Privacy Policy

INAI Invest (“Company”, “we”, “us”, “our”) is committed to protecting your personal information and maintaining transparency in how your data is collected, processed, and stored. This Privacy Policy outlines your rights, our responsibilities, and the principles guiding our data practices in accordance with modern global privacy standards, including GDPR-compatible frameworks.

1. Purpose of This Policy

This Policy describes:

• what personal data we collect;
• how and why we use it;
• how we secure and store it;
• the legal basis for processing;
• with whom data may be shared;
• your rights as a user of our platform.

This Policy governs all interactions with INAI Invest, including the website, dashboard, and any associated digital interfaces.

2. Data We Collect

2.1. Data Provided Directly by You

We may collect the following information when you create an account, interact with the dashboard or communicate with us:

• First and last name;
• Date of birth;
• Phone number;
• Email address (processed internally for authentication and communication);
• Login credentials (stored in encrypted form);
• Chosen payment method (we do not store full card numbers or CVV codes);
• Identity verification data (where required by compliance or security);
• Any information you submit through support or contact forms.

2.2. Data Collected Automatically

When you access or use the platform, we may automatically collect:

• IP address and approximate geolocation;
• Device type, operating system and browser type;
• Language and regional settings;
• Session duration, clicks and page interactions;
• Login events and security-related events;
• Technical logs for performance and security monitoring.

2.3. Data Received from Third Parties

For operational, security and compliance purposes we may receive limited data from:

• payment service providers (e.g. transaction confirmation, status, method);
• identity verification and anti-fraud services (confirmation of identity checks or risk flags);
• communication and notification infrastructure providers.

We do not purchase, rent or import data from external marketing databases.

3. Legal Basis for Processing

3.1. Contractual Necessity

We process your data to create and maintain your account, provide access to the dashboard, handle deposits and withdrawals, and deliver core platform functionality. Without this processing, we cannot provide services to you.

3.2. Legitimate Interests

We may process certain data based on our legitimate interest in:

• ensuring security and integrity of the platform;
• preventing fraud and unauthorized access;
• understanding platform performance and improving user experience;
• maintaining and developing our services.

3.3. Legal Obligations

We may process and retain personal data where required by applicable law, such as:

• anti-money laundering and counter-terrorist financing regulations;
• tax and accounting rules;
• regulatory reporting and audit requirements.

3.4. Consent

In certain cases we rely on your consent, for example for optional analytics, marketing communications or non-essential cookies. You can withdraw consent at any time; however, this does not affect the lawfulness of processing based on consent before its withdrawal.

4. How We Use Your Data

4.1. For Platform Functionality

We use your data to:

• create and authenticate your account;
• display balances, transaction history and analytics in your dashboard;
• handle and record deposit and withdrawal requests;
• send important operational notifications (for example, security alerts or system messages).

4.2. For Support and Communication

Your data may be processed to:

• respond to inquiries or support requests;
• investigate and resolve technical or account-related issues;
• provide guidance about the use of the platform.

4.3. For Security and Risk Management

We may use technical and behavioral data to:

• detect suspicious activity and potential fraud;
• protect your account and the platform from abuse;
• enforce security measures and access controls.

4.4. For Compliance

We may use your data when necessary to comply with legal obligations, regulatory requests or enforcement of our terms and policies.

5. Storage & Retention

5.1. Storage Locations

Personal data may be stored on secure servers located in the European Union, the United States or other jurisdictions that provide appropriate technical and organizational safeguards.

5.2. Retention Period

We retain data only for as long as necessary for the purposes described in this Policy or required by law. In general:

• account data is stored for the duration of your active use of the platform and a limited period thereafter;
• transaction and financial records may be retained for a minimum of five (5) years to satisfy regulatory and accounting requirements;
• technical logs and analytics data are kept for a shorter, defined period sufficient for security and performance analysis;
• support communications are retained for a reasonable period to help us improve support quality and maintain an audit trail.

Once data is no longer required, we will either securely delete it or irreversibly anonymize it.

6. Data Sharing

We do not sell or trade personal data. We may share your data only with the following categories of recipients and only to the extent necessary:

6.1. Service Providers

Carefully selected third-party providers that support our operations, such as:

• hosting and cloud infrastructure;
• security and anti-fraud tools;
• payment and settlement providers;
• identity verification services;
• communication and notification platforms.

All such providers are bound by contractual obligations to protect personal data and use it solely for the services they provide to us.

6.2. Legal and Regulatory Authorities

We may disclose data where required to do so by law, regulation or legal process, including in response to court orders, regulatory requests or lawful instructions from public authorities.

6.3. Internal Authorized Personnel

Access to personal data within the Company is strictly limited to individuals who require such access for their professional duties and are subject to confidentiality obligations.

7. Security Measures

We implement a combination of technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure or destruction. These measures include, among others:

• encryption of data in transit and at rest where appropriate;
• secure password hashing and credential management;
• firewalls and network security controls;
• access controls and role-based permissions;
• continuous monitoring and logging of security events;
• regular review of systems and security practices.

No online system can guarantee absolute security, but we consistently work to maintain and enhance a high level of protection.

8. Your Rights

Depending on your jurisdiction and applicable law, you may have some or all of the following rights in relation to your personal data:

• Right of access — to know whether we process your data and to request a copy of it;
• Right to rectification — to request correction of inaccurate or incomplete data;
• Right to erasure (“right to be forgotten”) — to request deletion of your data under certain conditions;
• Right to restriction of processing — to request that we limit the use of your data in specific cases;
• Right to data portability — to receive your data in a structured, commonly used and machine-readable format where legally applicable;
• Right to object — to object to certain types of processing, including processing based on legitimate interests or for direct marketing;
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

We may ask you to verify your identity before responding to a request in order to protect your account and data.

9. Cookies & Tracking Technologies

We may use cookies and similar technologies to support core functionality, maintain security and understand how the platform is used. Categories of cookies may include:

• strictly necessary cookies for login and session management;
• security cookies to protect against fraud and abuse;
• performance and analytics cookies to improve stability and user experience.

Non-essential cookies, where used, will be subject to your consent where required by applicable law. You can manage cookies through your browser settings, but disabling certain cookies may affect the operation of the dashboard.

10. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our services, applicable laws or internal practices. The most current version will always be available on this page and will indicate the date of the latest update.

11. Contact & Data Requests

Users can submit privacy-related requests, including questions about this Policy or the exercise of their data rights, through the dedicated Support section available inside their account on the platform. Additional contact channels may be added and reflected in this Policy in the future.