Renacer CondominioInvest with projected 15%–18% IRR
TOHKNDownload the App
InsightsAbout
InstagramXLinkedInTikTokFacebook

© 2026 MIO3, S.A. de C.V. All rights reserved. MIO3 and TOHKN are trademarks of MIO3, S.A. de C.V.

Privacy Policy

Last update: September 5, 2025

TOHKN, operated by MIO3, Sociedad Anónima de Capital Variable, registered in the Definitive Registry of Digital Asset Service Providers of El Salvador (seat No. PSAD-0016), is committed to protecting the privacy and personal data of its Users, complying with current legislation in the Republic of El Salvador and adopting international principles and standards in data protection.

Introduction

This Privacy Policy (hereinafter, the "Policy") governs the collection, use, storage, disclosure, processing, transfer and protection of the personal data of Users who access and use the mobile or desktop application (the "Application") for investment (hereinafter "TOHKN").

TOHKN is a registered trademark owned by MIO3. The Application constitutes the only digital ecosystem linked to the MIO3 Platform, in which the User can carry out investment activities in digital assets, exchange operations, custody and, where applicable, receipt of returns.

This Policy is an integral part of TOHKN's Terms and Conditions, and its express acceptance is an indispensable requirement for registration, access and use of the Application's products and services.

MIO3 may modify this Policy at any time. Any modification will be published in the Application and notified to the User via email or a notification within the Application. Continued use of the services after such modifications constitutes express acceptance of the new Policy.

1. Information We Collect

TOHKN may collect the following categories of personal data:

Identification and contact information: full name or company name, identity document, nationality, address, date of birth, email address, telephone number and other similar data.

Financial and transactional data: transaction history within the application, origin and destination of funds, digital assets and addresses of the custodial digital wallets.

Technical and navigation data: IP address, browser type, access device, operating system, network configuration, approximate location and activities performed in the Application (including data obtained through cookies or similar technologies).

Data from public sources or authorized third parties: public records, international sanctions lists, identity verification providers.

Data collected automatically: usage preferences, interactions with notifications or electronic communications, and geolocation data, when the User gives express consent.

2. Purposes of the Processing

The personal data collected by TOHKN will be processed lawfully and transparently, for the specific and legitimate purposes detailed below:

  1. Regulatory compliance: identity verification, KYC processes, prevention of money laundering (AML) and terrorist financing (CFT).
  1. Account registration and management: creation, maintenance and administration of the TOHKN Account and the TOHKN Wallet.
  1. Transaction execution: purchase, sale, transfer, custody and redemption of digital assets, as well as receipt of returns, where applicable.
  1. Security and fraud prevention: detection of illicit activities, unauthorized access or suspicious transactions.
  1. Legal and contractual compliance: addressing legal, tax, regulatory and contractual obligations arising from the services.
  1. Improvement of the User Experience: statistical analysis, interface customization and sending of operational and informational communications.
  1. Commercial and promotional purposes: sending commercial and advertising notifications, provided that the User expressly authorizes it.
  1. Supervision and auditing: record keeping and handling of requests from administrative, judicial or regulatory authorities.

3. Communication and Transfer of Personal Data

i) Competent authorities: in compliance with legal, regulatory or judicial obligations.

ii) Service providers: third parties acting as data processors (cloud storage providers, payment processors, identity validators, among others).

iii) Entities affiliated or linked to MIO3: provided there is a legitimate purpose and an adequate level of data protection is guaranteed.

iv) Corporate operations: processes of reorganization, merger, acquisition or transfer of assets, under confidentiality agreements.

In all cases, MIO3 will require third-party data recipients to comply with confidentiality obligations and equivalent data protection standards.

4. Retention of Personal Data

Personal data collected by MIO3 will be retained for the time strictly necessary to fulfill the purposes for which it was collected. Subsequently, it will be deleted or anonymized, unless a legal or regulatory provision requires its retention for an additional period.

Notwithstanding the foregoing, certain personal data may be retained for a longer period due to applicable regulations, such as those related to the prevention of money laundering, terrorist financing and financing of the proliferation of weapons of mass destruction.

Likewise, certain data may be retained for the period expressly established by the competent administrative, judicial or regulatory authorities, in compliance with legal requirements or supervision, inspection or audit processes.

5. User Rights

In accordance with current regulations on the protection of personal data, you may exercise, at any time and free of charge, the following rights over your data:

  1. Right of access: obtain confirmation as to whether MIO3 processes your personal data and, where applicable, access the corresponding information in a clear and intelligible manner.
  1. Right of rectification: to request the correction or updating of inaccurate, incomplete or outdated personal data.
  1. Right of cancellation or deletion: request the deletion of your personal data when they are no longer necessary for the purposes for which they were collected, when you have withdrawn your consent, when you object to the processing of your data, or when their processing is unlawful, when they have to be deleted by legal obligation, unless otherwise provided by law.
  1. Right to be forgotten: demand the deletion of your personal data in electronic environments, and TOHKN's database.
  1. Right to object: to request the cessation of the processing of your personal data.
  1. Right to restriction of processing: request that the processing of your data be restricted in specific cases, such as when you contest its accuracy, the processing is unlawful, when TOHKN no longer requires your data, or while a legitimate objection from you is being resolved.
  1. Right to portability: to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller, where technically feasible.
  1. Right not to be subject to automated decisions: to request not to be subject to decisions based solely on automated processes, including profiling, which produce legal effects or significantly affect you, except in cases expressly permitted by law.

To exercise any of these rights, you may send a request to the email address privacy@mio3.io or through the corresponding form available in the official TOHKN Application.

TOHKN will respond to your request within the maximum time allowed, in accordance with the provisions of the Law for the Protection of Personal Data of the Republic of El Salvador.

6. Security Measures

TOHKN adopts appropriate technical and administrative measures to protect personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include:

  1. Encryption of information during transmission and storage;
  1. Multi-factor authentication (MFA) for account access;
  1. Access control based on the principles of necessity and proportionality;
  1. Periodic audits and continuous monitoring of systems;
  1. Internal privacy policies, staff training and confidentiality agreements.

You are also responsible for maintaining the confidentiality of your login credentials and for immediately notifying us of any unauthorized use of your account.

7. International Data Transfers

If it becomes necessary to transfer data to jurisdictions other than El Salvador, MIO3 will verify that the receiving country has an adequate level of protection, in accordance with local and international regulations. If an adequate level is not in place, contractual clauses or other valid legal mechanisms will be adopted to safeguard the secure processing of data in accordance with applicable regulations.

TOHKN will maintain an up-to-date record of international transfers made, in accordance with the principles of accountability and traceability.

8. Changes to the Privacy Policy

MIO3 may modify this Policy at any time. Substantial modifications will be notified to you through the Application or by email and will take effect upon publication. Your continued use of the services after such notification constitutes acceptance of the changes.

9. Jurisdiction and Applicable Law

This Policy shall be governed by and construed in accordance with the laws of the Republic of El Salvador. Any dispute relating to its interpretation or enforcement shall be subject to the jurisdiction of the competent courts in that country.

10. Contact

To exercise your rights or make inquiries about this Policy, the User may contact MIO3 at privacy@mio3.io.