III. Security and Confidentiality

We employ industry-standard firewalls and encryption systems to safeguard platform data. Technical and organizational measures are implemented to prevent data loss, misuse, unauthorized access, disclosure, alteration, or destruction.

CICADA commits to not selling, renting, or misusing user information.

We share information only in the following circumstances:

• With Affiliates: For intra-group compliance, technical, and risk management sharing.

• With Service Providers: Such as identity verification, cloud storage, smart contract auditing, analytics, and legal counsel.

• Legal Obligations: When required by regulators or courts under applicable law.

• Asset Transactions: In the event of a merger, reorganization, or acquisition involving CICADA, user information may be transferred as an asset.

• Public Blockchain Data: Your transactions and addresses may be publicly visible.

• With User Consent: For participation in specific projects, airdrops, or collaborative activities.

All third parties are bound by data protection agreements, limiting data use to specified purposes.

CICADA retains data in accordance with legal and compliance requirements, typically as follows:

• KYC/Compliance Data: 5–7 years (or as mandated by local regulations);

• Transaction and Blockchain Interaction Records: Permanently stored on-chain (non-deletable);

• System Logs and Security Audit Data: 12–24 months;

• Communication and Customer Service Records: 3 years.

Upon expiration, CICADA will anonymize or delete data as appropriate.