Privacy Policy

Midas Bloom Ltd ("Midas Bloom", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you access or use the Midas Bloom platform (the "Platform"), whether as an Expert or a Client. Please read this policy carefully. If you do not agree with its terms, please discontinue use of the Platform.

We collect the following categories of personal data: a) Information you provide directly • Full name, email address, phone number, and profile photo • Professional credentials, qualifications, and advisory specialisms (Experts) • Business name, industry, and company size (Clients) • Payment and billing details (processed securely via our payment provider) • Any content you submit, including session notes and messages b) Information collected automatically • Device type, browser, IP address, and operating system • Pages visited, click-through data, session duration, and referring URLs • Cookies and similar tracking technologies (see Section 9) c) Information from third parties • Identity verification data from our KYC/AML partners • Social login data if you register via a third-party provider (e.g., Google)

We use your personal data for the following purposes: • To create and manage your account on the Platform • To facilitate bookings, consultations, and payment processing • To verify your identity and professional credentials (Experts) • To send transactional emails, session reminders, and payment notifications • To personalise your experience and surface relevant Experts or Clients • To improve Platform functionality, detect fraud, and ensure security • To comply with legal and regulatory obligations • To send marketing communications where you have opted in (you may opt out at any time)

Where applicable data protection laws require us to identify a legal basis for processing, we rely on: • Contract performance — to deliver our services to you • Legitimate interests — for fraud prevention, product improvement, and analytics • Legal obligation — where we are required to process data by law • Consent — for marketing communications and non-essential cookies (you may withdraw consent at any time)

We do not sell your personal data. We may share your data with: • Other Platform users — limited profile information is visible to Experts/Clients for booking purposes • Payment processors — to complete transactions securely (e.g., Paystack, Stripe) • Identity verification providers — for KYC/AML compliance • Cloud infrastructure and analytics providers — who process data on our behalf under strict data processing agreements • Law enforcement or regulatory bodies — where required by applicable law or court order • Professional advisors — such as lawyers and auditors, bound by confidentiality obligations Any third party with whom we share data is required to maintain appropriate security and process data only as instructed by us.

We retain your personal data for as long as your account is active or as needed to provide you with our services. After account closure we typically retain certain data for: • 6 years — financial records and transaction data (for tax and legal compliance) • 30 days — session recordings (if applicable), after which they are deleted • 12 months — support tickets and dispute records We will delete or anonymise your data outside these periods unless we are required by law to retain it longer.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include: • TLS/SSL encryption in transit • AES-256 encryption at rest for sensitive fields • Role-based access controls limiting staff access to personal data • Regular security audits and penetration testing While we strive to protect your information, no transmission over the internet is entirely secure. You are responsible for keeping your account credentials confidential.

Depending on your jurisdiction, you may have the following rights regarding your personal data: • Access — request a copy of the data we hold about you • Rectification — request correction of inaccurate or incomplete data • Erasure — request deletion of your data ("right to be forgotten"), subject to legal obligations • Restriction — request that we restrict processing of your data in certain circumstances • Portability — receive your data in a structured, machine-readable format • Objection — object to processing based on legitimate interests or for direct marketing • Withdraw consent — where processing is based on consent, you may withdraw at any time To exercise any of these rights, please contact us at privacy@midasbloom.com. We will respond within 30 days.

We use cookies and similar technologies to operate and improve the Platform. Cookies we use include: • Strictly necessary cookies — required for the Platform to function (cannot be disabled) • Analytical cookies — help us understand how the Platform is used (e.g., page views, bounce rate) • Preference cookies — remember your settings and preferences • Marketing cookies — used to deliver relevant advertisements (only with your consent) You can manage your cookie preferences via the cookie banner displayed on your first visit, or through your browser settings. Note that disabling cookies may affect Platform functionality.

Midas Bloom is based in Nigeria. When we use cloud services or third-party providers, your data may be transferred to and processed in countries outside Nigeria. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses and equivalent data protection measures as required by applicable law.

Our Platform is not directed at persons under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete such data.

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any website you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated policy on the Platform and updating the effective date below. Your continued use of the Platform after any update constitutes acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: Midas Bloom Ltd — Data Privacy Team Email: privacy@midasbloom.com Address: Lagos, Nigeria If you are unsatisfied with our response, you may have the right to lodge a complaint with your local data protection authority.