Privacy Policy

LusoPass Inc. ("LusoPass", "we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our platform at lusopass.com (the "Service"). We operate in compliance with the General Data Protection Regulation (GDPR), the Portuguese Data Protection Law (Lei n.º 58/2019), and other applicable data protection legislation.

LusoPass Inc. acts as the data controller for personal data processed through our platform. For questions about data processing, contact our Data Protection Officer at [email protected].

We collect the following categories of personal data: • Identity Data: Full name, date of birth, nationality, passport/ID numbers • Contact Data: Email address, phone number, mailing address • Financial Data: Bank account details, investment amounts, source of funds documentation • Immigration Data: Visa application details, AIMA submission records, residency permit information • Document Data: Uploaded documents including passports, proof of address, tax certificates, and legal filings • Usage Data: Login timestamps, pages visited, features used, IP addresses • Device Data: Browser type, operating system, device identifiers

We process your personal data for the following purposes: • To facilitate golden visa and immigration applications • To manage investor-fund relationships and capital transactions • To provide case management services for legal professionals • To comply with KYC/AML regulatory requirements • To generate reports and analytics for authorized stakeholders • To send service-related communications • To maintain platform security and prevent fraud

We process personal data under the following legal bases as defined by GDPR Article 6: • Contract Performance: Processing necessary to fulfill our service agreements • Legal Obligation: Compliance with Portuguese immigration law, AML directives, and tax reporting requirements • Legitimate Interest: Platform security, fraud prevention, and service improvement • Consent: Marketing communications and optional analytics (which you may withdraw at any time)

We may share your data with: • Legal professionals managing your case (attorneys, paralegals) • Portuguese governmental authorities (AIMA, SEF, Tax Authority) as required by law • Fund administrators and institutional partners for investment management • Cloud infrastructure providers (with appropriate data processing agreements) • Payment processors for transaction handling International data transfers outside the EEA are protected by Standard Contractual Clauses (SCCs) or adequacy decisions.

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy. Immigration-related records are retained for a minimum of 5 years after case closure, in accordance with Portuguese regulatory requirements. Financial records are retained for 10 years as required by tax legislation. You may request earlier deletion where no legal retention obligation applies.

Under GDPR, you have the right to: • Access your personal data and receive a copy • Rectify inaccurate or incomplete data • Erase your data ("right to be forgotten") where applicable • Restrict processing in certain circumstances • Data portability in a structured, machine-readable format • Object to processing based on legitimate interests • Withdraw consent at any time • Lodge a complaint with the Portuguese Data Protection Authority (CNPD) To exercise these rights, contact us at [email protected].

We implement industry-standard security measures including end-to-end encryption for data in transit and at rest, multi-factor authentication, role-based access controls, regular security audits, and encrypted document storage. Our infrastructure is hosted within EU data centers with SOC 2 Type II certification.

For privacy-related inquiries: LusoPass Inc. Data Protection Officer Email: [email protected] Portuguese Data Protection Authority (CNPD) Rua de São Bento, 148-3° 1200-821 Lisboa, Portugal https://www.cnpd.pt