PRIVACY POLICY

Last Updated: 25 May 2026

This Privacy Policy describes how Somnia NetworkCo. Ltd., a company incorporated in the British Virgin Islands, together with its affiliates and subsidiaries (collectively referred to as “Company”, “Somnia”, “we,” “us,” or “our”) processes personal information that we collect through our digital or online properties or services that link to this Privacy Policy (including, as applicable, our website, social media pages, marketing activities, live events, and other activities described in this Privacy Policy (collectively, the “Service”)). The Company may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect personal information.

Somnia is the Agentic L1, a high-performance, EVM-compatible Layer 1 blockchain purpose-built for AI agents and real-time decentralised applications. Somnia provides developers and users with the infrastructure to build and interact with real-time, fully on-chain applications including DeFi protocols, games, social applications, and AI-powered prediction markets.

By continuing to access our Service, communicating with us, opting in when presented with choices, or voluntarily providing your personal information to us, you warrant that you are at least 18 years of age and expressly consent to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy. The Service is not intended for use by anyone under 18 years of age.

European Users. Please see the Notice to European Users section below for additional information for individuals located in the European Economic Area or United Kingdom (which we refer to as “Europe,” and “European” should be understood accordingly).

1. INFORMATION WE COLLECT

1.1 Information You Provide to Us

Personal information you may provide to us through the Service or otherwise includes:

• Contact data, such as your first and last name, email address, and any other contact details you provide when communicating with us.
• Communications data based on our exchanges with you, including through Somnia community channels, developer chats, Discord, social media, or when you contact us through the Service or otherwise.
• Blockchain data, such as your blockchain transaction history and other information associated with your linked cryptocurrency wallet, information needed to verify ownership of digital assets, and information needed to facilitate interactions through the Service, such as wallet address, transaction sender and recipient, transaction amounts, token holdings, and other similar data.
• Developer data, such as your GitHub handle, Discord username, information about your participation in developer programmes, hackathons, grant applications, or ecosystem initiatives.
• Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
• Promotion data, including information you share when you enter a competition, giveaway, or community event.
• Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

1.2 Information from Third Parties

We may combine personal information we receive from you with personal information we obtain from other sources, such as:

• Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
• Private sources, such as data providers, social media platforms, and data licensors.
• Our affiliate partners, such as influencers and promoters who participate in our programmes.
• Marketing partners, such as joint marketing partners and event co-sponsors.
• Third-party services, such as social media services, that you use to log into or otherwise link to the Service. This data may include your username, profile picture, and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.

1.3 Automatic Data Collection

We and our service providers and business partners may collect certain information about you, your device, and your activity on the Service automatically over time, including:

• Device data, such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Service.
• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
• Location data, such as data collected when you authorise the Service to access your device’s location.
• Communication interaction data, such as your interactions with our email or other communications (e.g., whether you open and/or forward emails) — we may do this through use of pixel tags (also known as clear GIFs), which may be embedded invisibly in our emails.

2. COOKIES AND TRACKING TECHNOLOGIES

2.1 Use of Cookies

We use cookies and similar tracking technologies (collectively, “Cookies”) on the Service to collect and store certain information about your device and usage of the Service. Cookies are small data files placed on your device when you visit a website. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted or they expire).

2.2 Types of Cookies We Use

We use the following categories of cookies:

• Strictly necessary cookies: These are essential for the operation of the Service and cannot be switched off. They are usually set in response to actions you take such as setting your privacy preferences or navigating pages.
• Analytics and performance cookies: These allow us to count visits and traffic sources so we can measure and improve the performance of the Service. They help us understand which pages are most and least popular and how visitors move around the Service.
• Functionality cookies: These enable enhanced functionality and personalisation, such as remembering your preferences and settings.
• Targeting and advertising cookies: These may be set through the Service by our advertising partners to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and device.

2.3 Managing Cookies

You can control and manage cookies in various ways. Most browsers allow you to refuse or accept cookies and to delete them. The methods for doing so vary from browser to browser, and from version to version. You can obtain up-to-date information about managing cookies in your browser via your browser’s help documentation. Please note that if you choose to block or delete cookies, some features of the Service may not function correctly.

We will store a record of your preferences in respect of the use of cookies in connection with the Service.

2.4 Do Not Track

Some internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

3. HOW WE USE YOUR PERSONAL INFORMATION

We may use your personal information for the following purposes or as otherwise described at the time of collection:

3.1 Service Delivery and Operations

We may use your personal information to:

• provide, operate, and improve the Service and our business;
• enable security features on the Service;
• communicate with you about the Service, including by sending Service-related announcements, updates, security alerts, and support and administrative messages;
• communicate with you about events or developer programmes in which you participate; and
• provide support for the Service, and respond to your requests, questions, and feedback.

3.2 Service Personalisation

We may use your personal information to:

• understand your needs and interests;
• personalise your experience with the Service and our communications; and
• remember your selections and preferences as you navigate the Service.

3.3 Service Improvement and Analytics

We may use your personal information to understand how the Service is used, to improve it and our broader business, and to develop new products and services. This includes analysing which parts of the Service are most and least visited, how users navigate the Service, and how users engage with our communications.

3.4 Marketing and Advertising

Direct marketing. We may send you direct marketing communications and may personalise these messages based on your needs and interests. You may opt-out of our marketing communications as described in the Opt-out of Communications section below.

Interest-based advertising. Our third-party advertising partners may use cookies and similar technologies to collect information about your interaction with the Service, our communications, and other online services over time, and use that information to serve online advertisements that they think will interest you. You can learn more about your choices for limiting interest-based advertising in Section 6 (Your Rights and Choices) below.

3.5 Events, Promotions, and Community Programmes

We may use your personal information to:

• administer promotions, contests, hackathons, and grant programmes;
• communicate with you about events or programmes in which you participate; and
• contact or market to you after collecting your personal information at an event.

3.6 Compliance and Protection

We may use your personal information to:

• comply with applicable laws and legal process, including responding to subpoenas, regulatory investigations, or requests from government authorities;
• protect the rights, privacy, safety, or property of Somnia, you, or others, including by asserting and defending legal claims;
• conduct internal audits for compliance with our legal, contractual, and policy obligations;
• enforce the terms and conditions that govern the Service; and
• detect, investigate, and take action against fraudulent, harmful, unauthorised, or illegal activity, including cyberattacks and identity theft.

3.7 Aggregated and Anonymised Data

We may derive aggregated, de-identified, or anonymised data from personal information we collect. This involves removing identifying details so that the resulting data cannot reasonably be linked back to you. We may use and share such data freely for lawful business purposes, including service improvement, analytics, and promotion of our business.

3.8 Further Uses

Where we wish to use your personal information for a purpose that is materially different from the purpose for which it was originally collected, we will seek your consent before doing so.

4. RETENTION OF INFORMATION

Personal information is retained for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, and reporting obligations, to support the establishment or defence of legal claims, and for fraud prevention. When determining how long to retain information, we take into account the volume, nature, and sensitivity of the data, the risk of harm from unauthorised use or disclosure, whether the relevant purposes can be achieved by other means, and any applicable legal requirements.

5. HOW WE SHARE YOUR PERSONAL INFORMATION

Your personal information may be shared with the parties described below, as well as in other circumstances described in this Privacy Policy, in supplemental notices, or at the time of collection.

Affiliates. We may share or disclose information we collect from you to our affiliates, such as parent entities, subsidiaries, and affiliated entities, to help us operate the Services or our business. If we do so, their use and disclosure of your personal information will be maintained in accordance with this Privacy Policy.

Service providers. Third parties that provide services on our behalf or help us operate the Services or our business (such as hosting, information technology, customer support, email delivery, marketing, consumer research, and website analytics).

Blockchain and cryptocurrency platforms. We may share your personal information, such as information to link your virtual wallet to the Services and information about your activities on the Services, with your chosen cryptocurrency platform or wallet provider. Please review the privacy policies of the relevant platform to learn how they may use your personal information.

Advertising partners. Third-party advertising companies for the interest-based advertising purposes described above.

Professional advisors. We may share personal information with our professional advisors — including legal counsel, auditors, financial advisors, and insurers — where necessary for the services they provide to us.

Authorities and others. We may disclose personal information to law enforcement agencies, regulators, government authorities, and private parties where we believe in good faith that such disclosure is necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Personal information may be disclosed in connection with actual or contemplated corporate transactions, including investments, financing, restructuring, mergers, acquisitions, or the sale of all or part of our business or assets. In the event of an insolvency, bankruptcy, or receivership, personal information may also be transferred to one or more third parties as a business asset.

Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so, for example in connection with ecosystem partnerships, promotions, or community programmes.

Business and marketing partners. Third parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.

Linked third-party services. If you link your account to a social media or other third-party service, we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy and the settings associated with your account with the third-party service.

6. YOUR RIGHTS AND CHOICES

This section sets out the rights and choices available to all users of the Service. European users should refer to the Notice to European Users section below for further information specific to them.

Access or update your information. If you wish to access or amend any personal information we hold about you, you may request access by contacting us at the details provided in the How to Contact Us section below.

Opt-out of communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.

Cookies. For information about cookies and similar technologies employed by the Service and how to manage your preferences, see Section 2 (Cookies and Tracking Technologies) above.

Declining to provide information. Certain personal information is necessary for us to provide the Service. If you decline to provide information we identify as required, we may be unable to deliver all or part of the relevant service.

7. OTHER SITES AND SERVICES

The Service may include links to third-party websites, applications, and online services. The presence of such a link does not indicate any endorsement of or affiliation with the relevant third party. We have no control over third-party services and are not responsible for how they handle your information. Each third-party service operates under its own privacy policy, which you should review before providing any personal information.

8. DATA TRANSFER

Our operations are international in nature, and your personal information may be transferred to or processed in countries whose data protection laws differ from those in your home jurisdiction. By using the Service, you acknowledge that your personal information may be processed by third parties located in countries that may not offer equivalent protections to those applicable where you are based.

Users in Europe should also read the important information provided in the Notice to European Users section below about transfers of personal information to recipients outside Europe.

9. SECURITY

We implement appropriate technical, organisational, and physical measures to protect the personal information we hold. That said, no internet-based system is entirely secure, and we cannot guarantee that your personal information will be free from all unauthorised access or disclosure.

10. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. Where we make material changes, we will indicate this by updating the “Last Updated” date and publishing the revised Policy on the Service, or by such other means as we consider appropriate. Revised versions take effect on the date of posting unless we indicate otherwise. Your continued use of the Service following any update constitutes your acceptance of the revised Privacy Policy..

11. HOW TO CONTACT US

If you have any questions about this Privacy Policy, please contact us by email at legal@somnia.foundation.

12. NOTICE TO EUROPEAN USERS

12.1 SCOPE

This section contains additional information for individuals who access the Service from within the European Economic Area (EEA) or the United Kingdom (UK), collectively referred to as “Europe” throughout this Privacy Policy.

12.2 Personal Information and GDPR

References to "personal information" in this Privacy Policy should be understood to include a reference to "personal data" as defined in the General Data Protection Regulation 2016/679 ("EU GDPR") and the EU GDPR as it forms part of the laws of the United Kingdom ("UK GDPR"). Under the GDPR, "personal data" means information about individuals from which they are either directly identified or can be identified.

12.3 Legal Bases for Data Processing

In respect of each purpose for which we use your personal information, the GDPR requires us to ensure that we have a “legal basis” for that use. Our legal bases for processing your personal information are:

• Contractual Necessity: where we need to process your personal information in order to deliver the Service to you, or where you have asked us to take specific action which requires us to process your personal information.
• Legitimate Interests: where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
• Compliance with Law: where we need to comply with a legal or regulatory obligation.
• Consent: where we have your specific consent to carry out the processing for the purpose in question.

The table below sets out the legal bases we rely on in respect of the relevant purposes for which we use your personal information.

Purpose

Categories of Personal Information

Legal Basis

Service delivery and operations

Contact data

Communications data

Blockchain data

Developer data

Device data

Data from third-party sources

Contractual Necessity.

Legitimate Interests: we have a legitimate interest in ensuring the ongoing security and proper operation of our Service, our business, and associated IT services, systems, and networks.

Service personalisation

Communications data

Device data

Data from third-party sources

Legitimate Interests: we have a legitimate interest in providing you with a good service that is personalised to you and that remembers your selections and preferences.

Consent, in respect of any optional processing relevant to personalisation (including any optional cookies used for this purpose).

Service improvement and analytics

Contact data

Communications data

Blockchain data

Device data

Online activity data

Communication interaction data

Legitimate Interests: we have a legitimate interest in providing a good service and analysing how you use it so that we can improve it over time, as well as developing and growing our business.

Consent, in respect of any optional cookies used for this purpose.

Direct marketing

Contact data

Marketing data

Data from third-party sources

Legitimate Interests: we have a legitimate interest in promoting our operations and goals as an organisation and sending marketing communications for that purpose.

Consent: in circumstances or in jurisdictions where consent is required under applicable data protection laws.

Events, promotions, and community programmes

Contact data

Developer data

Promotion data

Data from third-party sources

Contractual Necessity: to administer events in accordance with their terms (including communicating with you as and where necessary).

Legitimate Interests: we have a legitimate interest in promoting these events and our business.

Consent: in circumstances or in jurisdictions where consent is required.

Compliance and protection

Any and all data types relevant in the circumstances

Compliance with Law.

Legitimate Interests: where Compliance with Law is not applicable, we have a legitimate interest in participating in, supporting, and following legal process and requests, and in ensuring the protection, maintenance, and enforcement of our rights, property, and/or safety.

Data sharing in corporate events

Any and all data types relevant in the circumstances

Legitimate Interests: we have a legitimate interest in providing information to relevant third parties involved in an actual or prospective corporate event.

Aggregated and anonymised data

Any and all data types relevant in the circumstances

Legitimate Interests: we have a legitimate interest in taking steps to preserve the privacy of our users while deriving insights from usage data.

Further uses

Any and all data types relevant in the circumstances

The original legal basis relied upon, if the relevant further use is compatible with the initial purpose for which personal information was collected.

Consent, if the relevant further use is not compatible with the initial purpose.

12.4 Other Information

No obligation to provide personal information. Providing personal information to us is voluntary. However, where we require certain information to comply with a legal obligation or to deliver the Service, failure to provide it may mean we cannot offer some or all of the relevant services. We will let you know at the time if this is the case.

No automated decision-making and profiling. As part of the Service, we do not engage in automated decision-making or profiling which produces legal or similarly significant effects on you. Note, however, that the Somnia Protocol incorporates AI agent functionality, enabling smart contracts to query external data sources and execute AI models on-chain. Decisions made by such on-chain AI agents are governed by the relevant smart contract logic and do not constitute decisions made by Somnia about you for GDPR purposes

12.5 Your Additional Rights

European data protection laws may give you certain rights regarding your personal information in certain circumstances. If you are located in Europe and to the extent technically possible in the context of blockchain technology, you may ask us to take the following actions in relation to your personal information that we hold:

• Access: request information about how we process your personal information and obtain a copy of it.
• Rectification: ask us to correct any inaccuracies in the personal information we hold about you.
• Erasure: request that we delete your personal information where we have no legitimate reason to continue holding it.
• Portability: receive a machine-readable copy of the personal information you have provided to us, or ask us to transmit it to a third party of your choice.
• Restriction: ask us to suspend or limit our processing of your personal information, for example while we verify its accuracy or assess a challenge you have raised.
• Objection: object to processing carried out on the basis of Legitimate Interests, or where we process your personal information for direct marketing purposes.
• Withdrawal of Consent: where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at legal@somnia.foundation. We may ask you to verify your identity before processing your request. We aim to respond to all valid requests within one month, though complex or multiple requests may take longer, in which case we will keep you informed.

12.6 Right to Lodge a Complaint

We encourage you to contact us in the first instance if you have concerns about how we handle your personal information. If you remain dissatisfied with our response, or with our data processing practices generally, you have the right to lodge a complaint with your local data protection authority.

• For users in the European Economic Area: the contact information for the data protection regulator in your place of residence can be found at https://edpb.europa.eu/about-edpb/board/members_en
• For users in the UK: the contact information for the UK data protection regulator can be found at https://ico.org.uk/make-a-complaint/

13. GOVERNING LAW

This Privacy Policy and any disputes arising from or in connection with it shall be governed by the laws of the Cayman Islands, without regard to conflict of law principles. For any disputes not resolved by agreement between the parties, you consent to the exclusive jurisdiction of the courts of the Cayman Islands, subject always to your rights under applicable European data protection law which cannot be excluded by contract.