AOULINK Full Agreement

Part I — Terms of Service

These Terms of Service (these "Terms") constitute a legally binding agreement between you and Aoulink Digital Limited, a limited company incorporated in England and Wales ("we," "us," or "our"), regarding your access to and use of the AOULINK Wallet platform and any related products or services (collectively, the "Services").

The Services comprise multiple functional modules that may be provided by different entities. The specific provider of each module shall be as set out in any supplemental agreement displayed to you at the time of use.

By accessing or using the Services, you indicate that you:

• Have read, understood, and accepted these Terms;
• Agree to be bound by the AOULINK Privacy Statement and (if applicable) the AOULINK Risk Disclosure Statement, each of which is referenced in these Terms; and
• Are legally bound by these Terms regardless of your location or nationality.

If you do not agree to these Terms or any subsequent amendments to them, please cease using the Services immediately.

Usage Guidelines

To facilitate understanding, certain technical terms are defined below. You may skim Article 1 on first reading and refer back to it as needed during use of the Services.

1. Key Definitions and Interpretation Rules

1.1 Key Definitions

Unless the context otherwise requires, the following terms have the following meanings:

• "Applicable Law" means any law or legal norm that is binding on you or us, including without limitation any statute, common law, principles of equity, regulation, rule, ordinance, directive, order, judgment, decree, notice, announcement, policy, guidance, sanction, or requirement of any governmental authority, including in particular the laws and regulations of England and Wales and any other jurisdiction relevant to the provision and use of the Services, and any amendments, restatements, or replacements thereof.
• "Digital Asset" means any digital or virtual asset (including "virtual assets," "cryptocurrencies," "digital goods," and "digital payment tokens") based on cryptography and distributed ledger/blockchain technology, which may be used as a medium of exchange and/or a store of value, including without limitation tokens, NFTs, and digital collectibles. A Digital Asset operating on an additional layer, sidechain, or derivative structure shall be considered an independent Digital Asset to the extent it has independent functionality.
• "Digital Wallet" means a non-custodial wallet in which you have full control over your Private Key and thereby control your Digital Assets.
• "Digital Wallet Address" means a publicly accessible address used to receive and send Digital Assets.
• "Digital Wallet Software" means software (usually in the form of an app or browser extension) that enables you to view, manage, and initiate commands related to Digital Assets, such as AOULINK Wallet, MetaMask, Coinbase Wallet, and similar software. Such software does not store your Private Key; it transmits your signed instructions to the relevant blockchain network.
• "DApp" / "Decentralized Application" means an application running on a blockchain or peer-to-peer network that operates without the continuous control of a centralized entity.
• "DeFi" means financial infrastructure, products, or services based on decentralized protocols or smart contracts.
• "DEX" or "Decentralized Exchange" means a third-party peer-to-peer platform or liquidity pool running on a blockchain that facilitates Digital Asset transactions between users through smart contracts, without requiring a centralized institution to custody user assets. For purposes of these Terms, "DEX" includes protocols that support cross-chain bridging.
• "Third-Party Platform" means any website, application, protocol, smart contract, or other platform owned, operated, or controlled by a third party, including without limitation third-party DApps, DEXs, NFT marketplaces, games, and other services. We do not control such platforms and make no warranties regarding any content, products, or services they provide.
• "NFT" or "Non-fungible Token" means a unique and non-fungible Digital Asset, including without limitation inscriptions, digital collectibles, tickets, and membership or entitlement tokens.
• "Private Key" means the cryptographic string necessary to authorize and sign Digital Asset transactions and to control a Digital Wallet and its Digital Assets.
• "Mnemonic Phrase" means a set of words generated according to industry standards such as BIP39, used to represent and back up a Private Key in a human-readable form.
• "Force Majeure" means any event or circumstance beyond our reasonable control that prevents or delays our performance of any obligations under these Terms, including without limitation natural disasters, war, social unrest, sanctions, major network or power outages, large-scale cyberattacks, and major regulatory changes.
• "Personal Data" means any information relating to an identified or identifiable natural person, including basic identity information, contact details, device information, network and transaction information, and similar information, as further described in the AOULINK Privacy Statement and within the meaning of applicable data protection laws (including the UK GDPR and the Data Protection Act 2018).
• "User Content" means any content or data that you upload, submit, publish, transmit, or otherwise provide through the Services.

Where other provisions of these Terms contain special definitions, those definitions shall apply for purposes of those provisions.

1.2 Rules of Interpretation

Unless otherwise expressly stated, the following rules of interpretation apply to these Terms:

• Headings are for convenience only and do not affect interpretation.
• The singular includes the plural, and vice versa.
• References to any "person" include natural persons, legal persons, and other forms of organization.
• References to any document or agreement include any revisions, additions, restatements, or replacements thereof from time to time.
• Terms such as "including" and "for example" are not intended to be exhaustive or limiting.
• In the event of any discrepancy between the English and Chinese versions of these Terms, the English version shall prevail.

2. Our Services

2.1 Service Overview

We operate and provide a decentralized non-custodial wallet platform that allows you to:

• Create and manage one or more Digital Wallets;
• View and manage Digital Assets on supported public blockchains;
• Connect your Digital Wallets to Third-Party Platforms (including DApps, DEXs, NFT marketplaces, DeFi protocols, and similar services);
• Access Digital Asset exchange, NFT trading, staking, gaming, and other services provided by third parties through an aggregated interface; and

For the avoidance of doubt:

• We do not custody your Private Keys or Digital Assets, nor do we receive or hold your fiat currency or Digital Assets;
• All transactions initiated through the Services are initiated, signed, and broadcast to the relevant blockchain network by you.

The Services may include wallet software, aggregation interfaces, and other related functions.

2.2 Eligibility for Use

You represent and warrant that:

• You are 18 years of age or older (or such higher age of majority as may be required by the laws of your jurisdiction);
• You have full legal capacity and can independently assume legal responsibility for your use of the Services;
• You are not prohibited from using similar services by any Applicable Law;
• We have not previously suspended, terminated, or prohibited you from using the Services;

If you are using the Services on behalf of a legal entity, you also represent and warrant that:

• The entity is duly established and validly existing;
• You have sufficient authority to bind the entity to these Terms; and
• These Terms are binding on both you and the entity.

2.3 Service Availability

The availability of the Services in any particular jurisdiction may vary depending on local laws and regulations. If your jurisdiction imposes specific restrictions or prohibitions on the use, holding, or trading of digital assets, virtual currencies, or non-custodial wallets, you are solely responsible for assessing the legality of your use of the Services and shall bear all consequences arising therefrom. We make no representation or warranty as to the legality of the Services in any particular jurisdiction.

2.4 Third-Party Content and Services

Through the Services, you may:

• View, access, or use third-party content (including NFT-related information); and
• Connect to and use features provided by Third-Party Platforms (including trading, staking, gaming, and similar services).

You understand and agree that:

• We only provide access and aggregation interfaces and do not control, manage, or operate any Third-Party Platform or its smart contracts;
• We make no representations or warranties regarding any third-party content or services;
• You are solely responsible for verifying the authenticity, legality, and ownership of NFTs or other Digital Assets;
• Any "purchase terms" applicable to NFTs or other Digital Assets are agreements between the relevant buyer(s) and seller(s), and we are not a party to such agreements; and
• We are not liable for any losses arising from your use of any Third-Party Platform, third-party application, or third-party materials.

By using the Services, you also agree to the applicable Third-Party Platform terms, privacy policies, and operating rules.

2.5 Services Provided "As Is"

The Services and all information, content, tools, and features therein are provided "as is" and "as available." Unless required by Applicable Law, we make no express or implied warranties as to the accuracy, completeness, reliability, availability, or fitness for a particular purpose of the Services.

3. Usage Requirements

3.1 Connecting to Your Digital Wallet

• Before using the Services, you must connect your Digital Wallet through supported Digital Wallet Software.
• Any operation, transaction, or signature initiated through your Digital Wallet Address will be deemed made by you.
• We cannot access or control your Digital Wallet, nor will we initiate transactions on your behalf.

3.2 Password, Private Key, and Mnemonic Phrase

You expressly acknowledge and agree that:

• We do not and cannot:
• store or recover your password, Private Key, or Mnemonic Phrase;
• freeze, restore, or rebuild your Digital Wallet; or
• report a wallet as lost or recover assets on your behalf.
• If you lose or disclose your Private Key and/or Mnemonic Phrase, you may permanently lose access to your related Digital Assets.

3.3 Private Key and Mnemonic Phrase Protection

• You are responsible for properly backing up and safeguarding your Private Key and Mnemonic Phrase and preventing any unauthorized access.
• We will never ask you for your Private Key or Mnemonic Phrase.
• You are solely responsible for any loss caused by the loss, disclosure, or acquisition of your Private Key or Mnemonic Phrase by others.

3.4 Access Devices and Networks

To use the Services, you are responsible for:

• Purchasing and maintaining internet-connected devices; and
• Paying for internet access, data usage, and other related fees.

You should ensure that your device is secure and not jailbroken or rooted to reduce the risk of attack.

3.5 Authorizing Third-Party Access

If you:

• Authorize your Digital Wallet to a Third-Party Platform or application; or
• Provide your Private Key, Mnemonic Phrase, or signing permissions to others,

you will bear all risks and losses arising therefrom. We are not responsible for the actions of any third party authorized by you.

4. Risk Disclosure

4.1 General Notice

Digital Assets and Web3 services are high-risk activities.

You may suffer significant or even total loss in a short period of time. By using the Services, you acknowledge and accept these risks and make decisions solely based on your own judgment.

To simplify the reading of the main agreement, this Section provides only a summary of the risks. A more complete and detailed risk disclosure is contained in the AOULINK Risk Disclosure Statement, which, by reference, forms part of these Terms and has the same legal effect as these Terms.

In the event of any discrepancy between this summary and the AOULINK Risk Disclosure Statement, the AOULINK Risk Disclosure Statement shall prevail.

4.2 Major Risk Categories

Including without limitation:

• Digital Asset Price Risks
• High price volatility, potentially leading to rapid devaluation or becoming worthless;
• Different jurisdictions may have varying characterizations of Digital Assets (e.g., as securities, commodities, or payment tokens).
• Non-Custodial Wallet Risks
• Lost or leaked Private Keys/Mnemonic Phrases are usually irrecoverable, and Digital Assets may be permanently lost;
• Transactions may be irreversible due to operational errors (e.g., transferring to the wrong address).
• Technical and Cybersecurity Risks
• Blockchain forks, smart contract vulnerabilities, 51% attacks, and similar events may affect asset security and availability;
• Malware, phishing, and social engineering attacks may compromise your wallet.
• Regulatory and Policy Risks
• Regulatory policies vary by jurisdiction and may restrict or prohibit certain Digital Assets or services;
• Regulatory changes may affect your ability to hold, trade, or transfer Digital Assets.

You should carefully read the AOULINK Risk Disclosure Statement before using the Services and seek independent legal, financial, and tax advice if necessary.

5. User Representations and Warranties

You represent and warrant that:

• You have a reasonable understanding of and are willing to assume all risks involved in using the Services;
• The funds and Digital Assets used are legally obtained, you have legal ownership of or lawful authority to dispose of them, and they are not derived from money laundering, terrorist financing, fraud, drug trafficking, corruption, tax evasion, or any other illegal activities;
• You will not use the Services for any illegal purpose, including without limitation money laundering, terrorist financing, proliferation financing, fraud, gambling, sanctions evasion, or other illegal or criminal activities; and
• The information you provide during your use of the Services is true, accurate, complete, and up to date.

If you breach the above representations and warranties, you shall bear all losses, liabilities, or penalties arising therefrom, and we shall have the right to take measures including without limitation suspending or terminating the Services in accordance with these Terms.

6. Prohibited Activities

You agree not to engage in any of the following activities (including without limitation):

• Violating any Applicable Law, regulatory requirements, or these Terms;
• Using the Services for money laundering, terrorist financing, proliferation financing, fraud, hacking, data breaches, sanctions evasion, or other illegal or criminal activities;
• Interfering with or attempting to interfere with the normal operation of the Services, including attacking servers, abusing interfaces, probing, or bypassing security measures;
• Massively scraping, copying, or abusing Services content through web crawlers, bots, scripts, or other automated tools;
• Infringing on intellectual property rights, privacy rights, or other legitimate rights of others;
• Spreading false statements or maliciously damaging our reputation or goodwill; or
• Any conduct that we reasonably determine is inappropriate or may adversely affect us or others.

If you violate any of the above, we have the right to immediately suspend or terminate your access to the Services and reserve the right to pursue legal action.

7. Fees and Taxes

7.1 Blockchain Fees and Third-Party Fees

• Using the Services may incur blockchain mining fees (Gas), third-party protocol fees, or other charges.
• These fees may not be refundable in the event of a failed transaction.
• Unless otherwise stated, we do not directly charge mining fees or third-party protocol fees.

7.2 Service Fees

• Certain Service modules may be subject to service fees charged by us or other Service Providers.
• Specific rates and billing methods will be clearly disclosed in the relevant interface or supplemental agreement.
• We reserve the right to adjust rates within a reasonable scope and will notify you through platform announcements or other reasonable means.

8. Content and Intellectual Property

8.1 Platform Content

Except for User Content and third-party content that is expressly and otherwise clearly marked, all intellectual property rights in the Services and all related content, interfaces, software, code, trademarks, logos, and similar materials belong to us or our licensors.

Subject to your compliance with these Terms, we grant you a limited, revocable, non-exclusive, non-transferable, and non-sublicensable licence to access and use the relevant content solely for the lawful use of the Services.

8.2 User Content and Licensing

• You retain all rights to the User Content (to the extent permitted by Applicable Law).
• For the purpose of operating and improving the Services, you grant us a worldwide, royalty-free, sublicensable, and transferable licence to use, reproduce, modify, publish, display, and distribute such User Content to the extent permitted in connection with the Services.

You warrant that:

• You have the authority to grant us the above licence; and
• The User Content does not infringe any third party's rights or Applicable Law.

8.3 Intellectual Property Infringement Notification

If you believe that any content in the Services infringes upon your legal rights, you may submit a written notice to us in accordance with Applicable Law. We will handle the matter in accordance with Applicable Law and our internal policies, including, where necessary, removing or blocking the relevant content and notifying the relevant users.

9. Service Changes and Interruptions

9.1 Suspension and Restriction of Services

We may suspend or restrict access to certain Services where reasonably necessary, including in cases of legal requirements, security risks, or system maintenance.

For clarity: as AOULINK Wallet is non-custodial software, any suspension or restriction of your access to the service interface does not affect your control over your private keys and digital assets, which remain with you at all times. You may continue to access your on-chain assets through any other compatible wallet software.

9.2 Force Majeure and Technical Failures

Force Majeure or events beyond our reasonable control (including without limitation severe network failures, power outages, blockchain anomalies, hacker attacks, or third-party service interruptions) may result in:

• Service interruption or delay; and/or
• Failure, cancellation, or loss of orders, transactions, or records.

To the maximum extent permitted by Applicable Law, we shall not be liable for any losses arising therefrom, but will endeavor to mitigate the impact to a reasonable extent where practicable.

10. Compliance with Laws and Regulations

10.1 General Compliance Obligations

You must comply with all Applicable Law when using the Services, including without limitation:

• Anti-money laundering (AML) and counter-terrorist financing (CFT) laws and regulations;
• Sanctions and export control laws and regulations;
• Tax and foreign exchange management laws and regulations; and
• Information security, data protection, and privacy laws and regulations.

10.2 Identity Verification and Compliance

AOULINK is a non-custodial wallet. Using the standard features of the wallet does not require you to provide identity information.

Identity verification (KYC) may be involved in the following two specific circumstances:

• Where you voluntarily choose to use regulated features provided by third parties (such as fiat on-ramps and off-ramps, regulated custody, regulated staking, or similar services), the relevant third-party service provider may collect KYC materials directly from you in accordance with its own compliance requirements. This process is independent of AOULINK and is handled by the relevant third party.
• Where Applicable Law expressly requires us to do so, we may comply with the relevant compliance obligations as required by law.

For clarity: as AOULINK Wallet is non-custodial software, your private keys and digital assets remain entirely under your control at all times. Even in the circumstances described above, we are unable to access, transfer, or freeze any assets in your wallet.

11. Privacy and Data Protection

For details on how we collect, use, store, share, and protect your Personal Data, please see the AOULINK Privacy Statement. The AOULINK Privacy Statement forms part of these Terms and has the same legal effect as these Terms. Our processing of your Personal Data shall comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as well as other applicable data protection laws.

12. Indemnification

To the extent permitted by Applicable Law, you shall fully indemnify us, our affiliates, and our and their respective directors, officers, employees, and agents from and against any claims, demands, actions, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to:

• Your breach of these Terms or any Applicable Law;
• Your improper or illegal use of the Services;
• Any third-party claims arising from your User Content; or
• Losses suffered by third parties or us due to your fault or misconduct.

This indemnification obligation shall survive termination of these Terms.

13. Limitation of Liability and Disclaimer

13.1 Liability Cap

To the maximum extent permitted by Applicable Law, our aggregate liability to you for any and all claims arising out of or in connection with these Terms or the Services shall not exceed the lower of:

• (a) the aggregate amount of service fees actually received by us from you in the twelve (12) months immediately preceding the event giving rise to liability; and
• (b) one hundred British pounds (GBP 100).

Where no service fees have been received from you, our liability shall be limited to GBP 100 or the minimum amount required by Applicable Law, whichever is higher.

13.2 Exclusions

Subject to Applicable Law, we shall not be liable for any of the following (whether arising in contract, tort, or otherwise):

• any indirect, incidental, special, punitive, or consequential loss or damage;
• any loss of profit, revenue, business opportunity, or data;
• any loss arising from the acts, omissions, or malfunctions of any Third-Party Platform, third-party services, or blockchain network;
• any loss arising from fluctuations in Digital Asset prices, market conditions, or liquidity; or
• any loss arising from your own operational errors, device security failures, or the loss or disclosure of your Private Key or Mnemonic Phrase.

Nothing in these Terms shall operate to exclude or limit our liability for fraud, wilful misconduct, gross negligence, or any other liability that cannot be excluded or limited under Applicable Law (including liability for death or personal injury caused by negligence).

14. Governing Law

These Terms, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with these Terms or the Services or their subject matter or formation, shall be governed by and construed in accordance with the laws of England and Wales, without regard to its conflict of laws rules.

The United Nations Convention on Contracts for the International Sale of Goods (CISG) shall not apply to these Terms.

15. Dispute Resolution and Class-Action Waiver

15.1 Prior Consultation

If you have any dispute, complaint, or claim relating to the Services, you agree to first contact us through our official support channels and to allow us a reasonable period (being not less than ninety (90) days) within which to resolve the matter amicably.

15.2 Arbitration

If the dispute is not resolved within the consultation period referred to above, the parties agree that the dispute shall be referred to and finally resolved by arbitration under the Rules of the London Court of International Arbitration ("LCIA"), which Rules are deemed to be incorporated by reference into this clause.

• The seat of the arbitration shall be London, United Kingdom;
• The arbitral tribunal shall consist of a sole arbitrator, appointed in accordance with the LCIA Rules unless the parties agree otherwise;
• The language of the arbitration shall be English;
• The award rendered by the arbitrator shall be final and binding on the parties and may be enforced in any court of competent jurisdiction; and
• The arbitration proceedings and any award shall be kept strictly confidential, save as may be required to enforce or recognise the award, or to comply with any legal or regulatory obligation.

15.3 Interim Relief

Notwithstanding the arbitration agreement set out above, either party may apply to any court of competent jurisdiction for interim, provisional, or emergency relief (including injunctive relief) to protect its rights or to prevent imminent harm, and any such application shall not constitute a waiver of the agreement to arbitrate.

15.4 Class Action Waiver

To the maximum extent permitted by Applicable Law, you agree:

• to bring any dispute against us only in your individual capacity;
• not to act as a plaintiff, class member, or representative in any class action, representative action, consolidated arbitration, or class arbitration; and
• that the arbitrator shall have no authority to consolidate the claims of multiple users.

15.5 Time Limit

To the extent permitted by Applicable Law, any claim must be commenced in arbitration within one (1) year from the date the cause of action arises; failing which, the claim shall be permanently barred.

16. General Provisions

16.1 Acceptance and Effectiveness

By accessing or using the Services, you acknowledge that you have read, understood, and accepted these Terms in their entirety. These Terms shall take effect from the date of your first use of the Services.

16.2 Assignment

• You shall not assign, transfer, or delegate any of your rights or obligations under these Terms without our prior written consent.
• We may assign or transfer our rights and obligations under these Terms to any of our affiliates or to any third party, in which case we will notify you through a platform announcement or other reasonable means.

16.3 Entire Agreement

These Terms, together with any supplemental terms referenced herein, constitute the entire agreement between you and us in relation to the Services and supersede any prior oral or written agreements between the parties in relation thereto.

16.4 Variation

We may amend these Terms from time to time and will notify you through platform announcements, pop-ups, or other reasonable means. Unless otherwise stated, the amended Terms shall take effect upon publication. Where any amendment has a material adverse effect on you, your sole remedy is to cease using the Services and close your account before the amendment takes effect; your continued use of the Services after the amendment takes effect shall constitute your acceptance of the amended Terms.

16.5 Electronic Communications

You agree that we may give you notices, agreements, and other communications relating to the Services by electronic means (including by email, platform announcement, or in-app notification), and, to the extent permitted by Applicable Law, such electronic communications shall satisfy any requirement for notice in writing.

16.6 Third-Party Rights

Save as expressly provided in these Terms, a person who is not a party to these Terms shall have no rights under the Contracts (Rights of Third Parties) Act 1999 of the United Kingdom to enforce any term of these Terms.

16.7 Notices

Unless otherwise provided in these Terms, all formal legal notices to us shall be given in writing to:

• Email: support@aoulink.com
• For the attention of: Legal Department, Aoulink Digital Limited

16.8 Headings

Headings in these Terms are for convenience of reference only and shall not affect the construction or interpretation of any provision.

— END OF DOCUMENT —

Part II — Privacy Statement

This AOULINK Privacy Statement (this "Statement") is issued by Aoulink Digital Limited, a limited company incorporated in England and Wales ("we," "us," or "our"). It explains how we process your personal information ("Personal Data") when you use the AOULINK Wallet platform and related services (collectively, the "Services").

By accessing or using the Services, you acknowledge that you have read, understood, and agreed to this Statement. If you do not agree to this Statement, please cease using the Services immediately.

Our processing of your Personal Data shall comply with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, and, where applicable, other data protection laws.

1. Nature and Scope of This Statement

1.1 Nature of This Statement

This Statement is our primary legal document governing data privacy and the processing of personal data, and forms an integral part of the AOULINK Terms of Service.

In the event of any inconsistency between this Statement and the AOULINK Terms of Service or any supplemental agreements in relation to privacy or personal data matters, this Statement shall prevail in respect of those privacy matters; in respect of all other matters, the AOULINK Terms of Service shall prevail.

1.2 Your Acknowledgement

By using the Services, you confirm that:

• You have full legal capacity and lawful authority to accept this Statement;
• You have read, understood, and agreed to this Statement; and
• If you do not agree to this Statement, you must immediately cease using the Services.

1.3 Non-Custodial Wallet Specific Notice

The core wallet services provided by us are non-custodial, meaning that:

• We do not hold or control your digital assets;
• We do not generate, store, or back up your private keys, mnemonic phrases, or key shards;
• We do not have the ability to freeze, intervene in, or move on-chain assets.

Unless explicitly required by applicable law, or unless you voluntarily choose to use specific regulated third-party features (such as fiat on-ramps or custodial services), we do not require KYC or real-name verification for providing our core wallet services.

If you choose to use third-party services that require KYC, such data is processed directly by the third party. As a general rule, we do not access, copy, or retain your KYC materials.

2. Data Controller Information and Contact Details

Unless otherwise expressly stated, the Personal Data Controller under this Statement is:

Aoulink Digital Limited

• Place of Incorporation: England and Wales
• Contact Email: support@aoulink.com

2.1 Data Protection Officer

We have appointed a Data Protection Officer to handle requests, inquiries, or complaints relating to your Personal Data. To get in touch, please email support@aoulink.com with "Privacy Request" in the subject line. We will respond in a timely manner as required by law.

2.2 Affiliated Entities

Depending on the specific Services you use, our affiliated entities may participate in the processing of Personal Data as data processors or joint controllers. Relevant details will be disclosed in the supplemental agreements applicable to such modules.

3. Definitions and Terminology

• Personal Data: any information relating to an identified or identifiable natural person, including without limitation name, contact details, device information, online identifiers, and transaction records.
• Sensitive Information: refers to special categories of personal information that require a higher level of protection under various data protection laws.

We do not proactively collect Sensitive Information. If you voluntarily choose to use regulated features provided by third parties, the relevant identity verification is handled independently by such third parties.

• Processing: any operation performed on Personal Data, including collection, storage, use, transmission, disclosure, or deletion.
• Service Providers: third parties contractually engaged to perform specific functions on our behalf.
• Group Companies: our parent company, subsidiaries, or affiliates.

4. Personal Data We Collect and How We Collect It

4.1 Data You Provide Directly

Including without limitation:

• Basic identity information (where required for specific services);
• Contact information (email address, phone number);
• Inquiries or feedback submitted to customer support;
• Information provided through campaigns, testing programs, or surveys.

4.2 Data Collected Automatically

For security, performance, and user experience purposes, we may automatically collect:

• Device information (model, operating system, language settings);
• Log information (access records, error logs);
• Network information (IP address, approximate location, carrier);
• Device identifiers (such as cookies and similar technical identifiers).

4.3 Transactional and On-Chain Data

When you use the AOULINK Wallet, the following data may be involved:

• Wallet addresses;
• On-chain transaction records, balances, and token information;
• Metadata related to contract interactions (timestamps, hashes, contract addresses).

We do not collect or store:

• Private keys;
• Mnemonic phrases (seed phrases);
• MPC key shards;
• Wallet passwords.

Blockchain Transparency Notice:

Blockchain networks are public and immutable. Any third party may independently access or analyze address relationships or transaction records. We cannot control, and are not responsible for, any third-party use of such publicly available data.

4.4 Data from Third Parties

May include:

• Verification results from identity verification, risk control, or compliance screening providers;
• Data from partners or public sources (including public on-chain data).

5. How We Use Your Personal Data

5.1 Purposes of Use

• Provision and Maintenance of Services:
• Wallet operations and feature functionality;
• Display of transaction records;
• Security and Risk Management:
• Fraud prevention and abuse detection;
• Identification of anomalous behavior or devices;
• Risk monitoring and security logging.
• Legal and Compliance Obligations (Where Applicable):
• Performing compliance obligations required by applicable law.
• Product Improvement:
• Aggregated and anonymized analytics;
• Performance optimization and feature enhancement.
• Communications and Support:
• Customer support;
• Important notices and policy updates;
• Marketing communications (subject to your consent and opt-out rights).

5.2 Legal Bases for Processing

We process your Personal Data only where we have a lawful basis to do so. Such bases may include:

• Your consent (under UK GDPR Article 6(1)(a));
• Performance of a contract (including processing necessary to provide the Services you have requested; GDPR Article 6(1)(b));
• Compliance with legal obligations (GDPR Article 6(1)(c); statutory requirements under PDPA and other applicable laws);
• Legitimate interests (GDPR Article 6(1)(f); legitimate interests exception under PDPA), including for security, risk control, fraud prevention, and business operations purposes, with appropriate balancing tests conducted;
• Deemed consent under PDPA, only where the conditions specified by PDPA are met.

6. Sharing and Disclosure of Personal Data

6.1 Group Companies

For technical support, compliance, security, and risk management purposes.

6.2 Service Providers

Including cloud providers, security vendors, customer support vendors, identity verification, and sanctions screening providers. Service providers process Personal Data only in accordance with our instructions and contractual obligations and may not use such data for their own purposes.

6.3 Legal or Regulatory Requirements

Including lawful requests from courts, law enforcement authorities, tax authorities, or regulators.

6.4 Corporate Transactions

In the event of mergers, reorganizations, asset transfers, or insolvency, the recipient will remain bound by this Statement (or by privacy protections no less protective than this Statement).

6.5 With Your Consent

For example, when you voluntarily connect to third-party DApps or choose to enable features involving data sharing.

6.6 No Sale of Personal Data

To the extent permitted by applicable law, we do not sell your Personal Data and do not provide Personal Data to third parties for their independent marketing purposes.

7. Automated Decision-Making and Profiling

We may use automated processing (such as risk scoring or anomaly detection) to evaluate certain behaviors for security, risk control, or compliance purposes.

We do not rely solely on automated decision-making to produce legal or similarly significant effects on you.

Where permitted by applicable law, you may request human review and object to such processing.

8. International Data Transfers

As a UK-incorporated company, when transferring your Personal Data across borders, we comply with the rules on international data transfers under Chapter V of the UK GDPR. We ensure that recipients provide protection at least comparable to UK data protection standards, through one or more of the following mechanisms:

• Legally binding contractual clauses (including data processing agreements (DPAs) entered into with service providers);
• EU Standard Contractual Clauses (SCCs) and the UK Addendum (where applicable);
• Binding Corporate Rules (BCRs) (where approved);
• APEC Cross-Border Privacy Rules (CBPR) certification;
• Other cross-border transfer safeguards recognised by the UK data protection authority.

9. Your Rights

Subject to applicable law, you may have the following rights:

• Right of access: to confirm whether we process your Personal Data and to access such data;
• Right to correction: to request correction of inaccurate or incomplete Personal Data;
• Right to deletion: to request deletion of your Personal Data in specific circumstances;
• Right to restrict processing: to request restriction of processing in specific circumstances;
• Right to data portability: to receive your Personal Data in a structured, commonly used, and machine-readable format;
• Right to object (under GDPR);
• Right to withdraw consent: to withdraw your consent at any time (without affecting the lawfulness of processing prior to withdrawal);
• Right to lodge a complaint: with the relevant data protection authority.

You may exercise the above rights through the contact details listed in Section 2 of this Statement. We will respond within the period required by applicable law.

10. Protection of Minors

The Services are intended only for individuals aged 18 or above (or the legal age of majority in your jurisdiction, whichever is higher). We do not knowingly collect Personal Data from minors. If we become aware of any such situation, we will promptly delete the data in accordance with applicable law.

11. Cookies and Similar Technologies

We use cookies and similar technologies to maintain sessions, analyze usage, deliver personalized experiences, and ensure security. You may manage cookies through your browser or device settings; rejecting necessary cookies may impair the functionality of certain Services.

12. Information Security and Retention

12.1 Information Security

We apply technical and organizational safeguards consistent with industry standards, including transmission encryption, access controls, the data minimization principle, and audit logging. However, no system is absolutely secure; you should also properly safeguard your own devices, accounts, and private keys/mnemonic phrases.

12.2 Retention Period

We retain your Personal Data only for the period necessary to fulfill the purposes set out in this Statement (including compliance obligations, dispute resolution, and contract enforcement). Specific retention periods may vary depending on the data category and applicable legal requirements. When no longer needed, we will securely delete or anonymize the data.

13. Marketing and Communications

Marketing communications (such as product promotions and event notifications) will be sent only with your consent. You may unsubscribe at any time via the "unsubscribe" link in the email or by contacting us.

Operational communications (such as security alerts, policy updates, and service changes) are necessary for the Services and cannot be unsubscribed.

14. Changes to This Statement

We may update this Statement from time to time and will notify you through platform announcements, email, or pop-ups. Material changes will be communicated through more prominent means. Unless otherwise stated, the updated Statement takes effect upon publication; your continued use of the Services constitutes your acceptance of the revised Statement.

15. Language

If multiple language versions of this Statement exist, the English version shall prevail, except where applicable law expressly requires another language version to apply.

16. Governing Law and Dispute Resolution

The interpretation, validity, and performance of this Statement shall be governed by the laws of England and Wales. Any dispute relating to this Statement shall be resolved in accordance with the dispute resolution procedures set out in Section 15 of the AOULINK Terms of Service. The foregoing does not affect your right to lodge a complaint with the data protection authority of your jurisdiction in accordance with applicable law.

17. Jurisdictional Appendices (Regional Supplementary Terms)

The following appendices apply only to users in the relevant jurisdictions when using the Services. In the event of a conflict between an appendix and the main body of this Statement, the appendix shall prevail with respect to users in that jurisdiction.

Appendix A: United Kingdom (UK GDPR)

This Appendix applies to users protected by the UK GDPR and the Data Protection Act 2018.

A.1 Lawful Bases for Processing

• Performance of a contract: to provide you with the Services, support, technical features, and security;
• Compliance with legal obligations: where specific Services or applicable law require us to perform relevant compliance obligations;
• Legitimate interests: to prevent abuse, detect fraud, enhance platform security, and improve product experience; we will conduct legitimate interests balancing tests to ensure your rights are not unduly affected;
• Your consent: where we send you marketing communications, use non-essential cookies, or provide optional features, we may rely on your express consent, which you may withdraw at any time.

A.2 Additional Rights under UK GDPR

• Right to object to processing: on specific grounds (especially where based on legitimate interests);
• Rights regarding automated decision-making: to refuse decisions that significantly affect you and are based solely on automated processing (including profiling).

A.3 International Data Transfers

Where Personal Data is transferred outside the United Kingdom, we will use the UK Addendum to the SCCs (International Data Transfer Addendum / IDTA) or other safeguards recognised under the UK GDPR.

A.4 Complaints

If you have any questions or concerns about how we handle your Personal Data, you may contact us through the channels listed in Section 2 of this Statement. If your concerns are not resolved, you may also lodge a complaint with the UK data protection authority in accordance with applicable law.

Appendix B: European Union / European Economic Area (GDPR)

This Appendix applies to users located in the European Union (EU) or the European Economic Area (EEA).

B.1 Lawful Bases for Processing

• Performance of a contract: to provide you with the Services, support, technical features, and security;
• Compliance with legal obligations: where specific Services or applicable law require us to perform relevant compliance obligations;
• Legitimate interests: to prevent abuse, detect fraud, enhance platform security, and improve product experience;
• Your consent: where we send you marketing communications, use non-essential cookies, or provide optional features, we may rely on your express consent, which you may withdraw at any time.

B.2 Additional Rights under GDPR

• Right to object to processing: on specific grounds (especially where based on legitimate interests);
• Rights regarding automated decision-making: to refuse decisions that significantly affect you and are based solely on automated processing (including profiling);
• You also have the right to lodge a complaint with the data protection supervisory authority in your country in accordance with applicable law.

B.3 Cross-Border Data Transfers

If Personal Data needs to be transferred outside the EEA, we will use:

• The EU Standard Contractual Clauses (SCCs);
• Data Protection Agreements (DPAs); and/or
• Other safeguards recognised under the GDPR.

Appendix C: Singapore (PDPA)

This Appendix applies to users protected under the Singapore Personal Data Protection Act (PDPA).

C.1 Consent and Statutory Exceptions

In addition to your express or deemed consent, we may process your Personal Data in any of the statutory exceptions permitted by the PDPA, including without limitation:

• Compliance with legal or regulatory requirements;
• Protection of personal or property safety;
• Internal operational purposes reasonably necessary for providing the Services;
• Publicly available data; and
• Other circumstances permitted under Schedule 1 or Schedule 2 of the PDPA.

C.2 Cross-Border Transfers

We will transfer Personal Data only in compliance with the Transfer Limitation Obligation under the PDPA, ensuring that recipients provide protection at least comparable to the standard set out in the PDPA.

C.3 Data Breach Notification

In the event of a significant data breach, we will notify the Singapore data protection authority in a timely manner as required by law, and notify affected users where applicable.

C.4 Complaints

If you have any questions or concerns about how we handle your Personal Data, you may contact us through the channels listed in Section 2 of this Statement. If your concerns are not resolved, you may also lodge a complaint with the Singapore data protection authority in accordance with applicable law.

Appendix D: Hong Kong (PDPO)

D.1 Transfer of Personal Data outside Hong Kong

We may transfer your Personal Data to areas outside Hong Kong in the following circumstances:

• Such areas have privacy protection standards comparable to the PDPO;
• You have given written consent;
• Necessary to enter into or perform a contract with you;
• Necessary to protect your significant interests; and/or
• Other circumstances permitted or required by law.

D.2 Data Protection Principles (DPPs)

• Lawful and fair collection;
• Specific purpose of data use;
• Reasonable retention period;
• Data accuracy and security; and
• User access and correction rights.

D.3 Complaints

If you have any questions or concerns about how we handle your Personal Data, you may contact us through the channels listed in Section 2 of this Statement. If your concerns are not resolved, you may also lodge a complaint with the Hong Kong personal data protection authority in accordance with applicable law.

Appendix E: Australia (Privacy Act / APPs)

E.1 Lawful Basis for Processing

• Compliance with applicable legal requirements;
• Provision of the Services; and
• Legitimate business purposes (security, risk control, service improvement).

E.2 Processing Without Consent

• Compliance with the law or a court order;
• Protection of life, safety, or the public interest; and
• Other circumstances with legal authority or obligation.

E.3 Disclosure of Personal Information Overseas

We will ensure that recipients comply with the APPs, have implemented equivalent protection, or that disclosure is made under a legal exception.

E.4 Complaints

If you are dissatisfied with our handling of a matter, you may lodge a complaint with the Australian data protection authority in accordance with applicable law.

— END OF DOCUMENT —

Part III — Risk Disclosure Statement

This AOULINK Risk Disclosure Statement (the "Statement") is issued by Aoulink Digital Limited, a limited company incorporated in England and Wales ("we," "us," or "our"), to disclose clearly and comprehensively the principal risks that you may face when using the AOULINK Wallet platform, products, and related services (collectively, the "Services"). This Statement forms an integral part of the AOULINK Terms of Service and is incorporated therein by reference, with the same legal effect.

In the event of any inconsistency between this Statement and the summary risk disclosure in Section 4 of the AOULINK Terms of Service, this Statement shall prevail.

I. Introduction and Scope of Application

• This Statement applies to all users who access, connect to, or use the Services, including any activities involving the initiation of transactions through a digital wallet, connection to decentralized applications (DApps), access to third-party protocols, or interaction with digital assets.
• This Statement is intended to describe the principal categories of risks so that you may fully understand the circumstances that could result in loss prior to using the Services.
• If you are unable to understand or accept the risks described in this Statement, you should immediately cease using the Services.

II. Suitability and Assumption of Risk

• Digital asset-related activities are suitable only for users who possess sufficient knowledge, experience, and risk tolerance.
• All decisions made in connection with the use of the Services are made solely by you, and you bear full responsibility for all resulting consequences.
• You should ensure that your financial condition is sufficient to withstand partial or total losses, including, without limitation, scenarios involving complete loss of value, irrecoverability of assets, or inability to dispose of assets.

III. Service Positioning and Important Notices

Please note the following before using the Services:

• Non-Custodial Software Wallet: AOULINK Wallet is a self-custodial (non-custodial) software wallet, and you have full control over your private keys and the digital assets in your wallet. We do not hold or control your private keys, mnemonic phrases, or digital assets, nor do we receive, custody, or dispose of your fiat currency or digital assets in any form.
• Cross-Jurisdictional Regulatory Differences: The Services are accessible globally, but regulatory attitudes towards digital assets, wallet services, DEXs, NFTs, and similar services vary significantly across jurisdictions. In some jurisdictions, the use of such services may be restricted or prohibited. You are responsible for understanding and complying with the laws of your jurisdiction.

IV. Risks Inherent in Digital Assets

As an emerging technological and financial construct, digital assets inherently involve the following risks:

• Non-Legal Tender:
• Digital assets are generally not legal tender and are not backed by any government, central bank, or institution. They are not protected by deposit insurance or guarantee schemes.
• High Volatility:
• Prices of digital assets may fluctuate significantly within short periods of time, potentially resulting in substantial financial losses.
• Unstable Value Foundation:
• The value of digital assets may rely solely on market consensus, liquidity, or protocol mechanisms. A loss of market confidence may cause rapid depreciation or complete loss of value.

V. Market Risks

• Liquidity Risk:
• Certain digital assets may suffer from insufficient liquidity, which may result in inability to execute transactions in a timely manner, significant slippage for large transactions, or inability to sell assets when desired.
• Market Disruptions and Abnormal Volatility:
• Market mechanisms may be affected by abnormal trading activity, extreme market conditions, black swan events, or market manipulation by large holders, leading to sharp price fluctuations.
• Changes in Market Mechanisms:
• Actions taken by third-party platforms (centralized or decentralized), including asset delisting, service suspension, or transfer restrictions, may result in a sharp decline in asset value or reduced liquidity.

VI. Technology and Blockchain-Related Risks

• Underlying Network Risks:
• Blockchain networks may experience forks, chain reorganizations, changes in consensus mechanisms, or network stalling/congestion, which may cause transaction delays or failures.
• Network Attacks:
• The blockchain ecosystem may be subject to 51% attacks, distributed denial-of-service (DDoS) attacks, Sybil attacks, or double-spending attacks, potentially leading to abnormal pricing, transaction failures, or asset losses.
• Infrastructure Dependence:
• The Services rely on networks, devices, and software systems. Any failure in internet connectivity or supporting infrastructure may affect transaction execution.
• Emerging Technology Risks:
• Advances in cryptography or computing technologies (including quantum computing) may compromise existing wallet or blockchain security mechanisms.

VII. Wallet and Key Management Risks

• Non-Custodial Structure:
• AOULINK Wallet is a non-custodial wallet, meaning we do not store, control, or recover your private keys or mnemonic phrases; we cannot initiate, revoke, or block any transactions; loss of private keys will result in the permanent and irrecoverable loss of control over the relevant digital assets.
• Private Key / Mnemonic Phrase Risks:
• Loss, disclosure, theft, or sharing of your private keys or mnemonic phrases may enable others to gain unrestricted control over your assets.
• Device Risks:
• If your device is affected by malware, jailbreaking, or rooting, or is connected to untrusted networks, your assets may be exposed to theft.
• Authorisation Notice:
• When you connect your wallet to a third-party DApp or sign a smart contract approval, you are effectively authorising that DApp to act in respect of your assets within the scope of the approval. You should carefully review the DApp you are connecting to, and the content of the approval, before signing.

VIII. Transaction Execution and On-Chain Irreversibility Risks

• Irreversibility:
• Once a blockchain transaction is confirmed, it is generally irreversible. Losses caused by incorrect addresses, incorrect networks, or operational errors are irreversible and cannot be reversed or recovered.
• Slippage and Price Differences:
• Due to continuously changing on-chain conditions, the actual execution price may differ from the price displayed at the time of signing, and transactions may fail due to market changes even though network fees have been incurred.
• Transaction Delays:
• Network congestion or insufficient transaction fees may cause transactions to remain pending for extended periods or ultimately fail.
• User Errors:
• Including, without limitation, entering incorrect addresses, accidentally signing malicious contracts, or granting approvals without understanding the transaction content.

IX. Third-Party Applications

AOULINK Wallet enables you to connect to and use various third-party decentralised applications (including DApps, DEXs, cross-chain bridges, NFT marketplaces, and similar services). These applications are developed and operated by independent third parties and are not affiliated with us. When using third-party applications, please bear in mind the following:

• Third-Party Protocols. You should familiarise yourself with the operation of any protocol before using it, and where possible, choose protocols that have been independently audited and validated by the wider community.
• Cross-Chain Bridges. Cross-chain transactions involve the mapping of assets across different networks. You should familiarise yourself with the design and track record of a bridge before using it.
• NFTs. Each NFT is unique in terms of authenticity, associated rights, and market liquidity. You should research the relevant project background before entering into any transaction.

X. Legal and Regulatory Risks

• Regulatory Uncertainty:
• Regulatory frameworks governing digital assets vary significantly across jurisdictions and continue to evolve. Regulatory changes may result in certain assets being deemed illegal or restricted, may affect the Services, or may restrict users’ ability to hold, trade, or use digital assets.
• Jurisdictional Conflicts:
• Certain jurisdictions may not recognize the legal validity of on-chain assets or may impose additional regulatory requirements on wallets or transactions.

XI. Tax and Accounting Risks

• Digital asset transactions may be subject to capital gains tax, income tax, goods and services tax (GST), or other taxes; tax treatment of digital assets varies significantly across jurisdictions.
• Tax laws are subject to frequent changes. You are responsible for determining and complying with applicable tax obligations.
• Incorrect tax reporting may result in penalties, audits, or other legal consequences.
• We will not withhold, report, or pay any taxes on your behalf, nor will we provide tax advice.

XII. Safety Reminders

To help protect your assets, please be mindful of the following situations:

• Loss or disclosure of private keys or mnemonic phrases;
• Use of jailbroken, rooted, or compromised devices;
• Authorization of malicious DApps or untrusted contracts;
• Entry of incorrect addresses;
• Transfer of assets to incompatible blockchains;
• Blindly signing transactions without reviewing prompts;
• Use of phishing websites or counterfeit applications.

In such situations, we are unable to assist in recovering your assets. Please exercise particular caution.

XIII. Jurisdiction-Specific and Localization Risks

Certain jurisdictions may impose specific restrictions on digital asset trading, holding, reporting, cross-border transfers, or wallet usage. You are solely responsible for understanding and complying with applicable local laws. Where required by applicable law, we will adjust the scope of the Services accordingly.

XIV. Non-Exhaustive Nature of Risk Disclosure

• This Statement discloses only the principal categories of risks and does not cover all potential future or unforeseen risks.
• New technologies, market practices, financial instruments, or regulatory developments may give rise to additional risks that cannot currently be predicted.
• You should continuously monitor industry developments and remain responsible for your own decisions.

Conclusion

By using the Services, you acknowledge and agree that:

• You have read, understood, and accepted all risks disclosed in this Statement;
• You possess sufficient knowledge, experience, and risk tolerance to engage in digital asset activities;
• You agree to assume all risks and potential losses arising from your use of the Services.

If you do not agree with any part of this Statement, you should immediately cease using the Services.

— END OF DOCUMENT —