Privacy Policy

1. Who We Are

Pamgia LLC is a limited liability company incorporated in the State of Delaware, United States ("Pamgia", "we", "us", "our"). We operate the website at pamgia.com (the "Website").

For the purposes of applicable data protection law, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the California Consumer Privacy Act (CCPA), Pamgia LLC is the data controller in respect of personal data collected through the Website.

Under Article 27(2)(a) of the UK GDPR, a representative is not required where processing is occasional, does not include large-scale processing of special categories of data or data relating to criminal convictions and offences, and is unlikely to result in a risk to the rights and freedoms of individuals. We believe our current processing meets these criteria, as it is limited to occasional enquiry responses and does not involve special category data. This position is under review and will be updated as our operations develop. The same applies with respect to the appointment of an EU Representative under Article 27(2)(a) of the EU GDPR.

Based on our current processing activities, we are not required to appoint a Data Protection Officer. This position will be reassessed as our operations develop.

If you have any questions about how we handle your personal data, please contact us at paul@pamgia.com.

2. What Personal Data We Collect

2.1 Data You Give Us Directly

When you submit an enquiry through the Website's contact form, we collect:

• Your name;
• Your email address;
• Any other information you choose to include in your message.

We only collect what you voluntarily provide. You are never required to submit personal data simply to browse the Website.

2.2 Data We Collect Automatically

When you visit the Website, certain technical information may be collected automatically by our hosting infrastructure, including:

• Your IP address;
• Browser type and version;
• Device type and operating system;
• Pages visited and time spent on each page;
• Referring website or source;
• General geographic location (country or city level, derived from IP address).

We use Plausible Analytics, a privacy-focused web analytics service operated by Plausible Insights OUe (Estonia), to collect anonymised data about how visitors use the Website. Plausible does not use cookies or store any information on your device. It aggregates data such as page URLs visited, referring websites, browser type, device type, and country of origin. This data cannot be used to identify individual visitors. For more information, see Plausible's data policy at plausible.io/data-policy.

2.3 Data We Do Not Collect

Through this Website, we do not collect sensitive personal data such as financial account details, government identification numbers, health information, or biometric data. We do not knowingly collect personal data from anyone under the age of 18.

Separate privacy notices will be provided in connection with any future services that require the collection of additional personal data, including for identity verification (KYC), financial information, blockchain wallet addresses, and regulatory compliance purposes. When Pamgia's platform becomes operational, supplementary privacy notices specific to borrower and investor services will be published alongside this Privacy Policy.

3. How and Why We Use Your Data

We only use your personal data where we have a lawful basis to do so. The table below summarises our processing activities:

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

Where we rely on legitimate interests as our lawful basis, we have conducted a balancing assessment to ensure our interests do not override your rights and freedoms. You may request a copy of our legitimate interest assessment by contacting paul@pamgia.com.

4. Marketing Communications

If you tick the marketing opt-in box when submitting an enquiry, we may send you occasional email updates about Pamgia's services, news, and developments. We will only do this with your explicit consent.

You can withdraw your consent and unsubscribe from marketing emails at any time by:

• Clicking the "unsubscribe" link at the bottom of any marketing email we send; or
• Emailing us directly at paul@pamgia.com with your request.

Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal. We will process your unsubscribe request without undue delay and, in any event, within 10 business days of receipt.

5. Who We Share Your Data With

We do not sell, rent, or trade your personal data to any third party. We share your data only in the following limited circumstances:

5.1 Service Providers

Our Website is hosted by Replit, Inc., which processes certain technical data (such as server logs and IP addresses) on our behalf as a data processor in connection with providing hosting services. Replit's infrastructure is hosted on Google Cloud Platform.

We use Plausible Analytics, operated by Plausible Insights OUe (Estonia), to collect anonymised website usage data. Plausible processes this data on servers located in Germany (Hetzner) within the European Union. Plausible acts as a data processor on our behalf and does not use cookies or collect personal data. No international data transfer safeguards are required for Plausible data, as processing occurs within the EU.

5.2 Legal and Regulatory Authorities

We may disclose your personal data to law enforcement agencies, regulatory bodies, or courts if we are required to do so by applicable law, court order, or regulatory direction. Where permitted, we will notify you of such a disclosure.

5.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or substantially all of Pamgia's assets, your personal data may be transferred to the successor entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

No other third parties receive your personal data.

6. Cookies and Tracking Technologies

The Website may use cookies, which are small text files stored on your device, and similar tracking technologies.

As of the Effective Date, the Website uses only strictly necessary cookies required for the Website to function. We use Plausible Analytics for website usage analysis; Plausible does not use cookies or any tracking technology that stores information on your device. We do not use advertising cookies, social media tracking pixels, or any other non-essential cookies.

If we implement analytics or other non-essential cookies in the future, we will update our Cookie Policy and use a cookie consent banner to obtain your consent before placing such cookies on your device, where required by applicable law (including UK PECR and EU ePrivacy rules).

For full details of the cookies we use and how to manage them, please see our Cookie Policy.

Do Not Track and Global Privacy Control Signals. Some web browsers transmit "Do Not Track" (DNT) signals. Our Website does not currently respond to DNT signals. However, we honour Global Privacy Control (GPC) opt-out preference signals as described in Section 9.3 of this Privacy Policy. If we implement analytics tracking in the future, you will be able to opt out through our cookie consent banner or Cookie Policy.

7. International Data Transfers

Pamgia LLC is based in the United States. If you are located in the UK, the European Economic Area (EEA), or another jurisdiction with data transfer restrictions, please be aware that your personal data will be transferred to and processed in the United States.

We rely on the following safeguards to ensure such transfers are lawful:

• For transfers from the UK: we rely on the UK International Data Transfer Agreement (IDTA) or the UK addendum to EU Standard Contractual Clauses (SCCs) where applicable.
• For transfers from the EEA: we rely on the European Commission's Standard Contractual Clauses.
• EU-US Data Privacy Framework: Where our service providers are certified under the EU-US Data Privacy Framework or the UK extension thereto, we may also rely on that framework as a transfer mechanism.

By using the Website, you acknowledge that your data may be transferred to and processed in the United States in accordance with the safeguards described above.

8. How Long We Keep Your Data

We retain your personal data only for as long as necessary for the purposes described in this Privacy Policy, or as required by law. Our standard retention periods are:

• Enquiry form data (name, email, message): retained for up to 2 years from the date of enquiry, or until you ask us to delete it, whichever is sooner. We retain this data to maintain records of business communications and to support potential business relationship development.
• Marketing contact data: retained until you unsubscribe or ask us to delete it.
• Hosting log data: retained in accordance with our hosting provider's standard retention periods, after which it is automatically deleted.

When data is no longer needed, we delete or anonymise it securely.

9. Your Privacy Rights

Depending on where you are located, you may have the following rights in relation to your personal data:

9.1 Rights Under UK GDPR / EU GDPR

If you are in the UK or EEA, you have the right to:

• Access: request a copy of the personal data we hold about you;
• Rectification: ask us to correct inaccurate or incomplete data;
• Erasure: ask us to delete your personal data (the "right to be forgotten");
• Restriction: ask us to restrict processing of your data in certain circumstances;
• Portability: receive your data in a structured, machine-readable format;
• Object: object to processing based on legitimate interests, including direct marketing;
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, email paul@pamgia.com. We will respond within one calendar month. We may ask you to verify your identity before processing your request.

If you are in the UK, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EEA, you may contact your local data protection supervisory authority.

9.2 Rights Under the CCPA (California Residents)

If you are a California resident, you have the right to:

• Know what personal data we collect about you and how it is used and shared;
• Correct inaccurate personal information we have collected about you;
• Delete personal data we have collected from you (subject to certain exceptions);
• Opt out of the sale or sharing of your personal data;
• Non-discrimination for exercising your CCPA rights.

Categories of personal information we collect: Identifiers (name, email address, IP address); internet or other electronic network activity information (browser type, pages visited, referring source); geolocation data (country or city level, derived from IP address).

Sources: Directly from you (enquiry form submissions); automatically through your use of the Website (hosting logs).

Business purposes: Responding to your enquiries; improving the Website; complying with legal obligations.

Sale and Sharing of Personal Information. We have not sold personal information in the preceding 12 months and do not sell personal information. We do not share personal information for cross-context behavioural advertising purposes. Because we do not sell or share personal information, no opt-out mechanism is required. If this changes in the future, we will update this Privacy Policy and provide a "Do Not Sell or Share My Personal Information" link on the Website.

To exercise your CCPA rights, contact us at paul@pamgia.com. We will respond within 45 days.

9.3 Residents of Other US States

If you are a resident of a US state with a comprehensive consumer privacy law, you may have rights similar to those described in Section 9.2, including the right to know, correct, delete, and opt out of certain processing of your personal data. As of the date of this Privacy Policy, these states include:

• Virginia (Virginia Consumer Data Protection Act, VCDPA);
• Colorado (Colorado Privacy Act, CPA);
• Connecticut (Connecticut Data Privacy Act, CTDPA);
• Texas (Texas Data Privacy and Security Act, TDPSA);
• Oregon (Oregon Consumer Privacy Act, OCPA);
• Montana (Montana Consumer Data Privacy Act, MCDPA);
• Iowa (Iowa Consumer Data Protection Act);
• Indiana (Indiana Consumer Data Protection Act);
• Tennessee (Tennessee Information Protection Act, TIPA).

Additional states may enact similar legislation after the date of this Privacy Policy. If you are a resident of any US state with an applicable consumer privacy law, you may exercise your rights by contacting us at paul@pamgia.com. We will not discriminate against you for exercising your privacy rights.

Global Privacy Control (GPC). Several US state privacy laws, including CCPA/CPRA, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Texas Data Privacy and Security Act, require businesses to honour opt-out preference signals such as the Global Privacy Control (GPC). If your browser or device transmits a GPC signal, we will treat that signal as a valid opt-out request for the sale or sharing of personal information and for targeted advertising, where applicable. You can learn more about GPC at globalprivacycontrol.org.

9.4 All Other Users

Regardless of your location, you may always contact us at paul@pamgia.com to ask us to update, correct, or delete any personal data you have provided to us, and we will respond promptly.

US residents may also contact their state attorney general's office if they have concerns about how their personal data is handled.

10. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include HTTPS/TLS encryption for all data transmitted between your browser and our servers, access controls, secure email handling, and use of reputable third-party service providers with appropriate data security standards.

Where required by applicable data protection law, we carry out Data Protection Impact Assessments before commencing any processing that is likely to result in a high risk to your rights and freedoms.

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security. If you have reason to believe your interaction with us is no longer secure, please contact us immediately at paul@pamgia.com.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where feasible, as required by applicable law. Where the breach is likely to result in a high risk to you, we will also notify you without undue delay.

We also comply with applicable US state data breach notification laws, including but not limited to the Delaware Computer Security Breaches Act (6 Del. C. Section 12B-102), the California data breach notification law (Cal. Civ. Code Section 1798.82), and equivalent laws in other US states. Where a data breach involving your personal information triggers notification requirements under applicable state law, we will notify you and any required state authorities within the timeframes prescribed by the relevant state statute.

11. Children's Privacy

This Website is not directed at, and we do not knowingly collect personal data from, anyone under the age of 18. If you believe we have inadvertently collected personal data from a minor, please contact us immediately at paul@pamgia.com and we will delete it promptly.

12. Links to Other Websites

The Website may contain links to third-party websites. This Privacy Policy applies only to pamgia.com. We are not responsible for the privacy practices of any third-party website, and we encourage you to review the privacy policy of any website you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we do, we will update the Effective Date at the top of this document. For material changes, we will take reasonable steps to notify you, for example by email if you have provided us with your contact details.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Pamgia LLC is committed to protecting your privacy and handling your data responsibly.

Copyright 2026 Pamgia LLC. All rights reserved.