📃Privacy Policy

Last Updated: March 10, 2026

MemeX (hereinafter, "we," "us," or "our") takes users' personal information seriously. Through this Privacy Policy (hereinafter, this "Policy"), we explain how we collect, use, retain, and share personal information in connection with the use of the online/mobile services we provide (hereinafter, the "Platform" or "MemeX Services"), as well as the rights and choices available to users.

This Policy applies together with the Platform Terms of Service and related policies. By accessing or using the Platform, users are deemed to have read and understood this Policy and to acknowledge that personal information may be processed in accordance with this Policy.

Certain features of this Service may utilize third-party services, external networks, or distributed ledger/blockchain technology, which may result in data being processed in ways beyond our control (see "Third-Party Content/Embeds" and "Distributed Ledger/Blockchain Notice" below).

1. Scope of Application

This Policy applies to the following:

• our Platform (web/app) and related features (community, content upload/sharing, reporting, messages/inquiries, etc.)

• official websites and customer support channels operated by us

• users' viewing of third-party content within the Platform (such as links/embeds), provided that third-party processing is governed by the relevant third party's own policy

2. Meaning of Personal Information

"Personal information" means information that can identify an individual, either on its own or in combination with other information.

However, information that has been fully anonymized so that an individual can no longer be identified may not be considered personal information (within the scope permitted by applicable law).

3. Categories of Personal Information We Collect

We may collect the following information to the extent necessary to provide the Service. The actual items collected may vary depending on how the user uses the Service and which features the user has enabled.

3.1 Information Provided Directly by the User

• Account/Profile Information: email address (or login method identifier), username, profile image, self-introduction, settings values (language/notifications/time zone, etc.). Time zone information is collected for the purpose of calculating the reference time for restrictions on nighttime transmission of advertising information (automatically detected from the browser environment at sign-up, and may be changed directly by the user).

• Content and Community Activity Information: posts/comments/messages/report details, uploaded images, text, links (URLs), and community activity history

• Customer Support/Inquiry Information: inquiry details, attached files, and response history

• Event/Promotion Participation Information (if any): participation records and fulfillment information (where necessary)

3.2 Information Automatically Collected During Service Use

• Device/Access Information: IP address, access time, browser/app version, OS, device identifiers (for example, advertising ID, depending on settings/policy), language/time zone, error logs, and network information

• Usage Records: pages visited, clicks/scrolls, search terms, feature usage history, login/logout records, and security event records

• Cookies and Similar Technology Information: cookies, local storage, SDK logs, etc. (see "Cookies and Similar Technologies")

3.3 Information Provided Through External Accounts/Third-Party Integrations

• Basic profile information provided by social login/external authentication providers (for example, email address, name/nickname, profile image, etc.)

The items provided depend on the login method selected by the user and the relevant provider's policy.

3.4 Information Related to External Network/Wallet Connectivity and Transactions/Records

Some Platform features may utilize external networks or distributed ledger technology to enable user participation. In such cases, we may process the following information:

• Wallet-Related Information: wallet address (public key), signature values (for authentication/ownership verification), connection/disconnection time, and the type of connected wallet (for example, browser wallet/mobile wallet)

• Transaction/Activity Information: transaction hash/ID, event logs, records of smart contract interactions, records required for fee settlement, and network status/error records

• Please note: we generally do not request or store a user's Seed Phrase or Private Key. Users must protect their own wallet credentials themselves.

3.5 Additional Information Required for Legal Compliance/Security

Where necessary for security, prevention of misuse, dispute response, or compliance with applicable law, we may request the submission of additional information.

• Age Verification Information: at sign-up, we collect date of birth to verify whether the user is at least 18 years old. The collected date of birth is destroyed immediately after verifying age eligibility, and only the age-eligibility result (is_adult: true/false) is retained. The original date of birth is not stored.

• Identity Verification Information: name, date of birth, residence, government-issued identification information (some portions may be masked), selfie/biometric information (only where required under applicable law/policy), and information necessary for sanctions/AML checks

• Payment/Settlement Information: information for tax/accounting processing, etc.

Where such information is required, we will separately notify users of the purpose, items, and retention period, or obtain consent where necessary.

4. Purposes of Use of Personal Information

We process personal information for the following purposes (under the principle of minimum necessary collection):

1. Service Provision and Operation: account creation/authentication, feature provision, settings storage, and customer support responses

2. Community Safety and Operation: report handling, response to harmful content/behavior, investigation of Terms violations, and dispute response

3. Security and Fraud Prevention: account protection, detection of abnormal signs, access control, prevention of fraud/phishing/spam

4. Service Improvement and Quality Management: error analysis, performance improvement, feature testing (including beta), and statistical analysis

5. Legal Compliance and Protection of Rights: fulfillment of legal obligations, response to regulatory/investigative agency requests (where lawful), and protection of the rights of us, users, and third parties

6. Contact and Notices: service notices, notices of policy changes, security alerts, and important notices (including priority channels under the Terms)

7. Sending Advertising Information: where the user has separately consented, sending advertising information such as events, promotions, and new feature notices through the channels consented to (such as email)

8. Display of External Content and Provision of Embeds: displaying link previews/embeds and complying with provider policies

5. Legal Basis for Processing Personal Information

Depending on the jurisdiction, we may process personal information based on one or more of the following legal bases:

• Performance of a Contract: processing necessary to provide the Service under the Terms of Service

• Compliance with Legal Obligations: compliance with retention/submission obligations under applicable laws

• Legitimate Interests: security, fraud prevention, service improvement, etc. (to the extent not excessively infringing users' rights)

• Consent: items that require consent (for example, optional features, certain cookies/marketing, etc.)

6. Cookies and Similar Technologies

We may use cookies and similar technologies to provide the Service and ensure its stable operation.

6.1 Types of Cookies

• Essential Cookies/Technologies: maintaining login status, security, and provision of basic functions

• Functional Cookies/Technologies: saving preferences (language/theme, etc.)

• Analytics/Performance Cookies/Technologies: analysis of usage patterns and measurement of errors/performance (for example, for statistical purposes)

6.2 Personalized Advertising/Targeting

• We may use cookies and similar technologies to analyze users’ interests, usage patterns, and access environments, and based on such analysis, provide personalized or targeted advertising. In addition, to the extent permitted by applicable law, we may process related information in connection with third-party advertising and analytics service providers.

6.3 Cookie Management

Users may restrict or delete cookies through browser/device settings. However, if cookies are blocked, some functions may be limited.

6.4 Analytics Tools

We may use analytics/error-tracking tools to improve service quality. If such tools are actually introduced, we will provide guidance on the type of tools and control methods (opt-out) through this Policy or separate notice.

7. Sharing and Disclosure of Personal Information (Third Parties)

As a rule, we do not sell users' personal information. However, we may share/disclose personal information in the following cases.

7.1 Outsourcing for Service Provision (Vendors)

We may entrust personal information processing, to the extent necessary for operations, for hosting, data storage, customer support, security, analytics, link previews/embed provision, and similar purposes. In such cases, we impose personal information protection obligations through entrustment agreements and manage/supervise such vendors.

• Examples: cloud/hosting, CDN, log/error analysis, customer support tools, email delivery, embed services (for example, link metadata retrieval), etc.

7.2 Affiliates and Corporate Transactions

Where joint operation with affiliates is necessary, or where a corporate transaction such as merger, acquisition, or transfer of assets occurs, personal information may be transferred/shared to the extent permitted by applicable law (with prior/post notice where necessary).

7.3 Legal Requests and Protection of Rights

We may disclose personal information where there is a legal obligation, such as a court order, lawful request from an investigative agency, or request from a regulatory authority, or where necessary to protect the rights and safety of us, users, or third parties.

7.4 User Consent

Where the user has given prior consent, we provide personal information within the scope of that consent.

8. Cross-Border Transfer

We (MemeX Labs USA, located in Delaware, United States) use global infrastructure and third-party services. Accordingly, personal information may be stored and processed on servers located outside the user's country of residence (in the United States or other countries). The main cases in which cross-border transfer occurs are as follows: (i) cloud hosting and infrastructure services, (ii) email delivery services (for example, marketing email delivery tools), (iii) analytics/error tracking tools, and (iv) customer support tools. When cross-border transfer occurs, we apply appropriate safeguards (such as contractual safeguards) in accordance with applicable law.

9. Retention Period and Destruction

We retain personal information until the purpose of collection is achieved, and after the purpose is achieved, we destroy (or de-identify) it without delay in accordance with applicable laws and our internal standards. However, exceptions may apply in the following cases:

• statutory retention obligations (tax/accounting/dispute response/security/fraud prevention, etc.)

• records related to consent to receive marketing communications (consent date/time, channel, version, etc.): retained for 1 year after user withdrawal, for dispute response and prevention of re-sending

• opt-out history: retained for 1 year after user withdrawal, to prevent re-sending to the same user upon re-registration

• marketing sending history: retained for 1 year

• age eligibility result (is_adult): retained during the period of account maintenance and destroyed upon account deletion

• periods reasonably necessary for investigation of Terms of Service violations or dispute resolution

• short-term residual retention for technical reasons such as system stability, backup/cache, etc.

Destruction methods are as follows: electronic files are deleted in a manner that prevents recovery, and printed materials are shredded or incinerated.

10. Account Deletion (Membership Withdrawal) and Data Deletion Requests

Pursuant to Article 15.3 of the Terms of Service:

1. Users may request account deletion (membership withdrawal) through the app/platform settings.

2. The account deletion request page is: https://app.memex.xyz/profile/delete-account

3. Once an account deletion request is received, we will delete or de-identify personal information to the extent reasonably possible, unless there is a legal retention obligation or a legitimate reason such as security/fraud prevention/dispute response.

4. However, records beyond our control, such as those on external networks/blockchains, may not be capable of deletion or modification, and we will explain the scope and reasons for that.

11. Third-Party Content/Links/Embeds

The Platform may include links or embedded content (such as embedded posts/players) that connect to third-party websites/services. In the course of a user viewing/playing embedded content:

• network requests may be made from the user's device to third-party providers (for example, X, YouTube, TikTok, etc.) or to embed/link preview service providers; and

• such third parties may collect/process information such as IP address, user agent, cookie/similar technology information, and viewed pages in accordance with their own policies.

We do not control third-party data processing, and users should review the relevant third party's policies. However, for safety within the Platform, we may take measures with respect to embedded content such as default hiding (blur), exposure restriction, disabling embeds (card only), deletion, and account sanctions (see Terms of Service).

12. Distributed Ledger/Blockchain Notice

Activities/transactions occurring in connection with some features may be recorded on public networks, which have the following characteristics:

• publicly viewable data such as wallet addresses and transaction hashes/events may be recorded on a public ledger;

• such records may be difficult or impossible to change/delete due to the design of the network; and

• even public data may create a risk of identifying an individual when combined with other information, so users should exercise caution when sharing publicly.

13. Security Measures

We implement reasonable technical, administrative, and physical safeguards to prevent unauthorized access to, leakage, alteration, or destruction of personal information (including access control, encryption, monitoring, and minimization of authority).

However, no internet environment can be guaranteed to be 100% secure, and users must also manage the security of their own account credentials and devices.

14. Communication Records/Recordings (If Applicable)

For purposes such as service quality improvement, dispute resolution, compliance, and security, we may record or store communications with users (for example, customer support chat/email, video calls, etc.).

The specific scope of application and retention period will be governed by applicable law and our internal standards, and additional notice will be provided where necessary.

15. Users' Rights and Choices

Depending on the jurisdiction, users may have the following rights (to the extent applicable):

• request access to/correction/deletion of personal information

• request restriction of processing or object to processing

• withdraw consent (where processing is based on consent)

• data portability (where applicable)

• opt out of marketing/optional communications (where applicable)

Requests to exercise rights may be sent to [biz@memex.xyz]. We may request additional information to verify identity in the course of processing the request, and such information will not be used for any purpose other than identity verification.

15-2. Consent to Receive Advertising Information

15-2.1 Method of Collecting Consent

Users may separately consent to receiving advertising information during the sign-up process or while using the Service. Consent to receive advertising information is optional, and users will not suffer any disadvantage in using the Service even if they do not consent.

For existing users (users who signed up before this clause takes effect), separate consent is collected through a pop-up upon login, and advertising information will not be sent until consent is confirmed.

15-2.2 Consent Channels

Consent is collected separately for each sending channel (email / push notification / SMS). Users may choose whether to consent for each channel, and the currently active channel is email (push notifications and others will be added after the app launches).

15-2.3 Retention of Consent Records

We retain records related to users' consent to receive advertising information, including whether consent was given, the date/time of consent, channel, and service version. The retention period is 1 year after user withdrawal, and such records are used for dispute response and evidentiary purposes.

15-2.4 Opt-Out (Withdrawal of Consent)

Users may withdraw consent to receive advertising information at any time. The methods of withdrawal are as follows:

(i) clicking the opt-out link at the bottom of a received marketing email (ii) changing notification settings in the in-app settings menu (supported after app launch)

Opt-out history is retained for 1 year even after user withdrawal. This is to prevent re-sending to the same user upon re-registration.

15-2.5 Nighttime Sending Restriction

Advertising information is sent only between 8:00 a.m. and 9:00 p.m. based on the user's local time. For this purpose, we use the user's time zone information (see Section 3.1).

15-2.6 Sender Information

Marketing email sender name: MemeX; sender address: biz@memex.xyz. Verification emails and essential service notices are sent from notify@memex.xyz. Transaction notifications by email are not currently provided separately, and if the method of providing them is determined in the future, prior notice will be given. A fixed footer containing the sender's name, contact information, and opt-out link is automatically inserted into all marketing emails.

16. Children's (Minors') Personal Information

The Platform is not intended for persons under the age of 18, and we do not knowingly collect personal information from minors. We verify age during the sign-up process through input of date of birth, and if a user is determined to be under the age of 18, registration is restricted. The date of birth collected during this process is destroyed immediately after verification, and only the age-eligibility result is retained (see Section 3.5). If we become aware that a minor's personal information has been collected, we will take necessary measures such as deletion in accordance with applicable law.

17. Changes to this Policy

We may revise this Policy for reasons including changes in law, service changes, security, or operational needs. If there are material changes, we will notify users through appropriate means such as in-app notice and/or email.

18. Contact for Privacy Protection Inquiries

• Email: [biz@memex.xyz]

• Company Information: [MemeX Labs USA], [16192 Coastal Highway, Lewes, Delaware 19958, County of Sussex], [Registration No.: 144956001]

• Account Deletion Request Page: https://app.memex.xyz/profile/delete-account