AmanFi PRIVACY POLICY

Your Privacy Rights and How We Protect Your Data

Effective Date: January 24, 2026

1. INTRODUCTION

Welcome to AmanFi (also known as Aman Finance). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains in clear, simple language what information we collect, why we collect it, how we use it, and what rights you have regarding your data.

This Privacy Policy applies to all users of AmanFi services, including our Decentralized Banking-as-a-Service platform, AmanFi Cards, community membership programs, and related services. By using AmanFi, you agree to the collection and use of information as described in this Privacy Policy.

Important: This Privacy Policy is designed to comply with the European Union's General Data Protection Regulation (GDPR) and other applicable data protection laws. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights regarding your personal data as outlined in this policy.

2. WHO WE ARE (DATA CONTROLLER)

AmanFi is the data controller responsible for your personal information. This means we decide how and why your personal data is processed. You can contact us at:

Website: https://www.aman.finance
Email: info@aman.finance

3. WHAT INFORMATION WE COLLECT

We collect different types of information to provide and improve our services. Here's what we collect and why:

3.1 Information You Give Us Directly

Account Registration Information

When you create an AmanFi account, we collect:

Full name
Email address
Other information as disclosed

Know Your Customer (KYC) Information

For certain services that require KYC information, we collect identity verification documents:

Government-issued ID (passport, driver's license, or national ID card)
Proof of address (utility bill, bank statement)
Selfie or photograph for identity verification
Tax identification number (where required by law)
Source of funds information
Other disclosed requested information

Financial Information

Cryptocurrency wallet addresses
Transaction history and payment information
Maal coin holdings and staking records
Card usage data (purchases, top-ups, balances)

Community and Partner Information

Partner level (Standard, Professional, Elite)
Referral relationships and community structure
Reward earnings and distribution records
Communication preferences

Communications

Messages you send to our support team
Feedback and survey responses
Communication with other users (where applicable)

3.2 Information We Collect Automatically

Device and Technical Information

IP address and location data
Device type, operating system, and browser information
Unique device identifiers
Mobile network information
Time zone settings and language preferences

Usage Information

Pages you visit on our platform
Features you use and how you interact with our services
Time spent on different pages
Search queries within the platform
Error logs and performance data

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Cookies are small files stored on your device that help us remember your preferences and improve our services. You can control cookies through your browser settings. For more details, see Section 8 (Cookies and Tracking).

3.3 Information from Third Parties

We may receive information about you from:

Identity verification services: KYC/AML screening results and verification status
Payment processors: Transaction confirmations and payment status
Card issuers: Card usage and transaction data
Blockchain networks: Public transaction records for cryptocurrency transfers
Analytics providers: Aggregated usage statistics
Referral partners: Information about users who join through referrals

4. HOW WE USE YOUR INFORMATION

We only use your personal information for specific, legitimate purposes. Here's what we do with your data and our legal basis for doing so (as required under GDPR):

4.1 To Provide Our Services (Contractual Necessity)

Create and manage your account
Process transactions and issue AmanFi Cards
Calculate and distribute rewards
Manage your staking contracts and MAAL tokens
Track your partner level and community structure
Provide customer support and respond to your inquiries

4.2 To Comply with Legal Obligations

Respond to legal requests from authorities
Maintain records as required by financial regulations
Enforce our Terms of Service and investigate violations

4.3 For Our Legitimate Interests

Improve and optimize our platform and services
Detect and prevent fraud, security breaches, and illegal activities
Analyze usage patterns to enhance user experience
Develop new features and services
Conduct internal research and analytics
Protect our rights, property, and safety, and that of our users
Monitor and improve platform security

4.4 With Your Consent

Send you marketing communications about AmanFi services (you can opt out anytime)
Use cookies and tracking technologies (where consent is required)
Share your information with third parties for specific purposes you've agreed to
Use your testimonials or feedback publicly (with your permission)

5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information to anyone. However, we may share your information with trusted third parties in the following situations:

5.1 Service Providers

We work with third-party companies that help us operate our business:

Payment processors: To process card transactions and cryptocurrency transfers
KYC/AML providers: To verify your identity and comply with regulations
Cloud hosting providers: To store data securely
Customer support platforms: To respond to your questions
Analytics services: To understand how users interact with our platform
Email and communication services: To send you notifications and updates

These service providers are contractually obligated to protect your information and can only use it for the specific purposes we authorize.

5.2 Business Partners

Service providers: For account opening and additional services
Card issuers: Mastercard and VISA network partners for card services
Cryptocurrency exchanges: For Maal coin transactions

5.3 Within Your AmanFi Community

Limited information about your partnership status (such as your partner level and position in the community structure) may be visible to other members of your AmanFi community for the purpose of tracking referrals and calculating rewards. We do not share your personal identification documents, financial details, or contact information with other community members without your explicit consent.

5.4 Legal and Regulatory Requirements

We may disclose your information when required by law or to:

Comply with legal obligations, court orders, or government requests
Respond to subpoenas or legal processes
Cooperate with law enforcement investigations
Protect our rights, property, or safety
Prevent fraud or illegal activities

5.5 Business Transfers

If AmanFi is involved in a merger, acquisition, sale of assets, or bankruptcy, your personal information may be transferred to the new owner. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5.6 With Your Consent

We may share your information with other parties when you give us explicit permission to do so.

6. INTERNATIONAL DATA TRANSFERS

AmanFi operates globally, and your information may be transferred to, stored, and processed in countries outside the European Economic Area (EEA), including countries that may not have the same data protection laws as your country.

When we transfer your data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We use EU-approved contracts with our service providers
Adequacy decisions: We transfer data to countries recognized by the EU as providing adequate protection
Binding Corporate Rules: For transfers within corporate groups
Your consent: Where applicable, we obtain your explicit consent for data transfers

You have the right to request information about the safeguards we use for international transfers. Please contact our Data Protection Officer for details.

7. HOW LONG WE KEEP YOUR INFORMATION

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods

Account information: Retained while your account is active and for 7 years after account closure (for legal and regulatory compliance)
Transaction records: Retained for 7 years after the transaction (financial regulations requirement)
KYC documents: Retained for 7 years after account closure (AML/CTF requirements)
Marketing data: Retained until you opt out or for 3 years of inactivity
Support communications: Retained for 3 years after resolution
Technical logs: Retained for 90 days for security and troubleshooting
Staking contracts: Retained for the duration of the 5-year staking period plus 7 years

After the retention period expires, we securely delete or anonymize your personal information so that it can no longer identify you.

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website or use our app. They help us recognize you, remember your preferences, and improve your experience.

8.2 Types of Cookies We Use

Essential cookies: Required for the platform to function (e.g., login sessions, security)
Performance cookies: Help us understand how you use our platform to improve performance
Functionality cookies: Remember your preferences and settings
Marketing cookies: Track your activity to deliver relevant advertisements (only with your consent)

8.3 Managing Cookies

You can control cookies through your browser settings or our cookie consent tool. Please note that disabling essential cookies may affect platform functionality. Most browsers allow you to:

View what cookies are stored and delete them individually
Block third-party cookies
Block all cookies
Delete all cookies when you close your browser

9. YOUR PRIVACY RIGHTS (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following rights under GDPR. These rights are not absolute and may be subject to certain conditions:

9.1 Right to Access

You have the right to request a copy of the personal information we hold about you. We will provide you with a copy of your data in a commonly used electronic format within 30 days of your request.

9.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal information. You can update most information directly through your account settings.

9.3 Right to Erasure

You have the right to request deletion of your personal information in certain circumstances. We may need to retain some information to comply with legal obligations.

9.4 Right to Restriction

You have the right to request that we restrict processing of your personal information in certain situations. We will store but not use the data during the restriction.

9.5 Right to Portability

You have the right to receive your personal information in a structured, commonly used format and request transfer to another provider.

9.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Where we rely on your consent, you have the right to withdraw that consent at any time without affecting prior lawfulness.

9.8 Right to Lodge Complaint

You have the right to lodge a complaint with your local data protection authority regarding violated privacy rights.

9.9 How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at info@aman.finance. We will respond within 30 days. We may need to verify your identity before processing.

10. SECURITY OF YOUR INFORMATION

We take the security of your personal information very seriously and implement industry-standard measures to protect it.

10.1 Technical Security Measures

Encryption: All data transmitted is encrypted using TLS/SSL protocols
Data encryption at rest: Sensitive data is encrypted when stored
Secure servers: Hosted in secure, access-controlled facilities
Firewalls and intrusion detection: Constant monitoring for unauthorized access
Regular security audits: Periodic assessments and penetration testing
Password protection: Passwords are hashed and salted

10.2 Organizational Security Measures

Access controls: Need-to-know access for authorized personnel
Employee training: Regular data protection and security training
Confidentiality agreements: Mandatory for all employees and contractors
Incident response plan: Fast response procedures for security incidents

10.3 Your Responsibility

Choose a strong, unique password
Enable two-factor authentication (2FA)
Never share account credentials
Log out after using shared devices
Report suspicious activity immediately

10.4 Data Breach Notification

In the unlikely event of a data breach that poses a risk, we will notify you and relevant authorities within 72 hours, as required by GDPR. We will inform you of the nature, consequences, and measures being taken.

11. CHILDREN'S PRIVACY

AmanFi services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you discover we have inadvertently collected information from a child, please contact us at info@aman.finance for immediate deletion.

12. THIRD-PARTY LINKS AND SERVICES

Our platform may contain links to third-party services not operated by AmanFi. This Privacy Policy does not apply to those services. When you use integrated services (e.g., GCB Fintech, GCEX), those services collect information independently governed by their own policies.

13. CHANGES TO THIS PRIVACY POLICY

We may update this policy periodically. Material changes will be notified via:

Posting updated policy with new "Effective Date"
Email notification (if provided)
Displaying prominent notice on our platform

14. AUTOMATED DECISION-MAKING AND PROFILING

We use automated systems for:

Fraud detection and suspicious activity flagging
Risk assessment and compliance
Personalization and marketing targeting

You have the right to human review for decisions with significant effects.

15. MARKETING AND COMMUNICATIONS

Transactional: Essential messages (cannot opt out)
Service updates: Policy or feature changes
Marketing: Promotional offers (can opt out via "unsubscribe" or settings)

16. CONTACT INFORMATION

For any questions, concerns, or requests regarding this policy, please contact us at info@aman.finance. We aim to respond within 30 days.

17. SUPERVISORY AUTHORITY

If not satisfied with our handling of your data, you can lodge a complaint with your local supervisory authority:

EU Data Protection Authorities: edpb.europa.eu
UK Information Commissioner's Office (ICO): ico.org.uk
Swiss Federal Data Protection and Information Commissioner: edoeb.admin.ch

18. ACKNOWLEDGMENT

By using AmanFi services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.

Your privacy matters to us. We are committed to protecting your personal information and being transparent about our data practices.

Last Updated: January 24, 2026

This Privacy Policy complies with GDPR and European data protection standards.