PRIVACY POLICY

Last Updated: 29 December 2025

This Data Protection and Privacy Policy (this "Privacy Policy") describes how we collect, use, protect, and disclose any Personal Data or data we receive when providing our services to you through our website, www.inkfnd.com, and its subdomains (the "Services").

For the purposes of this Privacy Policy, "Company", "we", "us" or "our" means the Ink Foundation, a Cayman Islands Foundation Company, and our personnel, affiliates, and related companies. The Company is the organisation responsible for the Processing of your Personal Data under this Privacy Policy (i.e., the "Data Controller"). "You" and "your" refers to you as the user of the Services.

Capitalised terms have the meanings given to them in the Definitions section of this Privacy Policy or elsewhere in this Privacy Policy.

Please read this Privacy Policy carefully. By using, accessing, connecting to, or using any of the Services, you agree and consent to the collection, use, disclosure, retention, and security of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use, access, or connect to any of the Services.

OUR COMMITMENT TO YOUR PRIVACY

We are committed to respecting the privacy of the users of our Services and minimising the collection of Personal Data.

As a general principle, we do not collect or store Personal Data about users of the Services, except where necessary to ensure the usability and functionality of our Services, to communicate with you, to maintain security, or to comply with legal obligations. This Privacy Policy sets out the limited categories of Personal Data we may collect, the purposes for which it is used, and the measures we take to safeguard your data.

Our goal is to provide transparency and uphold your privacy at every step.

CHANGES TO THIS POLICY

Please note that we may revise this Privacy Policy from time to time at our sole discretion. If there are any material changes to this Privacy Policy, we will update the "Last Updated" date at the top of this Notice.

If we make material changes to the way in which we use or disclose information we collect, we will use reasonable efforts to notify you by posting notice of such changes on the Services or by other means consistent with applicable law.

You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use our Services after the new Privacy Policy takes effect.

DEFINITIONS

For the purposes of this Privacy Policy, the following terms have the following meanings:

  • "Appropriate Safeguards" means such legally enforceable mechanism(s) for transfers of Personal Data as may be permitted under Data Protection Laws from time to time.
  • "Data Controller" means the person or organisation which, alone or jointly with others, determines the purposes and means of Processing Personal Data (in the case of this policy, the Company).
  • "Data Protection Laws" means, as binding on either party:
    • the Cayman Islands Data Protection Act (as revised) (the "DPA");
    • any laws that replace, extend, re-enact, consolidate, or amend any of the foregoing;
    • any binding decision of the courts and tribunals of the Cayman Islands that relate to the application or interpretation of any of the foregoing;
    • any other Data Protection Laws as may be applicable to you.
  • "Data Subject" has the meaning given in applicable Data Protection Laws from time to time.
  • "Personal Data" has the meaning given in applicable Data Protection Laws from time to time.
  • "Processing" (or to "Process") means, in relation to Personal Data, collecting, recording, holding, or storing the Personal Data or carrying out any operation or set of operations on the Personal Data, including the:
    • organisation, adaptation, or alteration of Personal Data;
    • retrieval, consultation, or use of Personal Data;
    • disclosure of Personal Data by transmission, transfer, dissemination or otherwise making available; or
    • alignment, combination, correction, erasure, or destruction of Personal Data.

PERSONAL DATA WE COLLECT

The categories of Personal Data we collect depend on how you interact with us, our Services, and the requirements of applicable Data Protection Laws. We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services, as described below.

A. Information You Provide

In general, our website does not ask you to provide any Personal Data. We do not have user registration, account sign-ups, or contact forms on our website. This means we do not directly collect information such as your name, email address, phone number, or mailing address. If you choose to communicate with us (for example, by sending us an email), we will receive any Personal Data you voluntarily provide in that communication, and we will use it only for the purposes of corresponding with you and addressing your request.

B. Personal Data Collected Automatically

Third-party service providers such as our hosting provider and content delivery/security partner may automatically collect certain information about your interaction with the Services ("Usage Data") for the purpose of ensuring the website functions properly and securely.

Usage Data may include:

  • Device information, such as device type, operating system, unique device identifier, internet protocol (IP) address, and geographical location information.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, and whether you have opened our emails or clicked links within them.
  • Other information regarding your interaction with the Services, such as browser type, log data, date and time stamps, clickstream data, and ad impressions.

We do not use analytics platforms that track your behaviour for advertising or marketing purposes, and we do not personally identify you from the Usage Data. However, some of this Usage Data (such as IP address or device identifier) is considered Personal Data under the DPA because it can indirectly identify you.

C. Personal Data from Other Sources

We rely on certain third-party service providers to provide our Services. These services may process information under their own privacy policies:

  • Cloudflare
    We do not control how these services use your data, but they are used solely for website delivery and security.

USE OF PERSONAL DATA

We may Process and use the limited Personal Data that is collected for the following purposes or as otherwise described at the time of collection:

  • Service delivery and operations: We may use your Personal Data to provide and maintain the Services; to enable security features; to communicate with you about updates or alerts; and to support and respond to your feedback.
  • Service improvement and analytics: We may use your Personal Data to analyse the usage and performance of the Services and to develop new features and improve current ones.
  • Compliance and protection: We may use your Personal Data to comply with applicable laws, lawful requests, and legal processes, such as to respond to subpoenas, investigations or requests from government authorities; to protect our, your or others’ rights, privacy, safety or property; to audit our internal processes; to enforce the terms and conditions that govern the Services; and to prevent, identify, investigate and deter fraudulent, harmful or illegal activity.
  • Further uses: We may use your Personal Data for further uses, in which case, if they are not compatible with the initial purpose for which information was collected, we will ask for your consent to use of your Personal Data for those further purposes.

LEGAL BASIS FOR PROCESSING PERSONAL DATA

We consider it necessary to collect and use Personal Data for the purposes described above and rely on the following legal bases:

  • Consent: In situations where you have actively provided Personal Data to us (for example, if you email us with a question), we interpret that as consent to use your information to reply and assist you. If we ever seek to collect or use your Personal Data for any additional purpose, we will obtain your consent where required.
  • Legitimate Interests: We may Process Usage Data based on our legitimate interests in running an efficient, safe, and reliable website. For example, it is in our legitimate interest to collect IP addresses and other technical data to protect our Services from attacks. We always ensure that our legitimate interests are balanced with and do not override your rights and freedoms under applicable law.
  • Compliance with Legal Obligations: In some cases, we may need to Process or retain Personal Data to comply with a legal obligation, such as complying with a court order or regulatory requirement, or fulfilling our obligations under Cayman Islands law (for example, data retention laws or lawful requests from the Office of the Ombudsman).
  • Vital Interests: It is highly unlikely, but if Processing your information ever became necessary to protect someone’s life or vital health interests, we could rely on this legal basis.
  • Contractual Necessity: If you were to enter into any contract with us, we would Process Personal Data as necessary to perform that contract or to take steps at your request prior to entering into the contract.

The processing of your Personal Data may be permissible under several of the above legal bases.

HOW WE DISCLOSE YOUR PERSONAL DATA

Given the limited nature of the Personal Data we collect through our website and its subdomains, disclosures of Personal Data are minimal and occur only in the following circumstances:

  • We may share Personal Data with trusted third-party service providers who support the operation and security of our website. As set out above, we use Cloudflare to deliver the Services.
  • We may disclose Personal Data where required to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • We may disclose Personal Data where necessary to protect the rights, property, or safety of the Company, our users, or others.
  • In the event of a reorganisation, merger, or other structural change involving the Company, Personal Data may be transferred to a successor entity, provided that such entity continues to comply with this Privacy Policy or provides equivalent protection.
  • We may disclose your Personal Data to third parties if you have given us your explicit consent to do so, or if you have requested a specific disclosure.

THIRD PARTY PLATFORMS, WEBSITES AND LINKS

Our Services may contain links or integrations with third-party websites and services. These do not imply endorsement or affiliation. We are not responsible for the privacy practices of these third parties. Please review their privacy policies before use.

RETENTION OF PERSONAL DATA

We retain Personal Data only for as long as necessary to deliver our Services; meet legal, contractual, or business obligations; or as required by applicable laws and regulations in the Cayman Islands.

Given the limited nature of the Personal Data collected through our website and its subdomains, most data is retained only temporarily. Once Personal Data is no longer required for the purposes for which it was collected, and we are not legally required to retain it, we will securely delete or anonymise it.

SECURITY OF PERSONAL DATA

We use technical and organisational safeguards to protect your Personal Data. Despite these measures, no system is completely secure. Avoid sending sensitive information via insecure channels.

In the unlikely event of a data breach involving your Personal Data, we will act in accordance with the DPA. If a breach is likely to result in a real risk of harm to your rights and freedoms, we will notify the Cayman Islands Office of the Ombudsman and (if required) inform you of the breach without undue delay and, in any case, within five days as mandated by law, unless a delay is permitted by applicable regulations. We will also take all feasible steps to mitigate the breach and prevent future occurrences.

YOUR RIGHTS AS A DATA SUBJECT

As a user of our Services and a Data Subject under the DPA, you have certain rights regarding your Personal Data. These include:

  • Right to Be Informed: The right to be given clear and easily understandable information about how we collect and use your Personal Data. We fulfil this through this Privacy Policy and any specific notices we may provide at the time of data collection.
  • Right of Access: The right to request a copy of the Personal Data we hold about you, and to obtain information about how we Process it.
  • Right to Rectification: The right to request that we correct any inaccuracies in the Personal Data we hold about you. If you believe any information is out of date or incorrect, please let us know so we can update it.
  • Right to Erasure: The right to request that we delete your Personal Data when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent (where applicable) or object to our processing (and we have no overriding grounds to continue), or if we have processed the data unlawfully, or if erasure is required to comply with a legal obligation.
  • Right to Stop Processing: The right to require us to cease processing, or not begin processing, or to cease processing for a specified purpose or in a specified manner, your Personal Data. This right also entitles you to require us to cease, or not to begin, processing your Personal Data for the purposes of direct marketing.
  • Right to Withdraw Consent: If we are processing any of your Personal Data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of any Processing we carried out prior to your withdrawal, and it won’t affect Processing under other legal bases.

You also have the right to lodge a complaint about our data processing activities with the Cayman Islands Office of the Ombudsman. If you believe we have not complied with the DPA or have infringed your rights, you can contact the Ombudsman’s office to file a complaint. We encourage you to reach out to us first at our contact details below so we can address your concerns directly, but this does not affect your right to seek assistance from the Ombudsman. Contact information for the Office of the Ombudsman can be found on its official website, and generally the Ombudsman can be reached at +1 (345) 946-6283 or info@ombudsman.ky for data protection inquiries.

To exercise any of your rights above or to ask a question about your rights, please contact us using the contact information provided in the next section. We will respond to your requests in accordance with the DPA and within the timeframes it specifies.

If you are located outside of the Cayman Islands, you may have similar or additional rights under your local data protection laws (for example, residents of the European Union or United Kingdom have rights under the General Data Protection Regulation (GDPR)). We will endeavour to respect and fulfil all applicable data protection rights in line with relevant laws.

CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or your Personal Data, please contact us at:

Email: notices@inkfnd.com
Address: Ink Foundation, Leeward Management Limited, Suite 3119, 9 Forum Lane, Camana Bay, PO Box 144, George Town, Grand Cayman, KY1-9006, Cayman Islands