Privacy Policy

Last Updated: [2026-02-01]

This Privacy Policy (“Policy”) explains how PengoPay collects, uses, discloses, and protects information in connection with the services provided under the PengoPay brand (the “Services”).PengoPay is operated by Pengo Technologies Ltd, a company incorporated in Abu Dhabi Global Market (ADGM) (“Pengo”, “we”, “us”, or “our”).By accessing or using the Services, you acknowledge that you have read and understood this Policy.

1. Scope of This Policy

This Policy applies to information collected through:

• the PengoPay website;

• applications, dashboards, or APIs operated by PengoPay;

• communications with users in connection with the Services.

This Policy does not apply to third-party services or websites that may be linked to or integrated with the Services.

1. Information We Collect

2.1 Information You Provide

PengoPay is designed to operate with minimal data collection. We may collect limited information that you voluntarily provide, including:

• business or contact information (such as company name, email address, or contact person);

• communications sent to us (support requests, inquiries, or feedback).

PengoPay does not require users to submit government-issued identification documents or undergo full customer identity verification (KYC) as part of standard service access.

2.2 Technical and Usage Information

We may automatically collect limited technical information necessary for operating and securing the Services, such as:

• IP address or approximate location (for compliance and security purposes);

• device, browser, or system information;

• transaction-related metadata (excluding private keys or sensitive wallet credentials);

• log files, timestamps, and system activity records.

2.3 Blockchain Data

Transactions conducted via the Services may be recorded on public blockchain networks.PengoPay does not control, store, or modify information that is publicly available on a blockchain. Any information recorded on a blockchain is governed by the applicable blockchain network protocols.

1. How We Use Information

We use collected information solely for legitimate business and compliance purposes, including to:

• operate, maintain, and improve the Services;

• provide technical support and respond to inquiries;

• ensure platform security and prevent misuse;

• comply with applicable legal and regulatory obligations, including anti-money laundering (AML) requirements where applicable;

• enforce our Terms of Service and other agreements.

We do not sell personal data or use collected information for advertising or marketing profiling.

1. Legal Basis for Processing

Where applicable, we process information based on one or more of the following legal grounds:

• performance of a contract or provision of requested services;

• compliance with legal or regulatory obligations;

• legitimate interests in operating a secure and compliant technology platform.

1. Data Sharing and Disclosure

We may share limited information only in the following circumstances:

• with licensed third-party service providers acting on our behalf (such as infrastructure, security, or compliance service providers);

• with fiat on-ramp and off-ramp partners, where required for transaction processing (subject to their independent privacy policies);

• where required by applicable law, regulation, or lawful request from a competent authority.

PengoPay does not share user data with third parties for commercial or advertising purposes.

1. International Data Transfers

As a global technology platform, PengoPay may process information in multiple jurisdictions.Where data is transferred across borders, PengoPay implements reasonable safeguards to protect information in accordance with applicable data protection principles.

1. Data Retention

We retain information only for as long as necessary to:

• provide the Services;

• comply with applicable legal, regulatory, or contractual obligations;

• resolve disputes and enforce agreements.

Retention periods may vary depending on the nature of the information and applicable laws.

1. Data Security

PengoPay implements technical and organizational measures designed to protect information against unauthorized access, loss, misuse, or alteration.However, no system can be guaranteed to be completely secure, and users acknowledge the inherent risks associated with digital technologies and blockchain-based systems.

1. Restricted Jurisdictions

The Services are not available to residents or entities located in certain jurisdictions, including Singapore and the United States, as further described in the Terms of Service.Users are responsible for ensuring that their use of the Services complies with applicable local data protection and privacy laws.

1. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your information, including the right to request access, correction, or deletion of information we hold about you.Requests may be submitted by contacting us using the details below. We may require additional information to verify and process such requests.

1. Third-Party Services

This Policy does not apply to services operated by third parties, including blockchain networks or fiat service providers. We encourage users to review the privacy policies of any third-party services they use.

1. Changes to This Policy

We may update this Policy from time to time. Any changes will be posted on our website with an updated “Last Updated” date.Continued use of the Services after any update constitutes acceptance of the revised Policy.

1. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:Pengo Technologies Ltd Compliance / Privacy Contact Email: [email protected]