Privacy Policy

Dravanti Group Limited ("Dravanti", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or engage with our tokenization platform.

We operate in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) for individuals in the European Economic Area, and maintain appropriate safeguards for all personal data processing activities related to our security token offerings and real-world asset tokenization services.

By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

We collect several types of information from and about users of our services:

Personal Identification Information

This may include your name, email address, postal address, phone number, government-issued identification documents, and professional or employment-related information. We collect this information when you register for an account, complete our investor onboarding process, or communicate with us.

Financial and Transaction Information

For qualified investors, we collect wallet addresses, transaction history on our platform, investment preferences, and accreditation status. We do not store private keys or seed phrases. All blockchain transactions are recorded on the Polygon or Hedera networks as applicable.

Technical and Usage Data

We automatically collect information about your device and how you interact with our services, including IP addresses, browser type, operating system, referring URLs, pages visited, and timestamps. This data helps us improve our platform security and user experience.

We use the information we collect for the following purposes:

• To verify your identity and maintain the security of our platform
• To process transactions and manage your investments in DRVS and HDRVS tokens
• To comply with legal and regulatory obligations, including KYC/AML requirements
• To communicate with you about your account, investments, and platform updates
• To improve our services, website functionality, and user experience
• To detect, prevent, and address technical issues, fraud, or security breaches
• To enforce our terms of service and other legal agreements

We process personal data based on legitimate interests, contractual necessity, legal obligations, and where applicable, your consent. You may withdraw consent at any time, though this may affect your ability to use certain services.

We do not sell, trade, or otherwise transfer your personal information to third parties except as described below:

Service Providers

We may share information with trusted third-party service providers who assist us in operating our platform, conducting our business, or servicing you. These include identity verification providers, custodial services, legal advisors, and technical infrastructure partners. All service providers are bound by confidentiality obligations.

Legal Requirements

We may disclose your information when required by law, regulation, or legal process, including to comply with Nasdaq CSD registration requirements, securities regulations, or to protect our rights, property, or safety.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security infrastructure includes:

• Industry-standard encryption for data in transit and at rest
• Multi-factor authentication for account access
• Regular security assessments and penetration testing
• Access controls and least-privilege principles for staff
• Partnership with Fireblocks for institutional-grade custody
• Compliance with ERC-3643 security token standards

While we strive to use commercially acceptable means to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying you of any data breaches as required by law.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate information
• Erasure: Request deletion of your personal data under certain conditions
• Restriction: Request limitation of processing in specific circumstances
• Portability: Request transfer of your data to another organization
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw previously given consent at any time

To exercise these rights, please contact us using the information provided below. We will respond to all legitimate requests within the timeframes required by applicable law. We may need to verify your identity before processing your request.

If you are in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your information, please contact our Data Protection Officer:

This Privacy Policy may be updated periodically. We will notify you of any material changes by posting the new policy on this page with an updated revision date.