Draft — pending legal review

This Privacy Policy describes how LAC collects, uses, stores, and protects personal information in connection with invitation-only platform access, KYC procedures, and operational support. It applies to data processed through our websites, application workspace, and related communication channels.

This document is provided for informational purposes and remains subject to revision following counsel review. For questions regarding these policies, please contact legal@lac.com.

We collect identification and contact details provided during registration and onboarding, including name, email address, jurisdiction, and institutional affiliation where applicable. KYC and compliance workflows may require government-issued identification, proof of address, ownership structure documentation, and source-of-funds declarations.

We also process technical and usage data: IP addresses, device identifiers, session logs, API call metadata, Token consumption records, and audit trails associated with mandate configuration and execution events. Exchange connectivity requires storage of API credentials and venue account identifiers under encryption and access controls described in security documentation.

Personal data is used to establish and maintain your account, verify eligibility, perform KYC and ongoing due diligence, meter Token usage, and provide customer support. We use logs and telemetry to secure the platform, detect abuse, and improve reliability of infrastructure services.

Aggregated or de-identified analytics may inform capacity planning and product development. We do not sell personal information to third parties for marketing purposes. Processing for compliance, fraud prevention, and legal obligation fulfilment may occur without separate consent where permitted by law.

We share information with service providers that assist with hosting, identity verification, payment processing, and communications, subject to contractual confidentiality and data protection obligations. Venue connectivity may require transmission of order and account metadata to third-party exchanges or brokers as directed by your configuration.

We may disclose information to regulators, law enforcement, or courts when required by applicable law, subpoena, or formal regulatory request. In corporate transactions such as restructuring, data may transfer subject to continuity of protections consistent with this policy.

LAC implements administrative, technical, and organisational measures including encryption in transit and at rest for sensitive credentials, role-based access control, and segregated production environments. No system is entirely immune from breach; we maintain incident response procedures and notify affected users where required by law.

Retention periods vary by data category: KYC records and compliance logs are kept for durations mandated by AML regulations; session and audit logs follow operational and legal schedules; marketing preferences are retained until withdrawn. Upon account closure, personal data is deleted or anonymised except where retention is legally required.

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port personal data, and to object to certain processing activities. Requests may be submitted through your workspace settings or by contacting the address below; identity verification may be required before fulfilment.

Where processing is based on consent, you may withdraw consent without affecting the lawfulness of prior processing. You may lodge a complaint with a supervisory authority if you believe your rights have been infringed, in addition to contacting LAC directly.

LAC operates infrastructure across multiple regions. Personal data may be transferred to countries with different data protection standards, safeguarded by appropriate mechanisms such as standard contractual clauses or equivalent arrangements where required.

The data controller for your relationship is identified in onboarding materials. Privacy-related inquiries, rights requests, and data protection correspondence should be directed to the contact email listed on this page. We aim to acknowledge substantive requests within a reasonable timeframe consistent with applicable law.