Effective Date: 20 Nov 2024

This Privacy Policy (“Policy”) sets forth the terms under which Trest.AI (“we,” “us,” or “our”) collects, processes, uses, and discloses personal information in connection with the use of our website and services.

By accessing and using our website (the “Site”) and mobile application (the “App”), users engage with our services (the “Service”), which facilitate the tracking of cryptocurrency portfolio performance and the calculation of related capital gains and losses.

This Privacy Policy applies to the Site, the App, and the Service (collectively, the “Services”) provided by Trest.AI and its affiliates. For the purposes of this Policy, “Trest.AI Affiliates” refer to Trest.AI and any entities that Trest.AI directly or indirectly controls.

Before using the Service or submitting any personal information to Trest.AI, please review this Privacy Notice carefully and contact us if you have any questions. By using the Services, you agree to the practices described in this Privacy Notice. If you do not agree to this Privacy Notice, please do not access the Site or otherwise use the Services. This Privacy Notice is incorporated into and forms part of our Terms of Use.

For any inquiries regarding this Policy, please contact us before submitting any personal information.

1. Information We Collect

1.1. Personal Information: We may collect personal information that you provide to us when you register for an account, use our services, or communicate with us. This may include these details;

1. Identification Information: We collect your first name, lastname, email address, mobile phone number, and your Trest.AI password.
2. Cryptocurrency Information: We collect the API key and API secret for each cryptocurrency exchange market you connect to the Services and the associated transaction history including the dates and amounts of each transaction. This is require you to enter your exchange market API credentials to activate an integration, otherwise we will not collect API credentials mentioned at this item.
3. Financial Information: Our payment provider partner(s) will collect the financial information necessary to process your payments, such as your payment card number and authentication details. However, we do not store payment card information on our servers.
4. Communication Information: We may collect information when you contact us with questions or support tickets or concerns and when you voluntarily respond to surveys, or requests for research asking your opinion and feedback.
5. Other Information: You may provide us with additional information through a web form or by updating or adding information to your Trest.AI account, by participating in community discussions, member chats, surveys, inquiries, dispute resolution, notes, or if you contact us for any other reason regarding our Services.

1.2. Usage Information: We may collect information about your use of our website and services, such as your IP address, device information, and browsing activity.

1. Device Information: The manufacturer and model, operating system, IP address, and unique identifiers of the device, as well as the browser you use to access the Service. The information we collect may vary based on your device type and settings.
2. Usage Information: We use Google Analytics to collect information about how you use our Services, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities.
3. Location Information: We may collect a rough estimate of your location from your IP address when you use our Services.

1.2. Local Information: We may use local storage technologies such as cookies and local databases on your browser to provide better user experience on our services.

1. Cookies: Text files stored on your device to uniquely identify your browser or to store information or settings in the browser to help you navigate between pages efficiently, remember your preferences, enable functionality, help us understand user activity and patterns, and facilitate online advertising.
2. Local Storage Objects: Similart to the cookie functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
3. Location Information: We may collect a rough estimate of your location from your IP address when you use our Services.

2. Use of Information

We may use the information we collect for the following purposes:

1. To provide and improve our services.
2. To verify the information you provided through our third-party SMS service provider.
3. Track your cryptocurrency portfolio's performance and help calculate related profits and losses.
4. To communicate with you about your account and transactions.
5. To personalize your experience and provide tailored content and recommendations.
6. To analyze usage trends and enhance the security and functionality of our website and services.
7. Process transactions through our third-party payment processors.

3. Disclosure of Information

We do not sell, rent, license, or lease your personal information to third parties. However, we may disclose your personal information to third parties in the following circumstances:

1. To comply with legal obligations or respond to lawful requests from government authorities.
2. Payment service providers to process your Trest.AI payments.
3. SMS service providers to provide 2FA security.

4. Data Security

We implement commercially reasonable technical, administrative, and physical security measures to safeguard your personal information from unauthorized access, use, disclosure, or alteration.

1. Network Security: We employ advanced network security protocols to protect against unauthorized access, cyber threats, and data breaches.
2. Data Encryption: All personal data is encrypted using industry-standard encryption methods, ensuring its confidentiality and integrity.
3. Physical Security: Our data centers are secured with strict access controls, limiting entry to authorized personnel only.
4. Access Controls: We enforce stringent access restrictions, ensuring that only employees or contractors with a legitimate business need can access sensitive data.
5. Security Updates: Our security measures are regularly reviewed, updated, and tested to mitigate evolving cyber threats.
6. Employee Training: Personnel handling personal information undergo regular training on data protection laws, cybersecurity, and best practices.
7. Incident Response: We maintain a formal incident response plan to promptly detect, investigate, and mitigate security breaches, with appropriate notifications in compliance with applicable laws.

While we take all reasonable precautions to protect your personal data, no system can be guaranteed 100% secure. By using the Services, you acknowledge that you assume the risks associated with data transmission and storage.

5. Data Retention

We, along with our service providers, retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable laws and regulations. Our retention practices are as follows:

1. Retention Period: We retain personal data for the duration necessary to provide our Services and comply with legal, regulatory, or contractual obligations. If data processing is based on consent (including consent for extended storage), we retain the data as long as necessary to fulfill the stated purpose.
2. Deletion or Anonymization: Upon expiration of the applicable retention period, we will securely delete or anonymize your personal data in a manner that prevents re-identification.
3. Extended Retention: Certain circumstances may require us to retain personal data for extended periods, including but not limited to:
   1. Compliance with tax, accounting, or regulatory requirements
   2. Fraud prevention, security investigations, and risk management
   3. Fulfillment of legal claims, dispute resolution, or law enforcement requests
4. Legal Basis: Any extended retention of data will be based on a legitimate legal ground, ensuring compliance with applicable laws.
5. Data Minimization: We ensure that only the necessary and relevant data is retained for the specified purposes.
6. Right to Erasure: You have the right to request the deletion of your personal data under applicable laws, subject to certain legal exceptions.
7. Transparency: Upon request, we will provide information regarding the retention periods applicable to different categories of personal data.

We are committed to responsible data management and ensuring that your personal information is processed in accordance with applicable privacy laws throughout its lifecycle.

6. Third-Party Services

Our website and services may contain links to third-party websites or services that are not owned or controlled by Trest.AI. Here are the list of third parties who provide services to Trest.AI;

1. Stripe Inc, a global payment service provider.
2. Twilio Inc, a global SMS service provider.
3. Alphabet Inc, a global technology company provides multiple technolgy infrastructures.
4. Digital Ocean LLC, a global technology company provides multiple technolgy infrastructures.

We are not responsible for the privacy practices or content of such third parties.

7. Children's Privacy

Our website and services are not directed to children under the age of 18. We do not knowingly collect personal information from children under the age of 18 without parental consent.

8. Your Rights

As a data subject, you may have certain rights regarding the collection and processing of your personal data, in accordance with applicable data protection laws. To exercise any of these rights, please contact us through the designated contact page.

1. Right of Access: You have the right to request confirmation as to whether we process your personal data and, if so, to obtain a copy of the data we hold about you.
2. Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request its correction or update.
3. Right to Erasure (“Right to Be Forgotten”): Under certain circumstances, you may request the deletion of your personal data. This right is subject to legal obligations that may require us to retain certain data.
4. Right to Restrict Processing: You may request that we limit the processing of your personal data in specific situations, such as when you contest its accuracy or object to its processing.
5. Right to Data Portability: Where applicable, you may request to receive your personal data in a structured, commonly used, and machine-readable format, or request that we transfer it to another organization.
6. Right to Withdraw Consent: If we rely on your consent to process personal data, you have the right to withdraw your consent at any time.
7. Right to Object: If we process your data based on legitimate interests, you have the right to object to such processing unless we demonstrate compelling legitimate grounds to continue.

You may withdraw your consent for the processing of your personal data at any time, using the following methods:

1. Updating your preferences in your account settings
2. Clicking the “unsubscribe” link in our marketing communications
3. Contacting us directly

Please note that withdrawing consent:

1. Does not affect the lawfulness of processing conducted before withdrawal
2. Does not impact processing based on other lawful grounds (e.g., contractual or legal obligations)
3. May affect our ability to provide certain services that require your consent

We will process your request promptly and, in any case, within one month of receipt. If you are dissatisfied with our handling of your personal data, you have the right to lodge a complaint with the relevant data protection authority.
For further inquiries or to exercise any of your rights, please contact us using the details provided in our Privacy Notice.

9. Data Breach

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach, in accordance with applicable data protection laws. Such notification will include, at a minimum:

1. A description of the nature of the personal data breach, including, where possible, the categories and approximate number of affected individuals and data records.
2. The name and contact details of our Data Protection Officer (if applicable) or another designated contact point for further information.
3. A description of the likely consequences of the personal data breach.
4. A description of the measures taken or proposed to address the breach, including any actions to mitigate its potential adverse effects.

Where direct notification would require disproportionate effort, we will issue a public communication or use other equally effective means to inform affected individuals. If the breach is unlikely to result in a risk to your rights and freedoms, we may not notify you directly but will document the breach internally and report it to the relevant supervisory authority, where required by law.

We maintain a comprehensive incident response plan and regularly review our security measures to ensure a swift and effective response to any security incidents involving personal data.

10. Changes to this Policy

We reserve the right to amend or update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or operational needs. Any modifications will become effective immediately upon posting on our website, unless otherwise required by applicable law.

Your continued use of our website or services following the posting of an updated Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this Policy periodically to stay informed about how we protect your personal data. If any material changes are made, we will take reasonable steps to notify you in accordance with applicable legal requirements.

11. Contact Us

If you have any questions or concerns about this Policy, please contact us at our contact page.