> For the complete documentation index, see [llms.txt](https://graphdex-1.gitbook.io/graphdex-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://graphdex-1.gitbook.io/graphdex-docs/legal/privacy-policy.md). # Privacy Policy **How GraphDex Limited collects, processes, and protects your personal data — and the rights you have over it.** GRAPHDEX PRIVACY POLICY {% hint style="info" %} **Last Updated:** April 22, 2026 This Policy is part of the Terms of Use. Please review it together with the Terms. {% endhint %} ## 1. Introduction GraphDex Limited ("GraphDex", "we", "us" or "our") is a company incorporated and registered in Hong Kong Special Administrative Region (Company Registration No. \[INSERT]). We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy (the "Policy") describes the types of information we may collect from you or that you may provide when you use the GraphDex interface (the "WebApp"), our website at (the "Website"), and any mobile applications to which this Policy is linked (collectively, the "Platform"), and our data collection and handling practices. Please read this Policy carefully. When you visit the Website or use any of the Platform's features, you agree to the collection, use, and disclosure of your information as described in this Policy. If you do not understand or agree to this Policy, please do not use or access the Platform. This Policy is part of the Terms of Use applicable to the use of our Platform. Please review this Policy together with the Terms of Use to understand all of your rights and obligations and how we operate the Platform. ## 2. Global Applicability This Privacy Policy applies to all users of the Platform worldwide. GraphDex Limited is established in Hong Kong and processes personal data primarily in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong ("PDPO"), including the six Data Protection Principles ("DPPs") set out therein. Where users located in other jurisdictions access or use the Platform in a manner consistent with our Terms of Use, we endeavour to process their personal data in accordance with the broadly recognised principles of data protection applicable in their jurisdiction, including transparency, data minimisation, purpose limitation, security, and user control. Users are responsible for ensuring their access to and use of the Platform complies with applicable laws in their own jurisdiction. {% hint style="warning" %} THE PLATFORM IS NOT DIRECTED AT AND MAY NOT BE USED BY RESIDENTS OF THE UNITED STATES OF AMERICA, THE EUROPEAN UNION, OR ANY OTHER RESTRICTED JURISDICTION, AS DEFINED IN OUR TERMS OF USE. WE DO NOT KNOWINGLY TARGET, MARKET TO, OR COLLECT PERSONAL DATA FROM RESIDENTS OF THOSE JURISDICTIONS. ANY REFERENCE IN THIS POLICY TO INTERNATIONALLY RECOGNISED DATA PROTECTION PRINCIPLES IS MADE FOR PURPOSES OF GOOD PRACTICE ONLY AND DOES NOT CONSTITUTE A SUBMISSION TO THE JURISDICTION OF ANY FOREIGN DATA PROTECTION AUTHORITY, INCLUDING THE EUROPEAN DATA PROTECTION BOARD OR ANY EU/EEA NATIONAL SUPERVISORY AUTHORITY. {% endhint %} ## 3. Data Controller The data controller responsible for your personal data is: **GraphDex Limited** \[Registered Address], Hong Kong SAR Company Registration No.: \[INSERT] Privacy enquiries: GraphDex Limited may appoint a Data Protection Officer (DPO) or external data protection adviser to assist with PDPO compliance. If appointed, DPO contact details will be published at . ## 4. Basis for Processing Personal Information We may process your personal information based on one or more of the following grounds, depending on the type of data and the purpose of processing: * **Your consent** — where required by applicable law, we will ask for your explicit consent before processing your personal data for a specific purpose. You may withdraw consent at any time without affecting the lawfulness of prior processing. * **Performance of a contract** — processing is necessary to provide the Platform and the services you have requested, or to take steps at your request prior to entering into an agreement with you. * **Compliance with a legal obligation** — processing is necessary to comply with applicable legal obligations, including those under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) ("AMLO"), the PDPO, the United Nations Sanctions Ordinance (Cap. 537), and other applicable laws and regulations. * **Legitimate business interests** — processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include: providing and improving the Platform; maintaining security and preventing fraud; conducting analytics; communicating with users about services; and complying with industry best practices. Where we rely on legitimate interests, you have the right to object to such processing. Where we rely on consent, you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. ## 5. Prohibited Users and Jurisdictions Our Platform is not available to Restricted Persons or users located in Restricted Jurisdictions, as defined in our Terms of Use. We do not knowingly collect, process, or retain personal data from Restricted Persons. If we discover that we have inadvertently collected personal data from a Restricted Person, we will: (a) promptly suspend that person's access to the Platform; (b) take reasonable steps to delete the personal data to the extent permitted by applicable law; and (c) report the matter to relevant authorities where required by applicable law, including the JFIU where AML/CTF obligations apply. By using the Platform, you represent and warrant that you are not a Restricted Person and are not located in a Restricted Jurisdiction. You accept sole responsibility for any false representation in this regard, and GraphDex Limited bears no liability for any consequences arising from your misrepresentation. ## 6. Information We Collect and How We Use It When you use or access the Platform, we collect information about you from a variety of sources: directly from you, automatically through your use of the Platform, and from third parties. In addition to the specific uses described below, we may use this information to provide and improve the Platform, maintain our business relationship, comply with applicable legal obligations, enforce our Terms of Use, and protect our rights and the rights of our users. ### 6.1 Information You Provide Directly Some features of the Platform require you to directly provide certain information. You may elect not to provide this information, but doing so may prevent you from using or accessing certain features. Information that you directly submit to us includes: * **Basic contact details**, such as your email address. We use this to create and maintain your account, provide the Platform, and communicate with you, as required to perform our contract with you and in our legitimate interests to communicate with you about services that may be of interest to you. * **Account information**, such as username, account picture, authentication credentials, and other profile information. We use this to provide the Platform and to create, maintain, and secure your account, as required to perform our contract with you. * **Blockchain wallet information** — your publicly accessible digital asset wallet address and publicly visible on-chain transaction data only. Wallet infrastructure (including private key generation, encryption, and storage) is provided exclusively by Privy, Inc. ("Privy"), our third-party embedded wallet infrastructure provider. GraphDex Limited receives and processes only your public wallet address and publicly visible on-chain data. We do not receive, access, or process your private keys, seed phrases, or any other wallet credentials at any time. We use wallet address information to provide the Platform, to screen wallet addresses for AML/CTF compliance using third-party blockchain analytics tools, and to enable you to transact through the Platform. * **Transaction data**, such as the type of asset you trade, the amount, timestamp, and other transaction information. We use this to provide the Platform and support your transactions, as required to perform our contract with you. * **KYC/AML verification documents**, where we exercise our right to conduct verification under applicable law, which may include government-issued identification, proof of address, source of funds documentation, or other materials. * **Communications you send to us**, including support requests, survey responses, and messages, which we use in our legitimate interests to respond to your enquiries and improve our services. ### 6.2 Information We Collect Automatically We and third parties use cookies and other tracking technologies to automatically collect certain information about your interactions with the Platform. This information is collected with your consent where required under applicable law, or on the basis of our legitimate interests to maintain security, prevent fraud, and improve the Platform. * **Device and technical data** — device type, operating system, browser type and version, unique device identifier, and internet protocol (IP) address. * **Usage data** — pages visited, features used, date/time stamps, and other information about how you interact with the Platform. * **Browser characteristics** — browser type, version, and configuration data used exclusively for fraud prevention and security purposes. * **Location data** — approximate geographic location derived from IP address. * **Tracking data** — information collected through cookies, web beacons, pixel tags, embedded scripts, and log files. See Section 11 for details. We do not collect International Mobile Equipment Identity (IMEI) numbers or device advertising identifiers (such as IDFA or Google Advertising ID) for advertising or profiling purposes. Such identifiers may be processed solely where required for security or fraud prevention purposes and only with appropriate consent where required by applicable law. ### 6.3 Information We Collect From Third Parties and Public Sources We may obtain information about you from the following external sources: * **Publicly available blockchain data** — wallet addresses, transaction IDs, amounts, and timestamps that are permanently and publicly recorded on blockchain networks. This data is inherently public and not within our control to modify or delete. * **Blockchain analytics providers** — we use third-party AML/CTF compliance screening tools to screen wallet addresses for indicators of illicit activity, sanctions exposure, or other risk factors, as required by our compliance obligations. * **Social media and third-party login integrations** — if you link a third-party account (such as Google or a Web3 wallet) to the Platform, we receive limited information from that third party as permitted by your settings with them. * **Information from governmental authorities, regulatory bodies, and financial intelligence units** in connection with legal or compliance obligations. ### 6.4 Deidentified Information We may deidentify or anonymise your information such that it cannot reasonably be used to identify you, and we may use such deidentified information for any purpose, including research, analytics, and product improvement. We will maintain deidentified information in that form and will not attempt to re-identify it, except solely to verify that our deidentification process satisfies applicable legal requirements. ## 7. How We Disclose Your Information We do not sell your personal data to third parties. We may disclose your information for legitimate purposes as set out in this Policy. ### 7.1 Transaction Data Sharing To provide faster execution and better transaction outcomes, we may share certain transaction-related data (such as order routing information and trade parameters) with third parties such as liquidity providers, market makers, and trading infrastructure partners, for the purpose of enhancing execution quality, reducing failed transactions, and improving pricing across decentralized exchanges, as a matter of our legitimate interests to efficiently provide the Platform. This data sharing may include what is commonly referred to as payment for order flow ("PFOF") arrangements. All shared transaction data is used solely for the purpose of improving execution and Platform performance. We do not share personally identifying information (such as your name or email address) with such parties unless separately required for compliance, fraud prevention, or legal obligations. By continuing to use the Platform after reviewing this Policy, you acknowledge this data sharing practice as an inherent aspect of how decentralized trading platforms operate. ### 7.2 Third-Party Service Providers We may share your information with third-party service providers who assist us in operating the Platform, including providers of: cloud hosting and infrastructure; blockchain analytics and AML/CTF screening; identity verification (KYC); customer support; email and communication services; security and fraud prevention; analytics and performance measurement; and artificial intelligence services used to provide or improve specific Platform features. All service providers are contractually required to process your data only as instructed by us and in accordance with applicable data protection law. ### 7.3 Law Enforcement and Regulatory Disclosure We may disclose your information to governmental authorities, law enforcement agencies, regulatory bodies, financial intelligence units (including the Hong Kong Joint Financial Intelligence Unit ("JFIU")), courts, and other competent authorities where required or permitted by applicable law, including the AMLO, PDPO, and applicable sanctions regulations. Where we are required by law to make such a disclosure — including under the tipping-off prohibition in AMLO s.25A — we must not notify you that such a disclosure has been made or is being considered. By using the Platform, you acknowledge and accept that we may be legally prohibited from informing you of disclosures made to law enforcement or regulatory authorities. ### 7.4 Business Transactions In the event of a merger, acquisition, corporate reorganisation, change of control, sale of assets, or insolvency proceedings, we may transfer your personal data to the counterparty or successor entity as part of such transaction, subject to appropriate confidentiality obligations. We will notify affected users of any such transfer to the extent required by applicable law. ### 7.5 Affiliates and Professional Advisers We may share your information with our corporate affiliates and with our professional advisers (including lawyers, auditors, and accountants) as necessary for the purposes described in this Policy, subject to appropriate confidentiality obligations. ### 7.6 With Your Consent or At Your Direction We may share your information with third parties where you have requested or directed us to do so, or where your use of the Platform inherently involves interaction with third-party blockchain infrastructure and decentralized protocols. ### 7.7 Aggregate and De-identified Information We may share aggregate or de-identified data that cannot reasonably be used to identify you with third parties for research, analytics, marketing, or other legitimate purposes. ## 8. Third-Party Services and Integrations ### 8.1 Privy — Embedded Wallet Infrastructure The Platform's wallet functionality is powered by Privy, Inc. ("Privy"), a third-party embedded wallet infrastructure provider. Privy is responsible for private key generation, encryption, storage, and management. GraphDex Limited has no access to, and cannot view, export, recover, or transfer, any private keys or seed phrases stored within Privy's infrastructure. GraphDex Limited conducted reasonable due diligence in selecting Privy as its wallet infrastructure provider based on Privy's security architecture, industry reputation, and compliance standards. However, GraphDex Limited does not control Privy's systems and cannot guarantee the security of Privy's infrastructure. Your use of Privy's wallet services is subject to Privy's own Terms of Service and Privacy Policy, available at and respectively, which you should review carefully before using the Platform. {% hint style="warning" %} GRAPHDEX LIMITED IS NOT RESPONSIBLE FOR, AND EXPRESSLY DISCLAIMS ANY AND ALL LIABILITY ARISING FROM, ANY SECURITY BREACH, DATA LOSS, COMPROMISE, UNAVAILABILITY, OR OTHER FAILURE OF PRIVY'S SYSTEMS OR INFRASTRUCTURE. IN THE EVENT THAT PRIVY EXPERIENCES A SECURITY INCIDENT AFFECTING YOUR PRIVATE KEYS, SEED PHRASES, OR DIGITAL ASSETS, YOUR RECOURSE IS AGAINST PRIVY DIRECTLY AND NOT AGAINST GRAPHDEX LIMITED. YOU ARE STRONGLY ENCOURAGED TO REVIEW PRIVY'S SECURITY DOCUMENTATION AND UNDERSTAND THE RISKS OF USING EMBEDDED WALLET INFRASTRUCTURE BEFORE USING THE PLATFORM. {% endhint %} ### 8.2 Other Third-Party Technologies Certain features of the Platform integrate with other third-party technologies including decentralized exchanges (DEXs), DEX aggregators, launchpads, and other blockchain infrastructure. These third-party technologies operate independently and are not controlled by GraphDex Limited. Your interaction with such third-party services is governed by their respective terms and privacy policies. GraphDex Limited is not responsible for the data practices, security, or availability of any third-party technology. ### 8.3 Third-Party Links The Platform may contain links to third-party websites or platforms. We are not responsible for the privacy or security of such third-party websites. Our inclusion of such links does not imply any endorsement of their content or operators. ## 9. Data Retention We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal obligations under the AMLO and PDPO, and to resolve disputes and enforce our agreements. The table below sets out our retention periods by data category. All retention periods are the minimum required by applicable law or by operational necessity, whichever is longer. | Data Category | Retention Period | Basis | | ---------------------------------------------------- | --------------------------------------------------------------------------------------------------------- | -------------------------------------------- | | Account and identity data | Duration of account + 6 years after closure | Contract; legal obligation | | Transaction records and metadata | 6 years from date of transaction | AMLO Cap.615 §20; PDPO DPP2 | | KYC/AML verification documents | 6 years from end of business relationship | AMLO Cap.615 §20 (mandatory minimum) | | Public blockchain data (wallet addresses, tx hashes) | Indefinitely — permanently and immutably recorded on public blockchains; not within our control to delete | Nature of blockchain technology | | IP addresses and session logs | 5 years | Security; fraud prevention; legal compliance | | Support and communication records | 3 years from last interaction | Legitimate interests; dispute resolution | | Marketing consent records | Until consent withdrawn + 1 year | Legal obligation to evidence consent | | Analytics and usage data (aggregated, non-personal) | Up to 5 years | Legitimate interests; no personal data | | Legal hold data | Until resolution of relevant proceedings or regulatory inquiry | Legal obligation | Transaction records are retained for 6 years (not 7) in accordance with AMLO Cap.615 §20, which sets the minimum statutory retention period for records of transactions and business relationships. This period begins from the date of the transaction or the end of the business relationship, whichever is later. Upon expiry of the applicable retention period, personal data will be securely deleted or irreversibly anonymised in accordance with our internal data deletion procedures, unless a longer period is required by a competent authority or court order. ## 10. Your Privacy Rights Depending on your location and applicable law, you may have certain rights in relation to your personal data. These rights are subject to applicable limitations, exceptions, and verification requirements. A number of these rights only apply in certain circumstances and all may be limited by applicable law, including legal obligations that require us to retain or process certain data regardless of your request. | Right | What it means | How to exercise | | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | | Access | Request confirmation of whether we process your personal data and obtain a copy, along with information about purposes, recipients, and retention periods. | | | Correction | Request correction of inaccurate, incomplete, or outdated data. We will respond within 40 days of a verified request, as required under the PDPO. | | | Erasure | Request deletion where data is no longer necessary, consent has been withdrawn, or processing was unlawful. Exceptions apply including legal obligations, fraud prevention, and dispute resolution. | | | Restriction | Request that we limit processing in certain circumstances, such as while accuracy is contested or an objection is pending. | | | Objection | Object to processing based on legitimate interests or for direct marketing. We will cease unless we demonstrate compelling legitimate grounds that override your interests. | | | Portability | Receive your data in a structured, machine-readable format and request transfer to another controller where technically feasible and where processing is based on consent or contract. | | | Withdraw Consent | Withdraw consent at any time without affecting the lawfulness of prior processing based on consent. | | | Automated Decisions | Request human review of decisions made solely by automated means that produce legal or similarly significant effects on you. | | | Lodge Complaint | Lodge a complaint with the Office of the Privacy Commissioner for Personal Data (Hong Kong) or, where applicable, your local supervisory authority. | | To exercise any of these rights, please submit a written request to . We may need to verify your identity before processing your request. We will respond within the timeframe required by applicable law — within 40 days under the PDPO. We will not discriminate against any user who exercises the rights set forth in this Policy. Please note that certain rights may be limited or unavailable where: (a) we are required by law to retain the data (including under the AMLO); (b) the data is necessary for the prevention, detection, or investigation of crime; (c) the data has been rendered anonymous and can no longer be linked to you; or (d) the exercise of the right would prejudice any legal proceedings or regulatory investigation. ## 11. Cookies and Tracking Technologies ### 11.1 What We Use We and third parties employ cookies and other tracking mechanisms to collect certain information about your use of the Platform. We may combine this information with other data we collect. Our use of tracking technologies includes: * **Essential cookies** — strictly necessary for the Platform to function, including login sessions, security, and fraud prevention. No consent is required for these. * **Functional cookies** — used to remember your preferences and settings. Used with your consent where required by applicable law. * **Analytics cookies** — used to understand how users interact with the Platform and to improve performance. Used with your consent where required. * **Web beacons and pixel tags** — used to measure page views and user interactions. * **Embedded scripts and ETags** — used for enhanced security and fraud prevention purposes only. * **Browser security data** — certain browser characteristics (including browser type, version, and configuration) may be processed solely for the purpose of fraud prevention and account security. We do not use browser fingerprinting for advertising, profiling, or tracking purposes unrelated to security. * **Log files** — used to record device activity, connection details, and error reports for security and operational purposes. We do not use Flash cookies (Local Shared Objects) or other supercookies that persist beyond standard browser cookie clearing. All tracking technologies used on the Platform can be managed through standard browser settings or our cookie consent tool. ### 11.2 Managing Your Preferences We provide a cookie consent tool, accessible from the Platform homepage and footer, that allows you to manage your preferences for non-essential cookies (including functional and analytics cookies). Essential cookies cannot be disabled as they are necessary for the Platform to operate. You may also manage cookies through your browser settings. Most browsers allow you to block, delete, or receive notifications about cookies. Please note that disabling certain cookies may affect the functionality of login, trading, and other features. **Do Not Track:** We do not currently respond to browser-level "Do Not Track" signals due to the absence of a standardised industry interpretation. You may manage your tracking preferences through our cookie consent tool. ## 12. Data Security GraphDex Limited implements technical, organisational, and administrative security measures designed to protect your personal data against unauthorised access, disclosure, alteration, loss, or destruction. Our security measures include: * Encryption of data in transit using TLS 1.2 or higher, and encryption of sensitive data at rest. * Access controls and role-based permissions limiting access to personal data to authorised personnel only, who are bound by confidentiality obligations. * Two-factor authentication (2FA) for account access. * Regular security assessments, vulnerability scanning, and penetration testing. * Secure data centres with physical access controls operated by trusted cloud providers. * Incident response procedures for detecting, reporting, and managing personal data breaches in accordance with the PDPO and other applicable law. ### 12.1 Privy Wallet Infrastructure — No Access by GraphDex GraphDex Limited does not store, hold, access, or control your private keys, seed phrases, or any other wallet credentials at any time. Wallet creation and all private key management on the Platform are provided exclusively by Privy, Inc., our third-party embedded wallet infrastructure provider. Your private keys and seed phrases are generated, encrypted, and stored solely within Privy's infrastructure, in accordance with Privy's own security architecture. GraphDex Limited has no technical ability to access, view, export, recover, or transfer your private keys or seed phrases under any circumstances. In the event of a security incident affecting Privy's infrastructure, GraphDex Limited will: (a) notify users promptly upon becoming aware of the incident; (b) cooperate with Privy and relevant authorities in any investigation; and (c) provide users with information about how to seek recourse against Privy directly. {% hint style="warning" %} GRAPHDEX LIMITED BEARS NO LIABILITY FOR ANY LOSS, THEFT, COMPROMISE, INACCESSIBILITY, OR OTHER HARM TO YOUR DIGITAL ASSETS ARISING FROM OR IN CONNECTION WITH THE STORAGE, MANAGEMENT, OR SECURITY OF YOUR PRIVATE KEYS OR SEED PHRASES BY PRIVY OR ANY OTHER THIRD-PARTY WALLET INFRASTRUCTURE PROVIDER. YOUR RECOURSE FOR ANY SUCH LOSS IS AGAINST PRIVY DIRECTLY. WE STRONGLY ENCOURAGE YOU TO REVIEW PRIVY'S TERMS OF SERVICE AND PRIVACY POLICY BEFORE USING THE PLATFORM'S WALLET FEATURES. YOUR CONTINUED USE OF THE PLATFORM CONSTITUTES ACKNOWLEDGEMENT THAT YOU HAVE HAD THE OPPORTUNITY TO REVIEW THOSE DOCUMENTS. {% endhint %} GraphDex Limited will never ask for your password. Your private keys and seed phrases are managed exclusively by Privy and are not accessible to us. If you receive any communication purportedly from GraphDex Limited requesting your private keys, seed phrase, or password, please disregard it immediately and contact . Despite the security measures described above, no internet-based system can guarantee absolute security. You are responsible for maintaining the security of your account credentials. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users and, where required, the PCPD and other relevant supervisory authorities, in accordance with applicable law. ## 13. International Data Transfers GraphDex Limited is established in Hong Kong. Personal data we collect may be stored and processed in Hong Kong and in other countries where our service providers (including Privy) operate. Where we transfer personal data to countries outside Hong Kong, we implement appropriate safeguards consistent with the PDPO and applicable international data protection principles, which may include: contractual data protection clauses with service providers; data processing agreements requiring equivalent levels of protection; and other appropriate technical and organisational measures. By using the Platform, you acknowledge that your personal data may be processed in countries with different data protection frameworks than your country of residence, and you consent to such transfers subject to the safeguards described in this Policy. ## 14. Do Not Sell or Share My Personal Information GraphDex Limited does not sell your personal data. We do not share your personal data with third parties for their own direct marketing purposes without your prior consent. The transaction data sharing described in Section 7.1 (including PFOF arrangements) does not constitute a "sale" of personal data, as transaction routing data shared with liquidity providers and market makers does not include personally identifying information and is used solely for the purpose of improving execution quality on your behalf. If in the future we introduce any arrangement that constitutes sharing personal data for advertising or similar purposes, we will update this Policy, implement appropriate controls including an opt-out mechanism, and provide you with notice before any such sharing commences. ## 15. Special Considerations ### 15.1 Children's Privacy The Platform is not intended for individuals under the age of 18, and we do not knowingly collect personal data from minors. If we discover that we have collected personal data from a person under 18, we will take prompt steps to delete such data. If you are a parent or legal guardian and believe your child has provided personal data to us, please contact . ### 15.2 Death or Legal Incapacity Because the Platform uses non-custodial wallet infrastructure operated by Privy, GraphDex Limited has no ability to access or transfer Digital Assets held in your wallet. In the event of your death or legal incapacity, your legal representatives may contact to request account information only. GraphDex Limited will assess such requests in accordance with applicable law and its internal procedures, but makes no guarantee regarding the outcome of any such request. We strongly encourage you to make your own arrangements for the secure transfer of your private keys and seed phrases to a trusted person. ### 15.3 Changes to This Policy This Policy is current as of the "Last Updated" date set forth above. We may modify this Policy from time to time. Where we make material changes — meaning changes that significantly affect how we collect, use, or share your personal data — we will use reasonable efforts to notify you, for example by sending an email to the address associated with your account or by displaying a prominent notice on the Platform at least seven (7) days before the change takes effect. For non-material changes, we will update the "Last Updated" date without separate notification. Your continued use of the Platform after any revised Policy has taken effect constitutes your acceptance of the updated terms. If you do not agree to any updates, please immediately cease using the Platform. ### 15.4 Language In the event of any discrepancy or inconsistency between the English version of this Policy and any translation, the English version shall prevail in all respects. ## 16. Contact Us If you have questions about our privacy practices or this Policy, or wish to exercise your data subject rights, please contact us: **Privacy and data protection matters:** Email: **General enquiries and support:** Email: **Legal, compliance, and law enforcement matters:** Email: **Postal address:** GraphDex Limited, \[Registered Address], Hong Kong SAR You may also contact the Office of the Privacy Commissioner for Personal Data (Hong Kong) if you have concerns about how we handle your personal data: Website: [www.pcpd.org.hk](http://www.pcpd.org.hk) | Email: | Tel: +852 2827 2827 ## More to Explore
Cover image
Terms of UseThe companion document — read it together with this Policy./files/PvwZariSc5lrxmA3uidW
Wallet Security NotesPractical security guidance for your wallet./files/BWULSHt4tqY255s7X9t1
Support ContactsWhere to reach the team with privacy questions./files/PvwZariSc5lrxmA3uidW
--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://graphdex-1.gitbook.io/graphdex-docs/legal/privacy-policy.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.