GDPR Notice

Controller and Contact Information

DEX Morning is operated in the United States of America by Tristan Valehart, who serves as the data controller for personal data processed in connection with this website and related services.

Controller: DEX Morning (Owner: Tristan Valehart)
Postal Address: Richardson Public Library, 900 Civic Center Dr, Richardson, TX 75080, USA
Email: [email protected]

For any questions about this notice or to exercise your privacy rights, please contact us using the email address above.

Scope and Applicability

This notice governs personal data processed when you access or use DEX Morning (including reading content, subscribing to newsletters, or interacting with tools and features). It is drafted to meet requirements of the EU/UK General Data Protection Regulation (GDPR/UK GDPR) and applicable U.S. privacy laws, including but not limited to the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA) and similar state laws.

Our services are intended for a general audience and are not directed to children under 13 years of age. If you are in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, this notice explains how we process your personal data and your GDPR rights. U.S. residents will find state-specific rights below.

Categories of Personal Data We Process

• Identification and Contact Data: name, email address, and any information you provide when contacting us or subscribing to newsletters.
• Account and Preference Data: if we offer account features, username and settings; newsletter frequency and content preferences.
• Wallet and Blockchain-Related Data: public wallet addresses or transaction identifiers you submit to use certain features or for eligibility checks. We do not request or store your private keys or seed phrases.
• Usage and Interaction Data: pages visited, features used, timestamps, referring/exit pages, clickstream data, and similar analytics metrics.
• Device and Technical Data: IP address, browser type, operating system, device identifiers, language, time zone, and approximate location derived from IP (coarse geolocation).
• Cookie and Similar Technology Data: information collected via cookies, local storage, pixels, software development kits (SDKs), and similar technologies.
• Marketing and Campaign Data: your interactions with our marketing messages, including opens, clicks, and unsubscribe events.
• User-Generated Content: comments, feedback, inquiries, or other content you choose to submit.
• Inferences: we may derive limited inferences about interests (for example, topics you read most) to personalize content, subject to your choices.
• Third-Party Source Data: information from service providers (e.g., analytics, email delivery), and publicly available sources (including public blockchains).

We do not intentionally collect sensitive personal data (such as precise geolocation, health information, or biometric identifiers). If you choose to provide any such data, we will process it only as necessary and as permitted by law.

Sources of Personal Data

• Directly from you when you interact with the site, subscribe to newsletters, contact us, or submit forms.
• Automatically through cookies and similar technologies when you use our services.
• From publicly available sources, including public blockchains.
• From service providers and partners that support our operations (for example, analytics and email delivery providers).

Purposes of Processing and Legal Bases

We process personal data for the purposes set out below. Where GDPR applies, we rely on one or more of the following legal bases: performance of a contract, legitimate interests, consent, compliance with legal obligations, and, where strictly necessary, protection of vital interests. Public interest is not typically relied upon for our services.

• Providing and Maintaining Services: to operate the website, deliver content, provide newsletters, and support features. Legal basis: performance of a contract; legitimate interests.
• Account and Preference Management: to set and honor your preferences and manage subscriptions. Legal basis: performance of a contract; legitimate interests.
• Customer Support and Communications: to respond to inquiries and provide notices. Legal basis: performance of a contract; legitimate interests.
• Personalization: to tailor content, topics, and alerts to your interests. Legal basis: consent where required; otherwise legitimate interests with opt-out options.
• Analytics and Improvement: to understand usage, fix issues, and improve functionality. Legal basis: legitimate interests; consent where required for non-essential cookies.
• Marketing: to send newsletters and promotional communications subject to your choices. Legal basis: consent (EEA/UK) or legitimate interests where permitted; you may withdraw consent or opt out at any time.
• Security and Fraud Prevention: to protect accounts, investigate suspicious activity, and secure our systems. Legal basis: legitimate interests; legal obligation where applicable.
• Compliance and Enforcement: to comply with laws, regulatory requests, and enforce terms. Legal basis: legal obligation; legitimate interests.
• Blockchain and Airdrop-Related Features: to validate eligibility or track publicly visible on-chain events you elect to participate in. Legal basis: performance of a contract; consent where applicable.

Cookies and Similar Technologies

We use cookies and similar technologies to operate the site, remember preferences, analyze traffic, and, where applicable, support interest-based advertising. Some cookies are essential to provide the service; others are optional and used only with consent where required by law.

• Essential: required for core functionality, security, and service integrity.
• Analytics: help measure performance and usage to improve the service.
• Functional: remember your settings and preferences.
• Advertising: support delivery of relevant content and measurement (used only in compliance with applicable law).

You can manage cookies through your browser settings and, where available, our on-site preferences. Your browser or device may also support Global Privacy Control (GPC); we make commercially reasonable efforts to honor recognized browser-based opt-out signals for sale/share and targeted advertising where legally required. Disabling or rejecting certain cookies may affect site functionality.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this notice, including to meet legal, accounting, or reporting requirements, and then securely delete or anonymize it.

• Newsletter and Marketing Records: retained until you unsubscribe or your account is inactive for an extended period; suppression lists are kept to honor opt-outs.
• Support Communications: retained for a period reasonably necessary to resolve your inquiry and maintain records (generally up to 24 months unless a longer period is required).
• Security and Audit Logs: retained for a period necessary for security and auditing (generally up to 12 months).
• Analytics Data: retained for the shortest period necessary, consistent with tool configuration and business needs.

International Data Transfers

We are based in the United States. If you access our services from the EEA, UK, or Switzerland, your personal data may be transferred to and processed in countries outside your jurisdiction, including the United States, which may not provide the same level of data protection as your home country.

When we transfer personal data internationally, we implement appropriate safeguards such as European Commission Standard Contractual Clauses (and UK-approved addenda, as applicable) and supplementary measures where needed. You may contact us to request more information about these safeguards.

Data Security

We employ administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. Measures include access controls, encryption in transit where appropriate, least-privilege practices, and monitoring. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.

Your Rights Under GDPR

If you are in the EEA, UK, or Switzerland, you have the following rights subject to applicable limitations:

• Right of Access: obtain confirmation and a copy of your personal data.
• Right to Rectification: correct inaccurate or incomplete data.
• Right to Erasure: request deletion in certain circumstances.
• Right to Restrict Processing: request restriction under certain conditions.
• Right to Data Portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to Object: object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: you may lodge a complaint with a supervisory authority; we encourage you to contact us first so we can address your concerns.

To exercise your rights, contact us at [email protected]. We will respond within one month (extendable as permitted by law) and may take reasonable steps to verify your identity. We do not charge a fee unless a request is manifestly unfounded or excessive.

U.S. State Privacy Rights

California Notice at Collection

We collect the categories of personal information described above (including identifiers, internet activity, approximate geolocation, inferences, and user-generated content) for the purposes of providing services, security, analytics, personalization, and marketing as described. We retain information for the periods outlined in the Retention section. We do not sell personal information for monetary consideration. We may share personal information for cross-context behavioral advertising or targeted advertising as those terms are defined under U.S. state privacy laws; you can opt out as described below. We do not use or disclose sensitive personal information for purposes other than those permitted by law.

Rights for Residents of California, Colorado, Connecticut, Utah, and Virginia

Subject to exceptions, you may have the right to:

• Know/Access: request information about our collection, use, and disclosure of your personal information and request access to it.
• Correction: request correction of inaccurate personal information.
• Deletion: request deletion of personal information.
• Portability: receive certain information in a portable format.
• Opt Out: opt out of sale or sharing of personal information and of targeted advertising, and opt out of certain profiling.
• Limit Use of Sensitive Personal Information: where applicable, limit use to necessary purposes.

To exercise these rights, email [email protected] with your request and sufficient information to verify your identity and residency. Please include “Privacy Request” in the subject line and specify the right you wish to exercise. If we deny your request, you may appeal by replying to our decision within 30 days with “Privacy Appeal” in the subject line; we will respond to appeals as required by law. We generally respond within 45 days (extendable where permitted). We honor recognized browser-based opt-out signals, such as Global Privacy Control, for sale/share and targeted advertising where legally required.

Children’s Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal data from them. For California, we do not sell or share personal information of consumers under 16 years of age. If you believe a child has provided us personal data, please contact us so we can delete it.

Automated Decision-Making and Profiling

We do not engage in solely automated decision-making that produces legal or similarly significant effects about you. We may use limited profiling (for example, to personalize content or measure engagement) consistent with applicable law and your choices.

Sharing of Personal Data

We disclose personal data to the following categories of recipients for the purposes described above:

• Service Providers/Processors: hosting, cloud infrastructure, analytics, email delivery, customer support, security, and similar providers bound by contractual confidentiality and data protection obligations.
• Advertising and Measurement Partners: where applicable and only in compliance with law and your choices.
• Professional Advisors: legal, accounting, and consulting services under confidentiality.
• Authorities and Law Enforcement: when required by law or to protect rights, safety, and security.
• Business Transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate protections.

We do not sell personal information for money. We do not request or store private keys or seed phrases. Public blockchain data you choose to use or reference may be inherently public.

Third-Party Services and Links

Our services may include links to third-party sites, tools, or integrations. Your interactions with those services are governed by their own policies. We are not responsible for third-party practices.

Exercising Your Rights and Contacting Us

You may exercise your rights or contact us with questions by emailing [email protected]. To help us process your request, please provide your name, the email address associated with your interactions with us, your jurisdiction, and a clear description of your request. We may require additional information to verify your identity and, where applicable, your authority to act on behalf of another individual. Authorized agents (for example, under California law) must provide proof of authorization and we may also verify the consumer’s identity directly.

Changes to This Notice

We may update this notice from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. Material changes will be indicated by updating the effective date below. Your continued use of the services after an update indicates your acknowledgment of the updated notice.

Effective Date: 03 October 2025

Definitions

“Personal data” or “personal information” means information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable individual. “Processing” means any operation performed on personal data, such as collecting, storing, using, disclosing, or deleting it. “Controller” means the entity that determines the purposes and means of processing personal data. “Processor” means an entity that processes personal data on behalf of the controller.