Cupcake – Privacy Policy

Last updated on September 1, 2022

Cupcake Studios Inc. (“Cupcake,” “we,” “us,” or “our”) respects and protects the privacy of its users. This privacy policy (this “Privacy Policy”) explains how we collect, use, and share information gathered through our website , web applications, mobile applications, downloadable software applications, or application programming interfaces (“APIs”) or any other services or interfaces owned or controlled by us that links to this Privacy Policy (collectively the “Services”). It also describes your rights and choices with respect to your information, and how you can contact us if you have any questions or concerns.

An Important Note: This Privacy Policy does not apply to any of the personal information that we process on behalf of our customers (e.g. brands) through their use of our Services (“Customer Data”). Our customers’ respective privacy policies govern their collection and use of Customer Data. Our processing of Customer Data is governed by the contracts that we have in place with our customers, not this Privacy Policy. Any questions or requests relating to Customer Data should be directed to our customer.

  • 1. Personal Information We Collect

We may collect Personal Information about you directly from you and automatically through your use of the Services, as well as from third parties. In this Policy, “Personal Information” means any information relating to an identified or identifiable individual.

  • A. Personal Information You Provide

When you use the Services or contact us, as applicable, you may provide us with:

  • Contact Information, such as your phone number.

  • Financial Information, such as your blockchain (e.g., Solana or Ethereum) network address, cryptocurrency wallet information, transaction history, trading data and associated network fees paid, and the relevant NFTs in your digital wallet. We will never ask you to provide or collect your private keys.

  • Transaction Information, such as the type of transaction, transaction amount, and timestamp;

  • Correspondences such as your feedback, questionnaire and other survey responses, and information you provide to our support teams, including via our help chat.

  • Personal Information from sweepstakes or contests that we offer. In some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.

  • Conferences, Trade Shows, and Other Event Information that we obtain from individuals when we attend or host conferences, trade shows, and other events.

  • Business Development and Strategic Partnership Information we collect from individuals and third parties to assess and pursue potential business opportunities.

  • Applicant information in connection with applying for a career with Cupcake, such as your contact information, information in your resume or CV, information from any website you choose to link to (e.g., LinkedIn or Twitter), and any other information you choose to provide.

  • B. Personal Information We Collect Automatically

  • Automatic Collection of Personal Information. We may collect certain information when you use our Services, such as your IP address, web browser, device type, and location information (including approximate location derived from IP address).

  • Usage Information. We may also automatically collect information regarding your use of our Site, such as and the web pages that you visit just before or just after you use the Services, as well as information about your interactions with the Services, such as the date and time of your visit, and where you have clicked.

    • Crash Reports. If you provide crash reports, we may collect Personal Information related to such crash reports, including detailed diagnostic information about your device and the activities that led to the crash.
  • Cookie Policy (and Other Technologies). We, as well as third parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect information through your use of our Services.

  • Cookies. Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience.

  • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in our Services that collects information about engagement on our Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

Our uses of these Technologies fall into the following general categories:

  • Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity, improve security, or allow you to make use of our functionality;

  • Performance-Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services (see Analytics below);

  • Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;

  • Advertising- or Targeting-Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party digital properties.

See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.

  • Analytics. We may use Technologies and other third-party tools to process analytics information on our Services. These Technologies allow us to better understand how our digital Services are used and to continually improve and personalize our Services. Some of our analytics partners include:

  • Google Analytics. For more information about how Google uses your personal information (including for its own purposes, e.g., for profiling or linking it to other data), please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.

  • Social Media Platforms. If you post on Cupcake social media pages or post about Cupcake on other publicly available services, these features may collect your IP address and which page you are visiting on our Services and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing it.

  • C. Personal Information We Collect from Third Parties

  • Third-Party Sources. We may obtain information about you from other sources, including through third-party services and organizations. For example, if you access our Site through a third-party application, such as our wallet provider Magic Link, or a social networking site, we may collect information about you from that third-party application that you have made available via your privacy settings for such third-party application, such as your profile information and the time, date and content of your posts.

  • Blockchain Networks. We may get information about you from blockchain networks that we have access to. This Personal Information may include public wallet addresses and details about transactions carried out on the applicable blockchain network.

  • 2. How We Use Personal Information

  • A. Provide Our Services

We use your information to fulfil our contract with you and provide you with our Services, such as:

  • Managing your information and accounts;

  • Providing access to certain areas, functionalities, and features of our Services;

  • Answering requests for customer or technical support;

  • Communicating with you about your account, activities on our Services, and policy changes;

  • Processing your financial information and other payment methods for products or Services purchased;

  • Processing applications if you apply for a job we post on our Services; and

  • Allowing you to register for events.

  • B. Administrative Purposes

We use your information for various administrative purposes, such as:

  • Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;

  • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;

  • Measuring interest and engagement in our Services;

  • Short-term, transient use, such as contextual customization of ads;

  • Improving, upgrading, or enhancing our Services;

  • Developing new products and services;

  • Ensuring internal quality control and safety;

  • Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Policy;

  • Debugging to identify and repair errors with our Services;

  • Auditing relating to interactions, transactions, and other compliance activities;

  • Sharing Personal Information with third parties as needed to provide the Services;

  • Enforcing our agreements and policies; and

  • Carrying out activities that are required to comply with our legal obligations.

  • C. Marketing and Advertising our Services

We may use Personal Information to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law.

Some of the ways we or our partners may market to you include text messages, custom audiences advertising, and “interest-based” or “personalized advertising,” including through cross-device tracking.

  • D. With Your Consent

We may use Personal Information for other purposes that are clearly disclosed to you at the time you provide Personal Information or with your consent.

  • E. De-Identified and Aggregated Information

We may use Personal Information to create de-identified and/or aggregated information, such as demographic information, information about the device from which you access our Services, or other analyses we create.

  • 3. How We Share Your Personal Information

We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

  • A. Disclosures to Provide Our Services

  • Notice Regarding Use of Blockchain Networks. Information about transactions you enter into via the Services will be recorded on the blockchain and may be accessible to third parties due to the public nature of the blockchain. Because entries to the blockchain are, by their nature, public, and because it may be possible for someone to identify you through your pseudonymous, public wallet address using external sources of information, any transaction you enter onto the blockchain could possibly be used to identify you, or information about you.**

  • Other Users of the Services and Parties You Transact With. Some of your Personal Information may be visible to other users of the Services (e.g., information featured on generally accessible parts of the contracts). In addition, to complete transfers via the Services, we will need to share some of your Personal Information with the party that you are transacting with.

  • Service Providers. We may share your Personal Information with our third-party service providers and vendors that assist us with the provision of our Services. This includes service providers and vendors that provide us with website hosting data analysis, information technology and related infrastructure provision, customer service, auditing, and other services.

  • Business Partners. We may share your Personal Information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.

  • Affiliates. We may share your Personal Information with our company affiliates, for example: for our administrative purposes, IT management, or for them to provide services to you or support and supplement the Services we provide.

  • Third Party Websites and Applications. You may choose to share Personal Information or interact with third-party websites and/or third-party applications, including, but not limited to, social media sites and third-party electronic wallet extensions. Once your Personal Information has been shared with a third-party website or a third-party application, it will also be subject to such third party’s privacy policy. We encourage you to closely read each third-party website or third-party application privacy policy before sharing your Personal Information or otherwise interacting with them. Please note that we do not control, and we are not responsible for the third-party website’s or the third-party application’s processing of your Personal Information.

  • Advertising Partners. We may share your Personal Information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.”

  • APIs/SDKs. We may use third-party APIs and software development kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth in “Contact Us” below.

  • B. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

  • To a potential or actual acquirer, successor, or assignee as part of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in bankruptcy or similar proceedings).

  • C. Disclosures to Protect Us or Others

  • We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate (a) to comply with legal process, such as a court order or subpoena; (b) to respond to law enforcement or national security requests from public and government authorities, including public and government authorities outside your country of residence; (c) to enforce our policies or contracts; (e) assist with an investigation or prosecution of suspected or actual illegal activity; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

We may use and disclose aggregated or otherwise de-identified information for any purpose, unless we are prohibited from doing so under applicable law.

  • 5. Security

We maintain administrative, technical and physical safeguards designed to protect the Personal Information we maintain against unauthorized access or disclosure. No system can be completely secure. Therefore, although we take steps to secure your information, we cannot guarantee that your information, searches, or other communication will always remain secure. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of Personal Information. You are responsible for all activity relating to any of your Ethereum network addresses and/or cryptocurrency wallets.

By using our Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services or on our social media platforms, or by sending a text to you.

  • 6. Your Privacy Choices and Rights

Your Privacy Choices. The privacy choices you may have about your Personal Information are determined by applicable law and are described below.

  • Text Messages.** If you receive an unwanted text message from us, you may opt out of receiving future text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in “Contact Us” below.

  • “Do Not Track. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

  • Cookies and Personalized Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS, and others.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

Please note you must separately opt out in each browser and on each device.

Your Privacy Rights. In accordance with applicable law, you may have the right to:

  • Access to and Portability of Your Personal Information, including: (i) confirming whether we are processing your Personal Information; (ii) obtaining access to or a copy of your Personal Information; and (iii) receiving an electronic copy of Personal Information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine readable format (also known as the “right of data portability”);

  • Request Correction of your Personal Information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your Personal Information;

  • Request Deletion of your Personal Information;

  • Request Restriction of or Object to our** processing of your Personal Information where the processing of your Personal Information is based on our legitimate interest or for direct marketing purposes; and

  • Withdraw your Consent to our processing of your Personal Information. Please note that your withdrawal will only take effect for future processing,and will not affect the lawfulness of processing before the withdrawal.

If you would like to exercise any of these rights, please contact us as set forth in “Contact Us”** below. We will process such requests in accordance with applicable laws.

You have several rights and choices with regard to our use of your Personal Information. You may, of course, decline to share certain Personal Information with us, in which case we may not be able to provide to you some of the features and functionality of the Services. If you wish to access, amend, or delete any other Personal Information we hold about you, you may contact us using the contact details at the end of this Policy. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so, as permitted under applicable data protection law.

  • 7. International Data Transfers

All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.

When transferring your Personal Information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, we will use contractual protections such as the EU Standard Contractual Clauses to support such transfer.

For more information about how we transfer Personal Information outside of the EEA, you may contact us as specified below.

  • 8. Notice to California Residents

We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to explain to California residents how we collect, use and share their Personal Information, and the rights and choices we offer California residents regarding our handling of their Personal Information.

  • i. CCPA Disclosures

| Category of Personal Information Collected by Cupcake | Category of Third Parties Personal Information is Disclosed to for a Business Purpose | | :-------------------------------------------------------------------------------------------------------------------------------: | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | | Identifiers. | - Blockchain Networks- Other Users of the Services and Parties You Transact With- Service Providers- Business Partners - Affiliates - Third Party Websites and Applications - Advertising Partners | | Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | - Blockchain Networks- Other Users of the Services and Parties You Transact With- Service Providers- Business Partners - Affiliates - Third Party Websites and Applications - Advertising Partners | | Commercial information | - Blockchain Networks- Other Users of the Services and Parties You Transact With- Service Providers- Business Partners - Affiliates - Third Party Websites and Applications - Advertising Partners | | Internet or other electronic network activity | - Blockchain Networks- Other Users of the Services and Parties You Transact With- Service Providers- Business Partners - Affiliates - Third Party Websites and Applications - Advertising Partners | | Professional or employment-related information | - Service Providers- Affiliates |

The categories of sources from which we collect Personal Information and our business and commercial purposes for using Personal Information are set forth in “Personal Information We Collect” and “How We Use Personal Information” above, respectively.

  • ii. Privacy Practices

We do not “sell” the Personal Information we collect (as such term is defined in the CCPA), nor do we have actual knowledge of any “sale” of Personal Information of minors under 16 years of age. Like many companies, we may use third-party cookies for our advertising purposes. If you would like to learn how you may opt out of our use of Cookies and other tracking technologies, please review the instructions provided in the “Your Privacy Choices and Rights” section of this Policy.

  • iii. Additional Privacy Rights for California Residents

The CCPA grants individuals the following rights:

Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.**

Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. To designate an authorized agent, please contact us as set forth in “Contact Us” below.

Verification. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include confirming the phone number associated with any Personal Information we have about you. If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.

If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.

Accessibility. This Privacy Policy uses industry-standard technologies and was developed in line with the World Wide Web Consortium’s Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.**

  • 9. Supplemental Notice for Nevada Residents

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us as set forth in “Contact Us” below with the subject line “Nevada Do Not Sell Request” and providing us with your name and phone number associated with your account. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A.

  • 10. Use of Services by Minors

To the extent prohibited by applicable law, we do not allow use of our Services and Sites by anyone younger than 16 years old (or other age as required by local law). If you learn that anyone younger than 16 has unlawfully provided us with Personal Information, please contact us at and we will take steps to delete such information, close any such accounts, and, to the extent possible, prevent the user from continuing to use our Services.

  • 11. Retention

We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required or permitted by law to keep this information for a longer period. When determining the specific retention period, we take into account various criteria, such as the type of Services provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the relevant statute of limitations.

  • 12. Updates to this Privacy Policy

We may make changes to this Privacy Policy. The “Last updated” date at the top of this page indicates when this Privacy Policy became effective. If we make material changes, we may notify you through the Services or by sending you a text message or other communication. We encourage you to read this Privacy Policy periodically to stay up-to-date about our privacy practices. Your use of the Services following these changes means that you accept the revised Privacy Policy.

  • 13. Supervisory Authority

If you are located in the European Economic Area, Switzerland, or the United Kingdom you have the right to lodge a complaint with a supervisory authority if you believe our processing of your Personal Information violates applicable law.

Unless otherwise indicated in this Privacy Policy, Cupcake is the entity responsible or “data controller” for the processing of Personal Information described in this Privacy Policy. If you have any questions about this Privacy Policy or our privacy practices in general, please contact us via email at

1 39876/00100/FW/16213840.7