Gami Logo

Privacy Policy

Last Updated: July 1, 2026

1. Who We Are

This Privacy Policy explains how Gami Investment Labs S.A., a company incorporated in Panama under Registration Number 155784932 and in compliance with local regulations concerning the management of digital assets ("Gami Investment Labs S.A.," "we," "us," or "our"), collects, uses, and shares personal data when you use our website, decentralized application (the "dApp"), and related services (together, the "Services").

If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us by email at contact@gamilabs.io.

2. Scope

This Privacy Policy applies to personal data we collect and process when you interact with us, for example when you:

  • visit our website or dApp;
  • connect a wallet and interact with our vaults;
  • communicate with us by email or through other channels; or
  • subscribe to updates or marketing communications.

This Privacy Policy does not apply to the practices of third parties that we do not own or control, such as wallet providers, custodians, blockchain networks, decentralized protocols, or analytics providers, each of which handles data under its own terms and privacy policies. We encourage you to review those policies separately.

3. Information We Collect

Depending on how you interact with us, we may collect the following categories of information:

Identification and contact information: name, email address, company, job title, and any other information you choose to provide when you contact us or engage with us (for example, in meetings or calls).

Wallet and on-chain information: public wallet addresses you connect to the dApp, and on-chain transaction and position data associated with those addresses in relation to our vaults (for example, deposits, withdrawals, and strategy-specific activity). Please note that blockchain data is public by nature.

Usage and technical information: IP address, browser type and version, operating system, device identifiers, time zone settings, the pages you visit, clickstream data, and your interactions with the website or dApp.

Communications information: the content of emails, messages, or other communications you send to us, along with related metadata.

Compliance and screening information (where applicable): information resulting from sanctions or anti-money-laundering ("AML") screening, where we or our partners carry out such checks, to the extent permitted by applicable law.

Marketing preferences: your preferences for receiving updates or marketing from us, including your subscription status and opt-out choices.

We do not intentionally collect sensitive information (such as data revealing health, political opinions, or religious beliefs), and we ask that you do not provide such information to us.

4. How We Collect Information

We may collect personal data:

  • Directly from you, for example when you contact us, schedule a call, or subscribe to updates.
  • Automatically from your device, through cookies and similar technologies, when you use our website or dApp (see "Cookies" below).
  • From public blockchains, when we read transactions and balances associated with wallet addresses in connection with our vaults.
  • From service providers, such as hosting, analytics, or security providers that collect data on our behalf.
  • From compliance and screening providers, to the extent we conduct sanctions or AML checks.

5. How We Use Information

We use personal data for the following purposes:

To provide and operate the Services — to run the website and dApp, enable wallet connection, facilitate interactions with our vaults, communicate with you about your use of the Services, and respond to your inquiries.

For security and fraud prevention — to protect the security and integrity of the Services, monitor for suspicious activity, detect abuse, and investigate potential incidents.

For analytics and service improvement — to understand how the website and dApp are used, identify areas for improvement, and develop new features.

To communicate with you — to respond to your requests, support inquiries, or feedback, and to manage our relationships with users, partners, and prospects.

For marketing and updates — to send you information about our strategies, updates, events, or other content that may interest you, consistent with your preferences.

To comply with legal and regulatory obligations — for example, record-keeping, accounting, and sanctions or AML checks where relevant.

6. How We Share Information

We do not sell your personal data. We may share personal data with:

Service providers: hosting and infrastructure providers (including node providers), security and monitoring vendors, email and communication tools, and other providers that process data on our behalf and under our instructions.

Custodians and DeFi infrastructure providers: third parties we engage to provide custody or the infrastructure needed to operate our vaults and related Services.

Professional advisers: such as lawyers, auditors, and consultants, where necessary for the provision of their services.

Authorities and regulators: where we are legally required to do so, or where sharing is necessary to establish, exercise, or defend legal claims.

In connection with corporate transactions: such as a merger, acquisition, reorganization, or similar event, subject to appropriate safeguards.

7. International Transfers

We are based in Panama and rely on service providers located in various countries. As a result, your personal data may be transferred to, stored in, and processed in jurisdictions other than the one in which you reside, which may have different data-protection standards. Where we transfer personal data, we take steps we consider reasonable to protect it consistent with this Privacy Policy and applicable law. You can contact us for more information.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, or as required by applicable law. Retention periods vary depending on the type of data and the context of processing. For example:

  • Contact and communications data is retained for as long as we have an ongoing relationship with you, and for a reasonable period afterward to respond to queries, maintain records, and handle potential disputes.
  • Usage and technical data (logs) is retained for 12 months, unless a longer period is necessary for security or legal purposes.
  • Marketing data is retained until you opt out of marketing communications, plus a short period to implement your request.

We may retain certain data for longer where necessary to establish, exercise, or defend legal claims, or to comply with legal retention obligations.

9. Your Choices and Rights

Depending on where you live, you may have certain rights regarding your personal data. In particular, you can:

  • Access the personal data we hold about you and request a copy.
  • Correct inaccurate or incomplete personal data.
  • Request deletion of your personal data in certain circumstances.
  • Opt out of marketing at any time, by using the unsubscribe link in our emails or by contacting us.

Please note that some information — such as data recorded on a public blockchain — is outside our control and cannot be altered or deleted by us. To exercise any of these choices, contact us at contact@gamilabs.io. We may ask you to verify your identity before we respond.

10. Cookies

We use cookies and similar technologies to operate our website and dApp, remember your preferences, and understand how our Services are used. You can usually control cookies through your browser settings, although disabling certain cookies may affect how the website or dApp functions.

11. Security

We take reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the security of your own wallet, private keys, and access credentials.

12. Children

Our Services are intended for adults and are not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate steps.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above and, where appropriate, provide additional notice (for example, through the website or dApp). Your continued use of the Services after the updated Privacy Policy takes effect constitutes your acknowledgement of the changes.

14. Contact

If you have any questions or concerns about this Privacy Policy or our data-handling practices, you can contact us by email at contact@gamilabs.io.