Privacy Policy

PRIVACY POLICY

Last Updated: 28 January 2026

This Privacy Policy explains how personal data is collected, used, disclosed, and protected when you access or use the Akira platform, including any websites, mobile applications, web applications, interfaces, APIs, software, features, and related services made available from time to time (collectively, the “Platform”). References to “Company,” “we,” “us,” or “our” refer to Exodia Technology (KL) PLT, the operator of the Akira Platform. References to “you” or “User” refer to any individual or entity that accesses or uses the Platform. By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy.

The Company is a technology platform provider. Certain services accessible through the Platform are provided by independent, licensed third-party service providers. Where personal data is processed by such third parties, their respective privacy policies and terms apply.

Personal Data We Collect
We may collect personal data that you provide directly, data generated through your use of the Platform, and data obtained from third-party sources where permitted by law.

Personal data you provide may include identifiers such as name, email address, phone number, date of birth, nationality, residency information, government-issued identification details, photographs or biometric verification data where required by third-party service providers, account credentials, communication content, and information submitted through onboarding, support channels, or forms.

Usage and technical data may be collected automatically when you access or use the Platform. This may include IP address, device identifiers, operating system, browser type, app version, access timestamps, interaction data, logs, diagnostic information, and metadata relating to Platform usage. When accessing the Platform via a mobile device, this may include device IDs, mobile operating system information, and network information.

Transactional and service-related metadata may be generated in connection with Platform usage, including timestamps, service access records, event logs, risk indicators, and interaction records. The Company does not custody funds or process payment transactions; however, limited metadata may be processed to facilitate service access, security, compliance coordination, and operational integrity.

We may also receive personal data from third-party service providers, compliance partners, identity verification providers, analytics providers, infrastructure providers, and other partners where you interact with their services through the Platform or where permitted by law.

How We Use Personal Data
We process personal data for purposes including operating and maintaining the Platform, enabling access to services, verifying identity where required, communicating with users, providing customer support, monitoring Platform performance, detecting fraud, preventing misuse, managing risk, ensuring security, complying with legal and regulatory obligations, improving products and services, conducting analytics, and supporting internal business operations.

Personal data may also be used to personalize Platform features, improve user experience, analyze trends, develop new services, and support research and development activities. Marketing communications are only sent where permitted by applicable law or with your consent, and you may opt out where required.

Automated Analysis and Artificial Intelligence
To enhance security, efficiency, reliability, and service quality, the Company may use automated systems, including machine learning or artificial intelligence-based tools, to analyze Platform usage data, transactional metadata, device information, and related signals. These systems may be used for purposes such as fraud detection, risk assessment, anomaly detection, service optimization, monitoring, personalization, analytics, and product development.

Any automated analysis is conducted in accordance with applicable laws and does not constitute automated decision-making producing legal or similarly significant effects on users without appropriate safeguards, including human review where required. Automated systems are continuously assessed for accuracy, fairness, security, and compliance.

Disclosure of Personal Data
We may disclose personal data to third parties only as necessary and permitted by law, including to independent service providers that support Platform operations such as hosting, cloud infrastructure, analytics, security, customer support, communications, compliance tooling, and professional advisors.

Personal data may be disclosed to independent, licensed third-party service providers that offer regulated services accessible through the Platform, such as identity verification, compliance screening, payment processing, card issuance, digital wallet provisioning, or transaction monitoring, where required to enable such services.

We may disclose personal data to public authorities, regulators, courts, or law enforcement agencies where required by law, regulation, legal process, or to protect rights, safety, and security.

In the event of a corporate transaction such as a merger, acquisition, restructuring, or sale of assets, personal data may be disclosed to relevant parties subject to appropriate safeguards.

Cross-Border Data Transfers
Personal data may be transferred, stored, or processed in jurisdictions outside your country of residence, including where our service providers or partners operate. Where such transfers occur, we implement appropriate safeguards to ensure personal data is protected in accordance with applicable data-protection laws.

Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal and regulatory obligations, resolve disputes, enforce agreements, and protect legitimate business interests. Retention periods vary depending on the nature of the data and applicable legal requirements. When personal data is no longer required, it is securely deleted or anonymized.

Security Measures
We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include access controls, encryption, monitoring, and security assessments. However, no system can guarantee absolute security, and residual risks may remain.

Your Rights
Subject to applicable law, you may have rights in relation to your personal data, including the right to access, correct, update, object to processing, request restriction, request deletion, withdraw consent where applicable, and request data portability. Requests may be subject to identity verification and legal limitations.

Where personal data is processed by third-party service providers acting as independent controllers, requests relating to that processing may need to be directed to the relevant provider.

Children
The Platform is not intended for individuals under the age of eighteen (18) or the age of majority in their jurisdiction. We do not knowingly collect personal data from minors. If we become aware that personal data of a minor has been collected, we will take appropriate steps to delete it.

Third-Party Links and Services
The Platform may contain links to third-party websites, services, or applications not operated by the Company. This Privacy Policy does not apply to those third parties, and we encourage you to review their privacy policies before interacting with them.

Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes become effective when posted on the Platform. Continued use of the Platform after an update constitutes acceptance of the revised Privacy Policy.