Privacy Policy

Date of Last Revision: September 29, 2025

  1. INTRODUCTION

    Divine Research Inc. (hereinafter, "Divine Research," "we," "us," "our" or "the Company") is a platform that allows users to perform certain transactions, including the purchase, storage, and sale of cryptocurrencies, among other digital services. This Privacy Policy (hereinafter, the "Policy") applies to access to and use of the website located at credit.cash, any related websites or subdomains that display a link to this Privacy Policy (collectively, the "Website"), Divine Research's corresponding mobile application (hereinafter, the "Application"), the Credit protocol (to the extent within Divine Research's control), and the information available on the Website and contained in the Application, all to the extent made available by Divine Research, its affiliates, or agents (collectively, the "Services").

    This Policy describes how the Company collects, processes, and shares your personal data, and details the rights you may be able to exercise regarding the processing of your personal data.

    For clarity, this Privacy Policy does not apply to any decentralized aspect of the blockchain that we do not control due to the decentralized nature of such services.

  2. SCOPE

    At the time we collect personal information, we may provide additional or supplemental privacy policies to individuals for specific products or services that we offer. In addition, if you are located in a specific jurisdiction for which we have provided a jurisdictional-specific supplement to this Privacy Policy (i.e., an Appendix), please see the relevant jurisdictional-specific supplement to understand in greater detail how we may process your personal data.

  3. WHAT PERSONAL DATA DO WE COLLECT AND HOW DO WE COLLECT SUCH PERSONAL DATA?

    DATA YOU PROVIDE TO US OR THAT WE MAY GENERATE ABOUT YOU

    Personal data you may provide to us through the Service or otherwise or that we may generate about you includes:

    • Contact data, such as your name, phone number, and email address.
    • Demographic data, such as your city, state, country of residence, postal code, and age.
    • Communications data based on our exchanges with you, including when you contact us through the Service, social media, offline, or otherwise.
    • Transactional data, such as information relating to or needed to complete your orders on or through the Service, including order numbers and transaction history.
    • Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
    • Relationship data, such as your phone contacts, which we may use to generate social graphs, if you indicate to us that you would like to share this data with us.
    • Financial data, such as your financial account numbers, payment card data, or aliases.
    • Blockchain activity data, such as information relating to or needed to complete your cryptocurrency transactions on or through the Service (including wallet address, transaction number, transaction sender and recipient, transaction amount, and transaction history), as well as information relating to other on-chain activity associated with your account or wallet, such as applications you have interacted with on the blockchain.
    • KYC "Know Your Customer" Information. We currently use third-party providers to offer financial services for deposits and withdrawals. That information is shared with the provider. The KYC information we may store includes full name, email address, tax ID number, phone number, address, gender, marital status, activity or occupation, bank account number in the user's local currency, bank account number in USD, photos of ID (front and back), and country. In addition, it may also include the collection of the following data: whether the user is a politically exposed person ("PEP"), whether the user is covered by Fair and Accurate Credit Transactions Act ("FACTA"), or whether the user is listed in the Financial Information Unit ("FIU").
    • User-generated content data, such as photos, images, music, videos, comments, questions, messages, works of authorship, and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
    • Survey or usability study information: If you participate in a survey or usability study, we record any biographical information you provide directly (e.g., phone number), your responses, and your interactions with the app.

    AUTOMATIC DATA COLLECTION

    We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

    • Device data, such as your computer or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
    • Online activity data, such as pages or screens you viewed, content you viewed or otherwise engaged with, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
    • Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.

    THIRD-PARTY SOURCES

    We may combine personal data we receive from you with personal data falling within one of the categories identified above that we obtain from other sources, such as:

    • Public sources, such as government agencies, public records, public blockchains, and other publicly available sources.
    • Private sources, such as data providers, social media platforms and data licensors.
    • Service providers that provide services on our behalf or help us operate the Service or our business.
    • Business transaction partners. We may receive personal data in connection with an actual or prospective business transaction. For example, we may receive your personal data from an entity we acquire or are acquired by, a successor, or assignee or any party involved in a business transaction such as a merger, acquisition, sale of assets, or similar transaction, and/or in the context of an insolvency, bankruptcy, or receivership.
    • Third-party linked services, such as third-party cryptocurrency platforms or wallets, that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.

  4. TRACKING AND OTHER TECHNOLOGIES

    Some of the automatic collection described above is facilitated by the following technologies:

    • Information from local storage, cookies, and other tracking technologies: We and our third-party service providers (such as Sentry) may access and collect information from local storage, mobile device ID, cookies, web beacons, pixel tags, clear GIFs, and other similar technologies to provide and customize the application. For example, we may use this information to remember whether a user has completed a survey. We may also use this information to learn about user preferences (e.g., language), app usage, and interactions. The information we collect from these technologies may include data such as World app version, device type, referring/exit pages, operating system, World app or device language, and other information. We analyze these user trajectories collectively to improve the overall experience.

    For information concerning your choices with respect to the use of tracking technologies, see the Your choices section below.

  5. HOW DO WE USE YOUR PERSONAL DATA?

    Personal data collected is processed for the following purposes:

    1. Provision of the service: We use personal data to operate and maintain our application and its functionalities as well as otherwise operate our business (including conducting KYC/AML checks, enabling security features of our Services, and providing support for our Services).
    2. Customer Service: We may process data to provide support and respond to queries and technical issues regarding the Services.
    3. Services personalization: We use personal data to personalize the Services. This includes understanding your needs and interests, personalizing your experience with the Services and our Services-related communications, and remembering your selections and preferences as you navigate webpages.
    4. Services improvement and analytics: We may use your personal data to analyze your usage of the Services, improve the Services, improve the rest of our business, help us understand user activity on the Services, including which pages are most and least visited and how visitors move around the Services, as well as user interactions with our emails, and to develop new products and services. For example, we may use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.
    5. Security and protection: We may use personal data in an effort to prevent, deter, investigate, and stop fraudulent, unauthorized, or illegal activities, including cyber attacks and identity theft. We use personal data to enforce the terms and conditions that govern the Service (including, without limitation, to identify and otherwise determine if you are a prohibited person who may not use the Service or otherwise determine your identity). We may also use it in an effort to address security risks, fix bugs, enforce our agreements, and otherwise protect our users, our rights, the rights of others, our privacy, safety and property (including by making and defending legal claims).
    6. Marketing: We may send you direct marketing communications and may personalize these messages based on your needs and interests. You may be able to opt-out of our marketing communications as described below.
    7. Legal Compliance: We may use personal data to comply with applicable laws or regulations or requirements from government agencies, regulators, judicial authorities or private parties.
    8. Corporate events: We may share personal data in the context of actual or prospective corporate events or transformations.
    9. To create aggregated, de-identified and/or anonymized data: We may create aggregated, de-identified and/or anonymized data from your personal data and other individuals whose personal data we collect. We make personal data into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
    10. Cookies and similar technologies: We may use the Cookies and similar technologies described above for the following purposes:
      1. Technical operation: To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
      2. Functionality: To enhance the performance and functionality of our services.
      3. Analytics: To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails.
    11. Further uses: In some cases, we may use your personal data for further uses, in which case we will ask for your consent to make use of your personal data for those further purposes if they are not compatible with the initial purpose for which information was collected.
    12. Retention: We generally retain personal data to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal data, we may consider factors such as the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. When we no longer require the personal data we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.

  6. WHO DO WE SHARE YOUR DATA WITH?

    Divine Research may share your personal data with certain third parties. These third parties include but are not limited to those listed below:

    1. Affiliates: Our corporate affiliates.
    2. Service providers: Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, payment processors, text message providers, customer support, email delivery, marketing, consumer research and website analytics).
    3. Payment processors: Any payment information you use to make a purchase on the Service is collected and processed directly by our payment processors.
    4. Third parties designated by you: We may share your personal data with third parties where you have instructed us or provided your consent to do so. For example, entities conducting know-your-customer, identity verification or other anti-money laundering checks. We do not necessarily control how these third parties may use your personal data.
    5. Partners: Third parties with whom we partner, including parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.
    6. Third-party linked services: If you log into the Service with, or otherwise link your Service account to, an external cryptocurrency platform, wallet, or other third-party service, we may share your personal data with that third-party service. The third party's use of the shared information may be governed by its privacy policy and the settings associated with your account with the third-party service. We do not control how the third-party linked service may use your personal data.
    7. Professional advisors: Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
    8. Authorities and others: Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Legal Compliance purposes described above.
    9. Business transferees: We may disclose personal data in the context of actual or prospective business transactions (e.g., investments in or financings of Divine Research, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares). For example, we may need to share certain personal data with prospective counterparties and their advisers. We may also disclose your personal data to an acquirer, successor, or assignee of Divine Research as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal data is transferred to one or more third parties as one of our business assets.
    10. Other users and the public: Due to the nature of blockchain technologies, any data posted to or otherwise interacting with public blockchains will be visible to other users of the Service and the public. Information about your interactions and/or transactions will be provided to the applicable blockchain network and may be accessible to third parties due to the blockchain protocol's nature. This information can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information. It may be possible for someone to identify you through your pseudonymous, public wallet address using external information sources, and any transaction you enter or otherwise interact with the blockchain could possibly be used to identify you or information about you.

  7. INTERNATIONAL DATA TRANSFERS

    Divine Research is headquartered in the United States of America. In some cases, Divine Research may transfer your personal data to third parties located outside the country in which you reside, including jurisdictions that may not offer a level of data protection equivalent to that provided by Applicable Law.

  8. SECURITY MEASURES

    We employ technical, organizational and physical safeguards designed to protect the personal data we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal data.

  9. YOUR CHOICES

    In this section, we describe the rights and choices available to all users. Users who are located in certain jurisdictions can find additional information about their rights below.

    1. Access or update your information: If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account.
    2. Declining to provide information: We need to collect personal data to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
    3. Third-party linked services: If you choose to connect to or otherwise link with the Service through your account on a third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.
    4. Additional Rights: You may have certain rights under applicable privacy laws. For more information, please contact us by email at: legal@divine.inc.

  10. OTHER SITES AND SERVICES

    The Website and Application may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

  11. CHILDREN

    The Website and Application are not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal data in a manner prohibited by law, please contact us. If we learn that we have collected personal data through the Website or Application from a child without the consent of the child's parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

  12. MODIFICATIONS TO THIS POLICY

    We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Service and our business. Depending on the kind of change we make to this Privacy Policy, we might notify you of the change or request your consent to it.

  13. CONTACT

    To make inquiries related to this Privacy Policy or exercise your rights that you may have in relation to your personal data, you can contact us through the following means:

    Email: legal@divine.inc

APPENDIX 1 - ARGENTINA

This Appendix supplements our Privacy Policy and is intended for data subjects located in the Argentine Republic, in accordance with applicable local regulations. In the event of any discrepancy between this Appendix and the Privacy Policy, the provisions of this document shall prevail.

  1. APPLICABLE LAW

    The processing of Personal data is regulated by Argentine Personal Data Protection Law No. 25,326, Regulatory Decree 1558/2001, and other complementary regulations.

  2. LEGAL BASIS

    The only valid legal basis for the processing of personal data, according to current Argentine legislation, is the consent of the Data Subject. This consent must be free, express, and informed, and must be able to be proven in writing or through equivalent means that allow it to be verified based on the circumstances.

  3. ENFORCEMENT AUTHORITY

    The Agency for Access to Public Information (AAIP) is the competent control body for personal data protection in Argentina. It is responsible for supervising compliance with Law No. 25,326 and handling complaints of possible violations.

  4. RIGHTS OF THE DATA SUBJECT

    The Data Subject may exercise the following rights:

    • Right of Access
    • Right of Rectification
    • Right to Update
    • Right of Erasure

    To exercise any of these rights, data subjects may contact us via email at legal@divine.inc. If the Data Subject considers that their rights are not guaranteed under Argentine legislation, they may file a complaint with the Agency for Access to Public Information. The contact details of the authority are provided below:

    Address: Av. Pte. Gral. Julio A. Roca 710, 2nd floor - Autonomous City of Buenos Aires.

    Phone: (54-11) 3988-3968.

    Email: datospersonales@aaip.gob.ar

APPENDIX 2 - COLOMBIA

This Appendix supplements our Privacy Policy and is intended for data subjects located in Colombia, in accordance with current local regulations. In the event of any discrepancy between this Appendix and the Privacy Policy, the provisions of this document shall prevail.

  1. APPLICABLE LAW

    The processing of personal data is regulated by the Personal Data Protection Law No. 1581, Regulatory Decree 1377/2013, and other complementary regulations.

  2. LEGAL BASIS

    The only valid legal basis for the processing of personal data under Colombian law is the prior, express, and informed consent of the Data Subject. In addition, the principle of freedom guarantees that personal data may not be collected, used, or disclosed without prior authorization, except in cases where there is a legal or judicial mandate that relieves such obligation.

  3. ENFORCEMENT AUTHORITY

    The Superintendency of Industry and Commerce (SIC), through a Delegation for the Protection of Personal data, will exercise oversight to ensure that the principles, rights, guarantees, and procedures provided for in this law are respected in the processing of personal data. The SIC is empowered to investigate and impose sanctions on companies for the improper collection, storage, use, transfer, and disposal of personal data.

  4. RIGHTS OF THE DATA SUBJECT

    The Data Subject may exercise the following rights:

    • Update and correct your personal data if it is inaccurate or incomplete.
    • Request evidence of the authorisation granted to data controllers for data processing, except where exempted by law.
    • To know how your personal data is used upon request to the data controllers or processors.
    • Lodge complaints with the competent authority for breaches of data protection laws.
    • Revoke the authorisation and request the deletion of your data if the processing violates the legal principles, rights or guarantees.
    • Access your personal data at no cost.

    To exercise any of these rights, the data subjects can contact us via email at: legal@divine.inc. In the event that the Data Subject considers that their rights are not guaranteed under Colombian legislation, they may file a complaint with the Superintendence of Industry and Commerce (SIC). The contact details of the authority are provided below:

    Address: Carrera 13 No. 27 - 00, 3rd Floor, CP 110311, Bogotá

    Phone: +57 601 592 0400 / +57 601 587 0000 / 01 8000 910165

    Email: contactenos@sic.gov.co

APPENDIX 3 - MEXICO

This Appendix supplements our Privacy Policy and is intended for data subjects located in Mexico, in accordance with current local regulations. In the event of any discrepancy between this Appendix and the Privacy Policy, the provisions of this document shall prevail.

  1. APPLICABLE LAW

    The processing of personal data is regulated by the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and other complementary regulations.

  2. LEGAL BASIS

    The processing of personal data under Mexican law requires the consent of the Data Subject, except in cases expressly provided for by law. Consent may be given expressly (by verbal, written, electronic, optical, or other means) or tacitly, when the Data Subject has been duly informed through the Privacy Policy and does not express opposition.

    However, in the case of financial or patrimonial data, the legislation requires the express consent of the Data Subject, except in specific legal exceptions. In addition, consent may be revoked at any time, without this retroactively affecting the processing previously carried out.

  3. ENFORCEMENT AUTHORITY

    The Secretariat for Anti-Corruption and Good Governance, an agency under the Executive Branch, is the new authority responsible for overseeing compliance with personal data protection regulations in Mexico, as well as imposing the corresponding sanctions. Following the constitutional reform approved in December 2024, which determined the extinction of the INAI, this Secretariat assumes exclusive responsibility for ensuring the application of the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), thus guaranteeing the safeguarding of personal data under the control of private entities.

  4. RIGHTS OF THE DATA SUBJECT

    The Data Subject may exercise the following rights:

    • Right of Access
    • Right of Rectification
    • Right of Cancellation
    • Right to Object

    To exercise any of these rights, the data subjects can contact us via email at: legal@divine.inc. In the event that the Data Subject considers that their rights are not guaranteed under Mexican legislation, they have the possibility of filing a complaint with the Secretariat of Anti-Corruption and Good Governance. The contact details of the authority are provided below:

    Address: Insurgentes Sur 1735 Col. Guadalupe Inn 01020 - Mexico City

    Phone: 5520003000

APPENDIX 4 - URUGUAY

This Appendix supplements our Privacy Policy and is intended for data subjects located in Uruguay, in accordance with current local regulations. In the event of any discrepancy between this Appendix and the Privacy Policy, the provisions of this document shall prevail.

  1. APPLICABLE LAW

    The processing of Personal data is regulated by Law No. 18,331 on Personal Data Protection, Decree No. 414/009, and other complementary regulations.

  2. LEGAL BASIS

    The only valid basis for the processing of personal data is the free, prior, express, and informed consent of the Data Subject. In turn, such consent must be adequately documented. If it is given together with other statements, it must be presented prominently and separately, after the Data Subject has been duly informed.

    Decree No. 414/009 specifies how such consent must be obtained: the data controller must provide the Data Subject with a simple, clear, and free means of expressing their will, both to accept and to reject the processing of their data. In addition, the use of pre-checked options is prohibited; the Data Subject must be able to actively choose between two clearly identified alternatives.

  3. ENFORCEMENT AUTHORITY

    The enforcement authority for personal data protection in Uruguay is the Personal Data Regulation and Control Unit (URCDP).

    The URCDP is a decentralized body that reports to the Agency for Electronic Government and the Information and Knowledge Society (AGESIC). Its main function is to ensure compliance with Law No. 18,331 and its regulations, guaranteeing the right of individuals to the protection of their personal data.

  4. RIGHTS OF THE DATA SUBJECT

    The Data Subject may exercise the following rights:

    • Right of Access
    • Right of Rectification, Update, Inclusion or Deletion
    • Right to challenge personal assessments
    • Right to Information

    To exercise any of these rights, the data subjects can contact us via email at: legal@divine.inc. In the event that the Data Subject considers that their rights are not guaranteed under Uruguayan legislation, they may file a complaint with the Regulatory and Control Unit for Personal Data. The contact details of the authority are provided below:

    Address: Liniers 1324, Piso 4 – Montevideo, Uruguay

    Phone: 2901 0065 - Option 3

    Email: infourcdp@datospersonales.gub.uy