LibertyX Privacy Policy

Last updated: September 29, 2025

This Privacy Policy explains how LibertyX, and its wholly owned subsidiaries (collectively, “Moon,” “LibertyX,” “we,” or “us“), collects, uses, discloses, and protects your information. This policy applies to information we collect when you access or use Moon, Inc. machines, websites, mobile apps, or retail store services (collectively, “Services“) or otherwise interact with us as described below. It also describes how we oversee third‑party service providers (“Service Providers”) that process personal information on our behalf and how we notify you and regulators of certain data incidents.

We may amend this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy, and in some circumstances, we may provide you with additional notice, including, for example, by adding a statement to the homepage of the LibertyX’s website or within our mobile app. We strongly encourage you to review the Privacy Policy whenever you access or use our Services to stay informed about our information practices and your privacy rights and choices.

INFORMATION WE COLLECT

We collect information in the following ways:

• Information you provide to us (e.g., identity verification data; contact details such as name, mailing address, telephone number, and email address; financial account information; government identification numbers; biographic or demographic information).

• Biometric Information used for anti‑fraud and authentication (e.g., facial recognition vectors or mathematical representations).

• Information from other sources (e.g., identity verification and fraud‑prevention providers).

• Information collected automatically (e.g., transaction and device/log information; IP address; access times; pages viewed; cookies, pixels, and similar technologies).

Biometric Information: We may collect Biometric Information as permitted by law. We do not sell Biometric Information. We share Biometric Information only with Service Providers under written agreements that (i) restrict use to our documented purposes; (ii) require industry‑standard security; (iii) prohibit sale or use for advertising or profiling; and (iv) require prompt incident notice. We retain Biometric Information until the purposes for which it was collected have been satisfied or three years from your last interaction with us, whichever occurs first.

HOW WE USE INFORMATION

We may use your information as follows:

Provide and improve services and customer support;

Process transactions and send notices about your transactions;

Manage your account(s) and send technical notices, updates, security alerts, and support and administrative messages;

Resolve disputes, collect fees, and troubleshoot problems;

Prevent potentially prohibited or illegal activities, and enforce our user agreements;

Personalize, measure, and improve the Services;

Deliver marketing and promotional offers on behalf of LibertyX;

Link or combine your personal information with information we obtain from others to help understand your needs and provide you with better service; and

Carry out any other purpose for which the information was collected, to the extent such purpose is necessarily contemplated by the collection of such information or as otherwise notified in the Services at the time of collection.

HOW WE SHARE INFORMATION

We may share information as follows; (i) with parties to whom you send or from whom you receive funds via the Services; (ii) with Service Providers that perform services on our behalf (e.g., hosting, identity verification, anti‑fraud, payments, support); (iii) with affiliates; (iv) with regulators and law enforcement as required by law; (v) in connection with a corporate transaction; and (vi) with your consent or at your direction.

Other than in connection with a merger, sale of LibertyX’s assets, financing or acquisition, we will not sell or rent any of your information to third parties for their own marketing purposes. Please note that third parties that support our customer identification and anti-fraud controls may retain and use information about you to perform services on our behalf and to improve their services.

Onward Transfer & Vendor Controls: Prior to sharing personal information with Service Providers, we conduct risk‑based due diligence and enter into written agreements that: limit processing to specified business purposes; require appropriate technical and organizational measures (such as encryption in transit and at rest, access controls, logging, and vulnerability management); prohibit sale or independent use; require subprocessor flow‑downs; and require timely breach notification and cooperation. Where required by law, we maintain records of due diligence and ongoing monitoring.

ANALYTICS SERVICES PROVIDED BY OTHERS

We allow other entities to provide analytics services on our behalf. These entities may use cookies, web beacons, and other tracking technologies to collect information about your use of the Services, including your IP address, web browser, pages viewed, time spent on pages, and links clicked. This information may be used by LibertyX to, among other things, help analyze use of the Services and improve performance.

SECURITY

We maintain a written information security program designed to protect the confidentiality, integrity, and availability of personal information, proportionate to the nature, scope, and sensitivity of the data. Our program includes risk assessments; encryption in transit and at rest; access governance and least‑privilege controls; secure development practices; vendor due diligence and contract controls; incident response and breach‑notification procedures; employee training; and periodic assessments of our controls and those of our Service Providers.

VENDOR OVERSIGHT

We conduct and document risk‑based due diligence of Service Providers before engagement and on a periodic basis thereafter, which may include review of independent assessments (e.g., SOC 2, ISO/IEC 27001) and/or targeted questionnaires. We monitor material changes and require remediation of material deficiencies.

DATA INCIDENTS & VENDOR BREACH NOTIFICATION

If we learn of a data incident affecting personal information, including one originating at a Service Provider, we will: (i) investigate promptly; (ii) take reasonable steps to mitigate harm; and (iii) provide required notifications to affected individuals and applicable regulators within the time periods required by law. Where feasible, we will describe steps you can take to protect yourself and what we have done to remediate and prevent recurrence. However, LibertyX is not responsible for data breaches or security incidents caused by third-party vendors or service providers beyond our control.

YOUR CHOICES and RIGHTS

Location: Our websites and machines may collect precise geolocation information. Cookies: We use both session and persistent cookies. Session cookies expire when you log out of your account or close your browser. Persistent cookies remain on your computer or mobile device until you erase them or they otherwise expire. Most web browsers are set to accept cookies by default. You are free to decline most of our cookies if your browser or browser add-on permits, but choosing to remove or disable our cookies may interfere with your use and functionality of the Services. Additionally, we may use certain persistent cookies that are not affected by your browser settings, but will use such cookies solely for identity verification and fraud prevention purposes. For more information about cookies and how to block, delete or disable them, please refer to your browser instructions.

We do not engage in any sharing that would require us to provide you with an ability to opt out of such sharing. For instance, we do not share any information about you with third parties for their own marketing purposes.

ACCESS TO INFORMATION

Depending on your jurisdiction, you may have rights to access, delete, or correct personal information, or to opt out of certain processing. To exercise a right, contact us as set out below.

CONTACT US

If you have any questions or concerns regarding this Privacy Policy, please contact us at [email protected].