Veera Privacy Policy

Effective Date: 11 Sept, 2025

INTRODUCTION

GRAYSKULL PTE. LTD. (“Veera Browser”, “Veera”, “we”, “us”, or “our”), is committed to safeguarding the privacy, confidentiality, and security of personal information relating to individuals who access, use, or interact with our websites, mobile applications, platforms, and related products or services (collectively, the “Services”).

This Privacy Policy sets out, in clear and comprehensive terms, the manner in which we collect, use, process, store, disclose, transfer, and safeguard your personal information, as well as the rights and choices available to you, in accordance with applicable privacy, data protection, and related laws and regulations in the jurisdictions in which we operate.

By accessing or using any part of the Services, you confirm that you have read, understood, and expressly agree to be bound by the terms of this Privacy Policy. If you do not agree to this Privacy Policy, or any part of it, you must immediately cease using the Services.

This Privacy Policy forms an integral part of, and should be read in conjunction with, our Terms of Use and any other contractual, service-specific, or supplemental terms and notices that may apply to your interaction with the Services.

SCOPE

This Privacy Policy governs the collection, use, processing, storage, disclosure, and protection of personal information in connection with your interaction with the Services.

It applies to: (a) Users – individuals who browse, visit, or otherwise interact with the Services without creating an account; and (b) Customers – individuals or legal entities who register for, subscribe to, or otherwise access the Services pursuant to a contractual arrangement with us.

For the purposes of this Privacy Policy, the terms “you” and “your” refer collectively to both Users and Customers, unless expressly stated otherwise.

Except where expressly stated in this Privacy Policy or otherwise agreed in writing, this Policy does not apply to: (a) Websites, mobile applications, software, products, or services that are not owned, operated, or controlled by Veera; or (b) Any third-party platforms, content, or services that you may access via links, integrations, or other functionalities made available through the Services.

We are not responsible for the privacy practices, policies, or content of such third parties, and we encourage you to review their privacy notices before providing any personal information to them.

This Privacy Policy governs the collection, use, processing, storage, disclosure, and protection of personal information in connection with your interaction with the Services.

For the purposes of this Privacy Policy, the terms “you” and “your” refer collectively to both Users and Customers, unless expressly stated otherwise.

We are not responsible for the privacy practices, policies, or content of such third parties, and we encourage you to review their privacy notices before providing any personal information to them.

VEERA USERS – WHAT DOES THIS MEAN FOR YOU?

Enhanced Privacy Features: To enable you to enjoy enhanced privacy protections on the browser, by default Veera Shield feature is enabled on the Veera Application. Veera Shield offers protections which may include ad blocks, cookies, trackers, and fingerprinting from third parties (while you use Veera’s browsing services). However, it should be noted that some of the features and services of the Veera browser may not operate properly if Veera Shield settings are disabled.

PERSONAL INFORMATION WE COLLECT

We collect personal information from you directly, automatically through your use of the Services, and/or from third-party sources, in accordance with applicable privacy and data protection laws. The categories of personal information we collect, the purposes for which we use them, and the general categories of recipients are described below. The exact information collected and its use may vary depending on your interaction with our Services.

When you access or use the Veera browser, we collect only the information necessary to operate, maintain, and improve your experience. This may occur at various points during your interactions with the Veera application or customer support. We may request additional information from you as new services or features are introduced, in which case we will seek your explicit consent where required by law. The Services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from minors; if we become aware of such collection, we delete the data promptly.

We may collect Identifiers such as your full name, phone number, email address, date of birth, unique user IDs, gender, and stated preferences. This information supports account creation and management, authentication and access control, identity verification, profile customisation, customer support, and legal compliance. It may be shared with service providers (including hosting, verification, and customer support vendors), our affiliates, and competent legal, regulatory, or governmental authorities where required.
Device and Network Data includes your IP address, operating system, browser type, application version, hardware model, crash logs, diagnostic data, and information obtained through User Agent software. This data is used for service delivery and optimisation, identifying and resolving errors, performance monitoring, tailoring content to your device and OS, and preventing fraud or abuse. We also use Google reCAPTCHA on certain parts of our Services to detect and prevent spam, fraud, and abuse; reCAPTCHA collects information such as your IP address, browser type, device settings, and interaction patterns, which is sent to Google under its own Privacy Policy and Terms of Use.
Geolocation data (such as country derived from your IP address or device settings) is collected for content localisation, fraud detection, and compliance purposes, and may be shared with localisation and fraud prevention partners.
We collect Usage Data such as browsing activity, in-app navigation, ad interactions, content preferences, newsfeed selections, time spent on articles, ad-blocker status, and gaming behaviour when you use Veera Games. This data enables us to personalise content and advertising, analyse trends, and measure or optimise marketing and advertising campaigns. It may be shared with advertising and measurement partners (as permitted by law and subject to your choices) and analytics providers.
From Usage Data, we may derive Inferences about your interests (for example, sports, gaming, technology, finance) to further tailor content, offers, and advertising, and to segment audiences for analytics and marketing purposes. These inferences may be shared with advertising or measurement partners and our internal analytics teams, but we do not share your specific browsing history or individual interest profile.
Customer Support Data includes information from your communications with us (such as support tickets, chat logs, call recordings, and contact history). This is used to respond to inquiries, resolve issues, and improve service quality, and may be shared with customer support providers or internal teams.
For secure access to certain Services, such as Veera Wallet, we may enable Biometric Authentication Data (e.g., fingerprint or facial recognition) that is stored only on your device locally. We do not collect, transmit, or store biometric templates, and such data is never shared with us.
When you participate in Veera Rewards, we collect Transaction and Rewards Data, including Veera Points earned, redeemed, and associated transaction history. This data supports the operation of the rewards programme, enables identity verification (including one-time password authentication), helps detect and prevent fraud, ensures compliance with applicable laws, and may be shared with payment processors, rewards programme partners, and fraud prevention providers. If you delete your Veera account, this data will also be deleted.
If you choose to provide Feedback, it will typically be anonymised, but where it contains personal information, we may process it to act on your feedback and improve the Services.
Finally, we collect Diagnostic Data when the application crashes or freezes, producing reports that may contain device or event information. These reports are anonymised where possible, but in combination with other data may be indirectly identifiable. They are used solely to diagnose issues and improve system stability and performance.

Retention: We retain each category of personal information only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal or regulatory requirements, to resolve disputes, and to enforce agreements, after which it is securely deleted or irreversibly anonymised. Specific retention periods may vary by category and jurisdiction.

Legal Basis for Processing: Where required by applicable law, we process personal information based on one or more lawful grounds, which may include your consent, the performance of a contract with you, compliance with legal obligations, and/or our legitimate interests (such as improving the Services, maintaining security, and preventing fraud).

Category	Examples	Purposes of Use	Recipients
Identifiers	Name, email, phone, DOB	Account creation, identity verification, service delivery, customer support	Service providers, affiliates, legal authorities
Device/Network Data	IP, device ID, OS, browser, crash logs	Service performance, diagnostics, security, fraud prevention	Hosting/cloud providers, analytics/security vendors
Geolocation (general)	Country	Localisation, fraud prevention, compliance	Localisation/fraud prevention providers
Usage Data	Browsing, navigation, ad interactions, gaming behaviour	Personalisation, analytics, advertising (subject to choices)	Advertising/measurement partners, analytics providers
Inferences	Interest segments	Personalisation, marketing	Internal analytics, advertising/measurement partners
Customer Support Data	Support tickets, chat logs, calls	Troubleshooting, communications	Customer support providers
Biometric Data	Stored locally on User’s device	Secure login	Not applicable
Transaction/Rewards Data	Points earned/redeemed, history	Rewards administration, fraud prevention	Payment processors, rewards partners

PURPOSES OF PROCESSING

We process personal information only to the extent necessary and proportionate to achieve the purposes set out below, in accordance with applicable privacy and data protection laws. The exact purposes for which your personal information is used will depend on your relationship with us, the specific Services you use, and the context in which the information is collected.

Provision, Operation, and Maintenance of the Services: We use your personal information to enable you to access and use the Services, including core functionalities, integrations, and related features, and to maintain their technical and operational performance. This includes ensuring the basic functionality of the Services, addressing and responding to your requests, and enabling interactions with authorised third-party platforms.
Account Management, Authentication, and Security: We process personal information to create, verify, and manage user accounts, authenticate your identity and access rights, and safeguard against unauthorised access. This also includes detecting, preventing, and investigating fraud, abuse, security incidents, or other prohibited activities, as well as enforcing our Terms of Use and other legal rights.
Personalisation and User Experience Enhancement: We use your information to tailor the Services to your preferences and inferred interests, including customising newsfeeds, search results, recommendations, and marketing content (subject to applicable consent requirements). This includes enabling localisation features, regional content preferences, and other user-configured settings to improve your overall experience.
Rewards, Incentives, and Promotional Programmes: Where you participate in loyalty or promotional schemes such as Veera Rewards, we process your personal information to track and manage points, benefits, or entitlements, facilitate redemptions, fulfil incentives, and prevent misuse or fraudulent activity.
Customer Support and Communications: We process your personal information to respond to inquiries, complaints, and support requests, and to send service-related announcements, maintenance notices, security alerts, and administrative messages. Communications may be via email, in-app messaging, phone, or other channels.
Marketing, Promotions, and Relationship Management: Where permitted by law and subject to your choices, we use your personal information to send you marketing communications, product updates, alerts about new features, and other promotional materials. You will always have the opportunity to opt out of marketing. We may also process personal information to manage relationships with customers and third parties, including tracking engagement and responses to communications.
Aggregated and De-Identified Data: We may aggregate or de-identify your personal information to create data sets that cannot reasonably be used to identify you. Such data is used for statistical analysis, improving our Services, understanding user behaviour, and other business purposes.
Legal, Regulatory, and Compliance Obligations: We process personal information as necessary to comply with applicable laws, regulations, court orders, and lawful requests from public authorities. This includes maintaining records for accounting, auditing, tax, and compliance purposes, preventing access from sanctioned jurisdictions or individuals, and adhering to internal compliance policies.
Service Security, Integrity, and Abuse Prevention: We use your personal information to monitor, detect, and respond to threats, vulnerabilities, and breaches, and to ensure the safety, security, and integrity of our Services. This includes preventing malicious activity, unauthorised access, and disruptions to service availability.
Research, Development, and Analytics: We process personal information to analyse usage trends, performance metrics, and user behaviour, to develop new features, products, or services, and to improve algorithms, interfaces, and the user experience. This includes market research and testing new functionalities.

Where required by law, we rely on an appropriate legal basis for processing (such as your consent, the performance of a contract, compliance with a legal obligation, or our legitimate interests) and will provide you with additional information at or before the time of collection.

Purpose	Example Activities	Lawful Basis
Provision, operation, maintenance	Enable service access, integrations, performance monitoring	Contract; Legitimate Interests
Account management, authentication, security	Account creation, fraud prevention, enforce Terms	Contract; Legitimate Interests; Legal Obligation
Personalisation & UX enhancement	Tailored newsfeeds, recommendations, ads (where lawful)	Consent (for ads); Legitimate Interests
Rewards/incentives	Manage points, process redemptions	Contract; Legitimate Interests
Customer support & communications	Respond to inquiries, send alerts	Contract; Legitimate Interests
Marketing/promotions	Send updates, promotional offers	Consent; Legitimate Interests
Aggregated/de-identified data use	Statistical analysis	Legitimate Interests
Legal/regulatory compliance	Recordkeeping, sanctions compliance	Legal Obligation
Security & abuse prevention	Threat detection, DDoS prevention	Legitimate Interests; Legal Obligation
R&D & analytics	Usage analysis, product development	Legitimate Interests

SPECIAL NOTES ON CERTAIN FEATURES

The Services include specific features and integrations that involve unique processing considerations and require additional privacy safeguards. This section explains those features in detail to ensure transparency.

Biometric Login (Veera Wallet):
1. If you enable biometric authentication for the Veera Wallet, the verification process is performed entirely by the biometric authentication module on your permitted mobile device (for example, fingerprint or facial recognition hardware and software built into the device).
2. No storage by Veera: We do not collect, receive, transmit, or store biometric templates or raw biometric data.
3. Local device processing: All biometric matching takes place locally on your device. Veera receives only a binary confirmation (success or failure) from the device’s biometric module.
4. Your responsibility: You are responsible for ensuring that only your own biometric identifiers are enrolled on the device and for maintaining the security of your device.

Embedded Wallet Key Management
1. For certain Services, such as embedded wallet creation and management, we engage independent third-party service providers to facilitate secure key generation, storage, and management.
2. These service providers independently manage the generation, storage, and protection of private keys for embedded wallets created through their infrastructure.
3. No access by Veera: We do not have access to, custody over, or control of your private keys or any related authentication credentials.
4. Your responsibility: You are solely responsible for safeguarding your private keys and other credentials managed by such third-party providers. We strongly encourage you to review the applicable provider’s own privacy policy and terms of service before using its services.

In order to provide the Services, we must share your Personal Information in certain cases. This includes sharing your Personal Information within the related entities, with our Service Providers and the other third parties listed in this section. We do not sell your Personal Information.

We may disclose Personal Information about you under the following circumstances:

Group Entities. We may disclose Personal Information about you to our affiliates and subsidiaries, if any, for the purpose of providing the Services and conducting business.
Service Providers. We work with third parties for the purpose of providing the Services such as hosting, maintenance, network management, cybersecurity and support. These third parties may have access to or process your Personal Information as part of providing those services to us. For example:
- Our browser does not process payments directly and we do not collect or store credit card or other financial information. If you choose to engage with third-party services accessible through the browser (for example, subscriptions, in-app purchases, or linked platforms), any payment information you provide will be handled solely by the relevant third-party service provider in accordance with their terms and privacy policies.
- We use cloud service providers who we rely on for data storage, disaster recovery and to perform our obligations to you.
- We use service providers of business communication tools.
- We use service providers who manage the networks for the operation of the Services and to improve latency for our users.
- We use service providers to help us prevent malicious actors from threatening the Services and to comply with legal obligations, such as preventing individuals from sanctioned territories, or sanctioned individuals, from accessing the Services.
- Native Integrations. You can use native integrations to share data with other applications. Veera does not share data from integrated apps with any other services or clients.
Legal. Personal information about you may be disclosed to law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or safety of Veera, our Users, a third party, or the public.
Strategic Business Partners. Where you have provided your consent, we may share your Personal Information with our strategic business partners in limited circumstances, for example for marketing and advertising purposes.
Third Party Platforms (as defined below). Your Personal Information may be disclosed to Third Party Platforms where you have requested to interact with a third-party service or platform. Please see Third Party Links and Websites (Section 15) for more information.

SERVICE PROVIDERS

We work with independent service providers across different functional categories to operate, secure, and improve our Services. These providers process personal information only as necessary to perform services on our behalf and are bound by appropriate confidentiality and data protection obligations. Broadly, our service providers fall into the following categories:

Wallet and Key Management Providers;
Blockchain Data and Analytics Providers;
Node and Infrastructure Providers;
Identity and Compliance Providers;
Social Media and Developer Platforms

YOUR PRIVACY CHOICES AND RIGHTS

Your rights associated with the Services are described below. Please note these rights may only be available to you in specific regions, countries or states based on where you reside. In certain cases, we may be prevented from allowing you to exercise these rights but we will inform you if that is the case when you seek to exercise the rights.
You have the following rights associated with the processing of your Personal Information:
- Right to Access or Right to Know. You have the right to obtain access to the Personal Information we hold about you and to request certain information about our processing. You have the right to receive an explanation of: (a) why we process your Personal Information; (b) the categories of Personal Information we have about you; (c) who we share your Personal Information with; (d) how long we store your Personal Information; and € who we received your Personal Information from if it was not collected from you directly.
We will also inform you about your privacy rights. We will notify you where we engage in automated decision making.
- Right to Rectification or Correction. You have the right to correct, update or complete any Personal Information we hold about you that is inaccurate or incomplete. Please note that we may rectify or remove incomplete or inaccurate information, at any time and at our own discretion.
- Right to Erasure or Deletion. You may request to have your Personal Information anonymized, erased, or deleted, as appropriate. In this case, if there is no overriding legitimate interest or requirement to continue processing your Personal Information, we will erase your data.
- Right to Object to Processing. You have the right to object to our processing of your Personal Information where we are relying on a legitimate interest or if we are processing your Personal Information for direct marketing purposes.
- Right to Restrict Processing. You have a right in certain circumstances to stop us processing your Personal Information other than for storage purposes.
- Right to Portability. You have the right to receive, in a structured, commonly used, and machine-readable format, Personal Information that we hold about you, if we process it based on our contract with you, or with your consent, or to request that we transfer such Personal Information to a third party.
- Right to Withdraw Consent. You may withdraw any consent you previously provided to us regarding the processing of your Personal Information at any time and free of charge. We will apply your preferences going forward. This will not affect the lawfulness of the processing before you withdraw your consent.
- Right to Lodge a Complaint. You may lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where you believe an incident took place.
- Right Against Discrimination. We will not discriminate against you for exercising your rights.
- Right to Opt Out of Targeted Advertising, Sale or Sharing. You can ask us to stop using your Personal Information for targeted advertising when required by law.
You may exercise these rights by contacting us as set out in the “Contact Us” section.
Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity. In addition, we may have valid legal reasons to refuse your request and will inform you if that is the case. Note that applicable laws contain certain exceptions and limitations to each of these rights. Subject to certain restrictions, you can ask an agent to exercise your rights for you. If you have an agent exercising your rights, that person must provide to us your written authorization allowing them to make such a request on your behalf. We reserve the right to deny the agent’s request if we are not reasonably able to confirm proper authorization and/or verify your identity as the requestor.

To appeal any refusal by us to act on a data subject rights request contact us by email at: [email protected].

DATA RETENTION

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy, to make the Services available to you, or as instructed by you, unless a longer retention period is required or permitted by law. We may also keep your data for as long as it is needed in relation to a legal claim, complaint, litigation or regulatory proceedings.

DATA SECURITY

We implement a variety of security measures that are reasonably designed to protect the safety of your Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction when you enter or submit your Personal Information on the Services. However, no Internet or email transmission is ever fully secure or error free. Please keep this in mind when disclosing any information to us via the Internet. IF YOU BELIEVE YOUR PRIVACY HAS BEEN BREACHED THROUGH USE OF THE SERVICES, PLEASE CONTACT US IMMEDIATELY.

When you use the Services, Personal Information about you will be stored in the Mumbai, India.

DATA ANALYTICS & ADVERTISING

We use data analytics to operate, maintain, and improve the Services, and in some cases to support marketing and product development. These analytics are performed through our own internal processes and tools. The information we analyse may include usage trends, performance metrics, feature engagement, and error or crash reports.

Where required by law, we will obtain your consent before using personal information for analytics or marketing purposes. We do not use external web analytics services, and we do not share your browsing activity or usage data with third-party analytics providers.

Advertising. Subject to your consent, third-party services, may use cookies and web beacons to collect information about your activities on the Services (such as our websites) to provide you advertising based upon your interests. This means these third-party services may show our ads on sites across the Internet based upon your previous visits to the Services. Together with these third-party services, we may use these cookies and web beacons to report how your ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to your visits to the Services.

The use of tracking technologies by third-parties, technology partners or other third-party assets (such as social media links) on the site is not covered by this Privacy Policy. We do not have access or control over these technologies.

DATA PROTECTION OFFICER

Veera Browser, Data Protection Officer can be reached at: [email protected]

INTERNATIONAL TRANSFERS

We may transfer your personal information to jurisdictions outside your country or region of residence, including countries whose data protection laws may differ from those in your jurisdiction. Where such transfers occur, we implement appropriate safeguards to protect your information (such as standard contractual clauses, or other legally recognized mechanisms) to ensure your rights and protections remain in place.

THIRD-PARTY LINKS AND WEBSITES

The Services enable you to interact with certain third-party services, decentralized applications, and third-party platforms (collectively “Third Party Platforms”). However, this Privacy Policy does not address, and we are not responsible for, the privacy practices of any third parties, including but not limited to those that operate websites to which the Services links. The inclusion of a link on the Services does not imply that we or our affiliates endorse the practices of the linked website. Your use of such Third-Party Platforms and those Third-Party Platforms’ use of your Personal Information is subject to their respective terms of use and Privacy Policy (if any) and is not subject to this Privacy Policy.

CO-BRANDED WEBSITES

If our website links to other websites that include our branding, this Privacy Policy does not apply to those other websites. Visitors to those websites are advised to carefully read the notices on those individual websites.

CHILDREN’S PRIVACY

The minimum age to use Veera is 18. We do not knowingly collect personal data from children under this age. In countries where a higher age of consent is required for data collection, parental consent is necessary before an account can be created and personal data collected. We encourage parents to advise their children never to share personal information online.

CHANGE OF OWNERSHIP

In the event of a change in ownership, or a merger with, acquisition by, or transfer or sale of all or a portion of our assets to another entity, we reserve the right to transfer all your Personal Information to that entity. We will use reasonable efforts to notify you of a transfer to an unaffiliated third party (by a posting on our homepage, or by email to your email address that you provided to us, as chosen by us at our discretion).

LEGAL OBLIGATIONS TO DISCLOSE

We may be required to disclose your personal information for the purposes for which it was collected and also subject to our legal obligations:
1. as required by law;
1. to any person where necessary or desirable in connection with our provision of services; and
1. on a confidential basis to our external service providers and advisors.
To be clear, you consent to our disclosure of your personal information to any of our business partners, suppliers, subcontractors or the like, advertisers and other advertising networks, analytics and search engine providers and other third parties provided the disclosure of your personal information is for the purpose or ancillary to the services that we or these third parties offer you and for the purposes for which the information was originally collected.
We may share your information with other third-party business partners for their own marketing purposes. These third parties include online advertisers or ad tech companies, who may provide you with targeted advertising and marketing communications, where permitted under law. The information we share includes information collected through your use of our services and information we collect about you through the use of cookies and similar technologies.
You understand that we are authorized to disclose your personal information to third parties if we buy or sell any business or assets, including our business, if we are under a duty to disclose your information, or if the disclosure of your personal information is necessary for us to conduct an investigation into any unlawful activity that we know or suspect has or may be engaged in.
You consent to the disclosure of all information necessary for our company to comply with any relevant reporting obligations, including AML/KYC and anti-terrorism obligations (if required).
We will take all reasonable steps to ensure that any overseas recipient of your personal information does not willingly or knowingly breach your relevant privacy laws in relation to your personal information.

CHANGES TO OUR PRIVACY POLICY

We reserve the right to amend this Privacy Policy at any time to reflect changes in the law, our data collection, use or sharing practices or advances in technology. We will make the revised Privacy Policy accessible throughout the Services. You should review this Privacy Policy periodically. The “Date of Last Revision” included at the beginning of this Privacy Policy will indicate when it was last updated.

By continuing to access or use the Services, you are confirming you have read and understand the latest version of this Privacy Policy.

CONTACT

If you have questions, requests, or concerns about this Privacy Policy, our privacy practices, or your rights, please contact us at:

Email: [email protected]

If applicable, you may also contact our Data Protection Officer via the above email address for any matters relating specifically to data protection and compliance.