MONSTERGAMING

Global Privacy Policy

Last updated: April 13, 2026

1. Introduction

Luxedeum, LLC ("Luxedeum," "Company," "we," "us," or "our") is committed to protecting the privacy of individuals whose personal data we collect and process. This Global Privacy Policy describes how we collect, use, disclose, and safeguard personal data across our websites, platforms, portals, operations, and interactions.

This policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable global data protection laws.

2. Scope

This policy applies to personal data that we collect:

• Directly from individuals (e.g., account registration, support requests)
• Indirectly from third parties or business partners (see GDPR Article 14 Notice below)
• Through our platforms, APIs, and enterprise systems
• In the course of commercial relationships, partnerships, and business development

3. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person, as defined under GDPR Article 4(1).
• Processing: Any operation performed on personal data, whether automated or manual, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, or erasure.
• Controller: The entity that determines the purposes and means of processing personal data. Luxedeum, LLC acts as controller for the data described in this policy.
• Processor: An entity that processes personal data on behalf of the controller.

4. Data We Collect

We may collect the following categories of personal data:

4.1 Identification Data. Name, username, professional title, and government-issued identifiers where required by law or regulation.

4.2 Contact Data. Email address, telephone number, and postal address.

4.3 Professional Data. Employer, job role, organizational affiliation, and professional background.

4.4 Technical Data. IP address, device information, browser and operating system details, server logs, and API usage data.

4.5 Communications Data. Emails, support tickets, meeting records, and other correspondence.

4.6 Transactional Data. Agreements, contracts, payment records, invoices, and billing history.

4.7 Inferences. Preferences, engagement patterns, and usage analytics derived from the data above.

5. Sources of Data

We obtain personal data from the following sources:

• Directly from you: Account registration, platform usage, communications, and transactions.
• Enterprise partners: Clients, vendors, and business counterparties who share data in the course of commercial relationships.
• Public and commercial sources: Publicly available information, professional networks, and commercial databases.
• Service providers: Third-party tools and platforms that assist in operating our services.
• APIs and integrations: Data received through platform integrations and API interactions.

6. Purposes of Processing

We process personal data for the following purposes:

• Operating and maintaining our platforms and services
• Managing user accounts and authentication
• Establishing and managing business relationships
• Conducting due diligence on potential partners, clients, and counterparties
• Improving our products, services, and AI capabilities
• Ensuring security, preventing fraud, and protecting against misuse
• Complying with legal and regulatory obligations
• Enforcing contracts, terms of service, and other agreements

7. Legal Basis for Processing (GDPR)

Where GDPR applies, we rely on the following legal bases:

• Legitimate interests (Art. 6(1)(f)): Operating, securing, and improving our platforms and business relationships, where such interests are not overridden by the data subject's rights.
• Contract performance (Art. 6(1)(b)): Processing necessary to fulfill contractual obligations or to take steps at the data subject's request prior to entering a contract.
• Legal obligations (Art. 6(1)(c)): Processing required to comply with applicable laws, regulations, or court orders.
• Consent (Art. 6(1)(a)): Where required, we obtain the data subject's consent before processing (e.g., optional data sharing features). Consent may be withdrawn at any time.

8. AI and Data Use

Luxedeum develops and operates AI-powered platforms. With respect to AI and personal data:

• Personal data is not used to train AI models without a lawful basis for such processing.
• Enterprise and partner data is not used for generalized AI training unless expressly agreed in writing.
• Anonymized and aggregated data may be used to improve service quality and AI capabilities.
• Users are responsible for ensuring they do not input restricted, sensitive, or third-party personal data into AI-powered features without appropriate authorization.

9. Disclosure of Data

We may disclose personal data to the following categories of recipients:

• Affiliates: Entities within the Luxedeum corporate group.
• Employees and contractors: Personnel who require access to perform their duties, subject to confidentiality obligations.
• Cloud and infrastructure vendors: Service providers who host, process, or support our platforms (e.g., Cloudflare, Stripe, upstream AI providers).
• Legal and accounting advisors: Professional advisors acting under professional privilege and confidentiality.
• Counterparties: Business partners and clients in the context of commercial transactions.
• Regulators and authorities: Government bodies, courts, and regulatory agencies where required by law.

We do not sell personal data to advertisers, data brokers, or any third party.

10. International Transfers

Luxedeum is based in the United States. Personal data may be transferred to, stored in, or processed in countries outside the data subject's jurisdiction. Where such transfers involve data protected by GDPR or similar frameworks, we rely on:

• EU Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Addendum
• Contractual protections with recipients requiring equivalent safeguards
• Technical measures including encryption in transit and at rest

11. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Retention periods vary depending on the nature of the data, our relationship with the data subject, and applicable legal obligations.

12. Data Subject Rights (GDPR)

If you are located in the EU, EEA, UK, or Switzerland, you have the following rights under GDPR:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — correct inaccurate or incomplete personal data.
• Right to erasure ("right to be forgotten") — request deletion of your personal data.
• Right to restriction — limit how we process your data in certain circumstances.
• Right to object — object to processing based on legitimate interests, including profiling.
• Right to data portability — receive your personal data in a structured, commonly used, machine-readable format.

To exercise any of these rights, contact us at privacy@monstergaming.ai with the subject "GDPR Request." We will respond within 30 days.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the following rights:

• Right to know what categories and specific pieces of personal information we have collected, used, disclosed, or sold/shared.
• Right to delete personal information we have collected from you.
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of personal information.
• Right to limit use of sensitive personal information.
• Right to non-discrimination for exercising any of these rights.

Sale or sharing of personal information. Monster Gaming does not sell or share your personal information as those terms are defined under the CCPA/CPRA, including for cross-context behavioral advertising. We have not done so in the past 12 months and have no plans to do so.

How to exercise your rights. Email privacy@monstergaming.ai with the subject "California Privacy Request" and tell us which right you are exercising. We will verify your identity using information already associated with your account and respond within 45 days. You may use an authorized agent; we will require written authorization. We do not charge a fee or discriminate against users who exercise these rights.

14. Security

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption in transit (TLS 1.3) and at rest
• Role-based access controls (RBAC)
• Continuous monitoring and logging
• Incident response procedures
• Vendor risk management

Our security practices are aligned with ISO 27001 standards.

15. Data Breach Response

In the event of a personal data breach, Luxedeum will:

• Investigate the breach promptly and assess its scope and impact
• Notify affected individuals and relevant supervisory authorities as required by applicable law
• Cooperate with regulatory authorities during any investigation
• Implement corrective measures to prevent recurrence

16. Third-Party Services

Our platforms may integrate with or link to third-party services, tools, and providers. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you interact with through our platforms.

17. Children's Data

Monster Gaming is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete such data promptly.

18. Changes to This Policy

We may update this privacy policy from time to time. The updated version will be posted with a new effective date. Where changes are material, we will communicate them directly to affected individuals via email or platform notification.

19. Contact

For privacy inquiries, data subject requests, or complaints:

Luxedeum, LLC
595 Cliff View Drive
Reno, NV 89523, USA
Email: privacy@monstergaming.ai

20. Governing Law

This policy shall be governed by the laws of the State of Nevada, USA, except where overridden by mandatory data protection laws applicable to the data subject (including GDPR and CCPA/CPRA).

21. Executive Summary

Luxedeum, LLC collects and processes personal data to operate its platforms, manage business relationships, and comply with applicable law. We maintain strong security measures aligned with ISO 27001. We do not sell personal data. We respect the rights of data subjects under GDPR, CCPA/CPRA, and other applicable privacy frameworks. For questions or requests, contact privacy@monstergaming.ai.

---

GDPR Article 14 Compliance Notice

For personal data not obtained directly from the data subject

Data Controller

Luxedeum, LLC
595 Cliff View Drive
Reno, NV 89523, USA
Data Protection Contact: Kirby Cooper — kirby@luxedeum.com

Categories of Personal Data

We may process the following categories of personal data obtained from sources other than the data subject:

• Identification data: Name, professional title, organizational role
• Contact data: Email address, telephone number, business address
• Professional data: Employer, job function, professional affiliations
• Communications data: Business correspondence, meeting records, referral information
• Technical data: IP address, platform usage data, API interaction logs
• Transaction data: Contract details, payment records, business agreements

Sources of Data

Personal data covered by this notice may be obtained from:

• Business partners and enterprise clients
• Professional referrals and introductions
• Public and commercially available sources (e.g., company websites, professional directories)
• Professional networks and industry events
• Legal, financial, and professional advisors

Purposes of Processing

We process indirectly obtained personal data for the following purposes:

• Establishing and managing business relationships
• Conducting due diligence on potential partners, clients, and counterparties
• Performing and managing contractual obligations
• Maintaining accurate business records
• Ensuring security and preventing fraud
• Complying with legal and regulatory obligations
• Pursuing legitimate business interests

Legal Basis

Processing of indirectly obtained personal data relies on:

• Art. 6(1)(f) — Legitimate interests: Business development, intellectual property protection, operational efficiency, and cybersecurity, where such interests are not overridden by the data subject's rights and freedoms.
• Art. 6(1)(b) — Contract performance: Processing necessary for the performance of a contract to which the data subject is party, or to take steps at the data subject's request prior to entering into a contract.
• Art. 6(1)(c) — Legal obligation: Processing necessary for compliance with legal obligations to which Luxedeum is subject.

Legitimate Interests Pursued

Where we rely on legitimate interests as a legal basis, those interests include:

• Business development and relationship management
• Protection of intellectual property rights
• Operational efficiency and service improvement
• Cybersecurity and fraud prevention

Recipients of Data

Indirectly obtained personal data may be disclosed to:

• Affiliates within the Luxedeum corporate group
• Employees and contractors with a need to know
• Legal, financial, and professional advisors
• Cloud and infrastructure service providers
• Business counterparties in the context of transactions
• Regulatory authorities where required by law

International Transfers

Personal data may be transferred outside the EU/EEA. Where such transfers occur, we rely on EU Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Addendum to ensure adequate protection.

Retention

We retain indirectly obtained personal data only as long as necessary to fulfill the purposes described above, unless a longer retention period is required or permitted by law.

Data Subject Rights

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Rectification of inaccurate or incomplete data
• Erasure of your personal data ("right to be forgotten")
• Restriction of processing in certain circumstances
• Data portability — receive your data in a structured, machine-readable format
• Object to processing based on legitimate interests
• Not be subject to automated decision-making, including profiling, that produces legal or similarly significant effects

Right to Object

You have the right to object to the processing of your personal data based on legitimate interests at any time. Upon receiving an objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Right to Lodge a Complaint

You have the right to lodge a complaint with your national data protection supervisory authority if you believe that our processing of your personal data violates applicable data protection law.

Automated Decision-Making

We do not currently engage in automated decision-making or profiling that produces legal or similarly significant effects concerning individuals whose data was obtained indirectly.

Timing of Notice

This notice is provided within one month of obtaining the personal data, or at the time of first communication with the data subject, whichever is earlier. Where the data is to be disclosed to a third party, this notice is provided no later than when the data is first disclosed.

Exceptions

Certain exceptions to the obligation to provide this notice may apply under GDPR Article 14(5), including where:

• The data subject already has the information
• Providing the information would be impossible or involve disproportionate effort
• Obtaining or disclosure is expressly required by EU or Member State law
• The data is subject to professional secrecy obligations

Security Measures

We protect indirectly obtained personal data through:

• Access controls and role-based permissions
• Encryption in transit and at rest
• Continuous monitoring and audit logging
• Information security policies and procedures aligned with ISO 27001

For questions about this Article 14 notice or to exercise your rights, contact: privacy@monstergaming.ai