Holders Privacy Policy

Last updated: May 29, 2026

Holders is a software service accessible via a mobile device application and a web browser interface for the TON Network ("Network"), provided by Whales Corp. ("we," "us," or "our"). Holders empowers users to securely self-custody digital assets; access a cryptocurrency browser; connect to decentralized applications and exchanges; view blockchain addresses and related information; broadcast transactions; and use additional partner-provided services and ongoing functional enhancements (collectively, the "App," "Holders," or "Holders: Card"). This Privacy Policy ("Policy") explains how we collect, handle, protect, and use your information when you interact with the App, developer software, or our website at https://holdersapps.com (collectively, "Services"). Please also review our Terms of Service ("Terms"), which explain the legal conditions of your use.

1. Key Definitions and Scope

This Policy applies to all visitors, users, and customers interacting with our Services, inclusive of integrated third-party platforms. It defines how we manage your personal data, establish rights and responsibilities under privacy laws, and govern your use of our websites and connected interfaces.

2. What Personal Data We Collect and How

2.1 Personal Data You Provide Voluntarily

We do not require account creation or personal data submission to use our primary wallet functions. However, when you communicate with us—for support, inquiries, or feedback—you may provide identifiers and contact details such as:

• Full name
• Email address
• Telephone number

2.2 Data Collected Automatically

When you use our Services, we automatically collect technical and usage information, including but not limited to:

• Public wallet addresses linked to your activity
• Device IP address
• Device and browser information (type, version)
• Operating system data
• Date, time, and duration of access
• Behavioral data necessary for service optimization and troubleshooting

Note: Your blockchain transactions are inherently public; our processing does not alter this transparency.

2.3 Sensitivity and Children's Data

We do not knowingly collect data from users under the age of 13 (Article 8 General Data Protection Regulation (GDPR)). If sensitive data (e.g., ethnicity, health) is submitted, we process it only under strict legal bases and with explicit consent. If you share personal data of others, you confirm you have their requisite consent.

3. How We Use Your Data & Our Legal Bases

Under GDPR (Article 6), we process personal data based on:

• Contractual Obligations (Art. 6(1)(b)): To provide you services, process transactions, and maintain operation.
• Legal Obligations (Art. 6(1)(c)): To comply with laws, regulations, and governmental requests.
• Legitimate Interests (Art. 6(1)(f)): For security, fraud prevention, service improvements, analytics, and communications not requiring consent.
• User Consent (Art. 6(1)(a)): For marketing campaigns, newsletters, and offers you opt-in for.

Purpose includes: transaction processing, service support, communications, analytics, marketing, security enforcement, and regulatory compliance.

4. Disclosure & Sharing of Your Data

Your data may be shared with the following, strictly under lawful and contractual terms:

• Data Processors (Art. 28 GDPR): Trusted partners including banks, technical providers, and support services, who meet strict data security criteria.
• Third-Party Controllers: Auditors, government agencies, courts, or debt recovery agencies where required by law or legal rights protection.
• Corporate Successors: Entities acquiring business assets with clear data protection commitments.
• Authorized Representatives: Individuals or entities you authorize in writing to interact on your behalf.
• With Your Consent: Other third parties relevant to marketing or service offers with your explicit approval.

Any international transfers of data beyond the EEA are protected under GDPR-approved safeguards such as Standard Contractual Clauses (Article 46 GDPR).

5. Your Privacy Rights and How to Exercise Them

As a data subject (per Articles 15-22 GDPR), you have these rights:

• Access: Obtain confirmation and copies of your personal data (Art. 15 GDPR).
• Correction: Request correction of inaccurate or incomplete data (Art.16 GDPR).
• Erasure: Request deletion when data is no longer necessary or consent withdrawn (Art. 17 GDPR).
• Restriction: Temporarily limit data processing (Art. 18 GDPR).
• Portability: Receive and transfer your data in a structured format (Art. 20 GDPR).
• Object: Object to data processing for legitimate interests or marketing (Art. 21 GDPR).
• Withdraw Consent: Revoke given consent freely at any time (Art. 7 GDPR).
• Lodge Complaint: File with data protection authorities if you believe rights are violated (Art. 77 GDPR).

To exercise these rights, contact privacy@holdersapps.com or use the support form in the Holders app. We respond within one calendar month (Art. 12 GDPR). In complex situations, this can extend by two more months with notice.

Requests that are repetitive, excessive, or manifestly unfounded may incur reasonable fees or be declined.

6. Data Retention

Personal data is retained only for as long as needed to provide our services or meet legal requirements, typically not exceeding 5 years for marketing and 10 years for accounting, unless otherwise mandated.

7. Data Security

We implement advanced technical and organizational safeguards—encryption, strict access controls, regular audits, backups—to protect your personal data's confidentiality, integrity, and availability, fulfilling Article 32 GDPR.

Despite best efforts, absolute security cannot be guaranteed. Users share data at their own risk and should promptly report suspicious activity.

8. Cross-Border Information Transfer

Please be aware that your information, including personal data, may be transferred to, processed, and stored outside the European Economic Area (EEA). By using the Application and Services, you expressly consent to such transfers as described in this Privacy Policy.

When we transfer your personal data to countries that the European Commission has not recognized as providing an adequate level of data protection, we rely on appropriate legal safeguards. These include, but are not limited to, Standard Contractual Clauses or other mechanisms approved by the European Commission to ensure that your personal data receives an adequate level of protection.

If you would like further information about the specific data transfer mechanism(s) we use or details about the countries involved, please contact us at privacy@holdersapps.com.

9. Cookies and Similar Tracking Technologies

Cookies are used to improve and personalize your experience. By consenting through our cookie banner, you permit storing and analyzing cookies. You may withdraw your consent anytime, but this may affect site functionality.

We prohibit and penalize unauthorized automated scanning or crawling of our website.

Cookie Categories:

• Essential: Required for the website functionality; non-optional.
• Preferences: Remember your choices (language, region).
• Analytics: Collect anonymized interaction data for improvement.
• Marketing: Target ads based on behavior, limit exposure frequency.

Your explicit opt-in is logged, and you can update cookie preferences anytime.

10. Complaint Handling and Resolution

Complaints can be submitted:

• Via email at contact@holdersapps.com
• Via the support/feedback form in the Holders application.

We:

• Confirm receipt within 5 business days (Article 12(3) GDPR).
• Investigate and respond within 2 months or notify about extension.
• Retain complaint records securely for a minimum of 5 years.
• Provide detailed decisions with remedies or escalation paths.

Complaint communications will be conducted in your preferred official language among supported languages.

11. Third-Party Links and Services

Holders Services may include links or API connections to third-party websites and services (e.g., https://ton.org). We do not own or control these entities and are not responsible for their privacy practices.

You should review their privacy notices before sharing any personal data or engaging with these services.

12. Changes to this Privacy Policy

We may update this Policy to reflect changes in our practices, regulations, or services. The updated Policy will be posted on https://holdersapps.com/privacy with an updated date. Continued use after updates constitutes acceptance.

13. Contact Information

For any questions, concerns, or to exercise your data privacy rights, please contact us:

• By email: contact@holdersapps.com, privacy@holdersapps.com
• Or via the support form available in the Holders application.

14. Additional Information and User Responsibility

You are responsible for lawful and ethical use of our Services, respecting third-party rights and applicable laws.

Holders disclaims liability for unauthorized or unlawful user actions and retains the right to remove inappropriate content.

We encourage prompt reporting of any technical issues or security concerns.

15. Did You Find What You Were Looking For?

If you need more information or assistance not covered herein or in applicable law, please contact us using the provided communication channels. We are committed to providing you with clear, transparent, and helpful support.