Privacy Policy — Spot Master

Table of Contents

1. Data Controller
2. Data We Collect
3. Purposes of Processing
4. Legal Basis
5. International Transfers
6. Retention Periods
7. Your Rights
8. Cookies & Technologies
9. Data Security
10. Minors
11. Blockchain Data
12. Policy Changes
13. Contact & DPO

Data Controller

Gamer Regnum SRL, domiciled in Santo Domingo, Dominican Republic, is the controller of personal data collected through the Spot Master platform and its associated services, including spotmaster.fun, investors.spotmaster.fun, and app.spotmaster.fun.

📧 Privacy contact: [email protected] — To exercise your rights or submit inquiries about this policy.

Data We Collect

We collect different categories of data depending on the type of interaction you have with our platform:

Category	Specific Data	Source
Identity	Full name, date of birth, identity document, verification selfie	Registration / KYC form
Contact	Email address, phone number, country of residence	Registration form
Financial	Solana wallet address, SMDT transaction history, amount invested	Investment process / Public blockchain
Technical	IP address, device type, browser, session data, access logs	Automatic when using the platform
Behavioral	Pages visited, session time, features used, language preferences	Cookies and analytics
KYC/AML	Identity documents, proof of address, source of funds	Verification process

Purposes of Processing

Your personal data is used exclusively for the following purposes:

Account & investment management: Registration, identity verification, SMDT token administration, dividend distribution, and governance.
Legal compliance (KYC/AML): Identity and source-of-funds verification under anti-money-laundering regulations.
Transactional communications: Purchase confirmations, dividend notifications, security alerts, and ecosystem updates.
Marketing communications: Only with your explicit consent — ecosystem news, new features, and investment opportunities.
Security & fraud prevention: Detection of unauthorized access, suspicious activity, and ecosystem integrity protection.
Service improvement: Statistical analysis of platform usage, user-experience optimization, and new feature development.

Legal Basis for Processing

Processing of your personal data is based on the following legal grounds:

Contract performance: Data necessary to manage your investment, distribute dividends, and administer your SMDT tokens.
Legal obligation: KYC/AML verification data required by anti-money-laundering regulations.
Legitimate interest: Platform security, fraud prevention, and continuous service improvement.
Consent: Marketing communications and non-essential statistical behavioral analysis. You may withdraw your consent at any time.

International Data Transfers

Given the international scope of the Spot Master ecosystem (users across 7+ geographic regions), your data may be transferred to and processed in the following contexts:

Cloud infrastructure providers: Servers located in the United States and/or the European Union, subject to data protection agreements.
KYC providers: Identity verification services that may operate globally, under confidentiality and data-protection contracts.
Solana network: Blockchain transactions are inherently public and immutable. Wallet addresses are pseudonymous and do not directly reveal personal data.

All international transfers are carried out under adequate safeguards, including Standard Contractual Clauses (SCCs) or equivalent internationally recognized mechanisms.

Retention Periods

Your personal data is retained for the following periods:

Active account data: Throughout the lifetime of your account and up to 5 years after definitive closure.
KYC/AML data: Minimum 5 years from the last transaction, pursuant to anti-money-laundering regulations.
Transaction records: 7 years for tax and audit purposes.
Technical data and logs: 12 months from generation.
Support communications: 3 years from case closure.

⚠️ Blockchain limitation: Data recorded on the Solana public network (transactions, wallet addresses) is immutable and cannot be deleted. The right to erasure does not apply to on-chain records.

Your Rights

As a personal data subject, you have the following rights, exercisable by submitting a request to [email protected]:

✓ Access

Request a copy of all your personal data we hold.

✓ Rectification

Correct inaccurate or incomplete data in your profile.

✓ Erasure

Request deletion of your data, subject to legal retention obligations.

✓ Portability

Receive your data in a structured, machine-readable format.

✓ Objection

Object to processing based on legitimate interest or marketing.

✓ Restriction

Request restriction of processing under certain circumstances.

We will respond to your request within a maximum of 30 business days. In complex cases, this period may be extended by another 30 days with prior notice.

Cookies & Tracking Technologies

The Spot Master platform uses the following tracking technologies:

Essential cookies: Required for platform operation (session management, language preferences, security). No consent required.
Analytics cookies: To understand how users interact with the platform and improve its performance. Activated only with your consent.
Local storage: To preserve language preferences and interface settings between sessions.

You may manage your cookie preferences at any time through your browser settings or the preferences panel available on the platform.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption of data in transit (TLS 1.3) and at rest (AES-256).
Multi-factor authentication for access to internal systems and user accounts.
Role-based access control and principle of least privilege.
Periodic security audits and penetration testing.
Continuous monitoring for suspicious activity and intrusion detection systems.
Incident response plan with 72-hour notification in the event of significant breaches.

Minors

Spot Master's investor-facing services are directed exclusively to persons over 18 years of age. We do not intentionally collect or process personal data from minors in the context of SMDT token investment.

If you are a parent or legal guardian and believe a minor has provided personal data without your consent, please contact us at [email protected] for immediate deletion.

Blockchain Data

The SMDT token operates on the public Solana network. Key privacy implications of blockchain technology:

Public transparency: All SMDT token transactions, including transfers and dividend payments, are recorded on the Solana public blockchain and visible to anyone.
Pseudonymity: Transactions are associated with wallet addresses, not directly with personal identities. However, blockchain analysis may potentially link addresses to identities.
Immutability: On-chain records are permanent and immutable. Transactions cannot be deleted once confirmed.

💡 Recommendation: If privacy is a priority, consider using a wallet dedicated exclusively to your SMDT tokens, separate from other blockchain activities.

Policy Changes

This Privacy Policy may be updated periodically. We will notify you of material changes via email, an in-platform notice, and an updated "last modified" date at the top of this document. Continued use of our services after changes take effect implies acceptance of the updated policy.

Contact & Data Protection Officer

To exercise your rights, submit inquiries about this policy, or report any privacy-related incident:

Privacy: [email protected]
Investors: [email protected]
Support: [email protected]
Entity: Gamer Regnum SRL — Santo Domingo, Dominican Republic

📋 Version: 1.0 | Last updated: January 15, 2026 | This policy follows GDPR standards as a global best-practice reference.