance of your Account;

- To support our business functions, such as performing data analysis, data matching and profiling to support decision-making with regards to our activities;

- To support our marketing function and send you for instance, with your consent, information about our products, services and promotions, and to help us personalize our products and service offerings and mobile services;

- To respond to the feedback and comments you provide to us;

- To protect the security and integrity of our mobile services and our business;

- To support our legal functions, such as to execute an agreement to which the personal data subject is a beneficiary , as well as to conclude an agreement under which the personal data subject will be a beneficiary;

- Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data with taxation, law enforcement and regulatory bodies.

- Where it is in our legitimate interests to do so as an organisation, and without prejudicing your interests or fundamental rights and freedoms, to manage our business and financial affairs and to protect our customers, employees and property.

4. WHAT DATA WE STORE AND FOR HOW LONG.

We store your email for contacting you and identifying you in case of contacting us and regaining access to your Account. If at any point in the future you change your contact details you should tell us promptly about those changes.

We may monitor or record calls, emails, text messages or other communications in accordance with applicable laws.

We also store a static preset key on our servers to enable you to access your Account.

We also store the information set forth in Section 3.

Records can be held on a variety of media (physical or electronic) and formats, but they are primarily held electronically.

Retention periods for records are determined based on the type of record, the nature of the activity, product or service, the country in which the relevant company is located and the applicable local legal or regulatory requirements.

We generally keep all of this information for up to 7 years from the last time you visited the Account also because you can keep your cryptocurrencies in the Account and you may need this information if something happens.

We destroy, or anonymize, personal data (i) when the purposes of processing have been achieved, (ii) when it is no longer necessary to achieve the purpose of processing, or (iii) upon request from the data subject within 30 calendar days.

After 7 years of inactivity of the Account (last login) or the last transaction, we delete the Account and the data we hold. The inactivity check occurs each time you log in to the Account, restore access, make a transaction using the App.

We may on exception retain your information for longer periods than those stated above, particularly where we need to withhold destruction or disposal based on an order from courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that we will be able to produce records as evidence, if they are needed.

5. MARKETING.

Upon signing up to our newsletter, you will give your consent to hear from us regarding news about the cryptocurrency industry or other relevant topics but excluding direct marketing. We will send you information which we believe may be of interest to you by email. If you change your mind about how you would like us to contact you, or you no longer wish to receive material from us, you can simply unsubscribe from our emails by clicking “unsubscribe” in any emails we have sent.

In case we would processing your personal information for direct marketing, you have a right to object at any time to the processing of your personal information for direct marketing purposes, including profiling you for the purposes of direct marketing.

6. RELATIONSHIPS RELATING TO THE TRANSFER OF PERSONAL INFORMATION.

We will not sell or rent your personal information. We will not share your information with third parties for their own marketing purposes without your permission. We may transfer your personal information in limited circumstances, such as the conduct of our business, when required by law, or with your consent.

Your information may be shared with and processed by other companies of our group. We will not transfer your personal information outside of our Company or group of companies, except as follows:

a) Where required to provide your product(s) or service(s).

b) If the maintenance and technical support of the App will be performed by another organization that is committed to comply with this Policy just as we would.

c) When necessary to comply with legal requirements and to protect the Company and others, which include situations where sharing is required by law or regulations, or we believe that sharing will help protect the safety, property or rights of Appia Solutions DMCC., our customers, our employees or others. For example:

- helping recovering funds that have entered your account as a result of a misdirected payment by such a third party;

- Protecting the health or safety of Users;

- Combating crimes committed against the Company property or the organization that provides maintenance and technical support for the App;

- Detecting and eliminating fraud or financial risks;

- Providing personal information to law enforcement agencies, debt collection agencies, credit reference and fraud prevention agencies upon their written request;

- In response to a search warrant or other valid legal request;

- Responding to actions, requests, acts of investigative authorities in cases of breach of agreement, policies, or Terms of Use or violation of law or regulations.

d) In the event of a merger, sale or reorganization of all or part of our business (including transfers made in bankruptcy proceedings), personal information about you may be transferred to the successor business. We will use reasonable and necessary measures to ensure that any successor business treats your information in accordance with this Policy.

e) At your request, we may send a copy of the information we process about you to the email address registered in your Account at the time of the request, within a period of up to calendar 30 days. The exception is a static assignable key, as this information is secret and provides security against fraud or other misconduct against you and the Company.

If you ask us to, we will also share information with any third party that provides you with account information or payment services. We are not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you. In the event that any additional authorised users are added to your account, we may share information about the use of the account by any authorised user with all other authorized users.

7. TRANSFERRING INFORMATION OVERSEAS.

We may transfer your information to, or your information may be collected directly by, organisations in other countries (including other companies of our group) on the basis that anyone to whom we pass that information or who collects it directly protects it in the same way we would and in accordance with applicable laws. In the event that we transfer information to countries which are not covered by the General Data Protection Regulation (GDPR) or the Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data, we will only do so where:

- the European Commission or the UAE (or the United States depending of your country of residence) has decided or indicated that the country or the organisation we are sharing your information with will protect your information adequately;

- the transfer has been authorised by the relevant data protection authority.

8. THE RIGHT OF THE DATA SUBJECT TO REFUSE TO PROVIDE DATA.

Where we rely on your permission to process your personal information, you have a right to refuse to provide your data or/and to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities. Please note that in some cases, if you do not agree to provide your information, it may not be possible for us to open an Account for you, to continue to operate your Account and/or to provide certain products and services to you.

9. OBTAINING YOUR PERSONAL INFORMATION, UPDATING IT AND REQUESTING TO DELETE IT.

9.1 You may request and receive information about the applicable processing methods, personal data, the amount, timing of processing and storage and other data required by law or regulations that apply to you based on your citizenship or location if you are stateless. In order to do this, you need to make a correct request and send it to e-mail: DPO@Jiggle.app.

When you contact us, be sure to include your full registered email address so we may contact you back. We will do our best to answer you within a reasonable period of time.

Correct and official request is a request from the subject of personal data, which is sent from the email used for registration in the App.

For government agencies and organizations, a correct and official request is a request sent to us in the manner prescribed by the Laws of UAE, which includes:

Name of the organization, date of the request, title of the person making the request, contents of the request with references and reasons why we are required to provide the data available to us or take other action. Such request shall be deemed to be valid if it contains the above information and is sent in original hard copy to: APPIA SOLUTIONS DMCC, with its address at Unit No: BA12, DMCC Business Centre, Level No 1, Jewellery & Gemplex 3, Dubai, United Arab Emirates.

Please note that in some cases, if you do not agree to the way we process your information, it may not be possible for us to continue to operate your account and/or provide certain products and services to you through the App.

9.2 You have a right to data portability. Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal information you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. We are not responsible for any such third party’s use of your Account information, which will be governed by their agreement with you and any privacy statement they provide to you.

9.3 We may also delete or anonymize personal information and all or part of your information at your request, which may make you unable to use the App. All of this is available by sending an email to: DPO@Jiggle.net and complying with the correctness and formality of the request as described in Section 9.1. Please note that we will only comply with such requests to the extent it is legally obligated to and depending on your Account activity until that date, certain personal data may be maintained in accordance with anti-money laundering and counter-terrorist financing legislation.

9.4 We provide you with various ways to access, rectify or update your personal information, including contact and Account information. We also take reasonable steps to ensure that your personal information is accurate and complete. However, if you believe that any of the information that we hold about you is inaccurate, you have a right to request that we restrict the processing of that information and to rectify the inaccurate personal information.

You can access, rectify, delete or update your personal information, including contact or Account information and/or object to us processing your personal information (and request us to restrict processing):
- under "account recovery" in the App;
- by contacting us at DPO@jiggle.app.

Please describe the information you wish to access, delete, change and/or you wish us to restrict processing in your request. In any case, you will be required to provide proof of your identity (to ensure we are dealing with the account owner).

We will provide you with the requested personal information, make the changes, and/or make the deletion requested, if it is reasonably available/possible, unless it violates the privacy of others and/or it is subject to reasonable restrictions imposed by law, regulations and/or internal procedures. Otherwise, we will describe the types of information we have collected. and/or provide an explanation of what action we can take with respect to the request.

We will restrict processing the requested information unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests, or where we need to process your information to investigate and protect us or others from legal claims. Depending on the circumstances, we may need to restrict or cease processing your personal information altogether or, where requested, delete your information. You have a right to request that we delete your personal information. However, please note that deleting your Account on the app, does not imply withdrawal of your consent to the processing of your personal data.

Please also note that if you request us to delete your information or restrict processing your information, we may have to suspend the operation of your Account and/or the products and services we provide to you.

9.5 California residents

Pursuant to the California Consumer Privacy Act of 2018 (CCPA) subject to a submitting a verifiable request to DPO@Jiggle.app, you shall have the right to:

- Request that we disclose the categories and specific pieces of personal information we have collected from or about you, as well as, the purpose for which it is collected and categories of third parties with whom that information has been shared;

- Request that we delete any personal information about you which we have collected, unless exceptions apply.

If we sell your personal information, or discloses it for a business purpose to third parties, you have the right to request that we disclose to you the categories of personal data collected, sold or disclosed to third parties.

We shall not sell personal information about a consumer to a third party unless the consumer has received explicit notice and is provided an opportunity to exercise the right to opt-out.

10. HOW TO PROTECT YOUR PERSONAL INFORMATION.

10.1 We recognize the importance of keeping our users' personal information secure. We use reasonable security measures, including physical, administrative and technical security measures to protect your personal information.

We have employees who are responsible for ensuring the security of your information. The measures we take may include access controls or other physical security measures, information security technology and policies, and procedures to help ensure that information is properly deleted.

Here are some examples of security measures we use to protect your personal information:

- A password or biometric data is required to access your Account. The password is up to you.

- An encryption technology called Secure Sockets Layer (SSL) helps protect personal information in certain areas of our App during transmission over the Internet. These guidelines may not be present in mobile services that use SSL.

technologies such as: ECDSA, EDDSA, AES, Homomorphic encryption.

- Our partners takes necessary technical and organizational measures to ensure security of biometric data processing. After the biometric data is processed it is converted into a static depersonalized digital key. If intruders get such a key, they will not be able to access the personal data, which includes only the stored e-mail address. This is so because the learning mode when logging into an Account, or registering uses an artificial neural network which learns to transform a set of input images into a given User key, and images not belonging to the User into random "white noise" on each of the outputs of the artificial neural network. In the key reconstruction mode, the unit takes as input a set of vectors of biometric parameters and converts them into a biometric private key. When a biometric image of a previously registered User is fed to the input, a cryptographic key will be received at the output, and random "white noise" will be received for other images.

10.2 You undertake not to disclose to third parties the specific email address and password you use for identification in our website and App where this Policy is posted.

You undertake to ensure due diligence in the storage and use of login data (including, but not limited to: using licensed antivirus programs, using complex alphanumeric combinations when creating a password, not making available to third parties a computer or other equipment on which your login data is auto saved, etc.) as well as authentication devices for our website and App.

If we have any suspicions or credible reports that your Account has been used by a third party or malicious software, we will be forced to unilaterally change or reset your authentication credentials.

11. LODGE COMPLAINTS.

If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Officer who will investigate the matter. We hope that we can address any concerns you may have. However, if you wish to raise a complaint on how we have handled your personal information, you can also contact your relevant government office, for example the Information Commissioner’s Office (ICO - ico.org.uk) if you are a UK customer, or the Federal Trade Commission (FTC) if you are if you are a US customer.

12. CHILD PRIVACY.

The Company fully recognizes the importance of protecting and respecting the privacy of children, especially in an electronic communication environment. Our App is not intended for people under the age of 18. It is our policy never to knowingly collect or maintain information from anyone under the age of 18.

Please contact us if you believe we may have collected information from your child through our website by email: DPO@Jiggle.app and we will do our best to remove it.

13. HOW WILL YOU KNOW IF THIS POLICY CHANGES?

We have the right to change all or part of this Policy, at any time, by posting a new version of it when you download the App from the applicable resources and on the website/App itself.

The effective date of the updated Policy shall be the next business day after the date of publication of the update. The date of publication of the update is specified at the end of this Policy.

Please check our Privacy Policy periodically for changes. Please note that in some cases, if you do not agree to such changes it may not be possible for us to continue to operate your Account and/or provide certain products and services to you through the App. We will endeavour to provide additional notice of significant updates via the email address used when you registered your backup or otherwise.

Publication date: 7th February, 2023