LEGAL INFRASTRUCTURE

Privacy & Data Protection Policy

Legal Entity: PVN LLCPlatform / Trade Name: AurumShieldClassification: PublicStatus: Active & Enforced

Last Updated: January 12, 2026

This Privacy and Data Protection Policy (“Policy”) applies to the AurumShield platform (the “Platform”), which is owned and operated by PVN LLC (“PVN,” “we,” “us,” or “our”). This Policy explains how PVN collects, uses, retains, and discloses personal, corporate, and biometric information when you access or utilize the Platform and its associated application programming interfaces.

Given the institutional financial nature of the Platform, PVN is subject to strict regulatory frameworks, including but not limited to the Bank Secrecy Act (BSA), FinCEN regulations, the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). By accessing the Platform, the institutional entity and its authorized users (“Counterparty,” “you,” or “your”) consent to the data practices outlined herein.

ARTICLE 1: CATEGORIES OF INFORMATION WE COLLECT

To operate a compliant Delivery versus Payment (DvP) clearinghouse and execute physical commodities settlements, PVN collects highly sensitive, granular data through the Platform:

1.1. Corporate & Institutional Identity Data: Legal entity names, Legal Entity Identifiers (LEI), certificates of incorporation, tax identification numbers, physical headquarters addresses, and capitalization table structures.
1.2. Ultimate Beneficial Owner (UBO) & Officer Data: Government-issued identification (passports, driver's licenses), residential addresses, dates of birth, and tax IDs for corporate directors, executive officers, and individuals holding a controlling equity interest.
1.3. Biometric and Forensic Data: Facial geometry, liveness check video feeds, and cryptographic document forensics utilized during onboarding and re-verification events.
1.4. Financial and Transactional Data: Corporate banking details, routing and account numbers, intraday capital margin states, trading histories, settlement ledger logs, and actuarial risk assessments.
1.5. Technical, Telemetry, and Security Data: Device fingerprinting, IP addresses, geolocation data, browser metadata, hardware security module (HSM) attestations, and immutable cryptographic audit logs recording all Maker/Checker authorizations.

ARTICLE 2: HOW WE USE YOUR INFORMATION

PVN operates on a “strict necessity” basis. We process the collected data exclusively for the following purposes:

Execution of Core Services: Facilitating atomic settlement, operating the DvP escrow, managing physical logistics corridors, and running the deterministic claims engine.
Regulatory Compliance: Conducting initial and continuous KYC/AML screening against global sanctions lists (e.g., OFAC, UN), Politically Exposed Persons (PEP) databases, and adverse media watchlists.
Fraud Prevention & Security: Enforcing role-based access controls (RBAC), detecting synthetic identity fraud through biometric liveness checks, and preventing unauthorized corporate treasury actions.
System Integrity: Populating immutable audit ledgers and actuarial risk models to ensure the systemic stability of the clearinghouse.

ARTICLE 3: DATA SHARING AND ENTERPRISE SUB-PROCESSORS

PVN does not and will never sell Counterparty data.

We share data strictly with certified enterprise sub-processors required to operate the Platform's infrastructure:

Identity & Compliance Verification: Data is shared with licensed third-party compliance verification service providers to execute automated biometric liveness checks, forensic document verification, and continuous AML screening.
Banking & Settlement Routing: Financial data is transmitted via secure APIs to licensed clearing banks and institutional depository partners to facilitate fiat capital holds, escrow locking, and final settlement routing.
Physical Logistics: Necessary delivery manifests, containing physical addresses and authorized receiving personnel contact details, are shared with secure transit providers, including certified armored transit and logistics carriers.
Contract Management: Authorized signatory data is processed via electronic signature platforms for the execution of institutional agreements and Maker/Checker authorizations.
Law Enforcement & Regulatory Bodies: PVN will disclose data, without prior notice, to agencies such as FinCEN, the SEC, or international equivalents, to comply with Subpoenas, Suspicious Activity Reports (SARs), or other lawful mandates.

ARTICLE 4: DATA RETENTION AND IMMUTABLE LEDGERS

4.1. Regulatory Retention Periods: Due to PVN's status as financial infrastructure operator, Counterparty and UBO data, transaction histories, and identity verification records are legally required to be retained for a minimum of seven (7) years following the termination of the Counterparty's account.
4.2. Immutable Ledger Architecture: Counterparties acknowledge that the Platform utilizes immutable cryptographic ledgers for transactional and compliance audit trails. Data committed to the clearing ledger or deterministic claims engine cannot be structurally deleted, altered, or modified.

ARTICLE 5: INTERNATIONAL DATA TRANSFERS

As a global clearing network, data may be transferred to, and processed in, the United States and other jurisdictions. For Counterparties operating within the European Economic Area (EEA) or the United Kingdom, PVN utilizes Standard Contractual Clauses (SCCs) and rigorous encryption-in-transit (TLS 1.3) and encryption-at-rest (AES-256) to ensure cross-border transfers comply with GDPR adequacy requirements.

ARTICLE 6: YOUR PRIVACY RIGHTS AND LIMITATIONS

Depending on your jurisdiction (e.g., GDPR, CCPA), you may have rights to access, correct, or request the deletion of your personal data.

Crucial Exemption: Because the Platform operates as heavily regulated financial infrastructure, your “Right to Erasure” (Right to be Forgotten) is explicitly superseded by PVN's legal obligations under Anti-Money Laundering (AML) laws, the Bank Secrecy Act, and the technical realities of the Platform's immutable audit ledgers. Requests for deletion will only be honored for marketing communications or data not strictly tied to compliance or financial execution.

ARTICLE 7: DATA SECURITY

The Platform implements institutional-grade security architectures, including but not limited to:

Mandatory Multi-Factor Authentication (MFA) and Maker/Checker thresholds.
Cryptographic hashing of sensitive database fields.
Continuous penetration testing and zero-trust internal network policies.

However, no system is entirely impenetrable. Counterparties are strictly responsible for maintaining the confidentiality of their internal credentials and API keys.