Meveridge — PRIVACY POLICY

1. Introduction and Scope

1.1. Welcome to Meveridge ("Meveridge," "Platform," "we," "us," or "our"). This Privacy Policy describes how we collect, use, process, store, share, and protect your personal information when you access or use our Platform, invest through our MIDAS framework, participate in the MENTOR affiliate program, engage with our AI-powered services, use the built-in Messenger, or interact with any other feature or service we provide.

1.2. This Privacy Policy applies to all Users of the Platform, including investors, MENTOR program participants, visitors, and any other individuals whose personal data is processed by Meveridge.

1.3. By creating an Account, accessing the Platform, or submitting any personal information to us, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, you must discontinue your use of the Platform immediately.

1.4. This Privacy Policy should be read in conjunction with our Terms of Use, AML & CFT Policy, Cookie Policy, and any other policies referenced herein.

2. Data Controller Information

2.1. Meveridge is the data controller responsible for the processing of your personal data in connection with the Platform's services.

2.2. For all privacy-related inquiries, requests, or complaints, please contact our Data Protection Officer (DPO):

Email: [email protected]
Help Center: Submit a ticket via the "Privacy & Data" category in the Platform's support section.

3. Categories of Personal Data Collected

We collect and process the following categories of personal data:

3.1 Identification Data

Full legal name, date of birth, nationality, and gender.
Government-issued identification documents: passport, national ID card, or driver's license (collected during Tier 2 and Tier 3 KYC verification).
Live selfie images and biometric liveness verification data (collected during Tier 2 KYC).
Proof of address documentation: utility bills, bank statements (collected during Tier 3 KYC).
Source of funds documentation: income certificates, tax returns, or equivalent (collected during Tier 3 KYC).

3.2 Contact Data

Email address (primary and recovery, if applicable).
Mobile phone number.
Residential address (as provided during KYC or profile completion).

3.3 Financial Data

Cryptocurrency wallet addresses (USDT TRC-20, ERC-20, BEP-20; Bitcoin; Ethereum).
Deposit and withdrawal transaction history, including amounts, timestamps, network identifiers, and transaction hashes.
Investment plan selections, activation dates, Lock Periods, and Daily Yield records.
Available Balance and Invest Balance records.
Coupon redemption and usage history.
Referral commission records and MENTOR program payout history.
Portfolio analysis data, including Risk Score and Diversification Index.

3.4 Technical Data

IP addresses (IPv4 and IPv6) associated with account access.
Browser type, version, and language settings.
Device type, operating system, and unique device identifiers.
Login and logout timestamps.
Security Score events and changes.
Two-factor authentication (2FA) enrollment status and usage logs.
Anti-Phishing Code configuration.
Trusted device and trusted IP registrations.

3.5 Behavioral Data

Navigation patterns and feature usage within the Platform.
Voting history in the VOTE HUB, including proposals viewed and votes cast.
MENTOR program activity: team structure interactions, Marketing Kit downloads, training progress in the personal dashboard, and AI MENTOR consultation history.
JOKER section activity: games played, gaming currency earned, Coupons won, and Leaderboard rankings.
Messenger activity metadata: message timestamps, chat participation (Direct Messages, Team Chat, Channels), and AI Bot interaction logs. (Note: The content of private messages between Users is not monitored or stored by Meveridge, except as required by law or in response to reports of Acceptable Use Policy violations.)

3.6 AI Interaction Data

Queries submitted to AI assistants (AI MENTOR, AI MIDAS, AI ORACLE, AI GUARD, AI JOKER, AI LUMI).
AI-generated responses, recommendations, and personalization parameters.
Feedback signals (acceptance or rejection of AI recommendations).

4. Legal Basis for Processing

We process your personal data on the following legal bases:

4.1 Contractual Necessity

Processing necessary for the performance of our contract with you, including Account creation, investment plan execution, Daily Yield calculation, commission processing, and withdrawal facilitation.

4.2 Legal Obligation

Processing required to comply with applicable legal and regulatory obligations, including AML/CFT compliance, KYC verification, sanctions screening, Suspicious Activity Reporting (SAR), tax reporting obligations, and record-keeping requirements.

4.3 Legitimate Interest

Processing necessary for our legitimate interests, provided such interests are not overridden by your fundamental rights and freedoms. This includes: fraud prevention, Security Score calculation, AI GUARD monitoring, system performance optimization, AI model improvement, and analytics for business development.

4.4 Consent

Where required by applicable law, we process certain data based on your explicit consent. This includes: marketing communications, optional AI personalization features, and non-essential cookie placement. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Purpose of Data Processing

Your personal data is processed for the following purposes:

5.1 Service Provision and Contract Performance

Account registration, authentication, and management.
Processing deposits and withdrawals across supported blockchain networks (BSC, Ethereum, Bitcoin).
Executing investment plans (Bridge Basic, Bridge Magnet, Bridge Premium, Real Sector Catalog).
Calculating and crediting Daily Yield and Investor Status Yield Bonuses.
Processing and distributing MENTOR referral commissions across up to 15 levels.
Tracking IP (Investor Points) accumulation and Investor Status progression.
Calculating TV (Team Volume) from the first five referral lines (100%, 75%, 50%, 25%, 10%).
Managing Leader Rank qualifications and promotions.
Facilitating Coupon issuance, redemption, and tracking.
Operating the JOKER section, including gaming currency, mini-games, and Leaderboard rankings.
Generating Portfolio Analysis reports and Export Reports (PDF/CSV).
Issuing digital Certificates (Leader Rank, Investor Status).

5.2 Compliance and Legal Obligations

Performing tiered KYC verification (Tier 1, Tier 2, Tier 3 / EDD).
Screening against international sanctions lists (OFAC, EU, UN) and PEP databases.
Monitoring transactions for AML/CFT red flags via AI GUARD.
Filing Suspicious Activity Reports (SARs) with relevant financial intelligence units when legally mandated.
Maintaining mandatory audit trails and records for the periods required by applicable law.

5.3 Security and Fraud Prevention

Calculating and maintaining your Security Score (0–100 points).
Detecting and preventing unauthorized access, multi-accounting, phishing, and social engineering attacks.
Monitoring login patterns, device fingerprints, and IP address changes.
Enforcing 2FA requirements and managing Anti-Phishing Code verification.
Administering Trusted Device and Trusted IP registrations.
Temporarily freezing accounts exhibiting anomalous behavior pending compliance review.

5.4 AI Personalization and Service Improvement

Training and optimizing local AI models (AI MENTOR, AI MIDAS) to deliver personalized investment strategies and affiliate program recommendations.
Enabling AI ORACLE to generate project risk assessments and voting recommendations.
Allowing AI LUMI to provide contextual knowledge base responses.
Improving AI JOKER's entertainment algorithms and reward distribution mechanics.

Important: AI training data is siloed on a per-user basis and is not aggregated or shared with other Users or external third parties. AI personalization may be disabled through Account settings.

5.5 Communication

Sending transactional notifications (deposit confirmations, withdrawal processing, plan activations, rank promotions).
Delivering security alerts (new device logins, Security Score changes, 2FA events).
Providing platform updates, news, and regulatory information through the LUMI section.
Sending marketing communications (only with your prior consent, which may be withdrawn at any time).

6. Data Sharing and Third-Party Disclosure

6.1. Meveridge does NOT sell, rent, or trade your personal data to third parties for commercial or marketing purposes.

6.2. We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate contractual safeguards:

6.3 KYC and Identity Verification Providers

Third-party service providers engaged to perform identity document verification, liveness checks, biometric analysis, and sanctions/PEP screening. These providers process data strictly in accordance with our instructions and applicable data protection laws.

6.4 Blockchain Networks

When you initiate a deposit or withdrawal, certain transaction data (wallet addresses, transaction amounts, transaction hashes) is recorded on public blockchain networks (BSC, Ethereum, Bitcoin). Meveridge cannot control or delete data once it has been recorded on a public blockchain.

6.5 Regulatory and Law Enforcement Authorities

We may disclose personal data to regulatory bodies, financial intelligence units, law enforcement agencies, or courts when required by applicable law, court order, subpoena, or official government directive.

6.6 Professional Advisors

We may share data with legal counsel, auditors, and financial advisors engaged by Meveridge, subject to professional confidentiality obligations.

6.7 Upline Partners in the MENTOR Program

Your upline sponsor (mentor) can view only the following information: your Username, current Leader Rank, and your contribution to Team Volume (TV). Personal contact details, financial balances, and transaction history are not visible to upline partners unless you explicitly share such information through the Messenger's Team Chat or direct messages.

6.8 Service Providers and Infrastructure Partners

Cloud hosting providers, content delivery networks, email delivery services, and other technical infrastructure providers that support the Platform's operations. All such providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

7. AI GUARD — Automated Profiling and Security Monitoring

7.1. Our proprietary AI GUARD system performs automated profiling and decision-making to protect your Account and the integrity of the Platform. This includes:

Real-time analysis of login patterns, device fingerprints, and IP geolocation.
Behavioral anomaly detection (e.g., atypical withdrawal patterns, sudden changes in trading behavior).
Risk scoring and Security Score calculation.
Automated account freezing in response to identified security threats.
Transaction blocking when AML/CFT red flags are detected (e.g., structuring, mixer-origin deposits).

7.2. Your Rights Regarding Automated Decisions: If an automated decision by AI GUARD adversely affects your Account (e.g., freezing, transaction blocking), you have the right to:

Request a manual review of the decision by our compliance team.
Provide additional information or documentation to support your case.
Contest the decision by submitting an appeal to [email protected].

7.3. Meveridge will respond to all AI GUARD-related appeals within fourteen (14) business days.

8. International Data Transfers

8.1. Meveridge operates globally, and your personal data may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

8.2. Where personal data is transferred outside of jurisdictions with adequate data protection standards, we implement appropriate safeguards, including:

Standard Contractual Clauses (SCCs) approved by relevant regulatory authorities.
Binding corporate rules, where applicable.
Encryption of data in transit (TLS 1.3) and at rest (AES-256).

8.3. By using the Platform, you consent to the transfer of your personal data as described in this section, subject to the safeguards outlined herein.

9. Data Retention Periods

9.1. We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

9.2. Specific retention periods:

Data Category	Retention Period
Account registration data	Duration of Account existence + 5 years after closure
KYC verification documents	5–7 years after Account closure (as required by AML regulations)
Transaction and financial records	5–7 years after the last transaction (as required by financial reporting laws)
Security logs and AI GUARD events	3 years from the date of the event
AI interaction data	2 years from the date of interaction, or until consent withdrawal
Marketing consent records	Duration of consent + 1 year after withdrawal
Messenger content (direct messages)	Stored locally on User devices; server-side metadata retained for 1 year
JOKER activity and gaming currency	Duration of Account existence

9.3. Upon expiration of the applicable retention period, personal data is securely deleted or irreversibly anonymized.

10. Data Security Measures

10.1. Meveridge implements enterprise-grade technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

10.2 Technical Measures

Encryption at Rest: All sensitive personal and financial data is encrypted using AES-256 encryption.
Encryption in Transit: All data transmitted between your device and the Platform is protected using TLS 1.3 (Transport Layer Security).
Two-Factor Authentication (2FA): Mandatory for high-value transactions and recommended for all Users. Supported via Google Authenticator.
Anti-Phishing Code: A User-defined unique code included in every official email from Meveridge, enabling Users to verify the authenticity of communications.
Rate Limiting and DDoS Protection: Automated defenses against brute-force attacks and distributed denial-of-service attacks.
Penetration Testing: Regular third-party security audits and penetration testing.

10.3 Organizational Measures

Access to personal data is restricted to authorized personnel on a strict need-to-know basis.
All employees and contractors with access to personal data are bound by confidentiality agreements.
Regular staff training on data protection, information security, and AML/CFT compliance.
Incident response procedures for data breaches, including notification protocols.

10.4 Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Meveridge will:

Notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach, where required by law.
Notify affected Users without undue delay, providing details of the breach, the data affected, and recommended protective measures.

11. Your Rights Under Data Protection Laws

11.1. Subject to applicable data protection laws, you may have the following rights regarding your personal data:

11.1.1 Right of Access

You have the right to request confirmation of whether we process your personal data and, if so, to obtain a copy of such data. Account Statement exports (available via Portfolio → Export Report) provide access to your financial data.

11.1.2 Right to Rectification

You have the right to request correction of inaccurate personal data or completion of incomplete data. Profile information may be updated through Account settings; KYC document corrections require submission to the compliance team.

11.1.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data. This right is subject to exceptions, including our obligation to retain financial records for 5–7 years as required by AML regulations and applicable tax laws. Upon a valid erasure request, we will delete all data that is not subject to mandatory retention requirements.

11.1.4 Right to Restriction of Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of data or when processing is unlawful.

11.1.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format (CSV, JSON, or PDF) and to transmit that data to another controller. Export Report functionality in the Portfolio section facilitates this right for financial data.

11.1.6 Right to Object

You have the right to object to the processing of your personal data based on our legitimate interests. Upon receiving such an objection, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

11.1.7 Right Not to be Subject to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects. See Section 7 (AI GUARD) for details on how to request a manual review of automated decisions.

11.1.8 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

11.2. To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within thirty (30) days. If a request is complex or voluminous, we may extend this period by an additional sixty (60) days with prior notification.

11.3. You also have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe your data protection rights have been violated.

12. Cookie Policy and Tracking Technologies

12.1. The Platform uses cookies and similar tracking technologies to enhance functionality, improve performance, and personalize your experience. For comprehensive details, please refer to our separate Cookie Policy.

12.2. Categories of cookies used:

Strictly Necessary Cookies: Essential for Platform operation, authentication, and security. Cannot be disabled.
Performance Cookies: Collect anonymous usage data to help us improve Platform performance and user experience.
Functional Cookies: Remember your preferences (language, display settings, dashboard layout configurations).
Analytics Cookies: Help us understand how Users interact with the Platform, which features are most popular, and where improvements are needed.
AI Session Cookies: Maintain context during conversations with AI assistants (AI MENTOR, AI MIDAS, AI LUMI, etc.) within a single session.

12.3. You may manage your cookie preferences through the cookie consent banner displayed upon your first visit or through the "Cookie Settings" option in your Account settings.

13. Children's Privacy

13.1. The Platform is not directed at individuals under the age of eighteen (18). We do not knowingly collect, process, or store personal data from minors.

13.2. If we become aware that we have inadvertently collected personal data from a minor, we will take immediate steps to delete such data and close the associated Account.

13.3. If you believe that a minor has provided personal data to us, please contact us immediately at [email protected].

14. Changes to This Privacy Policy

14.1. Meveridge reserves the right to update or modify this Privacy Policy at any time. Material changes will be communicated to Users through in-platform notifications, email, or announcements in the LUMI → News section.

14.2. The "Last Updated" date at the top of this document indicates when the most recent revision was made.

14.3. Your continued use of the Platform following the publication of an updated Privacy Policy constitutes your acknowledgment and acceptance of the changes. If you do not agree to the updated policy, you should discontinue use of the Platform and initiate Account closure.

This Privacy Policy does not constitute legal advice. Users are encouraged to seek independent legal counsel regarding their data protection rights. By using the Meveridge Platform, you acknowledge that you have read, understood, and accepted this Privacy Policy in its entirety.