Privacy Policy

Effective Date: January 17, 2026

Table of Contents

1. Introduction

Welcome to ReFi Technologies ("Company," "we," "our," or "us").

This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website at https://refi2.com ("Site") or use any of our services, including the purchase, holding, staking, or use of the REFI2 Token and associated smart contracts (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy and consent to the collection and use of your information as described herein.

If you do not agree, please discontinue use of our Services immediately.

2. Scope and Applicability

This Privacy Policy applies to all data collected through:

  • The REFI2 and ReFi Technologies websites and applications;
  • Our staking and wallet interfaces;
  • Any KYC/AML verification portals;
  • Direct communications with our representatives; and
  • Any related platforms or integrations managed by ReFi Technologies.

This Policy does not apply to third-party services, applications, or websites that are not owned or controlled by ReFi Technologies.

3. Information We Collect

We collect information in several ways, depending on how you interact with our Services:

A. Information You Provide Directly

When you register, invest, stake, or otherwise interact with the Services, we may collect:

  • Identification Data: Full name, date of birth, nationality, and government-issued ID documents (e.g., passport, driver's license).
  • Contact Information: Email address, phone number, and residential address.
  • Financial Information: Wallet addresses, payment details, and bank information for deposits or withdrawals.
  • Verification Data: Documents, photos, or video used for KYC/AML compliance.
  • Communications: Emails, chat messages, or inquiries submitted through our Site or social platforms.

B. Information Collected Automatically

When you access the Site, we may automatically collect:

  • Usage Data: IP address, browser type, device identifiers, referral URLs, and pages visited.
  • Cookies & Tracking: Session cookies and analytics tools to improve user experience and measure website performance.
  • Blockchain Interaction Data: Wallet public addresses, transaction hashes, and interaction logs with our smart contracts.

C. Information from Third Parties

We may receive data from:

  • Identity verification providers (for KYC/AML);
  • Blockchain analytics firms for fraud detection and transaction screening;
  • Business partners or referral programs.

4. How We Use Your Information

We process collected information for the following purposes:

  • Service Delivery – To operate and provide access to the REFI2 platform and related staking functionality.
  • Compliance – To perform identity verification, anti-money laundering (AML), and counter-terrorist financing (CTF) checks in accordance with applicable law.
  • Transaction Processing – To facilitate token purchases, redemptions, and staking payouts.
  • Communication – To send you administrative, transactional, or promotional messages related to our Services.
  • Analytics & Improvement – To monitor system performance, detect fraud, and improve our Services.
  • Legal Obligations – To comply with requests from regulators, law enforcement, or courts where required.
  • Security – To protect accounts, prevent unauthorized access, and mitigate cybersecurity risks.

6. How We Share Information

We may share your data in limited circumstances with:

  • Service Providers: Cloud hosting, KYC/AML providers, payment processors, and blockchain analytics partners.
  • Corporate Affiliates: Subsidiaries, parent companies, or affiliated entities (e.g., Canadian or offshore entities under the ReFi group).
  • Regulators or Law Enforcement: When required to comply with applicable laws or legal orders.
  • Professional Advisors: Auditors, lawyers, and consultants under confidentiality agreements.
  • Business Transfers: If we merge, acquire, or sell part of our business, your data may be transferred to the new entity.

We do not sell personal data to third parties.

7. International Data Transfers

As ReFi Technologies operates globally, your data may be transferred to and stored in jurisdictions outside of your home country, including Canada and the European Union.

Where required, we implement safeguards such as Standard Contractual Clauses (SCCs) or equivalent data protection mechanisms to ensure your data is protected consistently with this Policy.

8. Data Retention

We retain your information for as long as necessary to:

  • Provide Services and maintain accounts;
  • Comply with legal and regulatory obligations (including AML recordkeeping requirements);
  • Resolve disputes and enforce our agreements.

KYC and transaction data may be stored for up to seven (7) years following the termination of your relationship with us, or longer where required by law.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access a copy of your personal data;
  • Request correction or deletion;
  • Object to or restrict processing;
  • Withdraw consent where processing is based on consent; and
  • Request data portability.

You can exercise these rights by contacting us at investor@refi2.com.

We may request additional verification information before processing your request.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain session security;
  • Analyze website performance; and
  • Enhance user experience.

You can disable cookies via your browser settings, though some site functionality may be limited as a result.

11. Security of Information

We implement appropriate technical and organizational safeguards to protect your information, including:

  • Encryption in transit and at rest;
  • Multi-factor authentication;
  • Access control and employee confidentiality agreements;
  • Regular security audits and penetration testing.

Despite these measures, no system is entirely secure. By using our Services, you acknowledge that transmission of information over the internet involves inherent risks.

13. Children's Privacy

Our Services are not intended for persons under 18 years of age.

We do not knowingly collect personal information from minors.

If you believe a minor has provided data to us, please contact info@refi2.com for prompt deletion.

14. Changes to This Policy

We may update this Privacy Policy periodically.

When changes are made, we will revise the "Effective Date" at the top of this page and post the updated version on our website.

Material changes may also be communicated via email or in-app notifications.

15. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact:

ReFi Technologies

Attn: Privacy Officer

Email: info@refi2.com