PM US TECH PRIVACY POLICY

Effective date: September 25, 2025

1) Who we are and scope

This Privacy Policy explains how PM US Tech (a.k.a. QC Tech Limited Liability Company) (“Company,” “we,” “us,” or “our”) collects, uses, shares, and safeguards Personal Information when you use the Polymarket US trading application and related websites, portals, and APIs (collectively, the “Services”).  The Services provide a user interface for accessing trading on Polymarket US (a.k.a. QCX Limited Liability Company) with contracts cleared by Polymarket Clearing (a.k.a. QC Clearing Limited Liability Company).  Polymarket US is a designated contract market (“DCM”) registered with the U.S. Commodity Futures Trading Commission (“CFTC”) and Polymarket Clearing is a CFTC-registered derivatives clearing organization (“DCO”).  

Please read this Privacy Policy carefully before using the Services. Your use of the Services is subject to this Privacy Policy, which constitutes a legal agreement between you and PM US Tech. By using the Services, you agree to this Privacy Policy and each time you use the Services, your use indicates your full acceptance of and agreement to abide by this Privacy Policy. If you do not accept this Privacy Policy: (a) do not use the Services and (b) you agree that your sole and exclusive remedy is to discontinue using the Services.

Your compliance with this Privacy Policy and all other rules, procedures, policies, terms and conditions that govern all or any portion of the Services, including the PM US Tech Terms and Conditions, is a condition to your right to access and use the Services. Your breach of any provision contained therein will automatically, without the requirement of notice of other action, revoke and terminate your right to access or use the Services and you will be fully liable for conversion, misappropriation, trespass to chattels, and all other claims and causes, regardless of the identity of the claimant or injured party, arising from or relating to your continued use of the Services after such breach.  

2) Personal Information we collect 

We may collect data that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, including, without limitation, identity data (full name, date of birth, government-issued identifiers where lawful); contact data (email, address, phone); financial data (bank/payment info, balances, transactions); account and trading data (credentials, orders, executions, positions, balances, audit metadata); profile data (preferences, feedback); device and usage data (IP, device/OS/browser, unique IDs, logs, duration, activity); location data (coarse via IP, precise via GPS/Wi-Fi if permitted); know your customer (“KYC”) / anti-money laundering (“AML”) data (verification results, sanctions/PEP checks); communications (support tickets, recordings, emails/chats); technical and usage data; and compliance and surveillance data (collectively, “Personal Information”). We do not respond to Do-Not-Track signals; we honor legally recognized opt-out signals where required and otherwise apply your consent/opt-out choices.

3) Sources of information

We collect information directly from you, automatically via the Services, from affiliates/service providers, from DCMs, futures commission merchants (“FCMs”) / clearing members, other intermediaries, and from public or governmental sources.

4) How we use Personal Information

We use Personal Information for the following purposes: provide and operate the Services; comply with legal/regulatory obligations (including CFTC, anti-money laundering (“AML”) / counter-terrorism financing (“CTF”), sanctions, surveillance, audit trail, and recordkeeping requirements); detect, prevent, and investigate fraud, market abuse or other potentially prohibited or illegal activities; enforce our Terms and Conditions; personalize and improve Services; communicate with users; protect rights and integrity of the markets; research and analytical purposes; perform internal quality control; authentication, integrity, security, and safety purposes; and change of ownership (including to evaluate or conduct a merger, sale, or other acquisition of some or all of our organization or its assets).  We may also process Personal Information as otherwise permitted or required by applicable law, including to comply with CFTC, DCM, DCO, and FCM obligations (audit trail, surveillance, AML/CTF, sanctions, etc.). Certain records cannot be deleted until statutory retention periods expire.

5) Sharing of Personal Information 

We may share your Personal Information with: DCMs, DCOs, FCMs, brokers, surveillance providers, KYC/AML vendors, cloud and infrastructure providers, payment partners, other third-party service providers, legal / regulatory authorities, affiliates, professional advisors, and transaction counterparties. We may also share your Personal Information with actual or prospective acquirers, their representatives and other relevant participants in, or during negotiations of, any sale, merger, acquisition, restructuring, or change in control involving all or a portion of our business or assets.  If we ever engage in interest-based advertising, we may share hashed identifiers with ad partners, subject to opt-out rights (NAI/DAA).

We may also share your Personal Information as needed to: (1) comply with applicable law or respond to, investigate, or participate in valid legal process and proceedings, including from law enforcement or government agencies; (2) enforce or investigate potential violations of our Terms and Conditions or policies; (3) detect, prevent, or investigate potential fraud, abuse, or safety and security concerns, including threats to the public; (4) protect our and our customers’ rights and property; (5) resolve disputes and enforce agreements; or (6) with your consent or at your direction.  

6) Cookies and tracking

We use cookies and similar technologies for sessions/security, fraud prevention, analytics, and preferences. Where required, we present a consent banner.

7) Data retention

Unless otherwise stated above, we will keep your Personal Information for as long as necessary for the purposes identified in this Privacy Policy, or as permitted by applicable law. We use the following criteria to determine how long to retain Personal Information:

• Our relationship with you;
• Your requests to us regarding your Personal Information or our products or Services;
• Any legal obligations to retain the Personal Information, or for our own legal purposes (such as enforcing our agreements or litigation);
• Recommendations and legal requirements in applicable jurisdictions; and
• Technical considerations and feasibility, and level of protections in place for Personal Information.

8) Security 

We implement administrative, technical, and physical safeguards (access controls, encryption, logging, secure development, vendor diligence), including role-based access controls, encryption, secure SDLC, vendor diligence, and continuous monitoring. Please be aware that despite our efforts, no data security measures can guarantee security. We are not liable or responsible for use or disclosure of your Personal Information that is the result of unauthorized or illegal access to our systems or those of third parties. If you believe the security of your Personal Information has been compromised, please notify us immediately using the contact information below.

9) International data transfers

We may process data in the U.S. and other countries. Where required, we use safeguards such as the EU Standard Contractual Clauses and the UK Addendum.

10) Your rights and choices 

Depending on your jurisdiction, your rights may include access, correction, deletion, restriction, objection, portability, and withdrawal of consent. U.S. residents may have rights under state laws; European Economic Area or United Kingdom residents may lodge complaints with supervisory authorities.  You may designate an authorized agent to submit requests; we may require direct identity verification. Requests may be denied where we must retain data to comply with CFTC/venue recordkeeping obligations.

11) Children’s privacy 

The Services are not intended for individuals under the age of 18, and we do not knowingly collect their Personal Information.  If you are aware of an instance in which we have collected a minor’s Personal Information in connection with the Services, please report the instance to legal@polymarket.com so that we may delete the applicable data where permitted subject to regulatory retention obligations.

12) Third-party links and services

We are not responsible for privacy practices of third-party sites or tools linked to or integrated with our Services.

13) Automated decision-making and profiling

We may use automated tools for fraud detection, sanctions/KYC screening, surveillance, and risk controls.

14) Changes to this Privacy Policy 

We may update this Privacy Policy and notify users of material changes via Services or email.  Your continued use of our Services after the effective date of any modification to this Privacy Policy will be deemed to be your agreement to the changed terms.

15) Contact us

For questions or concerns about our privacy practices, please contact:

PM US Tech
Attn: Privacy
7251 W Palmetto Park Rd, Suite 102
Boca Raton, Florida 33433
Email: legal@polymarket.com

16) CFTC/DCM-specific disclosures

We and connected DCMs/FCMs/market-surveillance providers collect and retain order, trade, and audit-trail data to meet CFTC and exchange obligations. Certain Personal Information cannot be deleted until legal retention periods expire. We may monitor activity for abusive trading patterns and disclose data to regulators as required.