Privacy Policy of Sigma De-Fi Trading Platform
Last Updated: 2025-03-29
Version No: 001
Please read this Privacy Policy ("Policy") carefully before using the services provided by Code Forge LLC ("Company"). The Company is a limited liability company, incorporated and acting under the laws of Saint Vincent and the Grenadines, company number 3584 LLC 2024, having its registered address at Euro House, Richmond Hill Road, Kingstown, St. Vincent and the Grenadines.
If you are accessing or using our System and Services, you agree to be bound by applicable Terms and Conditions ("Terms"), as well as our Policy (which also includes our Cookie Policy) and any other applicable policies from time to time. If you do not agree to any of these, you must not use our Services and System.
All definitions and rules set forth in the Terms are applicable to this Policy.
This Policy explains how the Company collects, uses, discloses, and protects Users' personal information while providing its Services through the Bot, Forum, Website, Guide, and other digital platforms (collectively, the "System"). By accessing and using the System, Users expressly agree to the terms outlined in this Policy.
1. Company as a data controller
1.1. This Policy is prepared in accordance with the best practices and principles of data protection, with the goal to ensure User’s personal data is processed fairly and lawfully, while the Company is using data only for specified purposes, ensuring data accuracy, retaining data only as necessary, and implementing appropriate security measures to protect against unauthorized access or breaches.
1.2. The Company is typically the “data controller” of any personal information provided to the Company. Very occasionally, the Company might act on specific retainers as a “processor” (by processing personal data only in accordance with the directions of a data controller).
1.2.1. A data controller is a person or organization that determines the purposes and means of processing personal data. In other words, the data controller decides why and how personal data should be processed and is responsible for ensuring compliance with data protection requirements.
1.2.2. A data processor is a person or organization that processes personal data on behalf of a data controller, following the controller’s instructions. The processor does not own or control the data but handles it for specific tasks like storing, analyzing, or transferring information.
1.3. The Company, as a data controller (or in some cases – data processor), has the following obligations:
1.3.1. Data transfers. The Company shall not transfer personal data to country or territory outside the Saint Vincent and the Grenadines unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
1.3.2. Data processing records. The Company shall keep data processing records upon its own decision, unless such record keeping is mandatory legal requirement.
1.3.3. Data protection officer appointment. The Company may assign a data protection officer to ensure proper data protection requirement implementation and optimization of procedures upon its own decision or mandatory legal requirement.
1.3.4. Data breach notification. The Company strives to protect your personal data in the best way possible. However, sometimes data breaches occur, and such event can happen for various reasons. In the case of a data breach that would prejudice the privacy, confidentiality and security of the personal data of a data subject, the Company, as a data controller, immediately upon becoming aware of such breach, shall notify the authorized authority and you (if needed) of such data breach and take action to eliminate or minimize the harm.
1.3.5. Data retention. The Company shall not store personal data after the completion of the purpose for which such data was processed unless the identity of the data subject is no longer identifiable through the use of anonymization techniques.
1.3.6. Sensitive personal data protection. In general, the Company does not process any special categories of personal data from Users. This includes data that reveals racial or ethnic origin, political opinions, religious or ideological convictions or trade union membership, as well as genetic and biometric data. In some cases, during verification, in addition to the actual verification data (e.g. screenshots of ID documents and identification data from them, place of residence, status of politically exposed persons, video data, etc.), biometric data (e.g. personal data resulting from specific technical processing in connection with the physical, physiological or behavioral characteristics of a person and data for the clear identification of a person, e.g. facial images, dactyloscopic data) are recorded. Such processing of biometric data takes place exclusively based on your express consent, which you can revoke at any time.
1.3.7. Proper agreements between controller and processor. The processor shall perform and implement the processing of personal data based on the instructions of the controller and in accordance with the contracts and agreements entered between them, which shall specifically set out the scope, subject-matter, purpose and nature of the processing, the type of personal data, and categories of data subjects. The Company, either acting as a controller or the processor, shall make sure beforehand that such agreements are concluded and are proper for planned data processing.
1.4. If you have any questions regarding the processing of your personal data and the exercise of your rights under this Policy, you can contact our team at
business@sigma.win. To answer your inquiry, the Company might require additional identification data from you (e.g. Passport, ID card, etc.) – we want to ensure that your personal data is only passed on to you.
1.5. The Company values the trust that you place in the Company when using Services/System. For this reason, privacy and data security are extremely important to the Company. The Company wants to offer you the best possible experience with the System to ensure that you can enjoy using Services now and in the future. That is why the Company wants to understand user behaviour on the System to continuously improve it. The processing of your personal data is therefore not only necessary for the provision of Services, but also to improve user-friendliness. Therefore, in this Policy you are informed which personal data the Company collects from you, how the Company processes it and to whom the Company passes it on in detail. In addition, the Company informs you about the precautions it takes to protect your personal data, what rights you have in this context and who you can contact regarding data protection issues.
2. Information collected by the Company
2.1. While providing Services or interacting in other way with Users, we may collect the following information:
2.1.1. User-Provided Information
2.1.1.1. Telegram account information, including username and profile details.
2.1.1.2. Contact and other personal details (such as email address, name, date of birth, etc.) when voluntarily provided. Usually it is collected when Users contact Company via email or other communication means.
2.1.1.3. KYC-related information, if requested, including screenshots of national identity documents such as passport, driver's license, ID card and identification data from these documents, utility bill details for residence verification, data about the status of political exposed persons, video data from the video authentication procedure, biometric data for verification, as well as information collected from publicly available resources to verify the same.
2.1.1.4. copy of passport and second identification document, proof of address, reference letters or other similar documents.
2.1.2. Automatically Collected Information
2.1.2.1. Order data - in the context of Users ordering Services, we might process information relating to the matter on which you are seeking our Services.
2.1.2.2. Transaction details and financial data related to token trading and sniping, use of Services and Functionalities.
2.1.2.3. Portfolio data, including Wallet addresses and asset balances, as well as alterations/actions processed.
2.1.2.4. During activities on the System and while using Services, we might process, for example: usage logs, account credentials, IP-address, your location, location data, traffic data, transaction data, computer or mobile device information, frequency, time, length of visit and other page interaction data, operating system, browser type, device type, unique device identification number, identification cookies, crash reports, performance data, third-party cookies, etc.
2.1.2.5. If you visit System or our social media sites, we might process statistical and marketing data, for example: number of visitors, frequency, clicks, time, places, target groups, data from cookies and similar technologies (pixels, ClearGIFs, etc.), User’s behaviour, interests and preferences, data on market research and target group surveys, etc.
2.1.2.6. When we attend or organize events or fairs or conduct interviews with people, or you visit our offices or our meetings and events, we may take photos and other recordings of such events and process photo, video and audio data, as well as data on time, location, participant list, etc. However, we will always inform you separately about any such recordings by photographic or video images and/or audio recordings.
2.1.2.7. If you apply for a job on our System, social media or in other ways, we may process data that is necessary for the recruitment process, for example: contact details, curriculum vitae, qualifications, police clearance certificate, credit report, national identity documents such as passport, driver's license and the data from all of these documents, links to your portfolio or social media platforms, etc.
2.1.3. Third-Party Information
2.1.3.1. Wallet data, including public keys, when imported by the User.
2.1.3.2. Information from third-party analytics and security services.
2.2. Company’s System and Services are not meant for anyone under the legal age. The Company therefore does not knowingly collect personal data from minors. So, if you are under 18 years of age / under legal age under the laws imperatively applicable to you, please do not use the System/Services and do not provide us with any personal data.
3. Purpose of information usage
3.1. We process User personal data based on at least one of the legal bases mentioned below. If the Company requests the provision of other personal data not described above, this data as well as the purpose and legal basis for the collection and processing will be communicated to the User at the point of collecting the personal data.
3.1.1. Consent. We may ask you to provide a consent if data subject’s (yours) consent is relied upon as a lawful basis for the processing of your personal data. For example, we may ask you to express consent for direct marketing purposes, KYC procedure, certain use of audio, video and photo data, as well as before collecting / processing any other personal data not described in this Policy.
3.1.1.1. A given consent can be revoked at any time without giving reasons with effect for the future if you no longer agree to the processing.
3.1.1.2. Revoking your consent does not affect the legality of the processing carried out based on your consent up to the point of withdrawal.
3.1.2. Compliance with legal obligations. Processing of personal data may also be necessary to abide by various legal obligations. Such legal obligations include, for example, the following data processing operations: contract management for the provision of Services, accounting, and invoicing, monitoring to prevent fraud, misuse, money laundering and terrorist financing, providing information to criminal authorities in context of fiscal criminal proceedings or prosecution to official orders, assessing the working capacity of the employee or the provision of health/social care, etc.
3.1.3. Protection of legitimate interests. Where necessary, data processing can occur beyond the performance of the contract to ensure the legitimate interests of the Company or a third party. Such a legitimate interest includes the following data processing operations, e.g.: prevention of fraud, misuse (e.g. for illegal purposes), money laundering and terrorist financing; risk management and risk minimization, e.g. through inquiries to credit agencies, debtor directories or providers of business analysis; identification and examination of potentially incorrect or suspicious activities and access to our System; data transfer within the Company for internal administrative purposes; processing of inquiries from authorities, lawyers, collection agencies in the context of legal prosecution and enforcement of legal claims in the context of legal proceedings; market research, business management and further development of services and products; processing of statistical data, performance data and market research data; processing of customer preferences; direct marketing and advertising.
3.1.4. The Company may also process personal data without the consent of the data subject to which the data relates where the data has been made public by the data subject.
3.2. The Company processes collected information for the following purposes:
3.2.1. To provide and enhance the Services and Features, also to maintain and improve System.
3.2.2. To generate and manage Wallets for Users.
3.2.3. To verify identity and comply with legal obligations, such as KYC verification.
3.2.4. To communicate updates, respond to inquiries, and manage User support.
3.2.5. To ensure security and prevent fraudulent activities.
3.2.6. To conduct promotional campaigns, including referral and points programs.
3.2.7. To manage business and comply with Company‘s contractual and/or regulatory obligations.
4. Data sharing, disclosure and security
4.1. The Company does not sell or rent User information. However, we may share information in the following circumstances:
4.1.1. Legal Compliance: When required by law, regulatory authorities, or to enforce legal rights.
4.1.2. Service Providers: With trusted third parties who assist in operating the System and delivering Services.
4.1.3. Business Transfers: In case of a merger, acquisition, or transfer of assets, as well as within group companies (if any) with legitimate interest.
4.1.4. Community Engagement: In relation to promotional campaigns, where applicable.
4.2. Within the Company, those departments or employees will receive your personal data who need it to fulfil contractual and legal obligations and legitimate interests. We transfer personal data for the purpose of our day-to-day business operations such as account management and other processes you have requested, as well as for the efficient performance of internal administrative activities in a joint manner and for the maintenance and improvement of our products and services.
4.3. To a limited extent, we also transfer personal data to processors who provide services for us such as KYC services, IT services, legal services, customer support, improvement of our Website, performance of contracts, account management, accounting, marketing services and sending marketing material. Processors may only use or pass on this data insofar as this is necessary to provide services for us or to comply with legal regulations. We contractually oblige these processors to guarantee the confidentiality and security of your personal data that they process on our behalf.
4.4. We may also transfer your personal data (i) if we are required to do so by law or during legal proceedings, (ii) if we believe that disclosure is necessary to avoid damage or financial loss, or (iii) in connection with an investigation into suspected or actual fraudulent or illegal activities.
4.5. If the Company acts together with other parties as joint controller (e.g. processing of data for jointly defined purposes within a group of associated entities), we may provide those parties with personal data if applicable and based on at least one of the legal bases mentioned above under Clause 3.1. In case of a joint controllership, we transfer your personal data only based on a sufficient agreement with our partners.
4.6. The Company may transmit your personal data to another person at the request of the person concerned with your consent for the transfer or for the purpose of fulfilling the contract or in order to take steps at the request of the data subject prior to entering into a contract.
4.7. The Company employs industry-standard security measures to protect User data from unauthorized access, alteration, or loss. However, Users acknowledge that no method of transmission over the internet is 100% secure.
4.8. We have implemented the following technical, physical and organizational measures:
4.8.1. Staff training.
4.8.2. SSL encryption on our System from which we transfer personal data.
4.8.3. Two-factor authentication (2FA) for System.
4.8.4. Ensuring the confidentiality, integrity, availability and resilience of our System and Services.
4.8.5. Use of encrypted systems.
4.8.6. Pseudonymization and anonymization of personal data.
4.8.7. Entry, access and transfer control for our offices and systems.
4.8.8. Measures of quick restoring of the personal data availability in the event of a physical or technical incident.
4.8.9. Measures for privacy by design and default on our platform such as preventing user enumeration.
4.8.10. Implementation of procedures for the regular review, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure the security of processing, e.g. our bug bounty program.
4.8.11. Internal IT security practices and monitoring, internal communication and fast response approach.
4.8.12. Incident-response management.
4.8.13. Security audits.
4.9. The Company retains personal data for as long as necessary to fulfil the purposes outlined in this Policy or as required by law. Unless otherwise indicated in the notice / consent form, the Company shall keep your personal information only for as long as necessary to:
4.9.1. To provide you with the Services you have ordered and to ensure proper use of System/Services;
4.9.2. To comply with laws, including mandatory data collection periods;
4.9.3. To support a claim or defence in court or to act in other judicial proceeding.
4.10. In all cases User status data including identification data (if applicable) shall be saved for the whole duration of you being the User, and for at least 6-month period from the day the User status was terminated.
5. User rights
5.1. Users have the following rights regarding their personal information:
5.1.1. Access and correction: Users may request access to or correction of their data. Users may request, including but not limited to:
5.1.1.1. confirmation whether we are processing personal data related to you.
5.1.1.2. the types of personal data of the data subject being processed.
5.1.1.3. the decisions taken on the basis of automated processing.
5.1.1.4. the rules and criteria of the periods for which the personal data will be stored and kept; and
5.1.1.5. the measures to be taken upon the occurrence of a data breach.
5.1.2. Right to rectification. Users are entitled to obtain the rectification of inaccurate personal data and to have incomplete personal data completed.
5.1.3. Data deletion: Users may request data deletion where legally permissible. Usually deletion is possible when:
5.1.3.1. the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
5.1.3.2. You withdraw your consent or express objection to processing and there are no legitimate grounds for the Company to continue the processing.
5.1.3.3. The personal data have been illegally processed.
5.1.3.4. The deletion of personal data is necessary to fulfil a legal obligation under law to which the Company is a subject.
5.1.4. Objection to processing: Users may object to certain types of data processing.
5.1.5. Withdrawal of consent: If data processing is based on consent, Users can withdraw it at any time.
5.1.6. Right to receive a copy and have personal data transmitted to another controller, if technically feasible.
5.1.7. Right to restriction of processing. Users may request that we restrict processing if one of the following conditions is met:
5.1.7.1. User disputes the accuracy of the personal data (the restriction applies for a period that enables the Company to verify the accuracy of the personal data).
5.1.7.2. The processing of User’s personal data was unlawful, and User refuses to delete personal data and instead requests that its use is to be restricted.
5.1.7.3. The Company no longer needs User’s personal data for processing purposes, but User needs it to assert, exercise or defend legal claims.
5.1.7.4. User have objected to the processing of personal data, and it has not yet been determined whether the Company's legitimate grounds outweigh User’s.
5.1.7.5. Right to lodge a complaint with the competent authority.
5.1.7.6. Right to contact. To exercise any of the above rights, you can send an email to
business@sigma.win.
5.2. In all cases we encourage you to contact us directly. We at the Company believe that best decisions can be made by mutual agreement and effort.
6. Cookies, tracking technologies and third-party links
6.1. The Website and System may use cookies or similar technologies to improve User experience. Users can manage cookie preferences through their browser settings.
6.1.1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and stored by the browser. The identifier is then sent back to the server every time the browser requests a page from the server.
6.1.2. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiration date, unless deleted by the user before the expiration date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
6.1.3. Cookies may not contain any information that identifies a user personally, but personal data that we store about you may be linked to the information stored in and obtained from cookies.
6.1.4. We use cookies for the following purposes:
6.1.4.1. Authentication and status - we use cookies to identify you when you visit our System, and to help us determine if you are logged into our System.
6.1.4.1.1. For the purposes of the identification of you as a User we use the following Necessary cookies, that help make our System usable by enabling basic functions like page navigation and access to secure areas of our System. The System cannot function properly without these cookies:
6.1.4.1.1.1. Authentication tokens.
6.1.4.2. Personalization - we use cookies to store information about your preferences and to personalize our System for you.
6.1.4.2.1. For the purposes of personalization we use the following Preference cookies, that enable System to remember information that changes the way the System behaves or looks, like your preferred language or the region that you are in:
6.1.4.2.1.1. Your last used window pane positioning.
6.1.4.2.1.2. System-wide colour mode.
6.1.4.2.1.3. Last selected tabs/settings.
6.1.4.3. The system will collect usage data logs for error/crash reporting as well as usage analysis:
6.1.4.3.1.1. Google Analytics tracker to monitor the usage of the platform.
6.1.4.3.1.2. Sentry for error and crash reporting.
6.1.4.4. Cookie consent - we use cookies to store your preferences in relation to the use of cookies more generally.
6.2. The System may contain links to third-party websites. The Company is not responsible for the privacy practices of these external sites.
6.3. The Bot and Forum operate on Telegram, a third-party platform. The Company does not control Telegram’s data collection, storage, or processing practices. Users acknowledge that their interactions with the Bot and Forum are subject to Telegram’s own privacy policy and terms of service. The Company is not responsible for any data processing conducted by Telegram and encourages Users to review Telegram’s policies to understand their rights and obligations regarding personal data.
7. Privacy notice to Users residing in European Union and California
7.1. If you are a resident of European Union ("EU"), please note that:
7.1.1. We are striving to ensure your rights under The European Union’s General Data Protection Regulation (
"GDPR"). You can find more information on GDPR and your rights here:
https://gdpr.eu/.
7.1.2. You are entitled to rights under GDRP, as Article 3.2. of GDPR states that the GDPR applies to organizations that are not in the EU if two conditions are met: the organization offers goods or services to people in the EU, or the organization monitors their online behaviour. If you are using System/Services, such situation falls into the scope of mentioned Article 3.2. of GDPR.
7.1.3. The obligations of the Company may be limited due to the exceptions indicated in the GDPR (like number of employees in the Company).
7.1.4. You can contact Company in case you have any questions or concerns related to this Policy or GDPR:
7.1.4.1. Please contact us via email, by sending Your inquiry to our Data protection team at
business@sigma.win.
7.2. If you are a resident of California, please note that:
7.2.1. We are striving to ensure your rights under California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100–1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (collectively, "CCPA").
7.2.2. You are entitled to:
7.2.2.1. The right to know what personal information is being collected.
7.2.2.2. The right to know whether the personal information is sold or disclosed, and to whom such information is sold or disclosed.
7.2.2.3. The right to say “no” to the sale of personal information.
7.2.2.4. The right to deletion.
7.2.2.5. The right to access personal information; and
7.2.2.6. The right to equal service and price.
7.2.3. Upon your verified request the Company shall provide the information on your personal information that was collected within one year period preceding the request:
7.2.3.1. the categories of personal information the Company collected about you;
7.2.3.2. the categories of sources from which the personal information is collected;
7.2.3.3. the business or commercial purpose for which personal information was collected;
7.2.3.4. the business or commercial purpose for collecting or selling the resident’s personal information;
7.2.3.5. categories of third parties with whom the Company shares personal information; and
7.2.3.6. the specific pieces of personal information that the Company collected about you.
7.2.3.7. A copy of stored personal information.
7.2.4. In addition to above, the Company warrants that NO PERSONAL INFORMATION OF YOURS IS BEING SOLD IN ANY WAY BY THE COMPANY. Therefore, the Company does not provide a “Do not sell my personal information” box in the System.
7.2.5. You can contact Company in case you have any questions or concerns related to this Policy or CCPA:
7.2.5.1. Please contact us via email, by sending Your inquiry to our Data protection team at
business@sigma.win.
7.2.6. Only categories listed in the Clause 2.1. of this Policy of personal information may have been collected about the California residents for a business purpose within the last twelve months. NO COLLECTED DATA WAS SOLD.
8. Social media presence
8.1. The Company maintains social media presences on various platforms to communicate with its active customers, potential customers and interested social media users about Company’s services, products and other news. When accessing such social media platforms, the general terms and conditions and the privacy policies of these operators also apply. We would like to point out that user data can also be processed outside of the Saint Vincent and the Grenadines or the region/location you are in. This can result in risks for users due to different legal frameworks (e.g. the enforcement of data subject rights could be made more difficult).
8.2. The Company may only process personal data from social media users if they communicate directly with the Company via such platforms (e.g. visitors number, posted articles, likes, direct messages, customer inquiries, comments, etc.). In these cases, the Company is also responsible for processing the personal data collected thereby. In addition to data processing by us, other providers, in particular operators of social networks and platforms, also process personal user data. We have no influence on this data processing and are not responsible for it - the data processing takes place exclusively in the area of responsibility of the other providers.
8.3. For a detailed explanation of the respective processing and the possibilities of objection (opt-out) by providers of social media networks, we refer to the respective privacy policies of the providers (see below). In the case of requests for information and the assertion of data subject rights to data processing by other providers, we point out that these can be asserted with the providers listed below. Only the providers have access to the data of the users and can directly take appropriate measures and provide information.
8.4. The Company uses the following social media accounts in order to engage with you and other third parties:
8.5. The above indicated list is non-finite, and the Company is entitled to change/add social media accounts.
9. Miscellaneous and contact information
9.1. The Company shall have the right to unilaterally modify and/or update the Policy at any time without notice. The continuous use of the Services/System by the User shall be deemed as acceptance of Policy in the last and most updated version.
9.2. Any User shall periodically check and assess the Policy.
9.3. Any update of this Policy comes in force at the moment it is published on
https://sigma.win.
9.4. Link to the latest version of the Policy shall be available at
https://sigma.win.
You can contact us via email, by sending Your inquiry to
business@sigma.win. We shall respond to your inquiry within 30 days from the day of receiving it (with the possibility of two 30-day extensions).
