LBPT Foundation Privacy Policy

1. Data Controller

The primary data controller for processing personal information in connection with the Services is:

Certain processing activities may be carried out by affiliated entities or partners acting as independent controllers or processors; where required, we will identify them in specific notices.

2. Scope of This Policy

This Policy applies to:

• Users who create accounts on WELINK or related sub-platforms;
• Users who participate in LBP-based payment, reward, or donation systems;
• Visitors to LBPT's websites and official online channels.

This Policy does not govern third-party exchanges, wallet providers, or services not operated by LBPT.

3. Types of Personal Information We Collect

Depending on the Services you use and your jurisdiction, we may collect:

3.1 Account and Profile Information

• Email address and/or mobile phone number;
• Password or credential hashes;
• Nickname / display name;
• Basic demographic information (e.g., gender, date of birth, nationality) where required;
• Language preferences.

3.2 Platform Usage and Location Data

• IP address and general location (country/region);
• Device information (device type, OS, browser, app version, language settings);
• Access logs, timestamps, and interaction events;
• Location-based information (GPS, Wi-Fi, cell tower data) for location-based services, where you grant permission.

3.3 Transaction and Blockchain Data

• On-platform LBP balance and transaction history;
• Payment details for in-app purchases (processed via third-party payment processors);
• Public blockchain addresses and on-chain LBP transaction records;
• Donation, reward, and burning records linked to pseudonymous wallet addresses.

3.4 Communication and Support Data

• Chat content, messages, and reports processed within the Services (limited to what is necessary for operation and safety);
• Customer support inquiries, feedback, and complaints;
• Reported content and enforcement records.

3.5 Verification and Compliance Data (where required)

• Identity verification documents (e.g., ID, passport) for KYC/AML compliance;
• Residency or nationality information;
• Risk scoring information required by law.

We may also collect aggregated and anonymized data that cannot reasonably identify any individual.

4. How We Collect Personal Information

We collect data:

1. Directly from you

• When you register an account, submit information, or contact support;
• When you participate in promotions, campaigns, or surveys.

2. Automatically

• Through cookies, SDKs, and similar technologies;
• Through application and server logs;
• Through location services (if you enable them).

3. From third parties

• Authentication providers (e.g., app stores, social login);
• Payment processors and app stores (limited billing and status data);
• KYC/AML and fraud-prevention partners, where required by law.

5. Purposes and Legal Bases for Processing

We process personal information for the following purposes:

5.1 Service Provision and Account Management

• Creating and managing user accounts;
• Enabling WELINK and sub-platform features (BEFRIEND, UTUT, L.AD, TIG, etc.);
• Processing LBP-based payments, rewards, burns, and donations.

Legal bases: performance of a contract; legitimate interests.

5.2 Security, Fraud Prevention, and Regulatory Compliance

• Detecting and preventing fraud, abuse, and unauthorized access;
• Verifying identity and age where required;
• Complying with KYC/AML obligations, sanctions screening, and legal requests.

Legal bases: legal obligation; legitimate interests; vital interests (in rare cases).

5.3 Analytics and Service Improvement

• Analyzing usage patterns and service performance;
• Improving features, UX, and scalability of the platform;
• Developing new services and ecosystem features.

Legal bases: legitimate interests; consent where required (e.g., certain cookies or analytics).

5.4 Communication

• Responding to your inquiries and support requests;
• Sending important service notices and policy updates;
• Providing optional marketing communications where you have consented.

Legal bases: performance of a contract; legitimate interests; consent (for marketing).

5.5 Legal Claims and Enforcement

• Investigating and responding to reports and disputes;
• Enforcing platform terms, policies, and community guidelines;
• Establishing, exercising, or defending legal claims.

Legal bases: legitimate interests; legal obligation.

6. Cookies and Similar Technologies

We may use cookies, SDKs, and similar technologies to:

• Maintain login sessions;
• Remember your preferences and settings;
• Measure traffic and usage patterns;
• Support fraud detection and security.

Where required by law, we will obtain your consent for non-essential cookies and provide options to manage your preferences.

7. Processing of Blockchain / On-Chain Data

1. Certain information, such as your wallet address and LBP transaction records, is recorded on public blockchains that are not controlled by LBPT.
2. Due to the immutable and transparent nature of blockchains:
   • On-chain data cannot normally be altered or deleted once confirmed;
   • Such data may be publicly accessible and viewable by third parties.
3. Where blockchain data could be considered personal data, our role is typically limited to:
   • Determining which transactions are performed through our smart contracts;
   • Associating on-chain events with your in-platform account where necessary for service provision and compliance.
4. Exercising certain rights (e.g., erasure) may be technically limited with respect to on-chain data; however, we can:
   • Minimize off-chain linkages between your identity and wallet addresses;
   • Cease further association of your account with specific addresses upon verified request, where feasible.

8. Data Sharing and Third-Party Recipients

We may share personal information with:

1. Service Providers and Processors

• Cloud hosting providers (e.g., infrastructure, storage, security);
• Payment processors and app stores;
• KYC/AML and fraud-prevention partners;
• Customer support, analytics, and communication service providers.

2. Affiliated Entities

Entities within the LBPT group, to the extent necessary for global operations and platform integration.

3. Business Partners

Merchant and platform partners, where you engage directly with them (e.g., payments, rewards, expert connections). In such cases they may be independent controllers of the data they receive.

4. Authorities and Legal Recipients

Courts, regulators, and law-enforcement agencies when required by applicable law or to protect rights, safety, and property.

We do not sell your personal information to third parties in exchange for money. Where laws recognize a "sale" of personal data in a broader sense (e.g., certain advertising practices), we will provide appropriate notices and opt-out mechanisms.

9. International Data Transfers

1. Your information may be transferred to and processed in countries other than your own, including Singapore, Korea, the EU, and the United States, where LBPT or its service providers operate.
2. When transferring data from regions such as the EU/EEA, we use appropriate safeguards, such as:
   • Standard Contractual Clauses approved by the European Commission;
   • Contractual and technical measures ensuring equivalent protection.

10. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy or as required by law, including:

• Account and basic profile data: retained while your account is active; some records may be preserved for a reasonable period after account deletion for dispute resolution and legal obligations.
• Payment and accounting records: typically retained for 5 years or longer if required by financial or tax law.
• Access logs and security logs: typically retained for at least 3 months, and longer where required for security or investigations.
• Location-information use/provision records (where legally required): at least 6 months.
• Complaint and dispute records: typically retained for 3 years or as required by law.

When data is no longer needed, it is securely deleted or anonymized.

11. Data Security

We implement appropriate technical and organizational measures to protect personal information, including:

• Encryption in transit (e.g., TLS/SSL) and, where appropriate, at rest;
• Access controls and role-based permissions;
• Regular security monitoring and vulnerability management;
• Separation and minimization of sensitive data (including location and KYC data);
• Internal policies and training for staff handling personal data.

No system can be guaranteed 100% secure, but we continuously work to protect your data.

12. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights:

• Access – to know whether we process your personal data and obtain a copy;
• Rectification – to correct inaccurate or incomplete personal data;
• Erasure – to request deletion of your personal data in certain circumstances;
• Restriction – to request limitations on processing;
• Objection – to object to processing based on legitimate interests, including profiling;
• Data Portability – to receive your data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible;
• Withdraw Consent – where processing is based on consent (e.g., marketing), you may withdraw it at any time, without affecting prior lawful processing;
• Lodge a Complaint – with your local data protection authority.

For blockchain/on-chain data, some rights (especially erasure) may be technically restricted as explained in Section 7.

13. Exercising Your Rights

To exercise your rights, you may contact us at:

We may need to verify your identity before responding. We will respond within the timeframes required by applicable law.

14. Children's Privacy

1. The Services are intended for adults (18+) and are not directed to children.
2. We do not knowingly collect personal information from children without appropriate legal basis (e.g., parental consent where required).
3. If we become aware that we have collected personal information from a child in violation of applicable law, we will take reasonable steps to delete such information.

15. Changes to This Policy

1. We may update this Policy from time to time to reflect changes in law, technology, or our Services.
2. When we make material changes, we will notify you by:
   • Updating the "Last updated" date at the top; and/or
   • Providing a notice within the Services or via email, where appropriate.
3. Continued use of the Services after the effective date of an updated Policy constitutes your acceptance of the changes.

16. Contact Information

If you have questions or concerns about this Policy or our data practices, please contact: