Privacy Policy

WHAT YOU CAN FIND IN THIS PRIVACY POLICY?

This Privacy Policy describes how CUBE AI collects, uses, discloses and otherwise processes your information as defined in this Privacy Policy below. CUBE AI is dedicated to ensure that the data processing performed by CUBE AI is compliant with applicable data protection laws.

This Privacy Policy applies to the information that we collect from you when you interact with us online, otherwise communicate with us about our products and services and in other cases as described in this Privacy Policy, including when you:

• visit our website https://www.cube3.ai/ (the “Website”);
• use the CUBE AI Cloud Services, as defined in our Terms of Service, as a customer or an authorized User of a customer (for example, as an employee of one of our customers who provided you with access the CUBE AI Cloud Services);
• operate in the financial market as described in this Privacy Policy, and your data is processed for the purposes of providing our Services; or
• communicate with us by email, telephone or otherwise.

The Website and the CUBE AI Cloud Services, as well as other products provided by CUBE AI, are referred to as the “Services.”

Cube Security, Inc. an entity incorporated in the United States of America, with registered address at 3000 El Camino Real, Building 4, Suite 200, Palo Alto, California, 94306, United States of America, is the controller of the personal data that CUBE AI collects through the Services or otherwise as described in this Privacy Policy, except that with respect to customers and prospects who contact, or procure the CUBE AI Cloud Services from, as well as other data subjects located in the European Union, Cube Security Europe, UAB, the controller of your Personal Data is Cube Security Europe, UAB, an entity incorporated in the Republic of Lithuania, company code 306082740, with offices located at Kaunas, Chemijos str. 15, LT-51332, Republic of Lithuania. For the purposes of this Privacy Policy, Cube Security, Inc. and Cube Security Europe, UAB are further referred to as CUBE AI.

This Privacy Policy does not apply to certain data that our customers upload to the CUBE AI Cloud Services, or that customers otherwise provide or make available to us for processing in connection with their use of the CUBE AI Cloud Services, and that is governed by our Terms of Service. For more information, please see the “CUBE AI Cloud Services” section of this Privacy Policy. If you have questions about the information practices of a customer of ours that uses the CUBE AI Cloud Services, please contact that customer directly.

THE INFORMATION WE PROCESS AND HOW WE PROCESS IT

The information we collect, and how we use and disclose it, depends on the context of your interactions with us, among others, on the Services you use. As explained below, we collect some of this personal information when you provide it directly to us, or when we receive it from third parties. We also collect certain information ourselves, e.g., when you use and interact with the Services.

Information You Provide Directly

When you use the Services, or contact us by phone or email, we collect personal information that you choose to share with us, which may include information falling within the following categories:

• personal and contact details such as your name, mailing address, email address, and phone number;
• account and profile information such as your username and password,
• business information such as your company name and job title/position;
• payment and billing information;
• information that you choose to share when you fill out and submit contact forms that we make available through the Services; and
• information that you choose to share when you use online chat functionality that we make available through the Services, or otherwise communicate with us through the Services, which may be recorded by or through third-party service provider(s) who act on our behalf and at our express direction.

Information We Receive from Third Parties

We may also collect information about you from other sources, including third-party data providers, social media platforms, and publicly available information such as commercial registers.

Certain publicly available information may be relevant when assessing risks associated with virtual asset service providers (VASPs), particularly where individuals act as shareholders, ultimate beneficial owners, or senior executives. Our Service supports this process by reviewing publicly accessible sources to provide insights necessary for risk evaluation. The information considered is strictly limited to what is publicly available and may include details such as full legal name, professional titles and positions, the name of the entity where the position is held, date of birth, nationality, appointment and resignation dates, ownership percentage, shareholding details (type, size, direct or indirect ownership), and any holding entity.

As part of our Services, we may utilise publicly available information to assist in detecting and preventing fraudulent activities, including the misuse of accounts in financial transactions. This process may involve reviewing publicly accessible sources to identify indicators of suspicious or unlawful activity. The types of information that may be processed include payment-related identifiers, cryptocurrency wallet addresses, and bank account details (such as account holder name, account number, routing number, and financial institution). We may also process associated metadata, such as the source platform, category of suspected activity, and date of interaction.

Information We Collect Automatically

When you use the Services, we collect some information automatically about you which may include:

• information about your computer or mobile device, such as IP and MAC address, operating system, browser type, and information about your mobile network and internet connection;
• usage and clickstream information, such as pages visited and features used; referring URLs; content you consume through the Services; mouse movements, clicks, and text entered; time spent using the Services and features thereof, and other details of your actions on the Services, which may be collected by or shared with our third-party service provider(s) to analyze and organize collected data on our behalf and at our express direction;
• transactional information, including information about purchases you make through the Services, such as product or service descriptions, price, subscription details, and times and dates of transactions;
• communications information, including the contents of communications you have through the Services, such as when you use the “Chats” feature on the Website or in CUBE AI Cloud Services;
• information collected in connection with third-party analytics technologies, such as Google Analytics (for more information on Google Analytics, including how Google Analytics collects, uses, and discloses information, please visit www.google.com/policies/privacy/partners/); and
• information about your location, including your approximate geographic location as indicated by your device's IP address.

We collect some of this information through cookies and other similar technologies. For more information, see the “Our Use of Cookies and Other Tracking Technologies” section of this Privacy Policy.

Where publicly available information is used to assist in detecting and preventing fraudulent activities, including the misuse of accounts in financial transactions (as described above), certain interactions may be carried out through automated processes. These processes can include the use of advanced language-based systems to engage with suspected fraudulent actors for the purpose of confirming relevant details, such as payment identifiers. Information obtained through these interactions, along with supporting evidence (for example, conversation records), is securely stored within the platform to support fraud detection and risk assessment.

Information we Collect Through the Operation of the CUBE AI Cloud Services

The CUBE AI Cloud Services are used by our customers to detect, protect against, and manage threats affecting digital assets on the blockchain, such as smart contracts, wallets, and cryptocurrency and other blockchain transactions as part of those customers' cybersecurity, fraud prevention, and regulatory compliance efforts.

To that end we collect, and customers of the CUBE AI Cloud Services submit to us, blockchain- and cryptocurrency-related information. This information may include cryptocurrency wallet and smart contract addresses and blockchain transaction information (such as transaction hashes). We may also combine the information that customers submit to the CUBE AI Cloud Services with information we collect from other sources, such as information available on publicly accessible transaction ledgers and blockchains, or information we obtain from third-party sources relating to an address's association with known or suspected fraudulent, criminal, or other malicious actors or activities.

We use this information to determine the level of risk of an address or a transaction being involved or associated with fraud, the commission or alleged commission of a criminal offence, or other malicious activity. And we inform our customers of this risk level. Customers can then deal with that address or transaction as they wish, having regard to its risk level.

Some data processed by CUBE AI when providing the CUBE Cloud Services may be processed by CUBE AI as a “data processor” on behalf of the customer, and pursuant to a data processing agreement between CUBE AI and the customer. Such processing will be governed by CUBE AI's agreement with the customer, and not by this Privacy Policy. Information on how the customer further processes personal data as a data controller will be further available on its respective website.

OUR USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies as described in this section to track the activity on the Services and collect and analyze information about your use of the Services. The tracking technologies used may also include beacons, tags, and scripts. We use Cookies and these other technologies to collect and track information and to improve and analyze Our Services, and to provide You with relevant content, including targeted advertising.

• Cookies (or mobile cookies). We use cookies and similar technologies in connection with the Services to store and honor your preferences and settings, enable you to sign-in, provide interest-based advertising, combat fraud, analyze the performance of the Services, and to fulfill other legitimate business purposes. A cookie is a small file placed on the hard drive of your computer or your mobile device to store data that can be recalled by a web server in the domain that placed the cookie. This data often consists of a string of numbers and letters that uniquely identifies your computer, but it can contain other information as well. Some cookies on our Website are placed by third parties, such as companies we hire to provide analytics and advertising services on our behalf.
• Web Beacons. The Services and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that enable us and other companies we work with to provide analytics and advertising services to collect information. Some of these web beacons are provided by third parties. We use web beacons to collect information about your use of the Services and interaction with our emails, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
• Software Development Kits (or “SDKs”). SDKs are pieces of code provided by our service providers, including development and analytics providers, that may be incorporated into the Services to collect and analyze certain device and user data.

For information about how to control the use of these technologies, please see the “Your Choices” section below.

HOW WE USE THE INFORMATION WE COLLECT

We will use the information we collect about you for various purposes, including:

• To provide and maintain our Services, including to monitor the usage of our Services.
• To manage your account, including to manage your registration as a user of the Services and to enable your access to different features and functionalities of the Services that are available as a registered user.
• For the performance of a contract with you or our customer, including the development, compliance and undertaking of the purchase contract for the products, items or services you have purchased or of any other contract with us through the Services.
• To contact you, including by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
• To provide you with news, special offers and general information about other goods, services and events which we offer and that we think you may be interested in.
• To respond to and fulfill your requests and inquiries to us.
• To detect and assess risks related to blockchain addresses, smart contracts, and cryptocurrency transactions for fraud prevention and cybersecurity purposes.
• To support regulatory compliance efforts by evaluating the likelihood of association with fraudulent, criminal, or other malicious activities.
• To comply with applicable laws and regulations, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities, and forms, such as maintaining tax and accounting records, and for similar recordkeeping and auditing purposes.
• To prosecute or defend against legal claims, and as otherwise necessary to protect and defend the rights or property of the Company.
• To evaluate or participate in an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceedings.
• Such other purposes as you may authorize or that we otherwise disclose at the time we collect your information.

We may also aggregate or de-identify personal information by removing any details that identify you personally. Aggregated or de-identified information will not be subject to this Privacy Policy and will be used to the extent permissible under applicable law.

HOW WE SHARE THE INFORMATION WE COLLECT

We may disclose the information we collect about you in the following circumstances:

• To Service Providers: we may share your personal information with Service Providers that we engage to perform services on our behalf, including to monitor and analyze the use of our Services, to contact you, and to perform other functions on our behalf.
• With our Customers: If you use the CUBE AI Cloud Service as an authorized user on behalf of a customer, we may share information about you and your use of the CUBE AI Cloud Services with that customer. In addition, where our services process information relating to third parties (for example, blockchain addresses, wallet identifiers, or other data associated with suspected fraudulent or malicious activity), we may provide the results of such processing to the customer. This enables the customer to assess risk and take appropriate measures in line with its fraud prevention, cybersecurity, and compliance obligations.
• With Affiliates: we may share your information with our affiliates, including our parent company and any other subsidiaries, joint venture partners or other companies that we control or that are under common control with us, for the purposes set out in this Privacy Policy.
• With our Business Partners: we may share your information with our business partners to offer you certain products, services or promotions.
• With other users: when you share personal information or otherwise interact in the public areas of the Services with other users, such information may be viewed by all users.
• For Business transfers: we may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.

RETENTION OF YOUR PERSONAL DATA

We retain the information we collect for as long as is necessary to accomplish the purposes set out in this Privacy Policy, including as needed to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We determine the appropriate retention period for the information we collect on the basis of the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation). In any case, personal data processed for fraud-prevention purposes is not retained longer than ten (10) years from the date it is deemed no longer necessary for fraud detection or compliance support.

For more information on our data retention periods, please contact us by using the information in the “Contact Us” section below.

OUR WORLDWIDE PRACTICES

Your information may be stored and processed by CUBE AI at CUBE AI's operating offices in the United States and in Lithuania and in any locations in which our Affiliates and Service Providers are located or maintain processing facilities. As a result, your information may be transferred to, and maintained on, systems located outside of the country in which you are located, and may be subject to data protection laws that differ from those in your country. By using the Services, you acknowledge that we may transfer your information to jurisdictions which may have different data protection rules than in your country.

When we transfer Personal Data from within the European Union to locations outside the European Union, we will rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses approved by the European Commission. If you have questions about these transfers or would like to obtain a copy of the standard contractual clauses, please contact us using the details set forth in the “Contact Us” section of this Privacy Policy.

YOUR CHOICES

We respect your privacy and offer choices regarding our collection and use of your information.

• You may choose not to provide the information we request. Not providing information we request, however, may restrict your ability to use the Services, or certain features of the Services. For example, we will not be able to provide you with access to the CUBE AI Cloud Services if you do not provide information necessary to create an account.
• You can also control the use of cookies by changing the settings in your browser. To change your web browser settings for cookies, you can follow the instructions in the help section of your web browser or the guidance at https://allaboutcookies.org/. You can also opt out of Google Analytics by downloading, installing, and enabling the Google Analytics' Opt-out Browser Add-on, which can be found at https://tools.google.com/dlpage/gaoptout/. Please note that choosing to disable cookies may limit your use of certain features or functions on our websites. Some Internet browsers have a “do-not-track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time the Services do not respond to browser “do not track” signals, and other third parties may collect personal information about your online activities over time and across different websites, online or cloud computing services, online applications, or mobile applications when you use our Services.
• You may opt out of receiving promotional emails from us at any time by following the opt-out link or other unsubscribe instructions provided in the email message, or by contacting us as provided in the “Contact Us” section at the end of this Privacy Policy. Note that if you opt out of promotional emails, you may still receive transactional communications, such as order or subscription confirmations.

ADDITIONAL INFORMATION FOR INDIVIDUALS IN THE EUROPEAN UNION

This section of the Privacy Policy provides additional information in accordance with the requirements of the EU's General Data Protection Regulation (“GDPR”), and applies to the extent our processing of your “Personal Data” is subject to the GDPR.

Legal Bases for Processing

We will only process your Personal Data when we have an appropriate legal basis under the GDPR to do so. We have set out below a summary of the purposes for which we process your Personal Data and the corresponding legal bases on which we rely for the processing:

Necessity to provide personal data

Providing your personal data is voluntary, but necessary to establish commercial relationships and to use our Services. If you do not wish to provide your Personal Data to us, we will not be able to provide you with our Services.

Case where personal data have not been obtained from the data subject

Where we collect personal data from publicly available sources and providing notice would involve disproportionate effort or impair fraud-prevention objectives, we rely on Article 14(5)(b) GDPR and ensure transparency through this Privacy Policy and other safeguards.

Your Rights

The GDPR provides you certain rights in respect of your Personal Data. These rights may include surrounding the processing of Personal Data:

• The right to object to or request restriction of processing of personal data, including processing carried out pursuant to (i) our legitimate interests or (ii) performance of a task in the public interest.
• The right of access to your personal data and to receive information about how we process it.
• The right to rectification of inaccurate or incomplete personal data we hold about you.
• The right to data portability, meaning you can request that we provide certain personal data in a structured, commonly used, and machine-readable format.
• The right to erasure, allowing you to request deletion of certain personal data we process about you, subject to applicable legal obligations.
• Where processing is based on consent, the right to withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.
• The right to lodge a complaint with a supervisory authority, contact details of supervisory authorities may be found at: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en/.

To exercise any of these rights, you may contact us using the details set out the “Contact Us” section of this Privacy Policy.

Please note that not all rights as included above are absolute; specific conditions for the exercise of these rights, as established in data protection laws, may apply.

We will examine the request within thirty (30) days from its receipt and notify you about the actions taken following the request.

Automated Decision Making

As part of the services we provide to our customers, certain processing activities involve automated decision-making within the meaning of Article 22 of the GDPR. These activities are designed to support fraud prevention, cybersecurity, and regulatory compliance efforts.

We use automated systems to assess the risk level associated with virtual asset service providers (VASPs). This may include evaluating publicly available information about individuals in key roles (such as shareholders, ultimate beneficial owners, or senior executives) to determine the overall risk profile of the VASP. These assessments are intended to assist our customers in meeting their compliance and risk management obligations and do not produce decisions that have legal or similarly significant effects on individuals.

In cases where mule accounts or similar fraudulent activities are suspected, our systems may engage in automated interactions with suspected actors to confirm risk indicators and collect evidence (e.g., payment identifiers). These interactions are fully automated and are used solely to support fraud detection and prevention for our customers.

We implement appropriate measures to protect individuals' rights and freedoms, including limiting the scope of automated processing to what is necessary for fraud prevention and compliance purposes, and ensuring that customers retain ultimate decision-making authority. We ensure that individuals can obtain human intervention, express their point of view, and contest decisions made through automated processing by contacting us as described in the “Your Rights” section.

LINKS TO OTHER WEBSITES

The Services may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy practices of these sites, as this Privacy Policy does not apply to third-party sites or services, and we have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in our privacy practices from time to time. When we do so, we will update the effective and last updated date above. We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices. If we make material changes to this Privacy Policy, we will inform you about this separately.

CONTACT US

To contact us with questions about this Privacy Policy, or to exercise any rights you may have as described in this Privacy Policy, you can contact us by email at legal@cube3.ai

For data protection inquiries, you may also contact our Data Protection Officer at legal@cube3.ai