CUBE AI

LEGAL

Privacy Policy

Last Updated: 3rd December 2025

WHAT YOU CAN FIND IN THIS PRIVACY POLICY?

This Privacy Policy describes how CUBE AI collects, uses, discloses and otherwise processes your information as defined in this Privacy Policy below. CUBE AI is dedicated to ensure that the data processing performed by CUBE AI is compliant with applicable data protection laws.

This Privacy Policy applies to the information that we collect from you when you interact with us online, otherwise communicate with us about our products and services and in other cases as described in this Privacy Policy, including when you:

  • visit our website https://www.cube3.ai/ (the “Website”);
  • use the CUBE AI Cloud Services, as defined in our Terms of Service, as a customer or an authorized User of a customer (for example, as an employee of one of our customers who provided you with access the CUBE AI Cloud Services);
  • operate in the financial market as described in this Privacy Policy, and your data is processed for the purposes of providing our Services; or
  • communicate with us by email, telephone or otherwise.

The Website and the CUBE AI Cloud Services, as well as other products provided by CUBE AI, are referred to as the “Services.”

Cube Security, Inc. an entity incorporated in the United States of America, with registered address at 3000 El Camino Real, Building 4, Suite 200, Palo Alto, California, 94306, United States of America, is the controller of the personal data that CUBE AI collects through the Services or otherwise as described in this Privacy Policy, except that with respect to customers and prospects who contact, or procure the CUBE AI Cloud Services from, as well as other data subjects located in the European Union, Cube Security Europe, UAB, the controller of your Personal Data is Cube Security Europe, UAB, an entity incorporated in the Republic of Lithuania, company code 306082740, with offices located at Kaunas, Chemijos str. 15, LT-51332, Republic of Lithuania. For the purposes of this Privacy Policy, Cube Security, Inc. and Cube Security Europe, UAB are further referred to as CUBE AI.

This Privacy Policy does not apply to certain data that our customers upload to the CUBE AI Cloud Services, or that customers otherwise provide or make available to us for processing in connection with their use of the CUBE AI Cloud Services, and that is governed by our Terms of Service. For more information, please see the “CUBE AI Cloud Services” section of this Privacy Policy. If you have questions about the information practices of a customer of ours that uses the CUBE AI Cloud Services, please contact that customer directly.

THE INFORMATION WE PROCESS AND HOW WE PROCESS IT

The information we collect, and how we use and disclose it, depends on the context of your interactions with us, among others, on the Services you use. As explained below, we collect some of this personal information when you provide it directly to us, or when we receive it from third parties. We also collect certain information ourselves, e.g., when you use and interact with the Services.

Information You Provide Directly

When you use the Services, or contact us by phone or email, we collect personal information that you choose to share with us, which may include information falling within the following categories:

  • personal and contact details such as your name, mailing address, email address, and phone number;
  • account and profile information such as your username and password;
  • business information such as your company name and job title/position;
  • payment and billing information;
  • information that you choose to share when you fill out and submit contact forms that we make available through the Services; and
  • information that you choose to share when you use online chat functionality that we make available through the Services, or otherwise communicate with us through the Services, which may be recorded by or through third-party service provider(s) who act on our behalf and at our express direction.

Information We Receive from Third Parties

We may also collect information about you from other sources, including third-party data providers, social media platforms, and publicly available information such as commercial registers.

Certain publicly available information may be relevant when assessing risks associated with virtual asset service providers (VASPs), particularly where individuals act as shareholders, ultimate beneficial owners, or senior executives. Our Service supports this process by reviewing publicly accessible sources to provide insights necessary for risk evaluation. The information considered is strictly limited to what is publicly available and may include details such as full legal name, professional titles and positions, the name of the entity where the position is held, date of birth, nationality, appointment and resignation dates, ownership percentage, shareholding details (type, size, direct or indirect ownership), and any holding entity.

As part of our Services, we may utilise publicly available information to assist in detecting and preventing fraudulent activities, including the misuse of accounts in financial transactions. This process may involve reviewing publicly accessible sources to identify indicators of suspicious or unlawful activity. The types of information that may be processed include payment-related identifiers, cryptocurrency wallet addresses, and bank account details (such as account holder name, account number, routing number, and financial institution). We may also process associated metadata, such as the source platform, category of suspected activity, and date of interaction.

Information We Collect Automatically

When you use the Services, we collect some information automatically about you which may include:

  • information about your computer or mobile device, such as IP and MAC address, operating system, browser type, and information about your mobile network and internet connection;
  • usage and clickstream information, such as pages visited and features used; referring URLs; content you consume through the Services; mouse movements, clicks, and text entered; time spent using the Services and features thereof, and other details of your actions on the Services;
  • transactional information, including information about purchases you make through the Services, such as product or service descriptions, price, subscription details, and times and dates of transactions;
  • communications information, including the contents of communications you have through the Services;
  • information collected in connection with third-party analytics technologies, such as Google Analytics; and
  • information about your location, including your approximate geographic location as indicated by your device's IP address.

We collect some of this information through cookies and other similar technologies. For more information, see the “Our Use of Cookies and Other Tracking Technologies” section of this Privacy Policy.

Information we Collect Through the Operation of the CUBE AI Cloud Services

The CUBE AI Cloud Services are used by our customers to detect, protect against, and manage threats affecting digital assets on the blockchain, such as smart contracts, wallets, and cryptocurrency and other blockchain transactions as part of those customers' cybersecurity, fraud prevention, and regulatory compliance efforts.

To that end we collect, and customers of the CUBE AI Cloud Services submit to us, blockchain- and cryptocurrency-related information. This information may include cryptocurrency wallet and smart contract addresses and blockchain transaction information (such as transaction hashes). We may also combine the information that customers submit to the CUBE AI Cloud Services with information we collect from other sources, such as information available on publicly accessible transaction ledgers and blockchains, or information we obtain from third-party sources relating to an address's association with known or suspected fraudulent, criminal, or other malicious actors or activities.

We use this information to determine the level of risk of an address or a transaction being involved or associated with fraud, the commission or alleged commission of a criminal offence, or other malicious activity. And we inform our customers of this risk level. Customers can then deal with that address or transaction as they wish, having regard to its risk level.

Some data processed by CUBE AI when providing the CUBE Cloud Services may be processed by CUBE AI as a “data processor” on behalf of the customer, and pursuant to a data processing agreement between CUBE AI and the customer. Such processing will be governed by CUBE AI's agreement with the customer, and not by this Privacy Policy.

OUR USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies as described in this section to track the activity on the Services and collect and analyze information about your use of the Services.

  • Cookies. We use cookies and similar technologies in connection with the Services to store and honor your preferences and settings, enable you to sign-in, provide interest-based advertising, combat fraud, analyze the performance of the Services, and to fulfill other legitimate business purposes. A cookie is a small file placed on the hard drive of your computer or your mobile device to store data that can be recalled by a web server in the domain that placed the cookie.
  • Web Beacons. The Services and our emails may contain small electronic files known as web beacons that enable us and other companies we work with to provide analytics and advertising services to collect information.
  • Software Development Kits (“SDKs”). SDKs are pieces of code provided by our service providers, including development and analytics providers, that may be incorporated into the Services to collect and analyze certain device and user data.

For information about how to control the use of these technologies, please see the “Your Choices” section below.

HOW WE USE THE INFORMATION WE COLLECT

We will use the information we collect about you for various purposes, including:

  • To provide and maintain our Services, including to monitor the usage of our Services.
  • To manage your account, including to manage your registration as a user of the Services.
  • For the performance of a contract with you or our customer.
  • To contact you, including by email, telephone calls, SMS, or other equivalent forms of electronic communication.
  • To provide you with news, special offers and general information about other goods, services and events which we offer.
  • To respond to and fulfill your requests and inquiries.
  • To detect and assess risks related to blockchain addresses, smart contracts, and cryptocurrency transactions for fraud prevention and cybersecurity purposes.
  • To support regulatory compliance efforts by evaluating the likelihood of association with fraudulent, criminal, or other malicious activities.
  • To comply with applicable laws and regulations, lawful requests, and legal process.
  • To prosecute or defend against legal claims, and as otherwise necessary to protect and defend the rights or property of the Company.
  • To evaluate or participate in an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.

We may also aggregate or de-identify personal information by removing any details that identify you personally. Aggregated or de-identified information will not be subject to this Privacy Policy and will be used to the extent permissible under applicable law.

HOW WE SHARE THE INFORMATION WE COLLECT

We may disclose the information we collect about you in the following circumstances:

  • To Service Providers: we may share your personal information with Service Providers that we engage to perform services on our behalf.
  • With our Customers: If you use the CUBE AI Cloud Service as an authorized user on behalf of a customer, we may share information about you and your use of the CUBE AI Cloud Services with that customer.
  • With Affiliates: we may share your information with our affiliates, including our parent company and any other subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
  • With our Business Partners: we may share your information with our business partners to offer you certain products, services or promotions.
  • With other users: when you share personal information or otherwise interact in the public areas of the Services with other users, such information may be viewed by all users.
  • For Business transfers: we may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.

RETENTION OF YOUR PERSONAL DATA

We retain the information we collect for as long as is necessary to accomplish the purposes set out in this Privacy Policy, including as needed to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

We determine the appropriate retention period for the information we collect on the basis of the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements. In any case, personal data processed for fraud-prevention purposes is not retained longer than ten (10) years from the date it is deemed no longer necessary for fraud detection or compliance support.

OUR WORLDWIDE PRACTICES

Your information may be stored and processed by CUBE AI at CUBE AI's operating offices in the United States and in Lithuania and in any locations in which our Affiliates and Service Providers are located or maintain processing facilities. As a result, your information may be transferred to, and maintained on, systems located outside of the country in which you are located, and may be subject to data protection laws that differ from those in your country.

When we transfer Personal Data from within the European Union to locations outside the European Union, we will rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses approved by the European Commission.

YOUR CHOICES

We respect your privacy and offer choices regarding our collection and use of your information.

  • You may choose not to provide the information we request. Not providing information we request, however, may restrict your ability to use the Services, or certain features of the Services.
  • You can also control the use of cookies by changing the settings in your browser. Please note that choosing to disable cookies may limit your use of certain features or functions on our websites.
  • You may opt out of receiving promotional emails from us at any time by following the opt-out link or other unsubscribe instructions provided in the email message, or by contacting us as provided in the “Contact Us” section at the end of this Privacy Policy.

ADDITIONAL INFORMATION FOR INDIVIDUALS IN THE EUROPEAN UNION

This section of the Privacy Policy provides additional information in accordance with the requirements of the EU's General Data Protection Regulation (“GDPR”), and applies to the extent our processing of your “Personal Data” is subject to the GDPR.

Legal Bases for Processing

We will only process your Personal Data when we have an appropriate legal basis under the GDPR to do so. Our legal bases include: performance of our agreement with you, your consent (when required by applicable law), our legitimate interests in maintaining and securing our Services, promoting our products, managing user requests, assisting customers with fraud prevention and cybersecurity, helping customers meet regulatory obligations, and compliance with legal obligations.

Your Rights

The GDPR provides you certain rights in respect of your Personal Data, including:

  • The right to object to or request restriction of processing of personal data.
  • The right of access to your personal data and to receive information about how we process it.
  • The right to rectification of inaccurate or incomplete personal data.
  • The right to data portability in a structured, commonly used, and machine-readable format.
  • The right to erasure, allowing you to request deletion of certain personal data.
  • Where processing is based on consent, the right to withdraw your consent at any time.
  • The right to lodge a complaint with a supervisory authority.

To exercise any of these rights, you may contact us using the details set out in the “Contact Us” section of this Privacy Policy. We will examine the request within thirty (30) days from its receipt.

Automated Decision Making

As part of the services we provide to our customers, certain processing activities involve automated decision-making within the meaning of Article 22 of the GDPR. These activities are designed to support fraud prevention, cybersecurity, and regulatory compliance efforts.

We implement appropriate measures to protect individuals' rights and freedoms, including limiting the scope of automated processing to what is necessary for fraud prevention and compliance purposes, and ensuring that customers retain ultimate decision-making authority.

LINKS TO OTHER WEBSITES

The Services may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy practices of these sites, as this Privacy Policy does not apply to third-party sites or services.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in our privacy practices from time to time. When we do so, we will update the effective and last updated date above. We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices. If we make material changes to this Privacy Policy, we will inform you about this separately.

CONTACT US

To contact us with questions about this Privacy Policy, or to exercise any rights you may have as described in this Privacy Policy, you can contact us by email at legal@cube3.ai

For data protection inquiries, you may also contact our Data Protection Officer at legal@cube3.ai