1. Who Is the Data Controller?

Hyperliquid Global is the data controller responsible for processing your personal data. We are registered with [Insert Country/Region Chamber of Commerce] under registration number [Insert Registration Number]. We are located in [Insert Full Physical Address].

To ensure that we handle your data properly, we have appointed a dedicated Data Protection Officer (DPO). If you have any questions about this Privacy Statement or wish to exercise your rights, you can contact the Data Protection Officer using the details provided in Section 10 below.

2. Purpose and Scope

Welcome, and thank you for visiting Hyperliquid Global, a digital asset platform operated and owned by Hyperliquid Global. In this Privacy Statement, “Hyperliquid Global,” “we,” “us,” or “our” refers to Hyperliquid Global.

This document explains what Personal Data we collect, why we collect it, and how we use, share, and protect it.

This Privacy Statement may be updated in the event of new developments, such as changes to our use of your personal data or to reflect changes in regulatory requirements. The most recent version will always be available on our website. We will inform you separately by email of any significant changes to this Privacy Statement.

This Privacy Statement covers:

• What personal data we collect from you,
• How we use your personal data,
• How we share your personal data,
• How we transfer your personal data outside the EEA (if applicable),
• How we protect your personal data,
• Your rights as a data subject, and
• How you can contact us.

This Privacy Statement may be published in multiple languages. In the event of any discrepancy, the English version shall prevail.

3. What Personal Data We Collect

In this Privacy Statement, “personal data” means: information that identifies an individual or can reasonably be used to identify an individual directly or indirectly, as well as information that relates to such an individual.

3.a. Personal data we collect directly from you

We may collect the following categories of personal data directly from you when you open an account or use our services:

• Identification data: e.g., full name, email, phone number, postal address, government-issued identification documents such as a passport or driver’s license, date of birth, nationality.
• Financial data: e.g., bank account details, source of wealth, routing number.
• Commercial data: e.g., trading activity, deposits, withdrawals, account balances.
• Blockchain data: e.g., wallet addresses, transaction IDs, amounts, timestamps.
• Customer support data: e.g., onboarding forms, correspondence, customer support tickets.
• Biometrics: e.g., face scan for identity verification.
• Company data: e.g., legal entity details, registry numbers, Articles of Association, proof of legal existence.
• Socio-demographic data: e.g., employment status, marital status, dependents, where relevant to the service or legal requirements.

3.b. Personal data we collect automatically

When you interact with our platforms, we automatically collect certain personal data:

• Online identifiers and device data: e.g., IP address, browser, operating system, device attributes.
• Usage data: e.g., system activity, pages visited on Hyperliquid Global, clickstream data.
• Geolocation data: where required for due diligence or to strengthen security.
• Marketing data: e.g., communication preferences, subscription settings, opt-in data, interaction signals such as email opens or clicks, where relevant.
• Social media data: e.g., your engagement with Hyperliquid Global accounts on platforms where you interact with us directly.

We may also use cookies or similar technologies (see section 3.d) to operate the platform, enhance security, improve your experience, and analyse usage.

3.c. Personal data we collect from third parties

We may collect and/or verify personal data about you from trusted third parties, such as service providers, public sources, and regulators. This may include:

• Identification data: e.g., ID document validation.
• Financial data: e.g., bank account verification.
• Blockchain data: e.g., wallet address screening and transaction analysis.
• Third-party verification data: e.g., Chamber of Commerce registration data.
• Sanctions and watchlist data: e.g., PEP and sanctions screening results.
• Affiliated persons’ data: e.g., joint account holders, transaction counterparties, referees.

In addition, we may generate data about you based on your activity on our platform. This can include behavioural patterns, risk profiles, and transaction profiles, which help us meet our compliance, security, and fraud prevention obligations. Personal Data provided during registration may be retained even if your registration is incomplete or abandoned.

3.d. Use of cookies

When you access Hyperliquid Global, we may use cookies or similar technologies such as pixels to improve your user experience, provide services, enhance marketing efforts, and understand how our services are used. The cookie notice in your browser will explain how to accept or refuse cookies. You can adjust your cookie preferences at any time via the cookie settings. Please note that rejecting cookies may prevent you from using some or all features of the Hyperliquid Global platform.

We may use Cookies to:

• Recognize you as a client;
• Collect usage data to customize and improve our services;
• Collect device data to ensure compliance with our Client Acceptance Procedure and Anti-Money Laundering Compliance Program;
• Detect irregular, suspicious, or potentially fraudulent account activities;
• Assess and improve our advertising campaigns.

3.e. Children’s data

We only collect and process personal data from minors with parental consent when a child account is opened. Parents or legal representatives retain access to the account until the child turns 18, at which point the child assumes full control of the account. A child account can only be created if the parent or legal representative already holds an individual account with Hyperliquid Global.

3.f. Special categories of personal data and criminal data

We only process special categories of personal data such as biometric data or political opinions where strictly necessary for identification or compliance and permitted by law. In rare cases, we may also process publicly available data relating to criminal offences, if required to meet our legal obligations.

3.g. For how long do we keep your personal data?

We retain your personal data only for as long as necessary to provide Hyperliquid Global services, fulfil the purposes set out in this Privacy Statement, comply with legal obligations such as tax, accounting, and anti-money laundering laws, and resolve disputes or legal claims.

Our typical retention periods are set out in our internal Record Keeping Policy. For example, client agreements are kept for five years after the termination of the service agreement. In some cases, we may be required to retain data for longer—such as when directed by a supervisory authority or in connection with a complaint.

Once personal data is no longer required, we either delete it or anonymize it in accordance with legal requirements. Anonymized data may be retained indefinitely.

4. How We Use Your Personal Data

The Personal Data we collect is used to provide you with the best possible experience, protect you from fraud and misuse, and help us maintain and improve Hyperliquid Global services.

We may use your Personal Data to:

• Provide our services: We process your Personal Data to fulfil the terms of your agreement with us. For example, to facilitate fiat transfers to or from your account, we require your bank account details.
• Comply with legal and regulatory obligations: We process your Personal Data as required by applicable laws and regulations. For example, we have identity verification requirements to fulfil our obligations under anti-money laundering laws.
• Protect the security and integrity of our services: We may process your Personal Data to detect threats and ensure the security of our platform.
• Provide you with customer support: We may use your Personal Data when responding to your customer service inquiries.
• Optimize and enhance our services: We may use your Personal Data to improve our services, develop new features, and enhance user experience.
• Market our products and services: With your consent, we may send you product updates, promotional materials, or marketing communications. You may withdraw your consent at any time by following the unsubscribe instructions in our communications.
• Other business purposes: We may use your Personal Data for additional purposes disclosed to you at the time of collection or with your consent.

5. Automated Decision-Making and Profiling

We use verification tools to confirm the validity of identity documents, ensure consistency between submitted data, and prevent the use of our services by individuals who do not meet eligibility requirements. Where automated checks raise concerns, applications are always subject to manual review by our KYC onboarding team. If your identity document or bank account is not approved, you can request an additional manual review, share your point of view, and/or contest the decision by contacting our Customer Support.

Additionally, we continuously monitor whether new information may affect a client’s risk profile or transaction activity, and whether behaviour remains consistent with the information we hold. Automated tools may update a client’s risk classification and can trigger additional checks on certain transactions. Depending on the outcome, transactions may be reviewed by the compliance team either before or after execution. In some cases, updated risk assessments may also lead to more frequent reviews of account details. You can contact our Customer Support if you wish to request an additional review or provide further clarification regarding a transaction.

6. How We Share Your Personal Data

We will not share your Personal Data with third parties, except as described below:

• Service Providers and other third parties: We may share your Personal Data with third-party service providers for business or commercial purposes. Your Personal Data may be shared so that they can provide us with services, including identity verification, fraud detection and prevention, customer screening, security threat detection, payment processing, customer support, data analytics, information technology, advertising, marketing, network infrastructure, and storage.
  Note: When we use the services of such a third-party service provider that processes your personal data on our behalf and acts as a data processor, we have data processing agreements in accordance with applicable data protection law.
• Law Enforcement: We may use your personal data to comply with a range of legal obligations and statutory requirements, including banking and financial regulations that oblige us to comply with our regulatory obligations, such as:
  • Public authorities, regulators, and supervisory bodies.
  • Tax authorities may require us to report customer assets or other personal data such as your name and contact details and other data about your organisation.
  • Judicial/investigative authorities such as the police, public prosecutors, courts, and arbitration/mediation bodies at their express and legal request.
• Corporate Transactions: We may disclose Personal Data in the event of a proposed or consummated merger, acquisition, reorganization, asset sale, or similar corporate transaction, or in the event of bankruptcy or dissolution.
• Professional Advisors: We may share your Personal Data with our professional advisors, including legal, accounting, or other consulting services for purposes of audits, business purposes, or to comply with our legal obligations.
• Consent: We may share or disclose your Personal Data with your consent, such as upon exercising your right to data portability.

If we decide to modify the purpose for which your Personal Data is collected and used, we will amend this Privacy Statement.

7. International Data Transfers

As Hyperliquid Global works with one or more processors, your data may be transferred to countries outside your local jurisdiction. Where applicable, we ensure that data protection levels are comparable and that transfers take place provided that all other legal requirements are met.

If personal data is transferred to a country that does not provide an adequate level of protection under applicable law, we implement appropriate safeguards including the use of standard contractual clauses to protect your personal data.

8. How We Protect Your Personal Data

We apply strict security standards and use a combination of technical, organisational, and procedural measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction.

These measures include:

• Encryption: Personal data is protected through encryption both in transit and at rest.
• Authentication and identity verification: Two-factor authentication is required for all user sessions, and we may request additional identity verification to protect accounts against unauthorised access.
• Security reviews: We conduct periodic reviews and assessments to identify and address potential vulnerabilities.
• Access controls: Access to personal data is restricted to authorised personnel only, based on role and necessity. We apply contractual confidentiality obligations for employees, contractors, and agents who process such data.
• Physical safeguards: Data is stored in secure facilities with controlled access, alongside electronic and procedural safeguards, to protect against physical tampering or theft.
• System safeguards: We implement measures to limit shared access to customer data and regularly review access rights in shared platforms ensuring that only those with a business need retain access.

We also encourage you to take steps to protect your own account security, such as:

• Using a strong, unique password not used for other online accounts;
• Signing out of your account when using a shared or public device; and
• Staying vigilant for signs of suspicious activity.

9. Your Data Subject Rights

As a data subject, you have the following privacy rights with regards to our processing of your personal data:

• Right of access: You have the right to request confirmation if we process your personal data and obtain a copy of the data we hold.
• Right to rectify your personal data: You have the right to request correction of inaccurate or incomplete personal data about you. Such requests can be submitted through your My Hyperliquid Global account.
• Right to delete your personal data: You have the right, in some cases, to request deletion of your personal data. In some cases, we may be legally required to retain your data.
• Right to restrict our processing of your personal data: You have the right to request limitation of data use in certain circumstances such as when contesting accuracy.
• Right to data portability: You have the right, in certain circumstances, to obtain your personal data in a structured, commonly used, and machine-readable format or transfer it to another party where technically feasible.
• Right to object: You have the right to ask us to object to our processing, except where we demonstrate compelling legal grounds.
• Right to withdraw consent: You have the right to withdraw your consent at any time where processing is based on consent. This will not affect prior lawful processing.
• Right to lodge a complaint with the supervisory authority: You have the right to file a complaint with your local supervisory authority if you are concerned about how we have processed your personal data.
• Right to object to direct marketing: You may opt out of these communications at any time by using the unsubscribe links provided in them, or by contacting us directly.

You can exercise your rights by contacting our Data Protection Officer using the details provided in Section 10 below.

We may need to verify your identity before accommodating your request. After the verification, we will proceed with the relevant procedure. We will respond as quickly as possible, but in any event no later than 1 month after the receipt of your request. If we need additional time to process your request, we will inform you accordingly.

10. Contact

You can contact us by post at:

Hyperliquid Global
Gustav Mahlerplein 49
1082 MS Amsterdam

You can also reach us via Customer Support.

If you have questions regarding this Privacy Statement, our processing of your personal data, or if you wish to exercise one of your data subject rights, you may contact our Data Protection Officer directly at: [Insert DPO Email, e.g., DPO@hyperliquidglobal.com]