Privacy & Data Protection Policy

1.1 "Personal Data"

Means any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

1.2 "Processing"

Means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

1.3 "Data Controller"

Means the natural or legal person which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

1.4 "Processor"

(Or "Sub-processor") means a natural or legal person that processes Personal Data on behalf of the Data Controller.

1.5 "Recipient"

Means any natural or legal person, public authority, agency, or other body to which Personal Data is disclosed.

3.1 Direct Collection

Your Personal Data is primarily collected directly from you in connection with:

• Your registration for and use of the Service (account creation, API key generation);
• Your interactions with the Service (transactions executed, features used, API calls made);
• Information you enter in data collection forms on the Service;
• Your communications and exchanges with the Company (support requests, inquiries);
• Your browsing of the Service and associated websites.

3.2 Automatic Collection

Certain Personal Data is collected automatically when you access or use the Service, through cookies, server logs, and similar technologies (see Section 8 below).

3.3 Indirect Collection from Third Parties

In limited circumstances, Personal Data may be collected from third parties, including:

• Third-party authentication providers in connection with your account registration;
• Blockchain data that is publicly available on the Solana network;
• Security and fraud prevention services.

3.4 Mandatory vs. Optional Data

As a matter of principle:

• If the Processing of your Personal Data is necessary for compliance with our legal or regulatory obligations, the collection of such Data is mandatory;
• If the Processing of your Personal Data is necessary for the performance of our contract with you (i.e., providing the Service), the communication of such Data is necessary, and failure to provide it may prevent us from providing the Service;
• If the Processing of your Personal Data is based on our legitimate interests, the communication of such Data is necessary for the pursuit of those interests;
• If the Processing of your Personal Data is subject to your consent, the communication of such Data is entirely optional (though failure to provide it may limit certain functionalities).

4.1 Account Information

4.2 API Usage Information

4.3 Transaction Information

4.4 Automatically Collected Information

4.5 Communication and Support Data

4.6 Information We Do NOT Collect

We do not collect:

• Full legal names, physical addresses, phone numbers, or government-issued identification (unless required by applicable law in the future);
• Private keys via the API (processed ephemerally but never stored — see Section 4.3);
• Plaintext passwords;
• So-called "special categories" of Personal Data within the meaning of Article 9 of the GDPR (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation);
• The content or nature of your trading strategies or business operations beyond what is technically necessary to execute your requested transactions.

6.1 Internal Access

We ensure that only authorized persons within the Company can access your Personal Data where such access is necessary for the performance of their functions, namely personnel in charge of engineering, security, support, administration, and legal.

6.2 Service Providers (Sub-processors)

We use trusted third-party service providers to help operate the Service. These providers process data only as instructed by us and are bound by data processing agreements:

6.3 Blockchain (Public by Nature)

When you execute transactions through the Service, certain information is inherently made public on the Solana blockchain, including wallet addresses, transaction amounts, token interactions, and transaction signatures. This is a fundamental characteristic of public blockchains and is not within our control. We do not publish any additional Personal Data to the blockchain beyond what is technically required for the transactions you request.

6.4 Legal Requirements

We may disclose your Personal Data if we believe in good faith that such disclosure is necessary to:

• a Comply with applicable law, regulation, legal process, or governmental request;
• b Enforce our Terms of Use or investigate potential violations;
• c Detect, prevent, or address fraud, security, or technical issues;
• d Protect the rights, property, or safety of Launchpad Trade, our users, or the public.

We will consider the applicable provisions, the nature of the request, its legitimacy, and the proportionality of the information requested before making any such disclosure.

6.5 Professional Advisors

Your Personal Data may be shared with our professional advisors (legal, financial, accounting) where necessary for the conduct of our business, including the management of pre-litigation and litigation.

6.6 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.

6.7 Limitation

The Recipients referred to above are not necessarily Recipients of all your Personal Data, but only of the data necessary for the purpose requiring such communication.

7.1 Security Measures

We implement appropriate organizational and technical security measures, taking into account the categories of Personal Data processed, the state of knowledge, the costs of implementation, and the nature, scope, context, and purposes of the Processing, as well as the risks of varying likelihood and severity for your rights and freedoms:

• Encryption in transit: All communications between your device and our servers are encrypted using industry-standard transport layer security (HTTPS).
• Encryption at rest: Sensitive data is encrypted at rest using industry-standard encryption algorithms and hardware-backed key management.
• Network security: Database and internal service access is restricted to authorized application servers only, with network-level isolation.
• Access controls: Role-based access controls for internal systems; secrets and credentials are managed through dedicated secrets management infrastructure with environment isolation.
• Infrastructure: Deployment includes automated security scanning, dependency auditing, and container image verification.
• Privacy by design and by default: When developing, designing, selecting, and using the services we offer, we take into account the right to the protection of Personal Data by design and by default.

7.2 No Absolute Guarantee

No security system is impenetrable. Due to the inherent difficulties of operating on the Internet and the risks resulting from the transmission of data by electronic means, we cannot guarantee absolute security. In the event of a security incident, the Company will make its best efforts to limit risks and take all appropriate measures in accordance with its legal and regulatory obligations (corrective actions, notification to the relevant supervisory authority and, where appropriate, to the affected persons).

7.3 Reporting Security Issues

If you become aware of any security breach or vulnerability, please contact us immediately at: security@launchpad.trade

8.1 Essential Cookies

We use strictly necessary cookies for:

• Session management and authentication;
• Security (CSRF protection);
• User preference storage (e.g., fee mode settings).

These cookies are necessary for the provision of the Service and do not require your consent. Their use is based on our legitimate interest in enabling you to browse our Service and benefit from the functionalities offered.

8.2 Analytics

We may use anonymized, aggregated analytics to understand how the Service is used and to improve it. Where such analytics involve cookies or similar technologies that are not strictly necessary, their use is subject to your prior consent.

We do not use third-party advertising trackers. We do not display targeted advertisements.

8.3 Your Choices

Most browsers allow you to refuse or delete cookies. However, disabling essential cookies may impair the functionality of the web application. You may withdraw your consent to non-essential cookies at any time without affecting the lawfulness of Processing based on consent before its withdrawal.

8.4 Cookie Lifetime

Essential cookies: duration of session or up to 30 days for persistent preferences. Analytics cookies (if consented): maximum 6 months from deposit.

9.1 Your Rights

Depending on your jurisdiction and subject to conditions defined by applicable law, you have the following rights regarding your Personal Data:

• Right of access: You can obtain confirmation as to whether Personal Data concerning you is being processed and, where that is the case, access to such Personal Data along with information about the Processing.
• Right of rectification: You may request the correction of inaccurate Personal Data or the completion of incomplete Personal Data.
• Right to erasure ("right to be forgotten"): You may, in certain circumstances, request the erasure of your Personal Data (unless retention is necessary for the performance of our contractual obligations, compliance with legal obligations, or the establishment, exercise, or defense of legal claims).
• Right to restriction of Processing: You may request restriction of the Processing of your Personal Data in certain situations, allowing you to request the marking of your stored Data to limit further Processing.
• Right to data portability: You have the right, under certain conditions, to receive the Personal Data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to have such Data transmitted to another controller where technically feasible. This right applies only to Processing based on consent or the performance of a contract, and carried out by automated means.
• Right to object: You may object to the Processing of your Personal Data for reasons related to your particular situation, where the Processing is based on legitimate interests. We will cease the Processing unless we demonstrate compelling legitimate grounds for the Processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
• Right to withdraw consent: Where Processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of Processing based on consent before its withdrawal.
• Right to define post-mortem directives: Where applicable under your local law (e.g., French law), you may establish directives regarding the retention, erasure, or disclosure of your Personal Data after your death.

9.2 Limitation — Blockchain Data

9.3 How to Exercise Your Rights

To exercise any of these rights regarding the Processing of your Personal Data by the Company, contact us:

By email: privacy@launchpad.trade

Please include sufficient information to allow us to verify your identity and specify which right(s) you wish to exercise. In the event of reasonable doubt as to the identity of the person making the request, we may request additional information to confirm your identity.

We will respond as soon as possible and in any event within 30 days from receipt of your request. If necessary, this period may be extended by up to two additional months, taking into account the complexity and number of requests received, in which case you will be informed of the extension and its reasons.

9.4 Supervisory Authority

If you believe that the Processing of your Personal Data is not carried out in accordance with applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority in your jurisdiction. For example:

• EU/EEA residents: Your local data protection supervisory authority (e.g., CNIL in France, BfDI in Germany, ICO in the United Kingdom).
• A full list of EU/EEA supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

11.1 Processing Locations

The Service operates globally with infrastructure in multiple regions (Europe, North America, and Asia). Your data may be transferred to and processed in countries other than your country of residence.

11.2 Safeguards

Some Recipients of your Personal Data are established in countries recognized by the European Commission as providing an adequate level of data protection (see European Commission adequacy decisions).

Where the country of the Recipient does not benefit from an adequacy decision, we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Data processing agreements with all service providers;
• Technical safeguards including encryption in transit and at rest.

11.3 Additional Bases

Transfers of Personal Data outside the European Union may also be lawful if the transfer is necessary for the performance of a contract between you and the Company, or for the implementation of pre-contractual measures taken at your request.

A copy of the appropriate safeguards may be obtained by contacting us at: privacy@launchpad.trade

12.1 Third-Party Links

The Service may provide or contain links to third-party websites, services, or platforms (including decentralized exchange protocols, launchpads, and blockchain explorers). We have no control over, and cannot have control over, the activity of these sites and the policies they apply to the protection of your Personal Data. We encourage you to review the privacy policies of these sites before you interact with them.

12.2 Social Media

The Company may maintain pages on social media platforms (including X/Twitter, Telegram, Discord, and others). If you interact with these pages, your Personal Data may be processed by the relevant social media platform in accordance with its own privacy policy. The Company does not control the Processing of Personal Data carried out by social media platforms and cannot be held liable for such Processing.

12.3 Blockchain Protocols

When you use the Service to interact with third-party smart contracts, decentralized exchanges, or launchpad protocols, your transaction data becomes part of the public blockchain record. The Company is not responsible for the Processing of Personal Data by these third-party protocols or by other blockchain participants.