Privacy Policy

Privacy Policy

This Privacy Policy describes how Grey Crest Capital LLC collects, uses, and shares information when you use the Grey Crest Capital platform.

Last Updated: January 1, 2026Effective: January 1, 2026
01

Introduction

This Privacy Policy ("Policy") describes how Grey Crest Capital LLC ("Grey Crest Capital," "we," "us," or "our") collects, uses, discloses, and protects information when you access or use the Grey Crest Capital platform, including our website, mobile applications, and related services (collectively, the "Services").

We are committed to protecting your privacy and handling your data with transparency. This Policy applies to all users of our Services, regardless of how they access or use them.

By using our Services, you consent to the collection, use, and sharing of your information as described in this Policy. If you do not agree with this Policy, please do not use our Services.

02

Information We Collect

We collect information in several ways to provide and improve our Services:

Personal Information

When you create an account, we collect your name, email address, date of birth, and other information you provide during registration. If you use our custodial services, we collect additional identity verification information as required by our Know Your Customer (KYC) obligations.

Financial & KYC Information

To comply with Anti-Money Laundering (AML) and KYC regulations, we may collect government-issued identification documents, Social Security number (or equivalent), proof of address, source of funds documentation, and tax identification numbers. This information is collected and processed in accordance with applicable financial regulations.

Usage & Learning Data

We collect information about your interactions with our Services, including courses completed, quiz scores, learning progress, time spent on content, rewards earned, and feature usage patterns.

Device & Technical Data

We automatically collect certain technical information, including IP address, browser type and version, operating system, device identifiers, referring URLs, pages visited, and timestamp of visits.

03

How We Use Information

We use the information we collect for the following purposes:

• Service Delivery — To provide, operate, maintain, and improve our Services, including processing transactions and delivering educational content

• KYC/AML Compliance — To verify your identity, comply with financial regulations, and prevent fraud, money laundering, and other financial crimes

• Personalization — To personalize your learning experience, recommend courses, and tailor content to your interests and skill level

• Communications — To send you service-related notices, updates, security alerts, and, with your consent, marketing communications

• Analytics & Improvement — To analyze usage patterns, measure the effectiveness of our content, and improve our Services

• Legal Compliance — To comply with applicable laws, regulations, legal processes, and governmental requests

• Safety & Security — To detect, investigate, and prevent security incidents, fraud, and other harmful activities

04

Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We share information with third-party service providers who perform services on our behalf, including cloud hosting, payment processing, identity verification, analytics, and customer support. These providers are contractually obligated to use your information only as directed by us and in accordance with this Policy. Our current service providers include: Amazon Web Services (AWS), Supabase, Vercel, Stripe, Plaid, Jumio, Google Analytics, and Intercom.

Regulatory & Legal Requirements

We may disclose your information to comply with applicable laws, regulations, or legal processes; respond to lawful requests from government authorities, including law enforcement and national security agencies; enforce our Terms of Service and other agreements; or protect the rights, property, or safety of Grey Crest Capital, our users, or the public.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or use of your personal information.

We Do Not Sell Your Data

Grey Crest Capital does not sell your personal information to third parties. We only share data as described in this section and as necessary to provide our Services.

05

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of our Services. These include:

• Essential Cookies — Required for the operation of our Services (authentication, security, preferences)

• Analytics Cookies — Help us understand how users interact with our Services (e.g., Google Analytics 4)

• Functional Cookies — Enable enhanced functionality and personalization

• Marketing Cookies — Used to deliver relevant advertisements and track campaign effectiveness

You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our Services. For a complete inventory of cookies used on our platform, please refer to our Cookie Policy at https://greycrestcapital.com/legal#cookies.

06

Blockchain & On-Chain Data

Due to the nature of blockchain technology, certain aspects of our Services involve publicly accessible, immutable data:

• Wallet Addresses — If you use our custodial services, your wallet addresses may be visible on public blockchains. While wallet addresses are pseudonymous, they may be linkable to your identity through transaction patterns or third-party analytics.

• Transaction Data — Blockchain transactions are permanent and cannot be deleted or modified. Any on-chain transactions made through our Services will be permanently recorded on the applicable blockchain.

• On-Chain Data Permanence — We cannot delete or modify information that has been recorded on a public blockchain. Our deletion and data subject rights obligations apply only to off-chain data under our control.

We recommend that you exercise caution when conducting blockchain transactions and understand the public and permanent nature of on-chain data.

On-Chain Data is Permanent

Blockchain transactions are immutable and publicly visible. Once data is recorded on-chain, it cannot be deleted or modified. Our data deletion rights apply only to off-chain data under our control.

07

Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information:

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to: know what personal information we collect, use, and disclose; request deletion of your personal information; opt out of the sale or sharing of your personal information; limit the use of sensitive personal information; and not be discriminated against for exercising your privacy rights. To exercise these rights, contact us at privacy@greycrestcapital.com or use the controls available in your account settings.

European Residents (GDPR)

If you are located in the European Economic Area, you have the right to: access your personal data; rectify inaccurate personal data; request erasure of your personal data; restrict processing of your personal data; data portability; and object to processing. Our lawful bases for processing include consent, performance of a contract, legal obligations, and legitimate interests. To exercise these rights, contact our Data Protection Officer at dpo@greycrestcapital.com.

Exercise Your Rights

You can exercise your privacy rights at any time by contacting us or using the controls in your account settings. We will respond to all verified requests within the timeframes required by applicable law.

08

Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)

• Multi-factor authentication for account access

• Regular security assessments and penetration testing

• Access controls and employee security training

• SOC 2 Type II certified infrastructure

• Incident response and breach notification procedures

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

09

Children's Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly in accordance with the Children's Online Privacy Protection Act (COPPA).

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@greycrestcapital.com.

10

Changes & Contact

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on our platform, updating the "Last Updated" date, and, where required by law, sending you an email notification.

Data Retention: We retain your personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. KYC/AML records are retained for five (5) years after account closure, as required by applicable regulations.

Contact Us: If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Privacy Inquiries: privacy@greycrestcapital.com

• Data Protection Officer: Michael Torres, dpo@greycrestcapital.com

• Mailing Address: Grey Crest Capital LLC, 1712 Pioneer Ave, Suite 500, Cheyenne, WY 82001