PRIVACY POLICY FOR GENIEFX ACADEMY

Posted Date: August 21, 2025

Effective Date: August 21, 2025

GenieFX Academy, a division of Cygility International Inc. (“we,” “us,” or “our”), respects your privacy and is committed to protecting your personal information. This Privacy Policy (“Policy”) identifies what information we collect from you when you use www.geniefxacademy.com (the “Site,” including all subdomains), install and use the GenieFX Academy mobile application, or access related services (collectively, the “Services”), and explains how we may use or share that information. We will only use and share your information as described in this Policy.

This Site and the Services primarily operate as an academic and informative platform. This Policy applies to information we collect from you on the Site; through the Services; in email, text, and other electronic correspondence; and through any mobile or desktop application through which we communicate. This Policy forms an integral part of our Terms of Use and Legal Disclaimer & Risk Disclosure. By accessing or using the Services, you confirm that you have read, understood, and accepted all three documents. This Policy does not apply to information we collect offline or that any third party collects from you after you follow links on the Site, including any advertising and affiliate links. If you do not agree with this Policy, please discontinue use of the Services immediately.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. The terms stated in this Policy constitute a binding legal agreement between you and Cygility International Inc. By using the Site and Services, you unconditionally agree to be bound by the terms of this Policy, including all exclusions and limitations of liability, and warrant that you have full authority and capacity, legal and otherwise, to use the Services. You may not access or use the Site or Services if you do not agree to any part of these terms. We reserve the right to periodically update this Policy as our practices change. Your continued use of the Site or Services after such changes constitutes your acceptance of the changes, so please check back periodically for updates.

1. Who is responsible for your data?

Cygility International Inc., a corporation organized and existing under the laws of the State of California, USA, with its registered office at 2724 South Buena Vista Ave., Corona, CA 92882, United States, is the Data Controller for all personal information processed through the Services.

If you have any questions or requests regarding your personal data, you can contact our Data Protection Officer (“DPO”) at support@geniefxacademy.com or by post at the address above Attn: DPO.

2. What we mean by “personal information”

“Personal Information” (sometimes called “personal data” or “personally identifiable information”) is any information that, alone or combined with other data, can be used to identify or reasonably infer the identity of a natural person.

3. Information we collect

We collect only the data that is necessary to operate GenieFX Academy, provide paid content, and comply with legal requirements. Depending on how you interact with the Services, we may receive the following categories of personal information:

• Account Information – your full name, e-mail address, and an encrypted password you create during registration.
• Purchase Information – the transaction ID (generated by Apple or Stripe), your subscription tier, and country of purchase. All payment card details are processed exclusively by Apple or Stripe and are never shared with us. For Stripe payments, refer to Stripe’s Privacy Policy at https://stripe.com/privacy.
• Device Information – device model, operating-system version, App version, language setting, time zone, and IP address.
• Usage Data – lesson views, buttons tapped, session duration, and anonymized crash logs, which help us diagnose problems and improve features.
• Affiliate Link Data – the timestamp of a broker link click, destination broker, and anonymous referral identifier, used solely to calculate commission due to us from partners.
• Marketing Preferences – your current opt-in or opt-out status for e-mail or push marketing so that we respect your communication choices.
• Support Messages – any e-mails or in-app support tickets you send, including attachments, so that we can respond to your enquiries.
• Optional Personal Information – Information by which you may be personally identified, such as your phone number, date of birth, profile image, or other related information.
• Cookies and Similar Technologies – an authentication token that keeps you signed in, personalizes your experience, and ensures secure access across sessions and devices. Non-essential cookies (e.g., analytics) are used only with your consent, obtained via our cookie banner or settings menu.

We do not collect credit-card numbers, social-security numbers, government-issued IDs, or biometric identifiers. We do not knowingly collect sensitive personal data unless required or authorized by law.

3.1 Automatic Data Collection

We collect Delegate to Grok the following types of information through automatic data collection technologies:

• Log File Information: Internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamps, referring/exit pages, domain names, landing pages, pages viewed, click counts, and similar information. This is not connected to personal information and is used to administer the Site, analyze trends, track visitor activity, and collect demographic data.
• Other Details: Information about your equipment, operating system, software, traffic information, and location data.

We use the following technologies for automatic data collection:

• Cookies and Similar Technologies: A small piece of data, such as an authentication token, stored on your device to store preferences, keep you signed in, personalize your experience, and ensure secure access across sessions and devices. Non-essential cookies (e.g., for analytics) are used only with your consent, configurable via our cookie banner or settings menu. You may refuse cookies by configuring your browser settings, but this may prevent access to parts of the Site or Services or cause them to function improperly.
• Google Analytics: We use Google Analytics or similar services (e.g., Firebase Analytics, Sentry) to collect non-personal information about your Site or app usage. Google Analytics uses cookies to report on interactions and analyze usage. For more information, see Google’s Safeguarding your data at https://www.google.com/analytics/learn/privacy.html.

3.2 How We Respond to Do Not Track Signals

We do not track visitors’ activities over time or across third-party websites and therefore do not respond to Do Not Track (DNT) signals. However, third-party websites may track your browsing activities to tailor advertisements or content. Configure your browser settings to prevent such tracking if desired.

4. How we use information

• Provide, operate, and maintain the Services, including delivering educational content and features.
• Process subscriptions and verify purchase receipts with Apple or Stripe.
• Send transactional messages (e.g., receipts, account alerts, password resets).
• Send optional marketing communications (with your consent).
• Analyze usage to improve lessons, features, and user interface/experience.
• Monitor and prevent fraud, spam, or abuse.
• Administer the Site and enforce our rules and policies.
• Customize Site content and Services based on your preferences.
• Diagnose technical or Service-related problems.
• Maintain security over your information, the Site, and its contents.
• Fulfill requests for information, products, or Services.
• Contact you regarding your account, Services, or changes to this Policy.
• Comply with legal obligations (tax, accounting, enforcement requests).

5. Sharing with third parties

We disclose your personal information only in the limited situations described below. We do not sell, rent, or “share” personal information for cross-context behavioral advertising within the meaning of the California CPRA.

Service providers.

We use reputable third-party vendors—such as Amazon Web Services for hosting, Firebase Analytics and Sentry for usage analytics and crash reporting, SendGrid for e-mail delivery, and Stripe and Apple for payment processing—to operate and maintain the Services. These providers receive only the data that is necessary for their tasks, must process it exclusively on our instructions, and are contractually required to apply industry-standard security measures.

Affiliate partners.

When you click a broker or exchange link inside the App, we share only a minimal set of data (click timestamp, destination broker, and an anonymous referral ID). No personally identifiable information is shared with affiliate partners. This information is used solely to attribute the referral and calculate the commission owed to us. Partners do not receive any user-identifying details and may not repurpose the data.

Legal and compliance requests.

We may disclose information when required to do so by subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, property, safety, or that of users or the public. We provide only the data that the law strictly requires and challenge over-broad requests where permitted.

Business transfers.

If GenieFX Academy is involved in a merger, acquisition, restructuring, or sale of assets, your information may be transferred as part of that transaction. The acquiring entity will be required to honour this Privacy Policy or to provide you with advance notice of materially different practices.

6. International transfers

We are headquartered in the United States. Data may be processed in the U.S. and other countries that may not have equivalent data-protection laws. We use Standard Contractual Clauses or other approved safeguards where required. By using the Site or Services, you agree to such cross-border transfers.

7. Security measures

We employ a combination of administrative, technical, and physical safeguards, including TLS/SSL-encrypted connections for data in transit, AES-256 encryption for data at rest, and strict role-based, least-privileged access controls to protect your information. Information is encrypted using Secure Sockets Layer (SSL) technology, indicated by “https” or a closed lock icon in your browser. Our servers are kept in a secure environment behind firewalls, and access is limited to personnel performing necessary support tasks. You are responsible for maintaining the secrecy of your password and login information. However, no internet or storage system is completely secure, and we cannot guarantee absolute security. In case of a data breach, we will notify affected users within legally required timeframes (e.g., 72 hours for GDPR where feasible) via email or in-app notifications.

How We Secure and Process Your Data

Your personal data is stored on secure servers (e.g., Amazon Web Services) primarily in the United States, with strict access controls limiting access to authorized personnel only. We process data for purposes outlined in Section 4, such as delivering Services, processing payments, and improving user experience, using both automated and manual methods. All data in transit is protected with TLS/SSL encryption, and data at rest is secured with AES-256 encryption. We comply with industry-standard security practices to safeguard your information against unauthorized access, loss, or misuse.

8. Retention of personal information

We retain personal information only as long as necessary to fulfill the purposes outlined in this Policy, including legal, accounting, or reporting requirements. Data is deleted or anonymized when no longer needed. For example, account and purchase information is typically retained for up to 7 years to comply with tax and legal obligations, while usage data and support messages are kept for up to 1 year for analytics and resolution purposes. Cookies and marketing preferences are retained until you delete your account or update your settings. If you wish to cancel your account or request that we no longer use your information, contact us as set forth in Section 13. Withdrawing consent may limit your use of the Services.

9. Your rights

Your privacy rights depend on the laws applicable to you based on your location or residency. Below, we outline the rights you may have under various data protection laws, including enhanced provisions for residents of California and other U.S. states with similar privacy laws, as well as compliance with the European Union’s General Data Protection Regulation (GDPR) and equivalent regulations in the United Kingdom. Users in other jurisdictions (e.g., Canada, Australia) may have analogous rights under local laws (e.g., PIPEDA, APPs) and can contact our DPO to exercise them. We aim to provide clear and accessible mechanisms for you to exercise these rights.

EU/EEA, United Kingdom, and Similar Jurisdictions (GDPR/UK GDPR):

If you are a resident of the European Union, European Economic Area, or the United Kingdom, you have the following rights under the GDPR or UK GDPR:

• Right of Access: Request a copy of the personal data we hold about you, including details about the purposes of processing, categories of data, recipients, and retention periods.
• Right to Rectification: Request correction of inaccurate or incomplete personal data we hold about you.
• Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, you withdraw consent, or other lawful grounds apply, subject to legal exemptions (e.g., compliance with legal obligations).
• Right to Restriction of Processing: Request that we restrict processing of your personal data in certain cases, such as when you contest its accuracy or object to processing, pending resolution of the issue.
• Right to Object: Object to processing of your personal data for specific purposes, such as direct marketing or processing based on our legitimate interests, unless we demonstrate compelling legitimate grounds.
• Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format, or request that we transmit it to another controller, where the processing is based on consent or a contract and carried out by automated means.
• Right to Withdraw Consent: Withdraw any consent you previously gave for processing your personal data at any time, without affecting the lawfulness of processing before withdrawal.
• Right to Lodge a Complaint: Lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates applicable data protection laws. For example, in the UK, you may contact the Information Commissioner’s Office at https://ico.org.uk. We process GDPR/UK GDPR requests within one month, extendable by two additional months for complex requests, and we will inform you of any delays or refusals with reasons, as required by law.

California and Other U.S. States with Similar Privacy Laws (e.g., CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA):

If you are a resident of California or another U.S. state with comprehensive privacy laws (e.g., Virginia, Colorado, Connecticut, Utah), you may have the following rights, subject to statutory exceptions:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, used, disclosed, or “sold” or “shared” (as defined under applicable state laws, such as the California Consumer Privacy Act, as amended by the California Privacy Rights Act, or CPRA) in the past 12 months, including the categories of third parties with whom we share your information.
• Right to Delete: Request deletion of personal information we have collected or maintained, subject to exceptions (e.g., for legal compliance, transaction completion, or security purposes).
• Right to Correct: Request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: Opt out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising (as defined by the CCPA/CPRA). We do not sell or share personal information for such purposes, but you may opt out of any future activities by contacting us or configuring your settings.
• Right to Limit Use of Sensitive Personal Information: Request that we limit the use or disclosure of sensitive personal information (e.g., precise geolocation, health data, or biometric data, if applicable) to purposes necessary to provide the Services, subject to exceptions.
• Right to Non-Discrimination: You will not face discriminatory treatment (e.g., denial of services, different pricing, or reduced quality) for exercising any of your privacy rights. Residents of states like Virginia (Virginia Consumer Data Protection Act), Colorado (Colorado Privacy Act), Connecticut (Connecticut Data Privacy Act), or Utah (Utah Consumer Privacy Act) have similar rights to know, delete, correct, and opt out, with slight variations. We comply with all applicable state laws and process requests within the required timeframes (e.g., 45 days under CCPA/CPRA, extendable by an additional 45 days if necessary, with notice).

All Users Worldwide:

Regardless of your location, you may:

• Unsubscribe from marketing communications at any time by clicking “unsubscribe” in our emails, or adjusting your preferences by emailing support@geniefxacademy.com.
• Delete your account and associated data through the in-app Settings > Delete my account menu or by contacting us.
• Request accessible formats (e.g., PDF, large print, or audio) for this Policy or related information by contacting our DPO at support@geniefxacademy.com or via postal mail.

We will verify your identity before acting on any request, using methods appropriate to the request type (e.g., matching email addresses or requiring additional proof for sensitive requests). If you designate an authorized agent to act on your behalf, we may require written permission from you and verification of the agent’s identity to protect your information. We may refuse or limit requests where permitted by law, such as when data is necessary for legal compliance, fraud prevention, or contract enforcement, and we will provide reasons for any refusal.

10. No Use by Children under 18

You hereby affirm that you are over the age of 18, as these Services are not intended for children under 18. If you are under 18 years of age, then you may not use our Services. You further affirm that you are fully able and competent to enter into the terms, conditions, obligations, affirmations, representations, and warranties set forth in this Agreement, and to abide by and comply with this Agreement.

11. Changes to this Policy

We reserve the right at any time, with or without cause, to (a) change the terms and conditions of this Policy; (b) change our Services, including eliminating or discontinuing any feature of our Service; or (c) deny or terminate your use of and/or access to our Service. Any changes we make will be effective immediately upon our making such changes available to our Service, with or without additional notice to you. You agree that your continued use of our Services after such changes constitutes your acceptance of such changes. Be sure to return to this page periodically to ensure familiarity with the most current version of this Agreement. If we make a material change to our Privacy Statement, we will post a notice at the top of this page for 30 days. We will notify you before material changes take effect, when required by law. BY CONTINUING TO USE OUR SERVICES AFTER SUCH REVISION TAKES EFFECT, WE CONSIDER THAT YOU HAVE READ, UNDERSTOOD THE CHANGES AND AGREE TO BE BOUND BY THE MODIFIED PRIVACY POLICY.

12. Governing Law and Dispute Resolution

This Privacy Policy is governed by the laws of the State of California, USA, without regard to its conflict of law principles, except where otherwise required by applicable data protection laws. For individuals located in the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK), the provisions of the General Data Protection Regulation (GDPR) or UK GDPR shall apply to the extent required, and nothing in this Policy shall limit your rights under those regulations. Any dispute arising from or relating to this Privacy Policy will be resolved in accordance with the dispute resolution procedures set forth in our Terms of Use. However, for EU/EEA or UK residents, you may also have the right to bring a claim before the courts of your country of residence or refer a dispute to an alternative dispute resolution mechanism, such as mediation or your local data protection authority, as provided under GDPR/UK GDPR. To contact us regarding disputes or to exercise your rights, please email support@geniefxacademy.com or write to GenieFX Academy, 2724 South Buena Vista Ave, Corona, CA 92882, United States (Attn: Data Protection Officer).

13. Contact Information and How to Exercise Your Rights

To exercise any of these rights, or for questions, suggestions, or complaints, contact us at:

• Email: support@geniefxacademy.com
• Postal Address: GenieFX Academy, 2724 South Buena Vista Ave, Corona, CA 92882, USA
• In App: Use the in-app Settings > Delete my account menu for account deletion.

14. Entire Agreement

This Privacy Policy, together with the Terms of Use, Legal Disclaimer & Risk Disclosure, and any other agreements or policies expressly incorporated by reference, constitutes the entire agreement between you and Cygility International Inc., operating as GenieFX Academy, with respect to your use of the Services. It supersedes all prior or contemporaneous agreements, understandings, negotiations, or communications, whether written or oral, regarding such subject matter. No amendment, modification, waiver, or supplement to this Privacy Policy shall be effective unless made in writing and signed by an authorized representative of Cygility International Inc., except as otherwise provided herein. Any purported amendment or modification by any other means shall be void and have no effect. In the event of a conflict between this Privacy Policy and any other agreement or policy incorporated herein, the provisions of this Privacy Policy shall govern to the extent of such conflict, unless otherwise explicitly stated.