How We Share Your Information

We understand the importance of keeping your personal data private. We do not sell your personal information to third parties for their own marketing or other independent use (Privacy Policy | Cicada Wallet). However, we do share information about you in certain specific circumstances, as outlined below, and always in accordance with applicable law:

Service Providers and Partners: We employ trusted third-party companies and individuals to perform functions and provide services to us (e.g., cloud storage providers, identity verification services, analytics services, email service providers, smart contract auditors, and customer support tools). These third parties will have access to personal data only as needed to perform their functions on our behalf and are contractually obligated to maintain the confidentiality and security of your data. For example:

• We may use cloud infrastructure (like AWS or others) to host our platform and data. Your personal data (such as database information or images you upload) may be stored on their servers, but they do not have the right to access it except as needed for maintenance or as required by law.

• If we run KYC checks via a third-party verification company, the personal data you submit (like ID documents) will be transmitted to that provider purely for verification purposes. They will return a result (verified/not verified, risk indicators, etc.) to us. Those providers are bound by data protection agreements and may not use your info for any other purpose.

• We may share your blockchain address or transaction details with third-party analytics or compliance services (for instance, to screen for illicit activity). Those parties can see the public blockchain information and any risk analysis they generate, which they share with us for compliance decisions. They are not permitted to use that data for other clients in a way that identifies you personally (beyond the public nature of an address).

• Our email/newsletter provider will have your email if you signed up for newsletters. They help us send the emails but cannot spam you or use your email beyond our instructions.

All such service providers are required to handle your data in compliance with this Policy and applicable privacy laws. They are typically bound by data processing agreements to ensure your data remains protected (for example, they must implement appropriate security measures and only process data as we instruct and as necessary for the job) (Privacy Policy | Cicada Wallet).

Legal Compliance and Safety: We may disclose your personal data when we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation: This includes complying with court orders, subpoenas, warrants, or other legal process served on us, and meeting regulatory reporting requirements (for example, fulfilling a request from the Monetary Authority of Singapore or the U.S. Securities and Exchange Commission if they have jurisdiction).

• Cooperate with Law Enforcement or Regulators: If a law enforcement agency or a government regulator (e.g., FinCEN, MAS, IRS, or PDPC) requests information and we consider the request to be lawful and appropriate, we may provide the requested data. We will evaluate each request carefully and only provide information within the scope of the request.

• Protect Vital Interests: In rare cases, we might share information to protect someone’s life, physical integrity, or safety. For instance, if we suspect someone is in immediate danger based on information we have, we might alert authorities.

• Enforce our Rights: We may disclose data to enforce our Terms of Use, to investigate potential violations, or to detect, prevent, or address fraud, security, or technical issues. For example, if necessary, we could share relevant data with attorneys or forensic specialists for addressing a breach or with investigators to handle an incident.

We will endeavor to notify you if we are required to hand over your personal information in response to a legal demand, unless we are prohibited by law or court order from doing so, or the request is an emergency. In cases where legal requests are overly broad or don’t have proper authority, we may object to or seek to narrow such requests.

Protection of Rights, Property, and Others: In addition to legal compliance, we may share personal information with third parties (such as law enforcement, regulators, other platforms, or impacted individuals) if we believe it is necessary or appropriate to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Use. For instance, if a user is found to be attempting to hack the platform or commit fraud, we might share relevant information with other platforms or authorities to help prevent further harm (Privacy Policy | Cicada Wallet). Similarly, if someone’s rights (like intellectual property or privacy) are being violated via our Service by a user, we may provide information to the injured party or competent authority consistent with applicable law.

Business Transfers: If CICADA Finance or its parent company undergoes a business transaction such as a merger, acquisition, corporate restructuring, or sale of some or all of our assets, your personal data may be disclosed to the prospective seller or buyer and ultimately transferred to the new owner as part of that transaction (Privacy Policy | Cicada Wallet). We will ensure that any such transfer is subject to your personal data being treated in accordance with this Policy (unless, of course, you consent otherwise). For example, if our company is acquired, the user database (including personal data) would likely be one of the assets transferred. The new entity would be bound to the promises we have made in this Privacy Policy with respect to your personal data, unless you agree to a new policy. If a bankruptcy or reorganization proceeding is initiated by or against us, your information may be considered an asset of the company that could be sold or transferred to third parties.

Affiliated Companies: We may share personal data with businesses that are legally part of the same group of companies that CICADA Finance is part of, or that become part of our group (“affiliates”). Affiliated companies may only use the personal data in line with the purposes already described in this Privacy Policy (for example, helping to provide or improve the Services). If our affiliates have access to your information, they will follow practices at least as restrictive as the practices described in this Policy.

With Your Consent: Apart from the cases listed above, we will obtain your consent before sharing your personal data with third parties. For example, if we ever want to publish user testimonials with personal information, or share your info with a partner for their direct marketing, we would only do so with your explicit consent. You are free to revoke such consent at any time.

Aggregated or De-Identified Data: We may share data that has been aggregated or anonymized in such a manner that it can no longer be associated with any identifiable individual. Such data is not considered personal data and may be used for various purposes such as market analysis, research, or improving our services. For instance, we might publish trends or insights (e.g., “X% of our users engage in Y activity”), but those reports will not contain any information that could identify you personally.

We do not share your personal data with third parties for their own marketing purposes, nor do we engage in selling personal information to data brokers. If our data-sharing practices change in the future, we will update this Privacy Policy and provide any required notices or opt-in mechanisms.