Privacy Policy

Welcome to Shake Defi. This Privacy Policy explains how Shake Defi, Inc. ("Shake Defi," "we," "us," or "our") collects, uses, stores, and protects your personal information when you use our mobile application (the "App"). Shake Defi facilitates secure transactions between users who exchange goods or services for currency. As part of our commitment to transaction security and dispute resolution, we collect certain personal information, including facial images captured during the digital signature process. By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the App. Company Information:

• Legal Name: Shake Defi, Inc.
• Physical Address: Brookfield, Wisconsin
• Governing Law: California state law
• Arbitration Venue: California

Key Definitions: "Coinbase" means the Coinbase entity or entities that provide the wallet services, payment infrastructure, and blockchain transaction capabilities accessible through the App's integration, including but not limited to Coinbase, Inc., Coinbase Global, Inc., and/or Coinbase Bermuda Technologies Limited. Users acknowledge that their use of Coinbase services through the App is also governed by Coinbase's applicable Terms of Service and Privacy Policy. "Azure KeyVault" is a secure cloud service used to store and manage encryption keys, secrets, and certificates. It helps ensure that cryptographic materials used to protect user data are securely generated, stored, and accessed only by authorized systems and personnel. "Microsoft Entra ID" is Microsoft's cloud-based identity and access management service used to handle authentication and OAuth2 login processes for the App. Microsoft Entra ID may collect and process authentication-related information in accordance with Microsoft's privacy policies.

To comply with legal and regulatory requirements, we collect the following Know Your Customer (KYC) information:

• Full legal name
• Email address
• Phone number

This information is collected through our third-party identity verification partner, Persona, who may independently collect additional information as described in their privacy policy.

Important Notice: When you sign a transaction agreement using the App, our front-facing camera captures an image of you during the signing process. Purpose: These facial images serve as a security measure to help verify the identity of the person signing the agreement. In the event of a transaction dispute, these images may be used to confirm whether the person who signed the agreement is the same person filing the dispute claim. Prior Notification: You will be clearly notified before any image is captured. You have the right to cancel the process at any time before the image is taken if you do not wish to proceed. Consent: By proceeding with the signature process after being notified, you provide explicit consent to have your facial image captured and stored in accordance with this policy.

We collect the following information related to your transactions:

• Transaction amount
• Transaction date
• Transaction description
• Location data for each transaction (for both parties)
• Publicly available blockchain transaction hash

We do not collect:

• Device information (device ID, operating system details, etc.)
• Browsing history or in-app behavior analytics
• Biometric data other than the facial images described above

Facial images, photographs, text descriptions, User statements, and transaction information are used exclusively for dispute resolution purposes. If a dispute arises regarding a transaction:

• The facial image and other evidence captured during the transaction may be shared only with the parties directly involved in the specific dispute
• The evidence will be used to verify the identity of the signing party and support dispute resolution
• No other personal information will be shared except as necessary to resolve the dispute

We may use collected data internally for:

• Responding to customer support inquiries
• Improving App functionality and user experience
• Analyzing transaction patterns to enhance security measures
• Internal analytics (aggregated and anonymized where possible)

We use your information to:

• Comply with applicable laws and regulations
• Respond to lawful requests from authorities
• Enforce our Terms of Service and other agreements

Before any facial image is captured:

• You will receive clear, conspicuous notification that the front-facing camera will take your picture
• You will have the opportunity to review this Privacy Policy
• You may cancel the signature process if you do not wish to proceed
• Proceeding with the signature constitutes your explicit consent

Facial images are collected solely for identity verification in the event of transaction disputes. We will never:

• Use facial images for facial recognition technology or biometric analysis
• Share facial images with third parties for marketing purposes
• Sell facial images to any party
• Use facial images for any purpose other than dispute resolution

During Payment Holding Period: Facial images are retained throughout the "Payment Holding Period" as defined in your written agreement with the other transaction party. After Payment Holding Period (No Dispute): If no dispute arises, we will permanently delete your facial image within 24 hours of the end of the Payment Holding Period. In Case of Dispute: If a dispute is initiated, facial images will be retained until the dispute is fully resolved and any applicable appeal periods have expired, after which they will be permanently deleted within 30 days.

Facial images are stored in our secure database with the following protections:

• Database access is restricted to whitelisted IP addresses only
• Database encryption keys are stored in Azure KeyVault, a secure key management service
• Access is limited to authorized personnel on a need-to-know basis
• Regular security audits are conducted

We take your privacy seriously. We will never share your personal information, including:

• Home or business addresses
• Email addresses
• Facial images
• Phone numbers
• Transaction details

...with third parties except as specifically described in this Privacy Policy.

Limited Disclosure: In the event of a transaction dispute, we may share relevant information with involved parties to facilitate resolution. This may include facial images, photographs, text descriptions, and User statements provided as evidence only with:

• The other party or parties directly involved in the disputed transaction
• Legal representatives of the parties, if applicable
• Arbitrators or mediators involved in resolving the dispute

No Other Sharing: Facial images, photographs, text descriptions, User statements, and personal information will not be shared with any other third parties for dispute resolution purposes.

We work with the following third-party service providers who may independently collect and process your information: Persona: Our identity verification partner who collects and processes KYC information. Persona operates under its own privacy policy, which you should review. Microsoft Entra ID: Our authentication and identity management service provider that handles OAuth2 login processes for the App. Microsoft Entra ID may collect and process authentication-related information in accordance with Microsoft's privacy policies. Coinbase: Payment processor who facilitates cryptocurrency wallet services, payment infrastructure, and blockchain transaction capabilities. "Coinbase" refers to the Coinbase entity or entities described in Section 1 above. Coinbase may independently collect user data in accordance with their own Terms of Service and Privacy Policy. We do not share your facial images with these service providers.

We may disclose your information when required by law, including:

• In response to valid legal process (subpoenas, court orders, etc.)
• To comply with applicable laws and regulations
• To protect the rights, property, or safety of Shake Defi, our users, or others
• In connection with an investigation of fraud, intellectual property infringement, or other illegal activity

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you via email or prominent notice in the App before your information becomes subject to a different privacy policy.

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any data breach affecting your personal information as required by applicable law.

Shake Defi operates internationally. Your information, including facial images, may be transferred to and stored on servers located outside your country of residence, including in the United States. By using the App, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence. We take steps to ensure that your information receives an adequate level of protection wherever it is processed.

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Receive a copy of your personal information in a portable format

To exercise these rights, contact us at contact@shakedefi.com.

You have the right to delete your account and associated data at any time through the App settings or by contacting us directly. Upon Account Deletion:

• Your account will be permanently closed
• Your personal information, including facial images, will be permanently deleted within 30 days
• Some information may be retained as required by law or for legitimate business purposes (e.g., transaction records for tax compliance)

You may withdraw your consent to facial image collection at any time by:

• Declining to proceed when notified before image capture
• Deleting your account
• Contacting us to request deletion of specific facial images (subject to legal retention requirements)

We do not currently send marketing communications. If this changes in the future, you will have the right to opt out of marketing emails while continuing to receive service-related communications.

The App is not intended for use by individuals under the age of 18 or under the age of majority in their jurisdiction, whichever is greater. We do not knowingly collect personal information from minors. To use the App, you must:

• Be at least 18 years of age or the age of majority in your jurisdiction, whichever is greater
• Meet all account registration and verification requirements as outlined in our Terms of Service

If we become aware that we have collected information from a person who does not meet these age requirements, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a minor, please contact us immediately at contact@shakedefi.com.

The App may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of:

• Persona: Privacy Policy
• Microsoft: Privacy Policy
• Coinbase: Privacy Policy

We are not responsible for the privacy practices of third parties.

Our primary database infrastructure includes:

• Access Control: IP whitelist-based access restrictions
• Key Management: Encryption keys stored in Microsoft Azure KeyVault
• Redundancy: Regular backups to prevent data loss
• Monitoring: Continuous monitoring for unauthorized access attempts

User data, including facial images, is stored on secure servers. The specific geographic locations may vary based on our infrastructure needs, but all locations maintain appropriate security standards.

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and other California privacy laws. While Shake Defi, Inc. is currently not subject to CCPA due to revenue thresholds, we respect California residents' privacy rights.

If you are located in the European Union, European Economic Area, United Kingdom, or other jurisdictions with comprehensive data protection laws, you may have additional rights under regulations such as GDPR, including:

• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us using the information below.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Notification of Changes:

• We will notify you of material changes via email or prominent notice in the App
• The "Last Updated" date at the top of this policy will be revised
• Continued use of the App after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Shake Defi, Inc. 280 N. Market St, Unit 321 Brookfield, Wisconsin 53045 Email: contact@shakedefi.com For dispute resolution matters, any dispute arising out of or relating to this Privacy Policy or the Services shall be resolved through binding arbitration in accordance with the Commercial Arbitration Rules of the American Arbitration Association. The arbitration shall be conducted in California. Please refer to Section 12 of our Terms of Service for complete arbitration procedures.

By using the Shake Defi App, you acknowledge that:

1. You have read and understood this Privacy Policy
2. You consent to the collection, use, and storage of your information as described
3. You understand that facial images will be captured during transaction signing
4. You have been notified of your right to cancel before image capture
5. You consent to international data transfers as described
6. You agree to the dispute resolution provisions regarding information sharing

If you do not agree with this Privacy Policy, you must not use the App. Thank you for trusting Shake Defi with your transactions.