Privacy Policy

RUO - WHITELABEL PRIVACY POLICY Effective Date: February 17, 2026 RUO - Whitelabel ("RUO - Whitelabel," "Company," "we," "us," or "our") is committed to protecting the privacy and security of the personal information we collect from our merchants, users, and website visitors. This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information when you access or use our website, platform, services, and related technology (collectively, the "Services"). This Privacy Policy applies to all individuals and entities that interact with our Services, including merchants, account holders, authorized representatives, website visitors, and any other users. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, you must not access or use our Services. This Privacy Policy is incorporated into and forms a part of our Terms of Service and Merchant Agreement. Capitalized terms not defined in this Privacy Policy have the meanings ascribed to them in the Terms of Service. RUO - Whitelabel 1309 Coffeen Ave, Ste 14346 Sheridan, Wyoming 82801 Email: legal@ruowhitelabel.com

We collect the following categories of information: 1.1 Information You Provide Directly: (a) Account Registration Information: Legal business name, doing-business-as (DBA) name, business type, Employer Identification Number (EIN), year of establishment, business website URL, business phone number, and business email address. (b) Contact Information: First name, last name, job title, email address, phone number, and date of birth of the primary contact and authorized representatives. (c) Address Information: Business address and shipping address, including street address, city, state, ZIP code, and country. (d) Verification Documents: Business licenses, articles of incorporation, tax exemption certificates, research credentials, government-issued identification, and any other documents submitted during the KYB verification process. (e) Financial Information: Wallet balance, BTC transaction history, deposit records, and deposit address information. (f) Signature Data: Electronic signatures provided during the execution of the Merchant Agreement, including signature images and associated metadata (timestamp, IP address). (g) Communications: Emails, support tickets, chat messages, and any other communications you send to us. (h) Order Information: Order details, product selections, quantities, shipping preferences, and order history. 1.2 Information Collected Automatically: (a) Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers. (b) Usage Data: Pages visited, features used, clickstream data, time spent on pages, navigation patterns, and search queries. (c) Log Data: IP address, access times, referring URLs, error logs, and server response codes. (d) Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to collect information about your interactions with our Services. See Section 6 for more information about our use of cookies. (e) Location Data: Approximate geographic location based on your IP address. 1.3 Information from Third Parties: (a) Verification Services: Information from identity verification services, business verification services, and public records databases used in our KYB process. (b) Blockchain Network Providers: Transaction data from public blockchain networks (Bitcoin) used for deposit monitoring and verification. (c) Analytics Services: Aggregated and anonymized usage data from third-party analytics providers. (d) Public Sources: Information from public records, government databases, and publicly available sources.

We use the information we collect for the following purposes: 2.1 Providing and Improving Our Services: (a) Processing account registrations and KYB verification. (b) Fulfilling orders and managing the order lifecycle. (c) Managing Wallet balances and processing transactions. (d) Providing customer support and responding to inquiries. (e) Improving, developing, and enhancing the Platform and Services. (f) Personalizing your experience on the Platform. (g) Conducting analytics and research to understand usage patterns. 2.2 Compliance and Legal Purposes: (a) Complying with applicable laws, regulations, and legal processes. (b) Enforcing our Terms of Service and Merchant Agreement. (c) Conducting compliance monitoring and RUO compliance scanning. (d) Detecting, preventing, and addressing fraud, security breaches, and other harmful activities. (e) Responding to regulatory inquiries and enforcement actions. (f) Maintaining records as required by applicable law. 2.3 Communications: (a) Sending transactional emails, including order confirmations, shipping notifications, and account alerts. (b) Sending compliance notifications and enforcement notices. (c) Sending administrative notices, including changes to our Terms of Service or Privacy Policy. (d) Sending marketing and promotional communications (subject to your opt-out preferences). 2.4 Business Operations: (a) Managing our business relationships with merchants and partners. (b) Conducting internal audits and quality assurance. (c) Analyzing business performance and generating reports. (d) Protecting our legal rights and interests.

We may share your information in the following circumstances: 3.1 Service Providers: We share information with third-party service providers that perform services on our behalf, including: (a) Cloud hosting and infrastructure providers. (b) Email service providers and communication platforms. (c) Payment processing and banking partners. (d) Shipping and logistics carriers. (e) Identity verification and KYB verification services. (f) Analytics and monitoring services. (g) Customer support tools. These service providers are contractually obligated to use your information only for the purposes of providing services to us and to maintain appropriate security measures. 3.2 Legal Requirements: We may disclose your information when we believe in good faith that disclosure is necessary to: (a) Comply with applicable laws, regulations, subpoenas, court orders, or legal processes. (b) Respond to requests from governmental authorities, including the FDA, DEA, FTC, and state regulators. (c) Protect the rights, property, or safety of RUO - Whitelabel, our merchants, or the public. (d) Enforce our Terms of Service and Merchant Agreement. (e) Detect, prevent, or address fraud, security issues, or technical problems. 3.3 Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, dissolution, sale of all or substantially all of our assets, or similar transaction, your information may be transferred to the acquiring entity or successor. 3.4 Affiliates and Subsidiaries: We may share information with our Affiliates and Subsidiaries for the purposes described in this Privacy Policy. 3.5 With Your Consent: We may share your information with third parties when you have given us your explicit consent to do so. 3.6 Aggregated and De-Identified Data: We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for any lawful purpose, including research, analytics, and marketing. 3.7 We DO NOT Sell Personal Information. RUO - Whitelabel does not sell, rent, or lease your personal information to third parties for their marketing purposes.

4.1 Security Measures. We implement and maintain reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include: (a) Encryption of data in transit using TLS/SSL protocols. (b) Encryption of sensitive data at rest. (c) Access controls and authentication mechanisms. (d) Regular security assessments and vulnerability testing. (e) Employee training on data security best practices. (f) Incident response procedures. (g) Row-level security (RLS) policies for multi-tenant data isolation. 4.2 No Absolute Security Guarantee. WHILE WE STRIVE TO PROTECT YOUR PERSONAL INFORMATION, NO METHOD OF TRANSMISSION OVER THE INTERNET OR METHOD OF ELECTRONIC STORAGE IS 100% SECURE. WE CANNOT AND DO NOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR INFORMATION. YOU ACKNOWLEDGE THAT YOU PROVIDE YOUR INFORMATION AT YOUR OWN RISK. 4.3 Breach Notification. In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will notify you and applicable regulatory authorities in accordance with applicable data breach notification laws. 4.4 Merchant Responsibilities. You are responsible for maintaining the security of your account credentials and for all activities that occur under your account. You must immediately notify us of any unauthorized access to or use of your account.

5.1 Retention Periods. We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including: (a) For the duration of your account and our business relationship. (b) As necessary to comply with our legal obligations (including tax, accounting, and regulatory record-keeping requirements). (c) As necessary to resolve disputes and enforce our agreements. (d) As required by applicable law (minimum seven (7) years for financial records and compliance records). 5.2 After Termination. Following the termination of your account: (a) We may retain certain information as required by applicable law. (b) We may retain aggregated, anonymized, or de-identified data indefinitely. (c) We may retain information necessary to comply with legal obligations, resolve disputes, and enforce our agreements. (d) Backup copies of your information may persist in our backup systems for a reasonable period following deletion. 5.3 Deletion Requests. You may request the deletion of your personal information by contacting us at legal@ruowhitelabel.com. We will process your request in accordance with applicable law, subject to our legal obligations to retain certain information.

6.1 Types of Cookies We Use: (a) Strictly Necessary Cookies: Essential for the operation of our Platform, including authentication, security, and session management. (b) Performance and Analytics Cookies: Used to collect information about how you use our Platform, including pages visited, time spent, and navigation patterns. We use this information to improve our Platform and Services. (c) Functionality Cookies: Used to remember your preferences and settings, such as language, region, and display preferences. 6.2 Third-Party Cookies. Our Platform may contain cookies and tracking technologies placed by third-party service providers, including analytics providers. These third parties may collect information about your online activities over time and across different websites. 6.3 Managing Cookies. Most web browsers allow you to control cookies through their settings. You can typically set your browser to block or delete cookies, or to alert you when cookies are being sent. However, if you disable cookies, some features of our Platform may not function properly. 6.4 Do Not Track Signals. Some web browsers transmit "Do Not Track" (DNT) signals. At this time, our Platform does not respond to DNT signals. We may update this policy as industry standards for DNT evolve.

Depending on your jurisdiction, you may have certain rights regarding your personal information: 7.1 California Residents — CCPA/CPRA Rights. If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA): (a) Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purpose for collecting the information, and the categories of third parties with whom we share the information. (b) Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions. (c) Right to Correct: You have the right to request the correction of inaccurate personal information. (d) Right to Opt Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information. As noted above, RUO - Whitelabel does not sell personal information. (e) Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of your sensitive personal information. (f) Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. 7.2 Virginia Residents — VCDPA Rights. If you are a Virginia resident, you have similar rights under the Virginia Consumer Data Protection Act (VCDPA), including the right to access, correct, delete, and obtain a copy of your personal data, and the right to opt out of the processing of your personal data for targeted advertising, sale, or profiling. 7.3 Colorado Residents — CPA Rights. If you are a Colorado resident, you have rights under the Colorado Privacy Act (CPA) similar to those described for California and Virginia residents. 7.4 Connecticut Residents — CTDPA Rights. If you are a Connecticut resident, you have rights under the Connecticut Data Privacy Act (CTDPA) similar to those described above. 7.5 Utah Residents — UCPA Rights. If you are a Utah resident, you have rights under the Utah Consumer Privacy Act (UCPA), including the right to access, delete, and obtain a copy of your personal data. 7.6 Other State Privacy Laws. We comply with all applicable state privacy laws. If your state provides additional privacy rights, we will honor those rights in accordance with applicable law. 7.7 European Economic Area (EEA) / GDPR. If you are located in the European Economic Area, you may have additional rights under the General Data Protection Regulation (GDPR), including: (a) Right to access your personal data. (b) Right to rectification of inaccurate data. (c) Right to erasure ("right to be forgotten"). (d) Right to restriction of processing. (e) Right to data portability. (f) Right to object to processing. (g) Right to withdraw consent. (h) Right to lodge a complaint with a supervisory authority. Note: Our Services are primarily directed at businesses and researchers in the United States. If you are located outside the United States, please be aware that your information will be transferred to and processed in the United States. 7.8 Exercising Your Rights. To exercise any of your privacy rights, please contact us at: Email: legal@ruowhitelabel.com Mail: RUO - Whitelabel, 1309 Coffeen Ave, Ste 14346, Sheridan, Wyoming 82801 We will verify your identity before processing any request. We will respond to your request within the timeframe required by applicable law (typically 30-45 days).

8.1 Our Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. 8.2 If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information as soon as practicable. 8.3 If you believe that a child under 18 has provided us with personal information, please contact us at legal@ruowhitelabel.com.

9.1 Our Services are operated from the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located. 9.2 By using our Services, you consent to the transfer of your information to the United States and acknowledge that the data protection laws in the United States may differ from those in your country of residence. 9.3 For transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate legal mechanisms, including Standard Contractual Clauses approved by the European Commission, to ensure adequate protection for your personal data.

10.1 Our Platform may contain links to third-party websites, services, or applications that are not operated or controlled by RUO - Whitelabel. 10.2 This Privacy Policy does not apply to third-party websites or services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party websites or services that you visit or use. 10.3 The inclusion of a link to a third-party website or service does not imply endorsement or approval by RUO - Whitelabel.

11.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. 11.2 When we make material changes to this Privacy Policy, we will: (a) Update the "Effective Date" at the top of this Privacy Policy. (b) Post the updated Privacy Policy on our Platform. (c) Notify you via email or through the Platform of material changes. 11.3 Your continued use of our Services after the posting of a revised Privacy Policy constitutes your acceptance of the revised Privacy Policy. 11.4 We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: RUO - Whitelabel Attn: Privacy Officer 1309 Coffeen Ave, Ste 14346 Sheridan, Wyoming 82801 Email: legal@ruowhitelabel.com Support Email: support@ruowhitelabel.com Website: https://ruowhitelabel.com For privacy-related inquiries, we will respond within thirty (30) days, or within the timeframe required by applicable law. For California residents, you may also contact the California Attorney General's Office at https://oag.ca.gov/ if you have concerns about our privacy practices.