SONAR.TRADE – PRIVACY POLICY

THIS PRIVACY POLICY IS SUBJECT IN ALL RESPECTS TO THE SONAR TERMS OF USE. BY ACCEPTING THE TERMS OF USE OR BY USING THE SITE, YOU AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH THE TERMS OF USE OR THIS PRIVACY POLICY, YOU MUST NOT ACCESS OR USE THE SITE. This Privacy Policy explains how Echo Labs Corporation (“Echo Labs”, “we”, “us”, “our”) collects, uses, stores, shares and protects personal information in connection with your access to and use of https://sonar.trade and any linked or directed subdomains (the “Site”), and any content made available on or through the Site (collectively with the Site, the “Services”).. For the purposes of applicable data protection laws, Echo Labs Corporation, a corporation organized under the laws of the Republic of Panama, with its registered office in Panama City, Republic of Panama, is the data controller with respect to personal data processed in connection with the Site and the Services.

1. SCOPE OF THIS PRIVACY POLICY

1.1 This Privacy Policy applies to personal information that we collect through the Site or that you provide directly to us in connection with your use of the Services. 1.2 This Privacy Policy does not apply to: (a) your direct interactions with public blockchains, smart contracts or decentralized protocols (including the Sonar Protocol); (b) third-party services, such as wallet providers, node providers, authentication platforms, analytics services, KYC vendors or other external providers; or (c) activities conducted solely by third parties outside the operation of the Site. Such third parties may have their own privacy policies, which you should review before using their services.

2. INFORMATION WE COLLECT

We may collect the following categories of personal information, depending on how you use the Services: 2.1 Information You Provide Directly. This may include: (a) contact information such as your email address, if you choose to provide it or if you contact us for support; (b) information contained in communications you send to us, such as support requests, feedback or other correspondence; and (c) any other information you choose to provide via forms or interaction mechanisms on the Site. 2.2 Automatically Collected Information. When you access or use the Site, we may automatically collect: (a) device and usage information, such as IP address, browser type and version, operating system, language settings, pages visited, time and date of visits and other usage details; (b) diagnostic and performance data, such as logs relating to errors, API usage, loading times and other technical information; and (c) information collected via cookies and similar technologies, as described in Section 5 below. 2.3 Blockchain-Related Information. When you use the Services in connection with the Sonar Protocol, we may process: (a) public blockchain addresses associated with your use of Sonar; (b) strategy-related parameters (e.g., token pairs, allocation percentages, time intervals) necessary to display or track your strategies through the Site; and (c) transactional metadata such as executed trades, balances and on-chain activity used for displaying information in your dashboard. Although blockchain addresses and transactions are generally not "personal data" in the traditional sense, they may become personal information when linked or reasonably linkable to an identifiable individual. 2.4 Information from Third Parties. We may receive information about you from: (a) service providers, such as authentication vendors, analytics providers or security systems; and (b) public sources, including on-chain data, where such information is processed to provide Services features or security protections.

3. HOW WE USE INFORMATION

We may use personal information for the following purposes: 3.1 Providing and Operating the Services. To: (a) provide you with access to the Site and its functionalities; (b) display strategy, balance and transaction information relevant to your use of the Sonar Protocol; and (c) maintain and improve the reliability and performance of the Site. 3.2 Security and Fraud Prevention. To: (a) monitor for suspicious or malicious activity; (b) detect, prevent and respond to security incidents, fraud or abuse; and (c) protect the integrity of the Site and Services. 3.3 Analytics and Improvement. To: (a) analyze how the Site is used in aggregate, using logs and analytics tools; (b) understand usage trends and user flows; and (c) develop new features and improve user experience. 3.4 Communications. To: (a) respond to your inquiries, support requests or feedback; (b) send operational notices, such as changes to this Privacy Policy or the Terms of Use; and (c) send other communications where permitted by law and consistent with your preferences. 3.5 Legal and Compliance. To: (a) comply with legal obligations, regulatory requirements or law-enforcement requests; (b) exercise or defend legal claims; and (c) maintain appropriate business records. 3.6 Referral and Rewards Programs. If applicable, to administer referral or reward arrangements, including tracking eligibility and calculating rewards.

4. LEGAL BASES FOR PROCESSING (EEA/UK ONLY)

If you are in the European Economic Area ("EEA") or the United Kingdom ("UK"), our processing of your personal data is based on one or more of the following legal grounds: 4.1 Performance of a Contract. Where processing is necessary to provide the Services, including the Site's functionality and your account-level features, if any. 4.2 Legitimate Interests. For purposes such as: (a) securing and improving the Services; (b) protecting against fraud or abuse; and (c) conducting reasonable analytics and research. 4.3 Consent. Where required by law (for example, certain non-essential cookies or marketing communications), we rely on your consent. 4.4 Legal Obligations. Where processing is necessary to comply with applicable laws, such as KYC/AML requirements where applicable, tax or accounting obligations or regulatory reporting.

5. COOKIES AND SIMILAR TECHNOLOGIES

5.1 Cookies. The Site may use cookies or similar technologies to: (a) enable core functionality (such as session handling); (b) collect analytics relating to Site usage; and (c) improve security and performance. 5.2 Managing Cookies. Most browsers allow you to control cookies through their settings. If you disable cookies, some functionality of the Site may be unavailable or may not function correctly. Where required by law, we will seek your consent before placing non-essential cookies.

6. HOW WE SHARE INFORMATION

We do not sell your personal information. We may share personal information in the following circumstances: 6.1 Service Providers. We may share information with third-party vendors who perform services on our behalf, such as: (a) hosting and cloud infrastructure providers; (b) analytics and monitoring providers; (c) customer support tools; and (d) security and anti-abuse services. 6.2 Affiliates. We do not share personal information with affiliates for independent use. 6.3 Legal and Regulatory. We may disclose information where required to do so by law or where we believe such disclosure is reasonably necessary to: (a) comply with a legal obligation or request from a governmental authority; (b) protect the rights, property or safety of Echo Labs, Sonar users or the public; or (c) investigate and defend against claims or allegations. 6.4 Business Transfers. If Echo Labs is involved in a merger, acquisition, restructuring or asset sale, information may be transferred as part of that transaction, subject to obligations consistent with this Privacy Policy. 6.5 With Your Consent. We may share information with third parties when you instruct us to do so or otherwise give your consent.

7. DATA SECURITY

We implement technical and organizational security measures intended to protect personal information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. These measures may include encryption in transit, access controls, logging and regular security reviews. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the security of your devices, wallets and any credentials used to access the Services.

8. DATA RETENTION

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including: (a) to provide and operate the Services; (b) to comply with legal obligations; (c) to resolve disputes; and (d) to enforce our agreements. Retention periods may vary depending on the type of data and applicable laws. Where we no longer need personal information, we will delete it or anonymize it, unless we are required or permitted by law to retain it. Information recorded on public blockchains may be permanently stored and cannot be altered or deleted by us.

9. INTERNATIONAL DATA TRANSFERS

We may process and store personal information in countries other than the one in which you are located, including Panama, the United States, and other jurisdictions where our service providers operate. Where applicable law requires specific safeguards for international data transfers (for example, under GDPR), we will implement appropriate measures, such as standard contractual clauses or other mechanisms approved by relevant authorities.

10. YOUR RIGHTS

Depending on your jurisdiction, you may have certain rights regarding your personal information, including the right to: 10.1 Access. Request confirmation as to whether we process your personal information and, if so, receive a copy. 10.2 Rectification. Request that we correct inaccurate or incomplete personal information. 10.3 Erasure. Request deletion of personal information in certain circumstances, such as where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and no other legal ground applies. 10.4 Restriction. Request that we restrict processing under certain conditions. 10.5 Portability. Request a copy of personal information you have provided to us in a structured, commonly used and machine-readable format, to the extent technically feasible. 10.6 Objection. Object to certain processing, including processing based on legitimate interests, and to direct marketing, if applicable. 10.7 Consent withdrawal. Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of processing prior to such withdrawal. You may exercise these rights by contacting us as described in Section 13. We may need to verify your identity before responding to a request. Certain rights may be subject to limitations, for example where we are required or permitted by law to retain data.

11. ADDITIONAL INFORMATION FOR EEA/UK RESIDENTS (GDPR)

If you are located in the EEA or UK, in addition to the rights described in Section 10, you have the right to lodge a complaint with a data protection supervisory authority if you believe that our processing of your personal data infringes applicable data protection law. We encourage you to contact us first so that we can address your concerns directly, but you are not obligated to do so before contacting a supervisory authority.

12. ADDITIONAL INFORMATION FOR U.S. RESIDENTS (CCPA/VCDPA)

Use of the Site by residents or domiciliaries of the United States is prohibited under the Terms of Use. If, despite this prohibition, a U.S. resident interacts with the Site, certain rights under U.S. state laws (such as the California Consumer Privacy Act (CCPA) or Virginia Consumer Data Protection Act (VCDPA)) may apply, including: 12.1 Right to Know and Access. The right to request that we disclose what categories of personal information we collect, the purposes for which we use it, and, in some cases, the specific pieces of personal information we hold. 12.2 Right to Delete. The right to request deletion of certain personal information, subject to statutory exceptions. 12.3 Right to Correct. The right to request correction of inaccurate personal information. 12.4 Right to Non-Discrimination. The right not to receive discriminatory treatment for exercising your privacy rights. Because the Services are not intended for U.S. residents, some functionality required to honor these rights may not be directly exposed through the Site. If you believe that U.S. privacy rights apply to you and wish to exercise them, you may contact us as described in Section 13.

13. CHILDREN'S PRIVACY

The Services are not intended for or directed to children under the age of 18 (or the age of majority in your jurisdiction, if higher). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take reasonable steps to delete such information as quickly as possible.

14. CHANGES TO THIS PRIVACY POLICY

We may update or modify this Privacy Policy from time to time. When we do so, we will update the "Last Updated" date at the top of this Policy. Where changes are material, we may provide additional notice, such as through a banner or other mechanism on the Site. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the updated Privacy Policy, you must discontinue your use of the Services.

15. CONTACT US

If you have any questions or concerns about this Privacy Policy, or wish to exercise any of your rights, you may contact Echo Labs Corporation using the support channels indicated on the Site.