C E B U C O R E

CebuCore Group LLC — Privacy Policy

Effective Date: August 2025
Entity: CebuCore Group LLC
Token: CCR (CebuCore Utility Token)

1. Introduction

This Privacy Policy (“Policy”) explains how CebuCore Group LLC (“Company”, “we”, “us”, “our”) collects, processes, stores, protects, and discloses personal information of individuals (“User”, “you”, “your”) who interact with our websites, mobile applications, smart contracts, investor portals, or participate in any purchase, holding, or use of CCR tokens.

By accessing or using the CebuCore ecosystem, you acknowledge and consent to the terms of this Policy. If you do not agree, you must refrain from using our services.

This Policy is designed to comply with global data protection standards, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and relevant international privacy regulations.

2. Scope of Application

This Policy applies to all users of the CebuCore ecosystem, including but not limited to:

  • Token purchasers (including those participating in the IDO).
  • Registered account holders on our website or mobile application.
  • Business partners, advisors, affiliates, and vendors.
  • Individuals interacting with our ecosystem for information, community access, or investment-related activities.

This Policy does not apply to third-party platforms (e.g., centralized exchanges, launchpads, or brokers) where CCR tokens may be listed or traded. Those entities have their own privacy policies.

3. Information We Collect

We may collect the following categories of data:

3.1. Identification Data (KYC/AML)
  • Full name, date of birth, nationality, residential address.
  • Identity documents (passport, driver’s license, ID card).
  • Live selfies or video recordings for verification.
3.2. Contact Data
  • Email address, phone number, communication preferences.
3.3. Financial Data
  • Bank account details (if applicable).
  • Cryptocurrency wallet addresses.
  • Transaction history and records of CCR purchases.
  • Proof of source of funds (where required).
3.4. Technical Data
  • IP address, device identifiers, browser details.
  • Geolocation (for fraud prevention and legal compliance).
  • Cookies, tracking pixels, and session identifiers.
3.5. Behavioral Data
  • Interaction with websites and dApps.
  • Participation in referrals, staking, or governance.
  • Support tickets and communication logs.

4. Legal Basis for Processing

  • Performance of Contract: To provide services and deliver CCR tokens.
  • Legal Obligation: AML/KYC, tax, and regulatory requirements.
  • Legitimate Interest: Fraud prevention, system security, marketing analytics.
  • User Consent: Optional features such as newsletters or promotional campaigns.

5. How We Use Data

  • Verifying user identity and preventing fraud; conducting AML/CTF checks.
  • Processing CCR token purchases and allocations; maintaining accounts and histories.
  • Sending service-related communications; ensuring compliance with global financial regulations.
  • Improving products, services, and ecosystem usability.

We will never sell or rent user data to unrelated third parties.

6. Data Sharing and Third-Party Disclosure

We may share user information under strict conditions with:

  • Regulatory Authorities: When required by law, court order, or competent regulator.
  • KYC/AML Providers: Third-party vendors like SumSub, Passbase, or GetID.
  • IT & Cloud Providers: For secure storage, hosting, and analytics.
  • Advisors & Auditors: For legal, tax, or compliance reviews.

All third parties are bound by contractual obligations to protect personal data in accordance with this Policy.

7. Data Storage and Retention

  • Retention Period: Typically 5–7 years or as required by law.
  • Storage Location: EU, Singapore, or other compliant jurisdictions.
  • Security Measures:
    • End-to-end encryption.
    • Multi-factor authentication.
    • Role-based access restrictions.
    • Regular penetration testing and independent audits.

8. User Rights

Depending on your jurisdiction, you may have the following rights:

  • Right of Access; Right to Rectification; Right to Erasure (“Right to be Forgotten”).
  • Right to Restrict Processing; Right to Data Portability; Right to Object.
  • Right to Withdraw Consent.

Requests must be submitted via legal@cebu-core.com and will be processed in accordance with legal requirements.

9. GDPR Compliance

  • CebuCore acts as a Data Controller of personal data.
  • Legal bases include consent, contract, legal obligations, and legitimate interest.
  • Users may lodge complaints with their national Data Protection Authority (DPA).

10. CCPA Compliance

  • Right to know what personal data we collect and how we use it.
  • Right to request deletion (subject to legal obligations).
  • We do not sell personal data to third parties.

11. Cookies & Tracking

We use cookies for user authentication, saving preferences, security monitoring, and traffic analysis.

Types of cookies:

  • Essential cookies (required for platform functionality).
  • Analytics cookies (behavior tracking for improvements).
  • Marketing cookies (promotional campaigns).

Users can disable cookies in browser settings but may experience limited functionality.

12. Incident Response & Data Breach Notification

  • Users will be notified within 72 hours if risk of harm exists.
  • Regulatory authorities will be informed as required by law.
  • Emergency measures will be taken to secure accounts and prevent unauthorized use.

13. Cross-Border Data Transfers

We may transfer and process data outside your home jurisdiction, including the EU, Singapore, and the Philippines. By using our platform, you consent to such transfers.

14. Age Restriction

The CebuCore platform is not intended for users under 18 years old. We do not knowingly collect data from minors.

15. Jurisdictional Exclusions

  • United States, Canada, China: Services are not offered to residents of these countries. If individuals from these jurisdictions still participate, they do so entirely at their own risk, and the Company assumes no liability.

16. Limitation of Liability

  • Cyber-attacks or actions of malicious actors.
  • Failures of third-party infrastructure (blockchains, exchanges).
  • Legal consequences of Users violating their local laws.

17. Changes to this Policy

This Policy may be updated from time to time. Updates take effect immediately upon publication on the official CebuCore website.

18. Contact Information

If you have any questions or concerns regarding this Policy, contact: legal@cebu-core.com.

Top