Data Protection

Scope and Identity of the Controller

This Data Protection Notice describes how Luminous Ledger, operated on the domain noorimasjid.org, processes personal data in compliance with applicable United States privacy laws and, where relevant, the EU/UK General Data Protection Regulation (GDPR/UK GDPR).

Controller: Rebecca Andrews, 2615 Medical Center Pkwy, Murfreesboro, TN 37129, United States. Email: [email protected].

This notice applies to visitors, account holders, newsletter subscribers, business contacts, contributors, and other individuals whose data we process in connection with our services, including blockchain and cryptocurrency educational content, token analyses, listings, airdrop verification information, and exchange reviews.

Categories of Personal Data We Process

• Identification and contact details: name, email address, postal address, telephone number.
• Account and preference data: username, password, profile settings, communication preferences, saved articles or watchlists.
• Transactional data: purchase records for digital materials or memberships; limited billing details processed via our payment providers (we do not store full payment card numbers).
• Communications: inquiries, support requests, feedback, survey responses.
• Marketing and analytics data: cookie IDs, device identifiers, IP address, geolocation (approximate), browser type, operating system, referring URLs, pages viewed, session duration, campaign attribution.
• Web3 and blockchain-related data (if you choose to use such features): wallet addresses, on-chain transaction metadata, and publicly visible blockchain activity associated with your wallet address. Please be aware that blockchain data is publicly accessible and may be immutable.
• Sensitive personal information: we do not seek to collect sensitive categories (e.g., government IDs, precise geolocation, health data). If such data is inadvertently provided, we will handle it with heightened care and promptly delete it where lawful and feasible.

Purposes and Legal Bases (GDPR/UK GDPR)

Where the GDPR/UK GDPR applies, we process personal data under the following legal bases:

• To provide and operate our services, content, and user accounts; to respond to requests; to process transactions and deliver purchased materials (Contract performance).
• To send service communications, maintain security, prevent fraud/abuse, and maintain accurate records (Legitimate interests and/or Legal obligation).
• To perform analytics, improve site performance and user experience, and develop new features (Legitimate interests).
• To send newsletters, product updates, promotions, and to deploy non-essential cookies or similar technologies (Consent). You may withdraw consent at any time via your browser/cookie settings or by contacting us.
• To comply with legal and regulatory obligations, including tax, accounting, and consumer protection laws (Legal obligation).

Processing Disclosures for U.S. State Privacy Laws

For residents of California, Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws, we may process the following categories of personal information for the purposes described above: identifiers; commercial information; internet or network activity; approximate geolocation; inferences drawn from usage to personalize content; and professional information if you represent a business partner. We do not knowingly sell personal information. We may “share” personal information for cross-context behavioral advertising only with your consent via cookies or similar technologies. You can opt out of such sharing through cookie preferences or by contacting us.

Cookies and Similar Technologies

We use cookies, pixels, and similar technologies to operate the site, remember your preferences, perform analytics, and, with your consent, deliver personalized content and measure marketing effectiveness.

• Strictly necessary: essential for core functionality and security.
• Functional: remember preferences and enhance features.
• Analytics: measure usage and performance.
• Advertising: personalize content or measure campaigns, only with consent.

You may manage cookies via browser settings and any on-site consent tools. Disabling certain cookies may affect site functionality.

Sources of Personal Data

• Directly from you: forms, account registration, purchases, emails.
• Automatically: through your device and browser when using our site.
• From service providers: analytics, fraud prevention, payment processors.
• From publicly available sources: blockchain networks where you interact with smart contracts or disclose wallet addresses.

Disclosures and Recipients

We disclose personal data to the following categories of recipients for the purposes described:

• Service providers/processors: hosting, cloud storage, content delivery networks, analytics, email delivery, customer support, payment processing, security and fraud prevention.
• Professional advisors: legal, audit, and accounting advisors.
• Business partners: only where necessary to provide requested features or with your consent.
• Authorities and courts: where required by law or to protect our rights, users, or the public.
• Corporate transactions: in connection with a merger, acquisition, or asset transfer, subject to appropriate safeguards.

We require processors to handle data only on our instructions, under confidentiality and security obligations.

International Data Transfers

We are located in the United States. If you are in the EU/EEA/UK, your data may be transferred to countries outside your jurisdiction that may not provide the same level of protection. Where required, we use appropriate safeguards such as Standard Contractual Clauses and implement supplementary measures. You may request information about these safeguards by contacting us.

Data Retention

We retain personal data only as long as necessary for the purposes described or as required by law. Criteria include: the duration of our relationship with you, legal obligations (e.g., tax and accounting), security needs, and the existence of disputes. We typically retain account data while your account is active and for a reasonable period thereafter. Marketing data is retained until you opt out or until it is no longer useful for the purpose collected.

Your Rights under GDPR/UK GDPR

• Access: obtain confirmation and a copy of your personal data.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion where no longer necessary or where consent is withdrawn, subject to lawful exceptions.
• Restriction: request restricted processing in certain cases.
• Portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
• Objection: object to processing based on legitimate interests or for direct marketing; we will honor marketing objections at any time.
• Withdraw consent: withdraw consent at any time without affecting prior lawful processing.
• Complaint: lodge a complaint with a supervisory authority. We encourage you to contact us first so we can address your concerns promptly.

Your Rights under U.S. State Privacy Laws

• Right to know/access: request the categories and specific pieces of personal information we collected about you.
• Right to delete: request deletion of personal information, subject to lawful exceptions.
• Right to correct: request correction of inaccurate personal information.
• Right to opt out: opt out of the sale or sharing of personal information and of targeted advertising or profiling where applicable. We do not sell personal information; we only share for cross-context advertising with your consent.
• Right to limit: limit the use and disclosure of sensitive personal information where applicable (we do not seek to collect such data).
• Right to non-discrimination: you will not be discriminated against for exercising your rights.

California Shine the Light: we do not disclose personal information to third parties for their own direct marketing purposes without your consent.

How to Exercise Your Rights and Verification

You may submit requests by emailing [email protected] or by mail to: Rebecca Andrews, 2615 Medical Center Pkwy, Murfreesboro, TN 37129, United States. Please specify the right you wish to exercise and provide sufficient information to verify your identity (e.g., account email, recent interactions). Authorized agents may submit requests where permitted by law; we may require proof of authorization and verification of your identity.

Response timelines: We aim to respond within one month under GDPR, and within 45 days under applicable U.S. laws (with permissible extensions). If we cannot fulfill a request due to legal requirements or exceptions, we will provide an explanation.

Security Measures

We employ administrative, technical, and physical safeguards designed to protect personal data, including access controls, encryption in transit, network monitoring, vulnerability management, and staff training. No system is entirely secure; please use strong passwords and safeguard your account credentials.

Children’s Privacy

Our services are not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected such information, we will delete it promptly. Where GDPR applies, minors under the applicable age of consent (generally 16, or lower where permitted by local law) should not use our services without verifiable parental consent.

Automated Decision-Making and Profiling

We do not use automated decision-making that produces legal or similarly significant effects on individuals. We may perform limited profiling to personalize content or measure engagement, typically based on cookies or similar technologies and only with your consent where required.

Blockchain Transparency Notice

If you choose to connect a wallet or interact with blockchain networks, certain data (e.g., wallet address and transactions) is publicly recorded on-chain and may be analyzed by anyone. We cannot modify or delete public blockchain records. Please take care to avoid sharing any information on-chain that you wish to keep private.

Do Not Track and Global Privacy Control

Some browsers offer Do Not Track (DNT) signals. Our site does not currently respond to DNT. Where required by law, we will honor Global Privacy Control (GPC) signals as an opt-out of sharing for cross-context behavioral advertising, to the extent technically feasible.

Data Breach Notification

In the event of a data breach affecting your personal data, we will notify applicable authorities and impacted individuals in accordance with GDPR, U.S. federal and state laws, and other applicable regulations.

Changes to This Notice

We may update this notice to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the effective date and, where appropriate, by providing a more prominent notice.

Contact Information

For questions or requests regarding this notice or our data practices, please contact: Rebecca Andrews, 2615 Medical Center Pkwy, Murfreesboro, TN 37129, United States. Email: [email protected].

Effective date: 06 October 2025.