Data Deletion Request

Version 1.0  |  Effective May 21, 2026

How to Request Deletion of Your Myner Account and Data

Myner AG  •  Gartenstrasse 6, 6300 Zug, Switzerland  •  CHE-202.314.864

1. How to Submit a Deletion Request

Myner AG honors deletion requests under the Swiss Federal Act on Data Protection (nFADP), the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Washington My Health My Data Act (MHMDA), and other applicable US state privacy laws.

To submit a request, email privacy@mynerapp.com. To help us verify your identity quickly, please send the request from the email address registered to your Myner account, and include:

• Your name and the email address linked to your Myner account.
• A clear statement of your request — for example, "I request the deletion of my Myner account and all associated personal data."
• If known, the US state or country in which you reside, so we can apply the correct legal framework to your request.

If you cannot send the request from your registered email address, we will work with you to verify your identity through reasonable alternative means, such as confirming account details or, where necessary, providing government-issued identification. We will use personal data collected for verification only for that purpose, and will delete or restrict it as soon as practical after processing your request.

Authorized agents (California residents). You may designate an authorized agent to submit a deletion request on your behalf. We will require (i) written, signed permission authorizing the agent to act for you and (ii) verification of your identity directly with us, except where the agent provides a valid power of attorney under California Probate Code §§ 4000–4465.

Response timeframes. We will acknowledge receipt of your request promptly and complete the deletion within the timeframes required by applicable law — typically within one month of a verified request for residents of Switzerland, the EU, and UK (extendable by up to two additional months where reasonably necessary due to the complexity or number of requests), or within 45 calendar days for US residents (extendable by an additional 45 days). We will notify you of any extension within the initial response period, together with the reasons for the extension.

Manifestly unfounded or excessive requests. Where a request is manifestly unfounded or excessive, including by reason of its repetitive character, we may charge a reasonable fee taking into account the administrative costs of responding, or decline to act on the request, in accordance with GDPR Art. 12(5) and analogous provisions of applicable US state law. The burden of demonstrating that a request is manifestly unfounded or excessive rests with Myner AG.

2. What Data Is Deleted

Subject to the retention exceptions in Section 5, when your deletion request is verified and processed, we permanently delete the personal data we hold about you, including:

• Account credentials and profile information (name, email address, username).
• Earning history and Myner Gold balance.
• Device identifiers and session tokens associated with your account.
• Location data collected during your use of the Myner app.
• Receipt data and survey responses.
• Behavioral profile data and digital twin outputs, including derived inferences and predictions.
• Any other personal data directly tied to your account, including records held by our processors on our behalf.

3. Third-Party Notification

Where we have shared your personal data with third parties other than processors acting on our documented instructions, we will take reasonable steps to notify those recipients of your deletion request and instruct them to delete your data, as required by nFADP Art. 32, GDPR Art. 17(2), and MHMDA (RCW 19.373.030).

4. Aggregated and De-Identified Data

Data that has been irreversibly de-identified or aggregated such that it can no longer be linked back to you or any other identifiable individual is no longer “personal data” under applicable law and is not subject to deletion. Where such data exists, Myner AG maintains technical, organizational, and contractual measures to ensure that re-identification is not attempted.

5. What Data Is Retained

We retain limited data after deletion only where required by law or for narrowly defined legitimate purposes:

• Financial and accounting records. Swiss Code of Obligations Art. 958f requires retention of accounting records — including those relating to cashouts and payout transactions — for 10 years. Equivalent retention periods may apply under US federal and state tax law.
• Fraud prevention and security. Limited records may be retained for the period reasonably necessary to prevent fraudulent re-registration and to protect the security and integrity of our service.
• Backups and disaster recovery. Data residing in our routine encrypted backups may persist until those backups are overwritten or deleted in the ordinary course of our backup rotation schedule. Such data is access-restricted and not used for active processing.
• Compliance records. We may retain a record of your deletion request, our verification of it, and our response, for the period necessary to demonstrate compliance with applicable law.
• Legal claims and compliance. Where necessary to establish, exercise, or defend legal claims, or to comply with a legal obligation, regulatory request, or court order.

All retained data is access-restricted, used only for the purposes listed above, and deleted at the end of the applicable retention period.

6. Your Right to Appeal

If we decline your deletion request in whole or in part, we will explain our reasoning in writing within the response deadline above. You may appeal that decision by replying to our response or by emailing privacy@mynerapp.com with the subject line “Appeal — Deletion Request.” We will review your appeal and respond in writing within 60 days, or within such longer period as is permitted under applicable state law (including, where applicable, any additional extension period).

If your appeal is denied, you may submit a complaint to your local data protection or consumer protection authority, including:

• Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch.
• California: California Privacy Protection Agency (cppa.ca.gov) or the California Attorney General (oag.ca.gov).
• Washington: Washington State Attorney General (atg.wa.gov).
• Other US states: Your state Attorney General’s office or designated consumer privacy regulator.
• EU and UK: Your national or regional data protection authority.

7. Contact Us

For questions about this Policy or to exercise any of your rights, contact our privacy team at privacy@mynerapp.com, by post at Myner AG, Gartenstrasse 6, 6300 Zug, Switzerland, or through the in-app privacy center.