Page 1 | General Provisions and Scope of Application

This Privacy Policy explains how HLGEX collects, processes, stores, and protects data generated by users when using the platform and its related services. By accessing or using HLGEX, users acknowledge and agree to the privacy principles and rights and obligations outlined in this Policy. This Policy applies to all individual and institutional users using HLGEX’s trading system, account management, asset management tools, on-chain interaction modules, risk control services, and related functions.

Before using the platform, users should be aware that: data processing follows the principles of necessity, transparency, minimization, and security; the platform may process specific data due to compliance, risk control, or technical needs; some data processing is essential for providing the service. HLGEX will protect user data security to the extent permitted by law. Any updates to this Policy will take effect immediately and automatically replace the old version upon publication. Continued use of the service after the update constitutes acceptance of the new Privacy Policy.

HLGEX’s data processing practices reference internationally accepted data protection frameworks, including GDPR, CCPA, and OECD Personal Data Protection Principles, and are continuously followed and optimized in its operations.

Page 2 | Information Collection Types

To provide stable, secure, and compliant trading and asset management services, HLGEX collects various types of personal and technical information based on business needs, including but not limited to the following:

Account Information: Basic fields used to establish and identify user accounts, excluding any contact information, primarily used for permission allocation and account initialization.

Authentication Information: May include personally identifiable documents, facial verification, risk control questionnaires, or relevant compliance data under KYC, AML, etc. requirements, to ensure account legitimacy and transaction security.

Technical Information: Includes device fingerprints, IP addresses, operating systems, browser types, and related parameters, used for security monitoring, risk identification, and system compatibility analysis.

Usage Behavior Information: Covers transaction behavior, interface operation records, triggered risk control events, and system response logs, used to improve security and user experience.

On-Chain Data: Includes publicly verifiable information such as wallet addresses, on-chain interaction records, and transaction hashes, used for asset management, cross-chain services, and risk control monitoring.

System Log Information: Includes timestamps, system calls, error records, and abnormal operations, used for auditing, troubleshooting, and security analysis.

Page 3 | Information Collection Methods

HLGEX collects user-related information through various methods based on the actual needs of its services. First, when users actively provide data, including during registration, identity verification, document submission, transaction initiation, and other interactions, the platform records necessary information to complete the corresponding service. Second, HLGEX automatically collects information through technical means, such as cookies, browser parameters, device fingerprints, server logs, and behavioral sequences, for security verification, session management, and system performance optimization.

In addition to user behavior, HLGEX may also obtain data from authorized third-party sources, including risk control service providers, identity verification agencies, on-chain data providers, and other compliant partners, to ensure the authenticity, security, and legality of accounts and assets. Furthermore, the platform’s AI risk control system generates risk markers or abnormal characteristic information based on user behavior characteristics, on-chain activity, and transaction patterns to warn of potential violations or security risks.

While meeting legal obligations such as Anti-Money Laundering (AML), Counter-Terrorist Financing (CFT), and Know Your Customer (KYC), HLGEX may collect or update relevant data in accordance with regulatory requirements to ensure platform operations comply with applicable regulations and maintain system integrity. Page 4 | Purpose of Information Use

HLGEX uses the information it collects to ensure the platform operates securely, stably, and in compliance with regulations. First, this data is used to provide basic services, including account management, asset recording, order execution, and trade matching, enabling users to smoothly complete various trading actions. Second, in risk control, identity verification, and anti-money laundering (AML) processes, relevant information is used to verify account legitimacy, screen for risks, monitor suspicious behavior, and prevent potential violations.

The platform also utilizes technology and behavioral information to monitor abnormal operations and identify potential risk states, thereby enhancing system security. To improve the overall trading experience, HLGEX uses anonymized or statistically analyzed data for model optimization, liquidity research, and product feature iteration. Additionally, in situations requiring regulatory compliance, investigative assistance, or fulfilling legal obligations, the platform will legally process relevant data to cooperate with necessary reviews.

Furthermore, HLGEX uses anonymized data for trend analysis, system tuning, and macroeconomic research to improve platform performance and support long-term development. All data is processed under the principle of minimization and used only for essential purposes closely related to the services.

Page 5 | Information Sharing and Third-Party Cooperation

HLGEX will share data with third parties as necessary, strictly adhering to the principles of minimization and compliance requirements. The platform may provide necessary information as required by law or regulatory bodies to fulfill review, investigation, or compliance reporting obligations. Furthermore, to complete KYC, AML, and risk identification, HLGEX may share relevant compliance data with identity verification agencies, anti-money laundering service providers, and blockchain analytics partners.

At the technical security level, the platform may provide some technical data to trusted cybersecurity partners, anti-fraud service providers, and cloud service providers to maintain system stability and risk protection. In liquidity and cross-chain services, HLGEX may share limited, non-directly identifiable information with market makers or strategy interfaces to support deep integration and technical interoperability.

Due to the publicly verifiable nature of on-chain data, user on-chain behavior may naturally be public. HLGEX will not sell user information, nor will it disclose identifiable data to third parties unrelated to its services. All sharing activities are subject to compliance regulations and security control mechanisms.

Page 6 | Data Storage, Security, and Encryption

HLGEX stores user data based on necessity and minimization principles, employing multiple security mechanisms to ensure information is not accessed, tampered with, or leaked without authorization. The platform uses static encryption, transmission encryption, and a multi-key management system to ensure data is protected during storage and transmission. In the digital asset dimension, HLGEX uses cold storage, multi-layered access control, and smart contract auditing technologies to enhance asset security and risk isolation capabilities.

The platform’s AI risk control system continuously monitors behavioral patterns, system anomalies, and potential threats, and performs automated risk identification by combining behavioral analysis and log tracking mechanisms. User accounts must use strong passwords, two-factor authentication, and multi-layered verification to prevent unauthorized access or abuse. The system records operation logs, transaction activities, and permission changes to support auditing, tracking, and security checks.

Upon discovering potential security vulnerabilities or abnormal behavior, HLGEX will assess, process, and remediate according to established incident response mechanisms, implementing temporary restrictions as necessary to ensure overall platform security. The platform continuously updates its security policies to address evolving technological risks and industry threats.

Page 7 | User Rights

HLGEX respects and protects users’ rights regarding their personal data in accordance with international data protection regulations. Users have the right to request access to their personal data on the platform to understand the content collected and processed; they can also submit a correction request if they find the information to be inaccurate or expired. Users may request the deletion of some data to the extent permitted by law, but data involved in financial audits, anti-money laundering regulations, or statutory retention obligations may not be deleted immediately.

Furthermore, users have the right to request the platform to restrict the processing of their data, such as suspending certain uses during dispute resolution or verification; users also have the right to data portability, allowing them to access their relevant data to the extent technically feasible for migration or backup. Users have the right to object to certain specific data processing practices, and the platform will respect their choices without affecting the security and compliance of core services.

HLGEX will process user requests within a reasonable timeframe, but must comply with legal obligations, compliance requirements, and system security prerequisites to ensure an appropriate balance between platform operation, regulatory responsibilities, and user rights.

Page 8 | Cookies and Tracking Technologies

HLGEX uses cookies and related tracking technologies to ensure the platform functions properly, improve user experience, and enhance system security. Cookies are small data files stored by your browser and can be used to maintain session state, identify risky behavior, and optimize page performance. The platform may use various types of cookies, including: strictly necessary cookies to support system operation; functional cookies for interface experience and preference saving; statistical cookies for performance and traffic analysis; and risk control cookies for detecting abnormal behavior and improving security.

Users can manage, restrict, or delete cookies through browser settings, but disabling necessary cookies may cause core functions such as account management, trading, and verification to malfunction. To ensure transaction security, some security cookies may not be completely disabled.

Cookies and tracking technologies play a crucial role in the trading platform, especially in identifying abnormal logins, preventing fraud, verifying user identity, and maintaining trading stability. HLGEX will use these technologies with a minimum usage policy and will take necessary measures to protect the privacy and security of user data.

Page 9 | Cross-Border Data Transfer

To ensure service stability and global collaboration capabilities, some HLGEX data may flow between servers in different countries or regions, or be transferred across borders between compliant agencies and technology providers partnering with the platform. Cross-border data processing will strictly adhere to the principle of necessity, and appropriate security measures will be taken before and after transmission, including encryption, anonymization, and minimization, to reduce the risk of data exposure.

All partners involved in data processing must comply with applicable data protection regulations and adhere to security obligations signed with HLGEX, including access control, confidentiality requirements, and technical protection standards. HLGEX will assess the security capabilities of its partners to ensure their technical and compliance levels are sufficient to protect user data.

Due to the flow of cross-border data between different jurisdictions, data protection laws may vary. HLGEX will follow internationally accepted data protection frameworks in cross-border transfers and ensure, through contractual or technical means, that user data receives the appropriate level of protection under different legal systems. All cross-border processing is based on the fundamental principles of security, compliance, and transparency.

Page 10 | Terms of Service, Disputes, and Applicable Law

HLGEX may modify this Privacy Policy due to changes in law, service updates, security needs, or operational adjustments. Any updated version will automatically take effect upon release and supersede the previous version. Users’ continued access to or use of the platform services after the update takes effect constitutes acceptance of the new Privacy Policy.

In the event of a dispute arising from data processing or privacy issues, HLGEX will prioritize communicating with users through reasonable internal mechanisms to seek a fair solution. If the dispute remains unresolved, the platform will handle the matter in accordance with applicable legal frameworks and prevailing data protection principles, without limiting the specific dispute resolution location or institution.

This Privacy Policy adheres to internationally recognized data protection standards, including the principles of transparency, legality, necessity, minimization, security, and user control. HLGEX reserves the right to the final interpretation of this Privacy Policy and will continuously optimize its data processing procedures while protecting user rights and complying with regulations.