Supanova

Privacy Policy

Effective Date: January 20th, 2026

This Privacy Policy ("Privacy Policy") is effective from and after the date shown above, and describes how Supa, Corp (“Supa”, “Supanova”, “we”, “our” or “us”) collects, uses, shares, and otherwise processes information collected about you when you engage with our websites, and related services, including digital wallet (collectively, the "Platform") and communicate with us ("Communications").

1. The Information We Collect About You

We collect the following information in connection with your use of the Platform and Communications with us:

Basic User Data, including name, email, social media handles, and business name, when you engage with us and directly provide such information.
Device Data, including data about the type of device or browser you use, your device's operating software, your internet service provider, and your device's regional and language settings.
Service Use Data, including data about features you use, pages you visit, emails and advertisements you view, products and services you view and purchase, the time of day you browse, and your referring and exiting pages.
Location Data, including imprecise location data (such as location derived from an IP address or data that indicates a city or postal code level).
Digital Wallet Data, including your public wallet address.
Transaction Data, including information publicly available blockchain transaction data.
Content, including any content in communications with us that you provide.
Log Files, which are files that record events that occur in connection with your use of the Platform.

We also collect non-identifying aggregate information (such as the information flows related to transactions – public wallet addresses) which we may use for the exclusive purpose of improving the security, compatibility, or interoperability of the Platform.

2. Sources of Information

Directly from you. We collect information directly from you when you enter your information on our websites, establish your digital wallet using our Platform, access our content, use our Platform, engage in Communications with us, or sign up to receive emails or certain other Communications from us.
Automatically Using Online Technologies. When you engage with our website, open or click on emails we send you or related Communications, we or other third parties may automatically collect certain information about you using technologies such as cookies.
From Third Parties. We collect information from third parties, including from publicly available sources, such as the blockchain or our third-party business partners.

3. How We Use the Information We Collect About You

To provide, maintain, improve, and enhance our Platform.
Data Used: Service Use Data, Device Data, Digital Wallet Data, Transaction Data, Location Data, Log Files
To understand and analyze how our Platform is used and develop new products, services, features, and functionality.
Data Used: Service Use Data, Device Data, Digital Wallet Data, Transaction Data, Location Data, Log Files, Basic User Data, Content
To communicate with you, provide you with updates and other information relating to our Platform, provide information that you request, respond to comments and questions, and otherwise provide customer support.
Data Used: Device Data, Digital Wallet Data, Location Data, Basic User Data, and Content
To find and prevent fraud, and respond to trust and safety issues that may arise.
Data Used: Service Use Data, Device Data, Digital Wallet Data, Transaction Data, Location Data, Log Files
As necessary for integrated third-party services to function with our Platform as required for your use, swap functionality.
Data Used: Service Use Data, Device Data, Digital Wallet Data, Transaction Data, Location Data, Log Files
For compliance purposes, including enforcing our legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
Data Used: Service Use Data, Device Data, Digital Wallet Data, Transaction Data, Location Data, Log Files, Basic User Data, Content

For information on your rights and choices regarding how we use personal data about you, please seeYour Rights and Choices.

4. Automatic Information Collection Technologies

(a) Technologies Used

Cookies: Cookies are pieces of information stored on the computer or mobile device that you are using. Cookies allow us to collect information such as browser type, time spent on the Site, pages visited, registrations, submissions, demographics, information requests, language preferences, and other traffic data. With respect to how long a cookie stays on your computer or mobile device, some cookies are session cookies that expire once you close your browser while others are persistent cookies which stay on your device until you delete them, or they expire.

(b) Purpose For Using Automatic Information Collection Technologies

Functionality, Support and Security: Some of the online tracking technologies like the cookies we use are to recognize your device, to facilitate navigation, to display information more effectively, to personalize your experience, maintain the security of our Sites, manage your account, prevent crashes, fix bugs, save your preferences, and assist with basic Site functions and other performance functions.

For information about your choices related to automatic data collection technologies and your ability to opt out of certain sharing of information, please see Your Rights and Choices.

5. Sharing of Personal and Non-Personal Data

We share information we collect in accordance with the practices described in this Privacy Policy. The types of entities we may have shared information with or may share information with in the future include the following:

Third Parties Providing Services On Our Behalf. In order to make various features, services and materials available to you through the Platform, provide the Platform, and respond to your requests and inquiries, we may share information you provide with third parties that perform functions on our behalf.
Third-Party Business Partners. We share information with our partners in connection with offering co-branded services or engaging in joint marketing activities.
Blockchain Platform. When you engage in a transaction that is recorded on the Blockchain, certain information that may be considered personal data related to that transaction will be published on the blockchain and may be accessible to third parties not controlled by Supa, and will be recorded on the Blockchain permanently across a wide network of computer systems and be incapable of deletion. Many blockchains are open to forensic analysis which can lead to de-anonymization and the unintentional revelation of personal data, especially when blockchain data is combined with other data.
Business Transfers. We share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition, business combination of all or any portion of our business or assets, change of control, or a transfer of all or a portion of our business or assets to another third party (including in the case of any bankruptcy proceeding).
Legal Disclosure. Under certain circumstances, we may be required to cooperate with legal investigations and/or we may be subject to legal requirements to disclose information collected through the Platform, such as by a court or a governmental agency. We may also disclose personal data to investigate any violation or potential violation of the law, this Privacy Policy, or applicable Terms or to protect or defend the rights and property of Supa.
Consent. We share information with notice to you and your consent.

If you are a data subject in the UK or any part of the EEA, please also see paragraph 12 below entitled "Additional Disclosures for People in Europe" for additional rights information related to the above.

6. Your Rights and Choices

(a) Discontinuing Use of the Platform

You may discontinue using our Platform and uninstall our related software from any of your devices. Please also keep in mind that transactions recorded on an applicable blockchain are immutable, meaning that such information may not be deleted, regardless of your deletion of any account information from the Platform.

(b) Communications

For any type of communication please email us at the email address provided in Contact Us below.

(c) Automatic Information Collection Technologies

Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit allaboutdnt.com.
Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations. Below are links to instructions for managing cookies on commonly used browsers:
Google Chrome: support.google.com/chrome/answer/95647
Microsoft Edge: support.microsoft.com/.../delete-cookies-in-microsoft-edge
Mozilla Firefox: support.mozilla.org/.../clear-cookies-and-site-data-firefox
Safari (macOS): support.apple.com/en-us/HT201265
Please be aware that if you disable or remove tracking technologies, some parts of the Service may not function correctly. If you disable or refuse cookies, some parts of this website may then be inaccessible or not function properly.

7. Data Security and Retention

Supa uses reasonable security measures designed to prevent unauthorized intrusion to the Platform and the alteration, acquisition or misuse of personal data. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you, collected from you, or submitted by you. We will not be responsible for loss, corruption or unauthorized acquisition or misuse of information that you provide or that we collect through the Platform that is stored by us or our service providers, or for any damages resulting from such loss, corruption or unauthorized acquisition or misuse.

Once the purpose of processing is fulfilled, we retain personal data for no longer than the applicable statutory limitation period. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will delete or anonymize personal data once the applicable retention period has expired.

Note that blockchains are designed by default to permanently record information across a wide network of computer systems; therefore, while we commit not to store immediately identifiable personal data, some pseudonymized information will be stored across the Blockchain and therefore it will not be possible to delete such information.

8. Children’s Privacy

The Platform is not directed towards, nor was it designed to attract the attention of any children, and we do not knowingly collect or maintain personal data from any person under the age of fourteen.

9. Changes to This Privacy Policy

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Platform indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your email address, by informing you about such changes through our website and/or via other channels we may use to communicate with you.

10. Contact Us

Please contact us at hello@supanova.app if you have any questions or concerns about this Privacy Policy.

11. Accessibility

To print a copy of this Privacy Policy, please click here. If you are still experiencing difficulty accessing our terms of service, this privacy policy, or information that we provide on our Platform, please contact us.

12. Additional Disclosures for Data Subjects in Europe

(a) Roles

GDPR and data protection laws in Europe distinguish between organizations that process personal data for their own purposes (known as "controllers") and organizations that process personal data on behalf of other organizations (known as "processors"). Supa acts as a data controller with respect to personal data collected as you interact with our Platform.

(b) Lawful Basis for Processing

GDPR and data protection laws in Europe require a "lawful basis" for processing personal data. Our lawful bases include the following:

To fulfill obligation in the contract between you and Supa. When you agree to the Terms, you and Supa entered into an agreement for us to provide you with limited rights and access to the Platform and we must process certain information to fulfill our obligations with respect to providing the underlying services to you under such agreement. Data processed under this legal basis includes Digital Wallet Data, Log Data, Transaction Data and other aggregated and encrypted.
To pursue our legitimate interests. We rely on legitimate interests pursued by us to process your information, including understanding how our Platform is functioning, improving our Platform, developing new products and preventing fraud. Information we will use include Service Use Data, Log Data and Device Data. Our legitimate interests do not override your fundamental rights and freedoms, and you can always exercise your right to object to such processing.
With your consent. In limited circumstances, we rely on your consent in order to process information. You may always revoke consent at any time. Information we collect with your consent relates to Basic User Data like your email or contact information that you may provide to us to receive our newsletter or other requested Communications.
To comply with law. In limited circumstances, we may process information in order to comply with legal obligations. To the extent we have received such information from third parties where we have agreed to contractual requirements such as standard contractual clauses, we will use our reasonable efforts to dispute making such disclosures unless legally required to do so.

(c) Data Transfer

If GDPR applies and your data is transferred outside UK or the EEA to the United States or any other country, we will transfer your personal data subject to appropriate safeguards, such as an adequacy decision by the European Commission on the basis of article 45 the GDPR, or "Standard Contractual Clauses" as provided from time to time by the European Commission.

(d) Your Data Subject Rights

Your Rights to Your Information. If you are a data subject according to the GDPR, subject to certain conditions you have the right to: (A) access, rectify, or erase any personal data we process about you; (B) data portability, asking us to transfer to any third party at your choice (C) restrict or object to our processing of personal data we process about you and (D) where applicable, withdraw your consent at any time for any data.
How to Exercise Your Rights. You may exercise your rights by submitting a written request to us at the email address set out in paragraph 10 above entitled "Contact Us". We will respond to your request within thirty (30) days. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
When Information May Be Retained. Please note that we retain information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use information even after a data subject request for purposes including to perform under the contract, as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

(f) Complaints

If you have a complaint about our use of your personal data or response to your requests regarding your personal data, you may submit a complaint to the "Data Protection Supervisory Authority" in your jurisdiction. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us.