Privacy Policy

INQUISITIVE ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform ("Platform"). By accessing or using the Platform, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Platform.

We are designed to collect as little as possible. We do not collect or store IP addresses, browser type, operating system, or individual page visit timestamps. Blockchain Data: • Public wallet addresses (Ethereum and other chains) • On-chain transaction history related to INQAI token and vault interactions • Smart contract interaction data Rate Limiting (Privacy-Preserving): • To prevent abuse, incoming requests are rate-limited by a one-way SHA-256 hash of the request origin. The hash is held in memory only for the duration of the rate-limit window (15 minutes) and is then discarded. The original IP address is never stored, logged, or transmitted. Voluntary Information: • Email address (only if provided for support inquiries) • Support ticket content We do NOT collect: • IP addresses or browser fingerprints • Browser type, version, or operating system • Individual page visit timestamps • Private keys or seed phrases • Passwords • Financial account information (bank accounts, credit cards) • Personal identification documents

The INQUISITIVE platform operates on public blockchain networks. Please be aware that: • All blockchain transactions are public, permanent, and immutable • Your wallet address and transaction history are publicly visible on the blockchain • Once a transaction is confirmed on the blockchain, it cannot be deleted or modified • We have no ability to remove or alter data that has been recorded on the blockchain While we display blockchain data through our interface, we do not control the underlying public blockchain networks. Use of the Platform inherently involves publishing transaction data to public blockchains.

We use collected information for the following purposes: • Providing Services: To display portfolio analytics, token balances, and execute user-initiated transactions • Platform Improvement: To analyze usage patterns and improve user experience • Security: To detect and prevent fraud, abuse, and technical issues • Support: To respond to support inquiries and provide customer service • Legal Compliance: To comply with applicable laws and regulations We do not sell, rent, or lease your information to third parties.

We use minimal cookies and local storage: Essential Cookies: • Session state management • Wallet connection preferences (stored locally in your browser) • UI preferences (theme, layout) Analytics: • We do not use third-party analytics cookies • We do not track users across websites • We do not build advertising profiles You can disable cookies through your browser settings, though this may affect Platform functionality.

We implement privacy-first technical measures to protect against abuse while minimising data collection: • All API communications use HTTPS/TLS encryption • No private keys or sensitive credentials are stored on our servers • Rate limiting uses hashed, ephemeral identifiers — no raw IP addresses are ever stored • CORS restricted to getinqai.com — no cross-origin access • WebSocket connections require authenticated API key • JSON body size capped at 100kb to prevent payload abuse • Regular security assessments and open-source code review No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we minimise risk by minimising what we hold.

The Platform integrates with third-party services: Data Providers: • CoinGecko (cryptocurrency price data) • CryptoCompare (price data fallback) • Alternative.me (Fear & Greed index) • Etherscan (blockchain explorer data) Wallet Providers: • WalletConnect (wallet connection protocol) • MetaMask and other Web3 wallets These third parties have their own privacy policies. We are not responsible for their practices.

We retain the minimum data needed to operate: • Rate-limit hashes: held in-memory only, discarded after 15-minute window expires • Support emails: 1 year (or as legally required) • Blockchain data: Indefinitely (as it is publicly available on-chain and outside our control) We do not maintain request logs, IP logs, or session logs. There is no user tracking database.

Depending on your jurisdiction, you may have the following rights: • Access: Request copies of your personal information • Correction: Request correction of inaccurate information • Deletion: Request deletion of your personal information (where legally possible) • Restriction: Request restriction of processing • Portability: Request transfer of your information To exercise these rights, contact us at privacy@getinqai.com. Note that blockchain data cannot be deleted due to the immutable nature of blockchain technology.

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information.

The Platform is hosted in the United States. If you are accessing the Platform from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our servers are located.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

If you have any questions about this Privacy Policy, please contact us: Email: privacy@getinqai.com Mailing Address: INQUISITIVE Wyoming, USA For blockchain-related privacy questions, reference the on-chain INQAI contract.