ALCHEMY PRIVACY POLICY

1. SCOPE

This Privacy Policy applies to information processed by Alchemy in connection with the Services. It does not apply to third-party services (e.g., cryptocurrency exchanges, wallets, payment processors) that you connect to the Services, which are governed by their own privacy policies.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We may collect information you voluntarily provide, including:

• Account Information: name, username, email address, password (hashed), MFA configuration, account preferences.
• Contact & Support: communications with support, feedback, bug reports, surveys.
• Billing Information: billing name, billing address, subscription plan, payment status. Payment card data is processed by third-party payment processors; Alchemy does not store full card numbers.
• Configuration Data: portfolio settings, automation rules, strategy parameters (e.g., AMP, CryptoTree, rebalancing rules, cold-storage transfer rules), webhook URLs.
• Identity/Verification (if applicable): limited information required for fraud prevention, compliance, or account recovery (where legally permitted).

2.2 Information Collected Automatically

When you use the Services, we may automatically collect:

• Device & Technical Data: IP address, device identifiers, operating system, browser type, app version, Box firmware version, time zone, language.
• Usage & Log Data: feature usage, timestamps, error logs, API calls, performance metrics, interaction events.
• Network & Connectivity Data: latency, uptime, connectivity state, and related diagnostics necessary to operate automation and hardware features.
• Cookies & Similar Technologies: see Section 7.

2.3 Information From Third Parties

We may receive limited information from:

• Payment Processors: confirmation of payment, subscription status, chargebacks.
• Exchanges & APIs (Via You): market data, balances, order status, and execution results as authorized by your API permissions.
• Analytics & Infrastructure Providers: aggregated or technical data to help operate and secure the Services.

Important: Alchemy does not take custody of your cryptocurrency private keys and does not require or store your wallet private keys or exchange account passwords. You control API permissions and scope.

3. HOW WE USE INFORMATION

We use information to:

• Provide & Operate the Services (accounts, automation, hardware connectivity, dashboards).
• Execute User-Configured Automation (e.g., trading via APIs, portfolio rules, AMP configurations, CryptoTree schedules, cold-storage transfer logic).
• Security & Fraud Prevention (detect abuse, unauthorized access, attacks).
• Customer Support & Communications (respond to inquiries, service notices).
• Billing & Subscriptions (process payments, manage plans).
• Improve & Develop Services (debugging, analytics, feature improvements).
• Legal & Compliance (comply with laws, enforce Terms of Service).
• Aggregated Analytics (de-identified or aggregated insights that do not identify you).

4. LEGAL BASES FOR PROCESSING (EEA / UK USERS)

Where applicable under GDPR/UK GDPR, Alchemy processes personal data based on:

• Contractual Necessity (to provide the Services).
• Legitimate Interests (security, fraud prevention, service improvement).
• Consent (marketing communications, certain cookies).
• Legal Obligation (tax, accounting, regulatory compliance).

5. DISCLOSURE OF INFORMATION

We may disclose information as follows:

5.1 Service Providers

To vendors who perform services on our behalf (hosting, analytics, email delivery, customer support, payment processing), under contractual confidentiality and security obligations.

5.2 Exchanges & Third Parties You Authorize

Information is shared at your direction when you connect Exchanges, APIs, webhooks, or third-party tools.

5.3 Legal & Safety

When required to comply with law, regulation, subpoena, court order, or to protect the rights, property, or safety of Alchemy, users, or others.

5.4 Business Transfers

In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality protections.

5.5 Aggregated / De-Identified Data

We may share aggregated or de-identified information that cannot reasonably identify you.

6. WHAT WE DO NOT DO

• We do not sell your personal information.
• We do not custody your crypto private keys.
• We do not access Exchange accounts beyond the API permissions you explicitly grant.
• We do not guarantee anonymity when interacting with blockchains or Exchanges (which may be inherently public or regulated).

7. COOKIES & TRACKING TECHNOLOGIES

We use cookies and similar technologies to:

• Maintain sessions and security.
• Remember preferences.
• Analyze usage and performance.

You can control cookies through your browser settings. Disabling cookies may affect functionality.

8. DATA RETENTION

We retain personal information only as long as necessary to:

• Provide the Services,
• Comply with legal obligations,
• Resolve disputes,
• Enforce agreements.

Retention periods vary based on data type, legal requirements, and operational needs. Some data may persist in backups for a limited time.

9. DATA SECURITY

We implement administrative, technical, and organizational safeguards designed to protect information, including:

• Encryption in transit,
• Access controls,
• Monitoring and logging,
• Secure development and deployment practices.

However, no system is 100% secure. You are responsible for securing your credentials, devices, local network, API keys, and hardware environment.

10. USER RESPONSIBILITIES

You are responsible for:

• Maintaining accurate account information.
• Protecting passwords, MFA devices, API keys, and recovery codes.
• Correctly configuring automation, transfer rules, and permissions.
• Understanding that misconfiguration may result in irreversible financial loss.

11. INTERNATIONAL DATA TRANSFERS

Alchemy may process and store information in the United States and other countries. Where required, we use appropriate safeguards (e.g., standard contractual clauses) to protect cross-border transfers.

12. YOUR PRIVACY RIGHTS

12.1 General Rights

Depending on your location, you may have the right to:

• Access your personal data,
• Correct inaccurate data,
• Delete data,
• Restrict or object to processing,
• Data portability.

12.2 California (CCPA/CPRA)

California residents have the right to:

• Know what personal information is collected and how it is used,
• Request deletion,
• Opt out of ƒ?osaleƒ?? or ƒ?osharingƒ?? (Alchemy does not sell personal data),
• Non-discrimination for exercising rights.

12.3 Exercising Rights

Submit requests to: privacy@alchemycrypto.com

We may verify your identity before fulfilling requests.

13. MARKETING COMMUNICATIONS

You may opt out of promotional emails at any time by using the unsubscribe link or contacting us. Service-related communications (e.g., security notices, billing) may still be sent.

14. CHILDRENƒ?TS PRIVACY

The Services are not directed to children under 18. We do not knowingly collect personal information from children. If we learn we have done so, we will delete it.

15. THIRD-PARTY LINKS

The Services may contain links to third-party sites or services. We are not responsible for their privacy practices.

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Material changes will be posted with an updated ƒ?oLast Updatedƒ?? date and, where required, additional notice. Continued use of the Services constitutes acceptance of the updated policy.

17. RELATIONSHIP TO TERMS OF SERVICE

This Privacy Policy should be read together with the Alchemy Terms of Service, which govern your use of the Services. In the event of conflict, the Terms of Service control regarding service usage, and this Privacy Policy controls regarding personal data handling.

18. CONTACT INFORMATION

Alchemy Crypto, Inc.

Attn: Privacy Officer

[Street Address]

[City, State, ZIP, Country]

Email: privacy@alchemycrypto.com

Support: support@alchemycrypto.com