Latest update date: July 28, 2025

1. Introduction and Overview

Thank you for choosing MuseTech UAB (formerly Pandodigital UAB) (company registration number: 306291601, registered address: J. Basanaviciaus g.26, Vilnius, Lithuania, LT-03224) and its affiliates (hereinafter collectively referred to as “our company”, “we”, or “our”) to provide services and products, including but not limited to MuseWallet and MusePay.

This Privacy Policy (“Privacy Policy”) aims to explain how we collect, use, and disclose your personal data when you access or use our services and products. By accessing or using our services/products, you agree to the policies and practices listed in this Privacy Policy. If you provide us with someone else’s personal data, you represent and warrant that you have obtained valid consent and authorization from the relevant person, allowing us to collect, use, disclose, and/or process their personal data as described in this policy.

Your privacy is important to us. Our policy is to protect and respect the confidentiality of personal information and personal privacy. This Privacy Policy details how we collect, use, and manage personal information we receive from you or third parties in connection with your use of this application, our services, and/or websites, and informs you of your rights regarding the processing of your personal information.

You agree that the Company may update this Privacy Policy at any time by posting a revised version on our website and related Application Programming Interface or mobile application (“this website”) or by sending you the latest Privacy Policy by email. Your use or continued use of any service/product after such revision is deemed to be your acceptance and agreement to the revision.

Please note: If you are an employee, contractor, or third-party supplier of the Company, your personal information will be used in accordance with your employment contract or contractual relationship (if applicable). This Privacy Policy applies to the Company’s processing of personal information of its customers, potential customers, and website visitors.

2. Information we collect

From time to time, we may collect, process, and store certain personally identifiable information (“Personal Data”) that can be used to contact or identify you, your Beneficial Owner, directors, officers, authorized signatories, employees, representatives, guarantee/guarantee providers, and other natural persons related to you (“Related Persons”) through your use of services/products or with your consent. Such personal data may include contact information, information and data generated during your normal business relationship with us, information and data collected when you or related persons participate in activities organized by us, and information from the use of cookies or any information technology applications. The personal data you may provide to us during the registration process may also include, but is not limited to:

• Legal full name (including former name, English name and Chinese name, if applicable)
• Type of identity document (e.g. passport)
• Identification document number (e.g. passport number)
• Gender
• Date of birth
• Place of birth
• Nationality
• Residential address
• Country of residence
• Total net assets (approximately USD)
• Account opening purpose
• Initial and ongoing sources of wealth or income
• Business/Occupation/Nature and Details of Employment
• Expected level of activity
• Source of funds/digital assets for business relationships
• Credit history and credit score
• Contact phone number
• Email address
• Your transaction history and spending patterns
• Bank account info
• Blockchain address
• Your location data
• Additional personal data or documents at the discretion of our compliance team
• And the information we automatically collect:
  • Browser Information: Information automatically collected from your browser by analyzing system providers, including your IP address and/or domain name and any external pages that refer you to us, your login information, browser type and version, time zone settings, browser plug-in type and version, operating system and platform.
  • Device ID symbols: including but not limited to device model, operating system version, and unique Device ID symbols (such as IMEI, MAC address, OAID, IDFA, GAID). This information may be collected by third-party marketing and analytics SDKs integrated into our services for statistical analysis and service improvement purposes. We do not directly collect or store this information.
  • Log Information: Information automatically generated and stored in our server logs when you use the services provided by MuseWallet. This may include, but is not limited to, device-specific information, location information, system activity, and any internal and external information related to the pages you visit, including complete Uniform Resource Locator (URL) clickstreams (to, through, and from our website or application, including date and time; page response time, download errors, length of time certain pages are accessed, page interaction information (such as scrolling, clicking, and mouse hovering), and methods of leaving the page).
• Information we obtain from third parties: We may obtain information about you through your use of our services, including through any of our websites, account opening processes, webinar registration forms, event subscriptions, news and update subscriptions, and ongoing support service communications. We may also receive information about you from third parties, such as your payment provider, payment channels, and public sources. For example:
  • The bank you use to transfer money to us may provide us with your basic personal information (such as your name and address) and your financial information (such as your bank account details).
  • Your business partners may provide us with your name, address, and financial information.
  • AD Network, analytics providers, and search information providers may provide us with anonymous or de-identified information about you, such as confirming how you found our website.
  • Credit reporting agencies do not provide us with any personal information about you but may use it to corroborate the information you provide to us.

3. Use of mobile app permissions

In order to provide you with a complete and optimized service experience, our mobile application (“App”) may need to access specific functions or data of your device during operation. We only request these permissions when necessary and will clearly inform you of the purpose of the request. The following are the permissions that our App may request and their main purposes:

• Storage and media permissions (read/write external storage and media libraries):
  • Purpose: Allow the App to cache data on your device to improve performance and save the files you downloaded (such as pictures, videos, documents). At the same time, in order to facilitate you to upload payment vouchers and custom user avatars, or share pictures, videos and other content within the application, we will access your device’s album or file manager for you to select and upload the required images and files.
  • Specific instructions: We promise to strictly comply with privacy regulations and only use this permission when you actively trigger relevant functions (such as uploading payment screenshots, changing avatars). Your personal photos and private information will not be stored or shared with third parties unless you explicitly choose to upload.
• Location information permissions (approximate location):
  • Purpose: To meet Anti Money Laundering (AML) and Know Your Customer (KYC) regulatory requirements, fraud detection, ensure transaction compliance and provide necessary localization services.
  • Specific instructions: We may collect approximate location information from you when you register, log in, or conduct transactions. This information is used to identify potential fraudulent activity and ensure that the services we provide comply with laws and regulations in your area. We promise that this information will not be used for other unrelated purposes or sold to third parties.
• Camera permissions:
  • Purpose: To photograph proof documents during authentication (KYC), scan merchant/transaction QR codes, and capture transaction credentials.
  • Specific instructions: During the identity verification (KYC) process, you may need to take photos of identity documents. At the same time, when you need to scan the payment QR code or take photos of transaction vouchers as proof, we will request access to your camera. This permission is only enabled when you actively use the relevant functions.
• Album permissions (or media library permissions/photo permissions):
  • Purpose: To allow us to access your device’s photo album or media library so that you can:
    • Upload payment vouchers (such as transaction screenshots).
    • Customize your user avatar or profile picture.
    • Share pictures or videos from your device within the app (if the app provides sharing functionality).
    • Save the content generated by the app (such as edited images and downloaded media files) to your device album.
  • Specific instructions: When you need to use the function of uploading pictures or videos in the App (such as submitting proof documents, changing avatars, saving pictures/videos in the App to local albums, or selecting payment vouchers in transactions), we will request access to your album or media library. We promise to strictly comply with relevant privacy regulations and only use this permission when you actively trigger the above-mentioned functions. Unless you explicitly choose to upload or share, your personal photos and private videos will not be stored or shared with third parties by us.

Permission Management and Control: You can view, modify, or revoke any permissions granted to our App at any time in the “Settings” of your mobile device. Please note that revoking certain necessary permissions may result in some functions of the App being unable to be used properly or the experience being limited.

Data Use Commitment: We solemnly promise that we will never sell your personal information. All personal information we collect and use will strictly comply with the provisions of this Privacy Policy and will only be used to improve your service experience, meet legal and regulatory requirements, and other purposes that we have clearly informed you of.

4. Use of cookies

When you use our products and services, we may use standard practices to place small data files called cookies, Flash cookies, pixel tags, or other tracking tools (hereinafter referred to as “Cookies”) on your computer or other device when you interact with us. The purposes for which we use cookies include:

• Help us identify you as a customer and collect information about your use of our products and services so that we can better customize our services and content for you.
• Collect information about your computer or other access device to ensure that we comply with our Bank Secrecy Act (BSA) and Anti Money Laundering (AML) obligations.

5. How do we use the information we collect?

• Provide and maintain services:
  • Create and manage your account.
  • Provide the products, services, and features you request.
  • Process transactions and send relevant notifications.
  • Personalize your experience.
  • Provide customer support.
• Improvement and development services:
  • Analyze user behavior to optimize application functionality and User Interface.
  • Conduct research and development.
  • Monitor and analyze usage trends and activities.
• Security and compliance:
  • Detect, prevent, and respond to fraud, abuse, security incidents, and other illegal activities.
  • Comply with applicable laws, regulations, and legal procedures.
  • Enforce our terms and conditions.
• Marketing and promotion:
  • Send marketing and promotional information (with your consent).
  • Provide Personalized Ads (with your consent).
  • Measure advertising effectiveness.
• Any other purpose described to you when collecting data.

6. Do we share your personal data?

We promise to protect your personal data. We will not proactively disclose any customer’s confidential information to third parties unless the following circumstances occur:

• Your consent or instructions: when obtaining your affirmative consent or sharing at your request.
• Service Providers and Business Partners: We may share your personal data with third-party service providers and business partners who provide services on our behalf or assist us in operating our business. These services include, but are not limited to, Data Analysis, Cloud Services, Customer Support, Payment Processing, SMS Verification, Legal Advice, Auditing, IT Services, Fraud Detection, etc. Such providers and partners have access to your data only to the extent necessary to perform their service duties and are contractually bound to protect data confidentiality, respect customer privacy and comply with all applicable privacy and data protection laws and this Privacy Policy.
• Legal Requirements and Enforcement: We may disclose your Personal Data when required to do so by applicable laws, regulations, court orders, governmental or regulatory authorities, or when necessary to protect the rights, property or safety of the Company, our users or the public. In such cases, the Company will endeavour to disclose on a “need to know” basis and notify third parties of the confidential nature of such information, unless otherwise directed by regulatory authorities.
• Business transfer: In the process of business reorganization such as company merger, acquisition, asset sale, restructuring or bankruptcy, your personal information may be transferred to the new entity as part of the transaction.
• Sharing through third-party SDKs: To provide richer features, analyze service performance, and optimize User Experience, our applications integrate third-party Software Development Kits (SDKs). These SDKs may collect and process some of your personal information in accordance with their own Privacy Policy. We encourage you to consult the [ List of Third-Party SDKs ] section for the main SDKs we integrate and their Privacy Policy links.
  • List of Third Party SDKs
• Aggregate or anonymization information: We may share aggregate or anonymization information that does not directly identify you for purposes such as research, statistical analysis, industry trend reporting or business cooperation.

7. Your rights and choices

The rights we hold about your personal information are as follows:

• Right to access information: If you make a request, we will confirm within 30 days of your request whether we are processing your personal information and, if so, what information, and provide you with a copy of that information upon request.
• Right to Correction: It is essential for us to keep your personal information up to date. We will take all reasonable steps to ensure that your personal information remains accurate, complete and up to date. If the personal information you hold is inaccurate or incomplete, you have the right to request that it be corrected. If we disclose your personal information to others, we will notify them to correct it where possible. If you request it, and where possible and lawful, we will also inform you of who we have shared your personal information with so that you can contact them directly. Please see Section 13 below (Contacting Us to Resolve Privacy Issues or Concerns) to submit your request.
• Right to Deletion: In some cases, you can ask us to delete or remove your personal information, for example, when we no longer need it, provided that we have no legal obligation to retain the data. Such requests will be subject to your contract with us and the retention period stipulated by applicable laws and regulations that we must comply with. If we disclose your personal information to others, we will notify them of the deletion request where possible. If you make a request and where possible and legal, we will also inform you of who we have shared your personal information with so that you can contact them directly.
• Right to Restrict Processing: In certain circumstances, you can ask us to block or restrict the processing of your personal information, for example, if you dispute the accuracy of that personal information or object to our processing of it. This will not prevent us from storing your personal information. We will notify you before deciding not to agree to any request for restriction. If we disclose your personal information to others, we will notify them of the processing restriction where possible. If you make a request and where possible and lawful, we will also inform you of who we have shared your personal information with so that you can contact them directly.
• Right to data portability: In certain circumstances, you may have the right to request access to personal information that you have previously provided to us (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or request that we transfer it to a third party.
• Right to object: You can ask us to stop processing your personal information, and we will do so if:
  • We rely on our own or others legitimate interests to process your personal information unless we can demonstrate a compelling legal basis for the processing.
  • We are processing your personal information for direct marketing purposes.
  • We are processing your personal information for research purposes unless we reasonably believe that such processing is necessary or prudent to perform public interest tasks, such as by regulatory or law enforcement agencies.
• Automated decision-making and profiling: If we make a decision about you that affects your ability to access our products and services or otherwise materially affects you, and the decision is based solely on automated processing (e.g., through automated profiling) without human intervention, you may request to be exempt from such a decision unless we can demonstrate to you that such a decision is necessary to enter into or perform a contract between you and us. Even if the decision is necessary to enter into or perform a contract, you may object to the decision and request human intervention. If we agree to such a request (i.e., terminate our relationship with you), we may not be able to provide you with our products or services.
• Delete Account: You have the right to delete your MuseWallet account. Please visit the “Delete Account” feature, which is located in the “Account Security” tab of your MuseWallet account. If you still need our assistance, please contact us through our customer support and our customer service agent will assist you through the customer service chat. Please review the Instructions for Deleting an Account

8. Data and information security

The company respects the privacy of any user who visits its website, and is therefore committed to taking reasonable measures to protect the information of existing or potential customers, applicants, and website visitors. The company retains any personal data of its customers and potential customers in accordance with applicable privacy and data protection laws and regulations.

We have implemented necessary and appropriate technical and organizational measures to ensure that your information always meets industry security standards. We provide regular training to all employees to increase their awareness of maintaining, protecting, and respecting your personal information and privacy. We take violations of personal privacy very seriously and will impose appropriate disciplinary measures, including dismissal.

We have also appointed appropriate personnel to ensure that we manage and process your personal information in accordance with applicable privacy and data protection laws and regulations and this Privacy Policy.

The personal information you provide to us when applying for an account, applying for a position with our company, or using our website is classified as registration information and is protected in various ways. You can access your registration information by logging into your account with a username and password of your choice. You are responsible for ensuring that your password is known only to you and is not disclosed to anyone.

Registration information is securely stored in a secure location and can only be accessed by authorized personnel through a username and password. All personal information is transmitted to the company through a secure connection, so we take all reasonable measures to prevent unauthorized parties from viewing any such information. Personal information provided to the company but not part of the registration information is also stored in a secure environment and can only be accessed by authorized personnel through a username and password.

We strive to protect ourselves and you from unauthorized access, alteration, disclosure, or destruction of the data we collect and store. We take various measures to ensure information security, including encrypting communication through SSL, requiring two-factor authentication for all sessions, regularly reviewing our personal data collection, storage, and processing practices, and restricting access to your personal data based on the “need to know” principle.

Your data security is important to us, but you understand and acknowledge that no method of transmission or electronic storage over the Internet is completely secure. Although we strive to use commercially acceptable methods to protect your personal data, we cannot guarantee its absolute security.

9. Data retention

Protecting the privacy of your personal information is important to us, whether you interact with us face to face, by phone, email, the Internet or any other electronic medium.

As long as we have a business relationship with you, we will retain personal information in secure computer storage facilities and take reasonable and necessary steps to protect the personal information we hold from misuse, loss, unauthorized access, modification or disclosure.

When we believe that personal information is no longer necessary for the purpose of collection, we will delete any identifying details or securely destroy records. However, we may need to retain records for a considerable period of time (after you are no longer our customer). For example, we are subject to Anti Money Laundering regulations, which may require us to retain the following information for up to 5 years after the end of our business relationship with you, or for a longer period of time as directed by regulatory authorities.

• Copies of records we use to fulfill our customer due diligence obligations.
• Supporting documents and records related to your transactions and your relationship with us.

In addition, personal information that we hold in the form of recorded information (by telephone, electronically or otherwise) will be retained in accordance with applicable local regulatory requirements (i.e. for 5 years after the end of your business relationship with us, and longer if you have a legitimate interest (e.g. resolving a dispute with you)). If you have opted out of receiving marketing communications, we will retain your details on our inhibition lists so that we know you do not wish to receive them. We may retain your data for more than 5 years if we are unable to delete it for legal, regulatory or technical reasons.

10. International data transmission

Our operations are supported by computers, servers, and other infrastructure and information technology networks, including but not limited to third-party service providers. We and our third-party service providers and business partners store and process your personal data in (but not limited to) the European Union (including Lithuania) and the United Kingdom.

Transfer of personal information outside the European Economic Area (EEA) and the United Kingdom (UK)

We may transfer your personal information to other company subsidiaries, service providers, and business partners (i.e. data processors) employed by us outside the EEA and the United Kingdom. To the extent that we transfer your personal information outside the EEA and the United Kingdom, we will ensure that the transfer is lawful and any such data processors in these jurisdictions must comply with the applicable European Union General Data Protection Regulation (GDPR) and the United Kingdom Data Protection Act 2018. If personal information is processed in the US, we may sometimes rely on standard contractual terms to ensure data protection.

Transfer of personal information outside your country

By using our products and services, you consent to the transfer of your personal data to other countries, including those with different levels of privacy and data protection laws than your country/region. In all such transfers, we will protect your personal information as described in this Privacy Policy and ensure that appropriate information sharing contract agreements are in place to ensure the secure transfer and processing of data.

Privacy when using digital assets and blockchain

Your contributed Bitcoin, MX, Ethereum, and other digital assets may be recorded on public blockchains. Public blockchains are distributed ledgers designed to immutably record transactions across a wide network of computer systems. Many blockchains are open for forensic analysis, which may lead to anonymization and unintentional disclosure of private financial information, especially when blockchain data is used in conjunction with other data.

As blockchain is a decentralized or third-party network that is not controlled or operated by us or our affiliates, we cannot delete, modify, or change personal data from these networks.

11. Juvenile protection

We do not provide services or products to anyone designated as “Juvenile” or equivalent under applicable law. We do not intentionally and intentionally collect personally identifiable information from anyone designated as “Juvenile” or equivalent under applicable law. We may use age verification mechanisms or similar technologies to avoid collecting such information.

If you are a parent or guardian and you know that your child (as defined by applicable law as Juvenile) has provided us with personal data, please contact us by sending an email to service@musepay.io with the subject line “DATA INQUIRY” and we will immediately take reasonable steps to delete such information.

12. Changes to Privacy Policy

We regularly review and update this Privacy Policy to ensure it takes into account any new obligations and technologies, as well as changes in our business operations and practices, and keeps pace with changing regulatory environments. Any personal information we hold will be subject to our latest Privacy Policy. If there are material changes to our Privacy Policy, we will post those changes in this Policy and provide notice elsewhere as we deem appropriate.

13. Contact us to resolve privacy issues or concerns

If you have any questions, comments or concerns about this Privacy Policy or the use of your personal data, including requests for data access, updating, correction, deletion, data portability or withdrawal of consent, please contact us by email at service@musepay.io with the subject line ” DATA INQUIRY “.

We will process your request as soon as possible. Please understand that in some cases (for example, for legal or compliance purposes), we may not be able to fully comply with your deletion request. In addition, if you withdraw your consent or fail to provide us with the information we require, we may not be able to provide or continue to provide services/products to you.

To ensure security, we will verify the identity of the requester. We usually respond to such requests free of charge, but we reserve the right to charge a reasonable fee for duplicate or heavy requests.

14. Data protection authority

If you are not satisfied with our response to your complaint, you have the right to file a complaint with the relevant data protection authority. For example, in the European Union, you can contact the data protection authority of your member state.

15. Rights under specific jurisdictions

• Your rights if your personal data is subject to the General Data Protection Regulation (GDPR) If you are a resident of the European Economic Area (“EEA”), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal data we collect and the specific context in which we collect it. We may process your personal data because:
  • We need to use your personal data to enter into a contract with you or to fulfill our obligations under the contract.
  • You have agreed to let us do this.
  • Processing is necessary for our legitimate interests or to comply with our legal obligations.
  • Comply with applicable laws and regulations. If you are a resident of the EEA, you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete or restrict the use of your personal data. Please refer to Section 14 below (Contact Us to Resolve Privacy Questions or Concerns). In certain circumstances, you have the following data protection rights:
  • The right to access, update or delete the information we have about you.
  • Right to Correction: You have the right to request the correction of inaccurate or incomplete information.
  • Right to object: You have the right to object to our processing of your personal data.
  • Right to restriction: You have the right to request that we restrict the processing of your personal information.
  • Data portability rights: You have the right to obtain a copy of the information we have about you.
  • Right to withdraw consent: You also have the right to withdraw your consent at any time when we use your consent as a basis for processing personal information.
• If You Are a Resident of California or Certain US States, Your Rights Under the laws of the States of California, Colorado, Connecticut, Utah and Virginia (the “Applicable States”), you may be entitled to request that we:
  • Right of access to certain information we hold and, in some cases, portability, if technically feasible.
  • Update or correct your information.
  • Delete certain information we hold.
  • Opt-in or opt-out of the use of certain sensitive information held by us. You also have the right to appoint an authorized agent to assist you in exercising these rights. To ensure the security of your account, we will generally ask you to verify your request or that of your authorized agent using the contact information you have provided. If you wish to exercise any of these rights, or appeal a decision relating to your rights, please see section 14 below (Contacting Us to Resolve Privacy Issues or Concerns).
  • Do not sell personal information: We do not sell any personal information to anyone.
  • Non-discrimination: We will not discriminate against any individual for exercising their rights under California or other applicable state privacy laws.
  • State of California: The following is additional disclosure required under the California Consumer Privacy Act and the California Privacy Rights Act (collectively, “CCPA”), effective January 1, 2023.
    • Categories of personal information collected: In the past twelve months, we may have collected the following categories of consumer personal information identified by the CCPA based on how you interact with us:
      • Identifier: such as your name, email, address, phone number or IP address.
      • California Civil Code Section 1798.80 (e) describes personal information such as credit card numbers.
      • Protected classification characteristics under California or federal law: such as age or gender (if we conduct user surveys or profiling).
      • Business information: such as purchasing activities.
      • Internet or other electronic network activity information: including content interaction information, such as content downloads, streaming media, and playback details.
      • Geolocation data: such as the location of your device or computer based on your IP address or your mobile device’s GPS, depending on your device settings.
      • Audio, electronic, visual or similar information: including when you communicate with us by telephone or other means.
      • Professional or employment-related information: such as information you may provide about your business.
      • Information inferred from other personal information: such as information about your preferences.
    • Categories of personal information disclosed for commercial purposes: In the past twelve months, we may have disclosed the following categories of consumer personal information for commercial purposes identified by the CCPA based on how you have interacted with us:
      • Identifier: such as your name, email, address, phone number or IP address.
      • California Civil Code Section 1798.80 (e) describes personal information such as credit card numbers.
      • Protected classification characteristics under California or federal law: such as age or gender (if we conduct user surveys or profiling).
      • Business information: such as purchasing activities.
      • Internet or other electronic network activity information: including content interaction information, such as content downloads, streaming media, and playback details.
      • Geolocation data: such as the location of your device or computer (if you enable location-based services to enhance your experience with the apps we provide).
      • Audio, electronic, visual or similar information: including when you communicate with us by telephone or other means.
      • Professional or employment-related information: such as information you may provide about your business.
      • Information inferred from other personal information: such as information about your preferences.
    • Sensitive data: The categories of information we collect and disclose for commercial purposes include “sensitive data” as defined by the CCPA. We will not use sensitive data for any purpose not expressly permitted by the CCPA.

16. Other website links

Our website may contain links to other websites not operated by us. If you click on a third-party link, you will be directed to the third-party’s website. We strongly recommend that you review the Privacy Policy of each website you visit. You understand that we do not assume any control or responsibility for the content, Privacy Policy, or practices of any third-party website or service.

17. Language

If this Agreement is translated from English into any other language, the English version shall prevail in the event of any inconsistency.