PICNIC TERMS OF USE Last Updated: March 10, 2026 These Terms of Use constitute a binding agreement between you (the “User”) and DeFi Basket Labs Inc., the company that owns the PICNIC brand, incorporated under the laws of the British Virgin Islands (BVI). DeFi Basket is a company incorporated under No. 2085144 whose registered address is Intershore Chambers, Geneva Place, 3rd Floor, Road Town, Tortola, British Virgin Islands. For the purposes of this agreement, “PICNIC” refers to the website usepicnic.com, the set of software protocols, the technological interfaces that make up the PICNIC Platform, the PICNIC Card, and the associated mobile applications. By using our technology, the user acknowledges that PICNIC is a self-custodial and distributed technology software. UNLIKE TRADITIONAL FINANCIAL INSTITUTIONS, THE PICNIC SOFTWARE IS NOT “LOCATED” OR HEADQUARTERED IN A SINGLE PHYSICAL JURISDICTION. IT OPERATES THROUGH A DECENTRALIZED CLOUD INFRASTRUCTURE, EXECUTING LOCALLY ON THE USER'S DEVICE AND DIRECTLY ON PUBLIC BLOCKCHAIN NETWORKS. The software functions as an interface for the user to interact directly with the blockchain. DeFi Basket Labs does not have access to, control over, or custody of the user’s private keys, recovery phrases (seeds), or digital assets. READ CAREFULLY BEFORE PROCEEDING: PICNIC IS NOT A BANK, IS NOT A FINANCIAL INSTITUTION, IS NOT A CUSTODIAL EXCHANGE, NOR DOES IT INTERMEDIATE ANY TRANSACTION. PICNIC IS EXCLUSIVELY AN INTERFACE SOFTWARE PROVIDER. BY USING THIS PLATFORM, YOU ACKNOWLEDGE THAT THE OPERATING MODEL IS SELF-CUSTODY. THIS MEANS THAT: THE POSSESSION, SECURITY, AND CONTROL OF YOUR PRIVATE KEY AND YOUR RECOVERY PHRASE (SEED PHRASE) ARE YOUR SOLE AND ENTIRE RESPONSIBILITY. WE DO NOT STORE, DO NOT HAVE A COPY OF, AND DO NOT HAVE ACCESS TO YOUR PRIVATE KEYS OR YOUR ASSETS ON THE BLOCKCHAIN. IMPOSSIBILITY OF RECOVERY: IF YOU LOSE ACCESS TO YOUR PRIVATE KEY OR YOUR RECOVERY PHRASE, PICNIC'S TECHNICAL SUPPORT DOES NOT HAVE THE TECHNICAL CAPACITY TO RECOVER WALLET PASSWORDS, REVERSE TRANSACTIONS, OR REFUND LOST VALUES, AS WE DO NOT HOLD CUSTODY OF THE FUNDS. USER RISK: BY ACCEPTING THESE TERMS, YOU FULLY ASSUME THE TECHNOLOGICAL RISK OF SELF-CUSTODY AND RELEASE PICNIC FROM ANY LIABILITY REGARDING THE LOSS OF ACCESS TO YOUR DIGITAL WALLET. By registering or connecting your wallet to use PICNIC's graphical interface (the “Site” or “App”), you agree that you have read, understood, and accept all terms and conditions contained in this Agreement, including our Privacy and Compliance Policies, which are an integral part of these Terms of Use. INFRASTRUCTURE PARTNERS AND THIRD-PARTY SERVICES: By accepting these Terms of Use and utilizing the products and features provided through the Picnic software, you acknowledge and agree that certain operations are enabled by external infrastructure partners. Accordingly, when using specific services, you declare that you are aware of and fully agree to our partners' specific terms of use, including but not limited to: - Asset Conversion: Operations involving the conversion of crypto assets to fiat currency and vice versa; - Picnic Card: The use of the Picnic card; - Custody and Settlement: Other payment processing services and network infrastructure. The continued use of these features implies automatic acceptance of the terms and conditions established by such partners, over which Picnic has no direct control. The operation of the entry and exit ramps is the sole responsibility of the respective third-party companies, and Picnic is exempt from any liability in this regard. 1. ELIGIBILITY AND JURISDICTIONAL SCOPE 1.1. Nature of Software and Location. The User acknowledges that PICNIC is technology software of a self-custodial and distributed nature. Unlike traditional institutions, PICNIC's software is not “located” or headquartered in a single physical jurisdiction but operates through decentralized cloud infrastructure and runs locally on the User's device and on the public blockchain network. 1.2. Due to its global nature, PICNIC is not necessarily subject to the governing laws of a specific country, except regarding the direct obligations of its developers. (A) Local Compliance: This does not imply legal immunity. PICNIC complies with all standards applicable to its operating model in the countries where it operates. The User is responsible for ensuring that access to and use of the Platform are permitted by the laws of the jurisdiction in which the User resides, is domiciled, or from which they access the services. (B) Illicit Use: It is strictly prohibited to use PICNIC software for purposes that are considered illicit in the User's jurisdiction or under international standards, including but not limited to: money laundering, currency evasion, terrorist financing, fraud, or purchase of illegal goods. 1.3. Anti-Money Laundering (AML) and Control. Although PICNIC is a technology provider and not a financial custodian, we maintain proprietary monitoring and control policies and tools to prevent the use of the tool for illicit purposes (Anti-Money Laundering – AML and Combating the Financing of Terrorism – CFT), further detailed in Appendix 2 - Compliance Policy. Shared Responsibility: The existence of these internal control tools by PICNIC does not transfer legal responsibility to the company, nor does it exempt the User from their civil and criminal obligations. The User must cooperate with the proper use of the Platform, providing truthful information when requested. 1.4. The legal relationship established between the user and Picnic is a software license agreement, whereby the technological tool allows the user to exercise financial sovereignty, maintaining exclusive control over their private keys and the final execution of any transaction. Technologically, PICNIC operates under a non-custodial software architecture. This means that our platform acts strictly as a graphical interface for interaction with the Blockchain, intermediating or holding possession of the assets. 1.5. "Trader" Status – European Union (DSA). For the exclusive purposes of complying with Regulation (EU) 2022/2065 (Digital Services Act - DSA) and consumer protection standards applicable in the European Union: (A) PICNIC declares itself as a "Trader" strictly in the sense of a provider of a technological tool and digital software. (B) This designation MUST NOT be interpreted as a statement that PICNIC acts as a financial intermediary, broker, or payment service provider. The "product" marketed by PICNIC is the license to use the interface and the aggregated technology services, and not the purchase and sale of financial assets, which occurs directly between the User and the blockchain network. 2. SERVICES 2.1. Nature of Services: Technology Provider. PICNIC acts exclusively as a provider of Technology Services, making available to users a software usage license (the “Platform”) intended to facilitate the user's direct interaction with decentralized blockchain networks. By using PICNIC, the user expressly acknowledges and agrees that: (A) PICNIC solely makes available the software infrastructure and digital tools that allow the viewing, reading, and transmission of instructions directly to the blockchain; (B) PICNIC does not hold, store, keep, process, or control the User's Virtual Assets at any time; and (C) All transactions are executed directly by the user on the respective blockchain network, without any intervention, approval, or financial settlement by PICNIC. 2.2. Non-Existence of Financial Management or Brokerage. Unlike centralized exchanges, PICNIC DOES NOT perform the purchase, sale, or transfer of virtual assets on behalf of third parties. For the avoidance of doubt, it is established that: (i) Strictly Technological Role: PICNIC does not acquire or sell assets in its own name on behalf of the user; (ii) Absence of Powers: PICNIC does not possess powers to represent the user or make decisions regarding their assets; (iii) Direct Relationship: The user transacts directly with the decentralized protocol or with other users of the network (P2P/DeFi), with PICNIC being responsible only for providing the connection software; (iv) Self-Custody: PICNIC does not maintain possession of the user's private keys or funds. Responsibility for safeguarding access credentials and private keys lies exclusively with the user. 2.3. Operation of Technology Services. The PICNIC Platform functions as an access portal (“Gateway”) that translates user commands into language compatible with the blockchain. Thus: (i) The user connects their own wallet or generates new access credentials through the provided technology; (ii) The user signs transactions with their own private key; (iii) PICNIC only transmits this signed transaction to the public blockchain network for processing by network validators. Furthermore, the User understands that the "PICNIC Interface" (the web software/app) is distinct from the underlying "Decentralized Protocols" (the Smart Contracts running on the Blockchain). (A) PICNIC provides the Interface, which is merely a visual tool. (B) PICNIC does not control, does not operate, and cannot halt the Decentralized Protocols with which the Interface interacts. If there is a failure in the Protocol (e.g., calculation error in the Pool's Smart Contract), PICNIC has no liability, as it is not the owner of the decentralized network. 2.4. Limitation of Liability regarding Execution. Since PICNIC provides only Technology Services and not financial settlement: (A) PICNIC does not guarantee the execution, settlement, or immutability of transactions, which depend exclusively on the functioning of the underlying blockchain network; (B) PICNIC does not have the technical capacity to reverse, cancel, or modify transactions once they have been transmitted by the user to the blockchain network; (C) Network fees (“Gas Fees”) are paid directly by the user to the network validators and do not constitute revenue for PICNIC. 2.5. Integrations, Web3 Browser, and Third-Party Services. The PICNIC interface may include virtual asset browser functionalities (“Web3 Browser”) or direct links allowing the user to access Decentralized Applications (“dApps”) and Decentralized Exchanges (“DEXs”) operated by third parties. (A) Browser Nature: By using the Web3 Browser, the user understands they are navigating outside the environment controlled by PICNIC. The software acts only as a connection bridge. PICNIC does not control, endorse, audit, or guarantee the security, legitimacy, or functionality of any dApp or DEX accessed. (B) If the user interacts with a malicious dApp, falls for phishing scams, or suffers losses due to failures in third-party smart contracts accessed via the PICNIC interface, responsibility lies exclusively with the user. PICNIC has no power to reverse such interactions. 2.6. Additional Services. In addition to the main Technology Services, PICNIC may develop and make available additional functionalities or integrations with third-party systems (the “Additional Services”), aimed at expanding the Platform's utility. 2.6.1. The PICNIC Card and Partnerships. Should the user choose to use functionalities such as the debit or prepaid card integrated into the Platform (the “PICNIC Card”): (A) Issuance by Third Parties: The user acknowledges that the card is issued and administered by a partner financial or payment institution, duly regulated, and not by PICNIC. (B) Technological Connection: PICNIC's role is limited to providing the technology that allows the user to connect their self-custodial wallet to the issuing partner's system. (C) Subjection to Third-Party Terms: The use of Additional Services require the user to accept terms and conditions of the issuing partners. 2.7. Fees and Remuneration. For the use of the Platform and Additional Services, PICNIC may charge software licensing or service fees, which will always be presented transparently on the Platform. (A) Distinction of Fees: The user declares awareness that fees charged by PICNIC (for the use of Technology Services) are distinct from network fees (Gas Fees) and distinct from any financial fees charged by third-party partners. (B) Responsibility: The user agrees to be responsible for the payment of all applicable fees presented on the Platform at the time of the transaction. 2.8. Non-Existence of Fiduciary Duty. This Agreement is not intended to create, and does not create, any fiduciary duties on the part of PICNIC towards the User. To the maximum extent permitted by law, the User acknowledges and agrees that PICNIC owes no loyalty, duty of financial care, or asset management to the User. Our only obligations are the strictly technical ones described in these Terms (software provision). 2.9. Routing and Price Execution. PICNIC's smart routing technology seeks to find efficient routes for User trades. However: (A) No Guarantee of Best Execution: Due to Blockchain volatility and speed, PICNIC does not guarantee that the price displayed in the simulation will be exactly the executed price, nor that it will be the best price available in the entire global market at that millisecond. (B) Slippage: The User acknowledges that the final price may vary between the time of signing and the time of the transaction. 3. ACCOUNT CONFIGURATION AND IDENTITY 3.1. Access Account Registration. To use PICNIC's Technology Services, it may be necessary to register a user profile on the Platform (a “PICNIC Account”). Registration involves providing data such as name, email address, and creating software access credentials. 3.1.1. Nature of the Account. The PICNIC Account is intended exclusively to: (i) manage software settings; (ii) allow technological access to Additional Services; and (iii) store activity history. The PICNIC Account is not a bank, payment, or deposit account. Creating a PICNIC Account does not imply, under any circumstances, the transfer of possession of the user's assets to PICNIC. 3.2. Identity Verification (KYC) for Software Security. Although PICNIC acts strictly as a Technology Provider, digital environment security and compliance with global standards require user identification, especially to enable integrations with regulated partners (e.g., card issuers). Thus, the user agrees to provide requested information for identity verification, risk analysis, and anti-money laundering policies (KYC / AML). 3.2.1. Use of Information. The user authorizes PICNIC to use their data to validate their identity and, when the user chooses to use the PICNIC Card, to share such data with partner financial institutions, strictly to enable the service provision by the partner. 3.3. Critical Distinction: Account Password vs. Private Key. It is fundamental that the user understands the difference between PICNIC Account credentials and their Wallet credentials: (A) PICNIC Account Credentials: (Login/Password). Allow access to the software/application. (B) Private Key or Recovery Phrase (Seed Phrase): These are the mathematical codes that control Virtual Assets on the blockchain. PICNIC HAS NO ACCESS, DOES NOT STORE, AND CANNOT RECOVER YOUR PRIVATE KEY. PICNIC's operating model is self-custodial. If the user loses their Private Key, they will lose access to their assets, without PICNIC being able to intervene. The use of the platform and the technology services provided imply total and unrestricted awareness of this aspect of the provided technology. 4. TRANSACTIONS AND INTERACTION WITH THE BLOCKCHAIN 4.1. The technology made available by PICNIC allows the user to manage their own funds and interact directly with public blockchain networks. By initiating a transaction through the Platform (whether sending, receiving, swapping, or interacting with smart contracts), the user acknowledges that: (A) The transaction is signed exclusively by the User's Private Key, stored locally on the user's device (or in an encrypted personal cloud solution), without PICNIC having access to this signature; (B) PICNIC does not act as a counterparty in the transaction. Buying and selling occur between the user and decentralized protocols (Smart Contracts) or other network users (P2P); (C) PICNIC's software acts only as a transmitter of the message signed by the user to the blockchain network nodes. 4.2. Integration with Fiat Currency (Fiat On-Ramp/Off-Ramp). PICNIC does not receive, custody, or process fiat currency (Reais, Dollars, etc.). To facilitate conversion between fiat currency and Virtual Assets, the Platform may technologically integrate services provided by third parties (“Liquidity Partners”). (A) By choosing to buy or sell cryptoassets using Reais (BRL), the user establishes a direct contractual relationship with the Liquidity Partner. (B) PICNIC only provides the viewing window (widget) for access to the Partner's service. Financial settlement, exchange, and regulatory compliance of this operation are the sole responsibility of the Liquidity Partner. (C) The user understands that any bank transfer made to a Liquidity Partner is intended for the purchase of digital assets that will be delivered directly to the user's self-custodial wallet address, without passing through PICNIC's possession. 4.3. Unlike traditional banking systems or centralized exchanges, transactions on the blockchain are, by nature, irreversible. (A) Once the user signs and transmits a transaction through PICNIC technology to the network, it cannot be canceled, reversed, or modified. PICNIC has no technical capability to refund transactions, even in cases of error, theft, or fraud. (B) It is the user's sole responsibility to verify the destination address, selected network, and values before signing the transaction. 4.4. Network Fees (Gas Fees) and Service Fees. (A) Network Fees (Miners/Validators): Every blockchain transaction incurs a processing fee (Gas Fee) paid to the network validators. The User acknowledges that PICNIC may, at its sole discretion and for greater convenience, facilitate the payment of this fee through fee abstraction mechanisms. In such cases, PICNIC may advance the payment of the network fee on behalf of the User, being fully reimbursed by withholding the corresponding amount in the specific token used for the transaction. (B) Fee Independence: In cases where the facilitation mentioned in item (A) is not provided, the fee fluctuates according to network demand and is not defined or controlled by PICNIC. (C) Technology Fees: For the use of the technological solution that facilitates interaction (such as intelligent swap routing or the convenience of fee payment), PICNIC may charge a service fee, which will be added to the transaction and clearly displayed to the User prior to signing. 4.5. As a non-custodial wallet, the user's address on the blockchain can technically receive any asset compatible with that network. However, the PICNIC Platform filters and displays only a selected list of Virtual Assets (“Viewable Assets”) to ensure a better user experience and security. (A) Sending Unlisted Assets: If the user sends an asset to their address that is not visually supported by PICNIC software, the asset is not lost (as it is on the blockchain) but may not appear in the graphical interface. The user may need to import their Recovery Phrase into other compatible software to view/move this asset. (B) Termination of Support: PICNIC may stop displaying certain assets on the interface at any time. This does not affect the user's ownership of the asset, only the visualization through the PICNIC tool. 4.6. Specific Risks of DeFi Protocols and DEXs. PICNIC technology allows access to Decentralized Finance (DeFi) protocols and DEXs for asset exchange or liquidity provision. Unlike centralized exchanges that curate listed assets, DEXs are open environments. (A) High-Risk Assets: The user acknowledges that DEXs and dApps may list assets without any prior verification. This includes assets with high risk of illiquidity, extreme volatility, blocking risk, or fraudulent tokens (scam tokens/rug pulls). It is the user's sole responsibility to verify the asset's contract address before trading. (B) Third-Party Prices and Fees: The user may incur fees imposed by the dApps or DEXs themselves (in addition to network fees). PICNIC neither receives nor controls these third-party fees. 4.7. Blockchain networks may undergo protocol changes (“Forks”). PICNIC does not control these changes. (A) Discretion: PICNIC reserves the right to decide whether to update its software to support a specific Fork. (B) No Obligation: PICNIC has no obligation to support new chains resulting from forks, nor to guarantee that the user receives tokens generated in forks (Fork Airdrops). 4.8. (A) All Virtual Assets associated with the user's wallet address are the exclusive property and direct possession of the user. (B) PICNIC DOES NOT hold, does not keep title, has no custody, and does not manage user assets. Assets remain off PICNIC's balance sheet. (C) Only the holder of the Private Key (the user) can move the assets. PICNIC has no technical means to freeze, confiscate, or move user funds, even under court order (as technology does not permit such access). 4.9. Since PICNIC does not have access to private keys, PICNIC cannot recover wallets whose passwords or Recovery Phrases have been lost by the user. Backup management is the user's full responsibility. 4.10. It is strictly prohibited to use the PICNIC interface to perform or attempt to perform: (A) Market Manipulation: Practices violating market integrity, including but not limited to tactics known as Rug Pulls, Pump and Dump, and Wash Trading; (B) Cyber Attacks: Any activity seeking to interfere, intercept, or compromise the integrity of Smart Contracts, including reentrancy attacks, malicious front-running, or exploitation of protocol bugs; (C) Securities Violation: Offer or trading of assets that may be characterized as unregistered securities or prohibited derivatives in the User's jurisdiction. 5. SOFTWARE OPERATIONAL LIMITS 5.1. The use of PICNIC Technology Services and, especially, Additional Services (such as fiat currency conversion or PICNIC Card use), is subject to operational limits. Such limits may restrict financial volume, transaction frequency, or access to certain Platform functionalities within a given period. 5.2. Limits are established based on security criteria, fraud prevention, and regulatory compliance, and may vary according to: (i) The level of Identity Verification (KYC) completed by the user; (ii) Requirements imposed by operational Partners and card issuers; (iii) Software usage history and risk assessment. 6. SUSPENSION AND TERMINATION OF ACCESS 6.1. Without prejudice to other rights provided in these Terms, PICNIC, as the software license provider, may: (A) Refuse to process or transmit any technical instruction from the user to the blockchain network (e.g., if the transaction is identified as malicious, fraud, or destined for internationally sanctioned addresses); (B) Temporarily or permanently block the user's login to the PICNIC Platform; (C) Restrict access to specific Additional Services (such as suspending PICNIC Card use) without necessarily blocking wallet viewing access. 6.2. Grounds for Suspension or Termination. Such measures may be taken, including with immediate effect, if: (i) The user violates any provision of these Terms; (ii) There is reasonable suspicion that the PICNIC Account is being used for illicit activities, money laundering, fraud, or currency evasion; (iii) A court order or determination by a competent authority requires blocking access to the software; (iv) The user's use of technology puts the Platform's technical stability at risk. Any suspension or termination of the user's account on the PICNIC platform does not confer upon PICNIC the ability to access or transfer user funds. The user's wallet remains accessible on the blockchain through other platforms. 6.3. Consequences of Termination/Suspension: As PICNIC does not hold custody of assets, termination of Platform access does not imply confiscation of assets on the blockchain, provided the user possesses their self-custody credentials. (A) Should PICNIC terminate the user's access to the software, the user may access and move their Virtual Assets using their Private Key or Recovery Phrase (Seed Phrase) in any other compatible wallet software available on the market (e.g., hardware wallets or other open-source applications). (B) Termination of the PICNIC Account will result in loss of access to transaction history, custom settings, and data stored on PICNIC servers, but will not affect the immutable record of transactions on the blockchain. © Should the user have financial obligations related to Additional Services (e.g., outstanding card balance or unpaid service fees), the user remains legally obligated to settle them, even after access suspension. 6.4. Impossibility of Reversion. The user acknowledges that, due to the immutable nature of the blockchain, PICNIC lacks the technical capacity to reverse, cancel, or refund transactions already transmitted to the network, even in cases of account suspension. Service suspension only prevents the initiation of new transactions through the PICNIC interface. 6.5. Whenever possible and provided it does not violate applicable laws or compromise security investigations, PICNIC will notify the user regarding suspension or termination of access, presenting the general reasons for the decision. 6.6. PICNIC may, at its sole discretion, discontinue, modify, or alter the Platform architecture or any Technology Service at any time. In case of total discontinuity of PICNIC operations, the user will continue to have full control over their assets through their Recovery Phrase, regardless of the PICNIC platform's existence, reinforcing the uncensorable nature of self-custody. 7. LIABILITY AND LIMITATIONS 7.1. If the user has a dispute with third parties, including but not limited to: (i) other users; (ii) smart contract developers; (iii) token issuers; (iv) liquidity partners or card issuers; (v) blockchain network validators; (vi) hackers, the user expressly agrees to release PICNIC, directors, and employees from any claims, demands, and damages of any nature arising from or related to such disputes. PICNIC provides only the access tool (interface); it is not a party to transactions performed on the blockchain. 7.2.The user agrees to indemnify and hold harmless PICNIC and its technological partners against any costs, losses, liabilities, and expenses (including reasonable attorney's fees) arising from: (A) Misuse of Technology Services or violation of these Terms by the user; (B) Violation of any applicable law or regulation by the user. 7.3. Limitation of Financial Liability (Indemnity Cap). CONSIDERING THAT PICNIC IS A SOFTWARE PROVIDER AND NOT AN ASSET CUSTODIAN: Except in cases of willful misconduct or proven gross negligence, PICNIC's total and cumulative liability for any damages or losses suffered by the user shall be strictly limited to the total amount of service fees paid by the user to PICNIC (excluding gas fees and partner fees) in the 12 (twelve) months prior to the event generating the claim. Under no circumstances shall PICNIC's liability be calculated based on the value of Virtual Assets held by the user on the blockchain, as PICNIC does not hold possession or control of such assets. 7.4. Specific Exclusion of Damages (Technology Risks). In addition to the limitations above, PICNIC SHALL NOT be liable for losses arising from: (A) Loss of Keys: Loss, theft, forgetting, or compromise of the Recovery Phrase (Seed Phrase), Private Key, or user passwords. PICNIC does not hold a copy of this data and cannot recover it; (B) Blockchain Failures: Network congestion, high transaction fees, consensus failures, 51% attacks, or bugs in the underlying blockchain protocol; (C) User Errors: Sending assets to incorrect addresses, incompatible networks, or interaction with malicious contracts (Honeypots, Phishing); (D) Third-Party Risks: Bankruptcy, insolvency, or technical failures of Liquidity Partners, card issuers, or DeFi protocols accessed through the interface; (E) Lost Profits: Loss of profit opportunity, loss of expected revenue, or damages arising from market volatility. 7.5. PICNIC Technology Services are provided "as is" and "as available". (A) PICNIC does not guarantee that transactions transmitted to the blockchain will be mined/validated on time or at a specific cost. (B) No information displayed on the Platform constitutes investment advice, legal, or tax consultancy. The user operates at their own risk. (C) Like any software, the PICNIC Platform may contain errors (bugs) or undergo instabilities. PICNIC does not guarantee that the service will be uninterrupted or error-free, although it will use best efforts to correct flaws promptly. 7.6. The User acknowledges and agrees that any yield-generating functionality available on the Platform is based on interactions with third-party decentralized protocols and variable digital assets. PICNIC does not, under any circumstances, guarantee any profit, fixed yield, or specific financial return. 7.7. Any rates of return displayed on the interface are mere estimates based on historical data or real-time data from underlying protocols. These rates are subject to drastic and immediate fluctuations due to market volatility, changes in DeFi protocol rules, or blockchain network conditions. The actual return may be significantly lower than estimated and may, in some cases, be zero or negative. 7.8. By using any yield strategy, the User expressly declares to be fully aware that: (A) Autonomous Decision: The choice of asset and strategy is the User's sole responsibility; (B) Market Risks: The value of the underlying assets may drop sharply, impacting the total value invested, regardless of the yield generated; (C) Technological Risks: The User accepts the risks of software "bugs," cyberattacks, or the loss of parity (de-peg) of stablecoins within the protocols where the assets are allocated. 7.9. Limitation of Liability. PICNIC, as a software provider, does not act as an investment advisor or wealth manager. The User hereby releases PICNIC from any liability for financial losses, direct or indirect damages arising from price variations, or the performance of the assets chosen within the platform. 7.10. Force Majeure and Network Events. PICNIC shall not be liable for delays or failures in fulfilling its obligations resulting from events beyond its reasonable control, including but not limited to: governmental acts, wars, terrorism, pandemics, global internet infrastructure failures, or critical blockchain network events (such as contentious forks or network halts). 8. AVAILABILITY AND ACCURACY OF TECHNOLOGY SERVICES 8.1. Access and Software Availability. Access to PICNIC Technology Services may suffer degradation, slowness, or temporary unavailability due to technical maintenance, third-party server failures, or periods of high congestion on supported blockchain networks. (A) Although PICNIC is dedicated to maintaining Platform stability, we do not guarantee that the technological solution will be available uninterruptedly or error-free. (B) The user acknowledges that delays in transaction confirmation or failures in order transmission may occur due to instabilities in the blockchain network itself (miners/validators), factors totally beyond PICNIC's technical control. (C) PICNIC emphasizes that, due to the non-custodial nature of the services, any unavailability of the PICNIC Platform DOES NOT prevent the user from accessing their Virtual Assets. Should PICNIC software be unavailable, the user may, at any time, use their Recovery Phrase (Seed Phrase) or Private Key to access and move their funds through other compatible software or wallets available on the market. For this reason, PICNIC shall not be liable for any damages, loss of opportunity, or asset devaluation resulting from temporary impossibility to use the Platform, since access to assets on the blockchain is independent of PICNIC software availability. 8.2. Accuracy of Information and Network Data. The PICNIC Platform acts as a viewer of public data recorded on the blockchain and third-party price sources (Oracles or market APIs). (A) Although PICNIC seeks to present information (such as balances, history, and quotes) accurately and up-to-date, there may be latency (delay) between data recording on the blockchain and its visualization on the Platform. (B) The user acknowledges that the "source of truth" regarding their balances and transactions is the immutable record on the blockchain network, not the cached visualization presented by PICNIC software. In case of divergence, blockchain network data prevails. (C) Displayed Virtual Asset price quotes are estimates based on third-party data. PICNIC does not guarantee the accuracy of these quotes and is not liable for purchase or sale decisions made by the user based on this visual information. 8.3. Content and Third-Party Links. The Platform may display links, news, or integrations with third-party services (including block explorers, DeFi protocols, and liquidity partners). The user acknowledges and agrees that PICNIC does not control, endorse, and assumes no responsibility for the content, accuracy, policies, or practices of these third-party services. Access to such external resources is at the user's sole responsibility and risk. 9. PROMOTIONAL CAMPAIGNS, BONUSES AND REWARDS 9.1. PICNIC may, at its sole discretion, offer promotions, referral programs, sign-up bonuses, or other rewards ("Promotions"). User participation in any Promotions is conditioned upon acceptance and compliance with the specific terms of each campaign, as well as eligibility rules, regional restrictions, and account verification in force at the time of participation. 9.2. PICNIC reserves the right to, at any time and without prior notice, modify, suspend, or terminate any Promotion, as well as alter eligibility criteria or reward value, creating no acquired right for the User regarding future bonuses or discontinued campaigns. 9.3. PICNIC reserves the right to disqualify the User, block the account, and revoke, refund, or cancel any rewards (even if already credited) if it identifies, at its sole discretion: a) Creation of multiple accounts or use of false data; b) Use of robotic means, emulators, VPNs to bypass geographical restrictions, or automation scripts; c) Self-referral or collusion between accounts to manipulate the rewards system; d) Any violation of the acceptable use policy or suspicion of fraud. 9.4. The User acknowledges that rewards paid in cryptoassets are subject to market volatility. PICNIC is not responsible for value fluctuations, technical failures preventing immediate participation, or manifest material errors in bonus configuration, reserving the right to correct such failures and adjust balances as necessary. 10. CUSTOMER SERVICE, FEEDBACK AND DISPUTE RESOLUTION 10.1. Should the user have questions, suggestions, feedback, or encounter technical difficulties in using the Platform, they must contact the PICNIC Technical Support team via email oi@usepicnic.com or official channels indicated on the usepicnic.com page. For purposes of receiving judicial citations or formal extrajudicial notifications, PICNIC indicates the following physical/electronic address: legal@usepicnic.com 10.2. Support Scope and Limitations. The user acknowledges that support offered by PICNIC is strictly limited to the functioning of technology and software interface. (A) What we cover: Login problems in PICNIC Account, viewing errors in the app, difficulties integrating with partner services (Card), and interface bugs. (B) What we CANNOT cover: PICNIC support has no technical means to recover funds sent to wrong addresses, reverse transactions on the blockchain, recover Private Keys lost by the user, or accelerate pending transactions on the network. Complaints of this nature will be technically impossible to be solved by PICNIC. 10.3. Amicable Dispute Resolution. Except where prohibited by applicable law, before initiating any judicial or administrative proceeding against PICNIC, the user agrees to first contact our support team to try to resolve the issue amicably. The user agrees to grant PICNIC a period of up to 30 (thirty) days, counting from the formal receipt of the complaint with all necessary information, to analyze the case and propose a technical solution or clarification. Should the user initiate a dispute without first exhausting this attempt at amicable resolution, PICNIC reserves the right to request suspension of the process until the support procedure is concluded. 10.4. These Terms are governed by the laws of the British Virgin Islands. 11. DATA PROTECTION AND PRIVACY 11.1. Personal Data Processing. By using PICNIC Technology Services, the user acknowledges that PICNIC may collect and process personal data, in compliance with PICNIC's Privacy Policy, an integral part of these Terms. Data processing is performed for the purposes of: (i) Providing the software usage license and personalizing the user experience; (ii) Complying with legal and regulatory obligations (including fraud prevention and money laundering); (iii) Enabling integration with Additional Services (such as fiat currency conversion or PICNIC Card issuance with banking partners). 11.2. Data on Blockchain (Public Data). The user understands and accepts a fundamental characteristic of blockchain technology: Transparency and Immutability. By performing a transaction through the PICNIC interface, the user's public wallet address and transaction details are permanently recorded on the blockchain. (A) Public Data: This data is public, decentralized, and not controlled or stored on PICNIC servers. (B) Impossibility of Deletion: The user acknowledges that PICNIC lacks the technical capacity to alter, anonymize, or delete data already recorded on the blockchain. Therefore, rights of deletion or forgetting provided in data protection legislation are not applicable to immutable blockchain records, but only to data kept in PICNIC's internal databases (such as email registration and name). 11.3. Sharing with Partners. For the provision of Additional Services (especially connected financial services, such as the PICNIC Card), the user authorizes PICNIC to share their registration and identification data with partner institutions (card issuers, banks, or liquidity partners), strictly for contract execution and compliance with regulatory standards (Compliance) of those institutions. 11.4. User Declarations. The user declares that all information provided to PICNIC is true and current. The user commits to keeping their data updated on the Platform and acknowledges that reading and accepting the Privacy Policy is an indispensable condition for using the services. 12. SECURITY AND USER PROTECTION 12.1. Responsibility for Credentials and Devices. To use PICNIC software, the user must create Platform access credentials (Login and Password). The user is solely and fully responsible for their electronic device security and for maintaining proper control of their security data. 12.2. Critical Security Distinction (App vs. Blockchain). The user must understand the difference between two security levels: (A) PICNIC Account Security: Refers to access to the application interface. PICNIC can assist in app password recovery (password reset via email), should the user forget it. (B) Wallet Security (Self-Custody): Refers to the Private Key or Recovery Phrase (Seed Phrase) controlling funds on the Blockchain. PICNIC NEVER requests, stores, or has access to your Private Key. ATTENTION: If the user loses, forgets, or has their Private Key/Seed Phrase stolen, PICNIC CANNOT recover access to funds, nor reverse transactions. Private Key security is the user's sole responsibility. 12.3. Phishing and Scam Prevention. Picnic is not liable for damages arising from access to external links, third-party ads (on search engines or social networks), or fraudulent sites simulating the official service interface. It is the User's duty to verify URL authenticity and ensure they are in an official environment before entering any data or performing transactions. 12.4. Security Breach. If the user suspects their PICNIC Account (app access) has been compromised: (A) The user must IMMEDIATELY notify PICNIC Support for temporary interface access blocking; (B) The user must IMMEDIATELY use their Recovery Phrase (Seed Phrase) in another secure interface to transfer their funds to a new secure wallet, since PICNIC has no power to "freeze" funds on the blockchain. 12.5. Picnic declares that it adopts technical, organizational, and administrative information security measures strictly aligned with standards required by the General Data Protection Law (Law No. 13.709/2018 - LGPD) and applicable regulatory standards. Such measures aim to protect personal data against unauthorized access and accidental or illicit situations of destruction, loss, or alteration. 13. INTEGRATION WITH NOAH SERVICES 13.1. By using the functionalities for conversion between fiat currency and cryptoassets available on the platform, the User acknowledges and agrees that these services are provided directly by Noah Savings Inc. ("Noah") and its banking partners, and not by Picnic. Thus: 13.2. Acceptance of Third-Party Terms: To use these services, the User automatically adheres to and must observe Noah's Terms of Service and Privacy Policy. 13.3. Data Sharing: The User authorizes Picnic to share their registration data, KYC (Know Your Customer) information, and wallet details with Noah for identity validation and anti-money laundering purposes, as required by applicable regulation. 13.4. Geographical Restrictions and Sanctions: The service is not available to Users residing in, citizens of, or attempting to access the platform from jurisdictions classified as "Prohibited Countries" by Noah. The User declares having no ties to the following locations: Afghanistan, Albania, Algeria, Bangladesh, Belarus, Qatar, China, Congo (Democratic Republic of the), North Korea, Cuba, Eritrea, Ethiopia, Gaza Strip, Yemen, Iran, Iraq, Kosovo, Lebanon, Libya, North Macedonia, Mali, Morocco, Myanmar, Nepal, Nicaragua, Niger, Pakistan, Central African Republic, Russia, Syria, Somalia, Sudan, South Sudan, Ukraine, Venezuela, West Bank, and Zimbabwe. 13.5. Limitation of Liability: Picnic acts only as a technological integrator. Any failure, delay, custody of values, or dispute related to currency conversion or financial settlement is the sole responsibility of Noah, with Picnic being exempt from liability for losses arising from these specific services. 14. PASSKEYS 14.1. As of April 6, 2026, the use of passkeys is mandatory for all accounts created via email on Picnic. Accounts created via external wallets remain subject to their original access conditions and are not affected by this Clause. 14.2. The Passkey is generated and stored exclusively within the secure hardware of the User's device. Picnic does not have access to the User's Private Key under any circumstances and cannot request it. Picnic stores only the Public Key, which is required to verify the authenticity of cryptographic signatures. 14.3. Passkeys implemented by Picnic follow the WebAuthn (FIDO2) standard, the same adopted by Apple, Google, and Microsoft for passwordless authentication. Biometric authentication occurs locally on the user's device. No biometric data is transmitted to Picnic or any third party. 14.4. Each transaction requires individual and direct biometric approval by the User on their device. There is no persistent session; every action requires confirmation at the moment it is performed. 14.5. By design of the WebAuthn standard, the User's Passkey is bound to the origin usepicnic.com. The Passkey will not function on any other domain or application, even if visually identical to Picnic. Picnic will never ask the User to provide, export, or share their Passkey or any biometric data. - ℹ NOTE: Biometric authentication (Face ID, Touch ID, fingerprint) occurs locally on your device. Your biometric data is never sent to Picnic, the blockchain, or any third party. The network receives only the cryptographic signature produced by your device. 14.6. USER RESPONSIBILITIES 14.6.1. The User is solely responsible for the custody, security, and control of the device on which the Passkey is stored. Picnic bears no responsibility for losses resulting from theft, loss, unauthorized access, or compromise of the User's device. 14.6.2. The User is responsible for controlling who has access to the biometrics registered on their device. Any individual whose face or fingerprint is registered on the User's device may authenticate transactions on Picnic. Picnic has no means of distinguishing between the User and authorized third parties on the device. 14.6.3. The User is responsible for managing their account within the Passkey Manager of the platform they utilize (Apple ID, Google Account, or compatible manager). Passkey synchronization across devices is a third-party functionality over which Picnic has no control. 14.6.4. The User is strongly encouraged to configure their Passkey before April 6, 2026. After this date, account access will be contingent upon the completion of this setup. Assets remain secure on the blockchain regardless, but access to the Picnic interface will require an active Passkey. 14.6.5. The User is responsible for monitoring notifications sent by Picnic during the Protection Period of a recovery process. Picnic will send daily notifications during the 7-day Protection Period. The User must immediately cancel any recovery process they did not initiate. 14.6.6. The User acknowledges and accepts that the Passkey is the sole mechanism for authorizing transactions in their Smart Wallet. The definitive loss of access to the Passkey, without the possibility of recovery via the Recovery Guard, entails the permanent loss of access to assets. Picnic cannot intervene in this situation. USER RESPONSIBILITY: You are the sole guardian of your Passkey. Picnic has no way to recover your access outside of the process described in Clause 14.6. If you lose your device and your Recovery Guard simultaneously, without access to a Passkey Manager, access to your assets may be permanently lost. 14.7. TECHNICAL LIMITATIONS AND EXCLUSION OF LIABILITY 14.7.1. Picnic does not have access to, does not store, and cannot recover the User’s Private Key under any circumstances. This is a structural technical component, not an operational policy. 14.7.2. Picnic has no control over third-party Passkey Managers (Apple, Google, 1Password, Bitwarden, or others). Picnic is not liable for failures, unavailability, policy changes, or discontinuation of these services that affect the User's access to their Passkey. 14.7.3. Picnic is not responsible for failures in secure hardware (Secure Enclave or equivalent), operating system updates that affect passkey functionality, or any other technical limitations of the User's devices. 14.7.4. Picnic is not liable for transactions performed by third parties who have obtained access to the User's device, to the biometrics registered on the device, or to the User's Passkey Manager, except in cases of proven exclusive fault by Picnic. 14.8. ACCOUNT RECOVERY 14.8.1. The only account recovery mechanism available on Picnic is the process described in this Clause 14.8. Picnic does not offer any other recovery channel, whether through human support, administrative reset, or any other means. 14.8.2. The Recovery Guard is the Magic wallet previously linked to the User's email. Following the adoption of passkeys, the Recovery Guard does not have signing powers in the primary transaction flow—it acts exclusively as a recovery mechanism within the Smart Wallet's social recovery module. 14.8.3. To initiate a recovery, the User must: (i) Access Picnic on a new device; (ii) Authenticate with the email associated with the Account, activating the Recovery Guard; (iii) Register a new Passkey on the new device; (iv) Wait for the Protection Period of 7 (seven) calendar days; (v) Confirm the activation of the new Passkey at the end of the Protection Period. 14.8.4. The 7-day Protection Period is a security safeguard and not an operational limitation. It exists to ensure that any unauthorized recovery attempt—such as one initiated by someone with access to the User's email—can be detected and canceled by the legitimate User before it takes effect. 14.8.5. During the 7-day Protection Period, Picnic will send the User: (a) Immediate notification at the start of the recovery; (b) Daily reminder notifications while the process is active; (c) A final notification when the new Passkey is ready to be activated. 14.8.6. If the User receives notification of a recovery they did not initiate, they must cancel it immediately through the channel indicated in the notification. Picnic is not responsible for recoveries completed during the Protection Period where the User received notifications and failed to take action to cancel. 14.8.7. If the User simultaneously loses: (a) access to the Passkey; (b) access to the Passkey Manager; and (c) access to the email associated with the Recovery Guard—the account may be permanently unrecoverable. Assets will remain on the blockchain, but no technical mechanism will be available to authorize transactions. Picnic has no capacity to intervene in this situation. - CRITICAL ATTENTION: The email associated with your account is your safety net. Maintain access to it. If you lose your Passkey and email access at the same time, without the possibility of recovery via a Passkey Manager, your assets may become permanently inaccessible. 14.9. CROSS-DEVICE SYNCHRONIZATION 14.9.1. Passkey synchronization between devices is a feature provided exclusively by the User's Passkey Manager, not by Picnic. Picnic has no control over the synchronization process, its availability, or its technical requirements. 14.9.2. Picnic's passkey implementation is compatible with the following Passkey Managers, without guarantee of future availability or compatibility: (a) Apple iCloud Keychain; (b) Google Password Manager; (c) WebAuthn-compliant password managers (e.g., 1Password, Bitwarden, Dashlane); (d) Cross-platform authentication via QR Code and Bluetooth proximity. 14.9.3. In the event of migration between ecosystems (e.g., from Android to iPhone), the Passkey may not transfer automatically. In such cases, the User must use the recovery process described in Clause 14.8 to register a new Passkey on the new platform. 14.9.4. The User is responsible for ensuring that Passkey synchronization is correctly configured on their devices. Picnic is not responsible for access failures resulting from improper configuration of the Passkey Manager. 14.10. TECHNOLOGICAL UPDATES AND SYSTEM CHANGES 14.10.1. Picnic reserves the right to update, modify, or replace the passkey system described in this Clause 14 due to technological evolutions, security requirements, or regulatory changes, provided adequate prior notice is given to the User. 14.10.2. Material changes to the authentication and signing system will be communicated to the User at least 30 (thirty) days in advance, except in cases of security emergencies requiring an immediate response. 14.10.3. Picnic commits to maintaining compatibility with the WebAuthn (FIDO2) standard as long as it remains the industry standard for passwordless authentication. Any change in technological standards will be communicated pursuant to Clause 14.10.2. 14.11. The User's use of the passkey functionality constitutes express acceptance of all terms in this Clause 14, including the responsibilities assigned to the User and Picnic’s limitations of liability. 14.12. This Clause 14 must be read in conjunction with the other clauses of these Terms of Use, especially those relating to Picnic's nature as a software interface, the self-custody of assets, and general limitations of liability. 15. GENERAL PROVISIONS 15.1.The user agrees to use PICNIC Technology Services in strict compliance with applicable laws, including anti-money laundering standards. The user declares that funds moved through the interface have a lawful origin. 15.2. All content, design, source code, logos, graphics, and interfaces made available by PICNIC (“Content”) are the exclusive property of PICNIC or its licensors. Use of the Platform grants the user only a limited, revocable, non-exclusive, and non-transferable license for personal software use. Copying, reverse engineering, or redistributing Content without express authorization is prohibited. 15.3. These Terms do not create any partnership, joint venture, mandate, franchise, or employment relationship between the user and PICNIC. 15.4. Tax Aspects. Due to the non-custodial nature, PICNIC does not withhold taxes at source on cryptoasset transactions. The user is solely responsible for calculating, declaring, and collecting any taxes applicable to their capital gains arising from transactions facilitated by the Platform. PICNIC does not provide tax advice. 15.5. Inapplicability of "Unclaimed Property". Unlike banks or custodial exchanges, PICNIC does not hold possession of assets. Therefore, the concept of "dormant account" or "unclaimed property" subject to appropriation or transfer to the State by PICNIC does not exist. If the user stops using the Platform for years, their assets will remain safe on the blockchain, accessible only by whoever holds the Private Key. 15.6. Succession and Death. PICNIC warns that, due to blockchain encryption, it is not possible to transfer the deceased user's funds to heirs if they do not possess the Recovery Phrase (Seed Phrase). (A) Account Access: Upon presentation of a valid Inventory or Court Order, PICNIC may transfer ownership of the PICNIC Account (login/interface access) to the executor or heir. (B) Access to Funds: Transferring the login DOES NOT guarantee access to funds if the deceased has not left the Private Key/Password accessible to heirs. PICNIC has no technical means to "break" wallet encryption to deliver values to the estate. It is the user's sole responsibility to carry out their digital estate planning. 15.7. Entire Agreement and Assignment. These Terms constitute the entire agreement between the parties. PICNIC may assign or transfer its rights and obligations under this contract (in case of merger, acquisition, or asset sale) without prior user consent, provided notification is ensured. 15.8. Changes to Terms. PICNIC may alter these Terms at any time. Alterations will take effect on the date of their publication on the Platform. Continued use of services after alteration implies tacit acceptance. Should the user not agree, they must cease using the interface immediately. APPENDIX 1: COMMUNICATIONS AND NOTIFICATIONS POLICY 1. Considering the exclusively digital nature of services provided by PICNIC, the user agrees and expressly authorizes the receipt of all communications, contracts, documents, legal notifications, and disclosures (collectively, “Communications”) by electronic means. Communications may include, but are not limited to: (A) Terms and Policies: Updates to these Terms of Use, Privacy Policy, and other security guidelines; (B) Account Activity: Confirmations of actions performed in the interface, viewed transaction history, security alerts, and receipts related to Additional Services (e.g., PICNIC Card use); (C) Legal Reports: Notifications required by fiscal, tax, or anti-money laundering regulation, when applicable to operation with partners; (D) Support: Responses to technical support tickets and updates on Platform maintenance status. 1.1. Communications will be considered delivered and valid when: (i) published on the Platform or PICNIC Site; (ii) sent to the email registered in the user profile; (iii) sent via push notification in the mobile app; or (iv) transmitted via support chat or SMS. 2. PICNIC does not support communications via physical mail or paper. If the user revokes their authorization to receive electronic Communications, this will make the provision of Technology Services unfeasible. Consequently, PICNIC reserves the right to immediately terminate user access to the interface and PICNIC Account, reserving the user's right to continue accessing their assets directly on the blockchain (without using PICNIC software). 3. It is the user's sole responsibility to keep their email address and phone number updated and accessible. (A) The user understands and agrees that if PICNIC sends an electronic Communication to the email address on file, the communication will be considered received and delivered, even if: (i) the user's email is incorrect or outdated; (ii) the inbox is full; or (iii) the user's spam filter or firewall blocks the message. (B) The user can update their contact details at any time through the settings menu in the app or by contacting support via official channels. 4. Picnic communicates with the User exclusively through the official channels identified within the application and on the website usepicnic.com. Picnic will never, through any channel, request from the User: (a) The export, sharing, or disclosure of their Passkey or Private Key; (b) Biometric data of any nature; (c) Confirmation of transactions outside of the official application; (d) Remote access to the User's device. 4.1. Any request received by the User—whether via email, messaging apps, social media, telephone calls, or any other channel—must be treated as a fraudulent attempt. The User must report it immediately to Picnic’s official support. APPENDIX 2: COMPLIANCE POLICY 1. Although PICNIC is a non-custodial technology provider, we have an ethical and legal commitment to prevent our software from being used to facilitate illicit activities. Our policy is based on community protection and respect for global standards of anti-money laundering (AML), combating the financing of terrorism (CFT), and economic sanctions. 2. PICNIC's operation is performed through integration with licensed and regulated financial infrastructure and payment providers (including, but not limited to, electronic money issuers and fiat currency payment processors). PICNIC performs rigorous due diligence on its providers ("Know Your Partner" or KYP), exclusively selecting partners that provenly adopt strict controls for anti-money laundering (AML), combating the financing of terrorism (CFT), and fraud prevention, in compliance with global standards (including FATF guidelines). 2.1. The User acknowledges and agrees that the PICNIC platform reflects, in real-time, security policies and restrictions imposed by these infrastructure partners. Consequently, access to the interface or order execution may be automatically blocked or suspended in the following hypotheses: (A) transaction execution will be prevented if involved wallets or identities are flagged by our partners' monitoring systems as appearing on official sanctions lists. (B) access to services may be restricted if the User's IP address or fiscal residence originates from embargoed jurisdictions or those classified as high-risk by our partners. Use of VPNs to bypass such restrictions constitutes a serious violation of these terms. (C) transactions may be rejected if blockchain analysis tools used by our settlement partners identify interaction with high-risk addresses. 2.2. Regardless of the automated restrictions above, PICNIC reserves the right to suspend, block, or terminate the User's account upon express request from any of its financial partners, arising from suspicion of fraud, platform abuse, larceny, or scams. The merit analysis performed by regulated partners will be considered valid and sufficient for decision-making by PICNIC. 3. SERVICES REQUIRING IDENTIFICATION (KYC). For functionalities connecting the crypto world to the traditional financial system (the "Additional Services"), such as the PICNIC Card, fiat currency to Crypto conversion, user identification is mandatory. In these cases: (A) The user must send documents (ID/CNPJ photo, selfie, etc.) directly to PICNIC's regulated partners. (B) If the partner refuses user registration due to compliance issues, PICNIC will automatically revoke access to this specific functionality in the app. 4. USER OBLIGATIONS. By using PICNIC software, you declare, under penalty of law, that: (A) You are not on any international sanctions or trade restriction lists; (B) Your funds have a lawful origin and do not derive from criminal activities; (C) You will not use the platform to conceal assets, evade currency, or finance illegal activities. 5. CONSEQUENCES OF VIOLATION. Should our systems identify a violation of this Policy or of the Terms of Use, PICNIC will block access to our website and application. You will no longer be able to use our visual tool. PICNIC reserves the right to report suspicious activities to competent authorities, if illicit use of our technology is proven.

🔐 Security & Access

How to Protect Your Picnic Account

Keeping your account secure is simple when you know what to look out for. Here are the key points about security, phishing, and what Picnic can or cannot do. Protect Your Access At Picnic, login is done with email + verification code (OTP). Therefore: - Use a strong and unique password for the email you use with Picnic. - Enable two-factor authentication (2FA) on your email. - Never share your Picnic verification code with anyone. - Do not search for the Picnic website on search engines. If someone accesses your email, they could try to access your Picnic account. Beware of Phishing (Fake Links, Sites, and Messages) Phishing scams try to trick you into stealing your codes or getting you to send money. Be suspicious if: - The message is very urgent (“respond in 5 minutes or your account will be blocked”). - Someone asks you to provide a verification code, card details, or documents via chat, call, or WhatsApp. - The link looks strange or the site has a different address from the official one. - They ask you to install remote access apps (AnyDesk, TeamViewer, etc.) to “assist with support.” - They offer guaranteed returns, “exclusive investment,” or ask you to transfer everything to a “secure wallet.” If in doubt, do not click. Access Picnic by typing the official address in your browser (www.usepicnic.com) or opening the app directly from the store. What Picnic Can Do Picnic can: - Send emails with the @usepicnic.com domain (for example, to confirm login or notify you about something important). - Ask you to confirm actions within the app or website (like accepting terms or reviewing data). - Guide you through the platform chat or official channels if you have questions. - Help you report fake sites. What Picnic Never Does Consider it a scam if someone, claiming to be from Picnic: - Asks for your verification code, card PIN, or email password. - Requests you to make a Pix transfer to “unlock account,” “increase limit,” or “join a special investment.” - Asks you to install remote access apps to “assist with support.” - Requests your full card number or CVV. Picnic never needs this information to provide support. What to Do If Something Seems Wrong If you receive something suspicious or think you’ve been scammed: 1. Stop everything: do not click, do not respond, do not send codes. 2. Review your transactions; if something seems off, follow the steps in the security articles. 3. Contact support through the official channels and explain what happened. When in doubt, treat it as a scam. It’s always better to confirm first than to fix later.

⚖️ Legal

Terms of Use - English

PICNIC TERMS OF USE Last Updated: March 10, 2026 These Terms of Use constitute a binding agreement between you (the “User”) and DeFi Basket Labs Inc., the company that owns the PICNIC brand, incorporated under the laws of the British Virgin Islands (BVI). DeFi Basket is a company incorporated under No. 2085144 with its registered address at Intershore Chambers, Geneva Place, 3rd Floor, Road Town, Tortola, British Virgin Islands. For the purposes of this agreement, "PICNIC" refers to the website usepicnic.com, the suite of software protocols, the technological interfaces that make up the PICNIC Platform, the PICNIC Card, and associated mobile applications. By using our technology, the user acknowledges that PICNIC is a self-custodial and distributed technology software. UNLIKE TRADITIONAL FINANCIAL INSTITUTIONS, PICNIC SOFTWARE IS NOT “LOCATED” OR BASED IN A SINGLE PHYSICAL JURISDICTION. IT OPERATES THROUGH A DECENTRALIZED CLOUD INFRASTRUCTURE, RUNNING LOCALLY ON THE USER'S DEVICE AND DIRECTLY ON PUBLIC BLOCKCHAIN NETWORKS. The software functions as an interface for the user to interact directly with the blockchain. DeFi Basket Labs does not have access, control, or custody over the user's private keys, recovery phrases (seeds), or digital assets. READ CAREFULLY BEFORE PROCEEDING: PICNIC IS NOT A BANK, NOT A FINANCIAL INSTITUTION, NOT A CUSTODIAL EXCHANGE, AND DOES NOT INTERMEDIATE ANY TRANSACTION. PICNIC IS EXCLUSIVELY A SOFTWARE INTERFACE PROVIDER. BY USING THIS PLATFORM, YOU ACKNOWLEDGE THAT THE OPERATIONAL MODEL IS SELF-CUSTODIAL. THIS MEANS THAT: THE POSSESSION, SECURITY, AND CONTROL OF YOUR PRIVATE KEY AND YOUR RECOVERY PHRASE ARE YOUR SOLE AND FULL RESPONSIBILITY. WE DO NOT STORE, HAVE COPIES, OR HAVE ACCESS TO YOUR PRIVATE KEYS OR YOUR ASSETS ON THE BLOCKCHAIN. RECOVERY IMPOSSIBILITY: IF YOU LOSE ACCESS TO YOUR PRIVATE KEY OR RECOVERY PHRASE, PICNIC TECHNICAL SUPPORT DOES NOT HAVE THE TECHNICAL CAPABILITY TO RECOVER WALLET PASSWORDS, REVERSE TRANSACTIONS, OR REFUND LOST AMOUNTS, AS WE DO NOT HOLD CUSTODY OF THE FUNDS. USER RISK: BY ACCEPTING THESE TERMS, YOU FULLY ASSUME THE TECHNOLOGICAL RISK OF SELF-CUSTODY AND RELEASE PICNIC FROM ANY LIABILITY FOR LOSS OF ACCESS TO YOUR DIGITAL WALLET. By registering or connecting your wallet for the use of PICNIC's graphical interface (the “Site” or “App”), you agree that you have read, understood, and accept all the terms and conditions contained in this Agreement, including our Privacy and Compliance Policies, which are an integral part of these Terms of Use. INFRASTRUCTURE PARTNERS AND THIRD-PARTY SERVICES: By accepting these Terms of Use and using the products and features made available through Picnic software, you acknowledge and agree that certain operations are enabled by external infrastructure partners. Thus, by using specific services, you declare that you are aware of and fully agree with the terms of use of our partners, including but not limited to: - Asset Conversion: Operations of converting crypto assets to fiat currency and vice versa; - Picnic Card: Use of the physical or virtual card; - Custody and Settlement: Other payment processing services and network infrastructure. Continued use of these features implies automatic acceptance of the conditions established by such partners, over which Picnic has no direct control. The operation of on-ramps and off-ramps is the sole responsibility of the respective third-party companies, with Picnic being exempt from any liability in this regard. 1. ELIGIBILITY AND JURISDICTIONAL SCOPE 1.1. Nature of Software and Location. The User acknowledges that PICNIC is a self-custodial and distributed technology software. Unlike traditional institutions, PICNIC software is not “located” or based in a single physical jurisdiction but operates through decentralized cloud infrastructure and runs locally on the User's device and on the public blockchain network. 1.2. Due to its global nature, PICNIC is not necessarily subject to the governing laws of a specific country, except regarding the direct obligations of its developers. (A) Local Compliance: This does not imply legal immunity. PICNIC complies with all applicable regulations to its operational model in the countries where it operates. The User is responsible for ensuring that access and use of the Platform are permitted by the laws of the jurisdiction where the User resides, is domiciled, or from which they access the services. (B) Illegal Use: It is strictly prohibited to use PICNIC software for purposes considered illegal in the User's jurisdiction or under international norms, including but not limited to: money laundering, currency evasion, terrorism financing, fraud, or purchasing illegal goods. 1.3. Anti-Money Laundering (AML) and Control. Although PICNIC is a technology provider and not a financial custodian, we maintain our own monitoring and control policies and tools to prevent the use of the tool for illicit purposes (Anti-Money Laundering – AML and Combating the Financing of Terrorism – CFT), further detailed in appendix 2 - compliance policy. Shared Responsibility: The existence of these internal control tools at PICNIC does not transfer legal responsibility to the company, nor does it exempt the User from their civil and criminal obligations. The User must cooperate with the proper use of the Platform by providing truthful information when requested. 1.4. The legal relationship established between the user and Picnic is a software use license, where the technological tool allows the user to exercise their financial sovereignty, maintaining exclusive control over their private keys and the final execution of any transaction. Technologically, PICNIC operates under a non-custodial software architecture. This means that our platform acts strictly as a graphical interface for interaction with the Blockchain, never intermediating or holding possession of the assets. 1.5. "Trader" Status – European Union (DSA). For the exclusive purpose of complying with Regulation (EU) 2022/2065 (Digital Services Act - DSA) and applicable consumer protection standards in the European Union: (A) PICNIC declares itself as a "Trader" strictly in the sense of a technology tool and digital software provider. (B) This designation SHOULD NOT be interpreted as a statement that PICNIC acts as a financial intermediary, broker, or payment service provider. The "product" marketed by PICNIC is the license to use the interface and the aggregated technology services, not the purchase and sale of financial assets, which occurs directly between the User and the blockchain network. 2. SERVICES 2.1. Nature of Services: Technology Provider. PICNIC acts exclusively as a Technology Services provider, offering users a software use license (the “Platform”) intended to facilitate the user's direct interaction with decentralized blockchain networks. By using PICNIC, the user expressly acknowledges and agrees that: (A) PICNIC only provides the software infrastructure and digital tools that allow the visualization, reading, and transmission of instructions directly to the blockchain; (B) PICNIC does not hold, store, keep, process, or control the user's Virtual Assets at any time; and (C) All transactions are executed directly by the user on the respective blockchain network, without any intervention, approval, or financial settlement by PICNIC. 2.2. Absence of Financial Management or Brokerage. Unlike centralized exchanges, PICNIC DOES NOT buy, sell, or transfer virtual assets on behalf of third parties. To avoid doubt, it is established that: (i) Strictly Technological Role: PICNIC does not acquire or sell assets on its own behalf for the user; (ii) Absence of Powers: PICNIC does not have the power to represent the user or make decisions about their assets; (iii) Direct Relationship: The user transacts directly with the decentralized protocol or with other network users (P2P/DeFi), with PICNIC only providing the connection software; (iv) Self-Custody: PICNIC does not hold possession of private keys or user funds. The responsibility for safeguarding access credentials and private keys is solely the user's. 2.3. The PICNIC Platform functions as an access portal (“Gateway”) that translates the user's commands into a language compatible with the blockchain. Thus: (i) The user connects their own wallet or generates new access credentials through the provided technology; (ii) The user signs transactions with their own private key; (iii) PICNIC only transmits this signed transaction to the public blockchain network for processing by network validators. Additionally, the User understands that the "PICNIC Interface" (the web/app software) is distinct from the underlying "Decentralized Protocols" (the Smart Contracts running on the Blockchain). (A) PICNIC provides the Interface, which is only a visual tool. (B) PICNIC does not control, operate, or can halt the Decentralized Protocols with which the Interface interacts. If there is a failure in the Protocol (e.g., calculation error in the Pool's Smart Contract), PICNIC is not responsible, as it is not the owner of the decentralized network. 2.4. Since PICNIC only provides Technology Services and not financial settlement: (A) PICNIC does not guarantee the execution, settlement, or immutability of transactions, which depend solely on the functioning of the underlying blockchain network; (B) PICNIC does not have the technical capability to reverse, cancel, or modify transactions once they have been transmitted by the user to the blockchain network; (C) Network fees (“Gas Fees”) are paid directly by the user to the network validators, not constituting revenue for PICNIC. 2.5. Integrations, Web3 Browser, and Third-Party Services. The PICNIC interface may include virtual asset browser functionalities (“Web3 Browser”) or direct links that allow the user to access Decentralized Applications (“dApps”) and Decentralized Exchanges (“DEXs”) operated by third parties. (A) Browser Nature: By using the Web3 Browser, the user understands that they are navigating outside the environment controlled by PICNIC. The software acts only as a connection bridge. PICNIC does not control, endorse, audit, or guarantee the security, legitimacy, or functionality of any dApp or DEX accessed. (B) If the user interacts with a malicious dApp, falls for phishing scams, or suffers losses due to failures in third-party smart contracts accessed via the PICNIC interface, the responsibility is solely the user's. PICNIC has no power to reverse such interactions. 2.6. Additional Services. In addition to the main Technology Services, PICNIC may develop and provide additional functionalities or integrations with third-party systems (the “Additional Services”), aiming to expand the Platform's utility. 2.6.1. The PICNIC Card and Partnerships. If the user chooses to use functionalities such as the debit or prepaid card integrated into the Platform (the “PICNIC Card”): (A) Issuance by Third Parties: The user acknowledges that the card is issued and managed by a partner financial or payment institution, duly regulated, and not by PICNIC. (B) Technological Connection: PICNIC's role is limited to providing the technology that allows the user to connect their self-custodial wallet to the partner issuer's system. (C) Subject to Third-Party Terms: The use of Additional Services requires the user to accept the terms and conditions of the partner issuers. 2.7. Fees and Compensation. For the use of the Platform and Additional Services, PICNIC may charge software or service licensing fees, which will always be transparently presented on the Platform. (A) Fee Distinction: The user acknowledges that the fees charged by PICNIC (for the use of Technology Services) are distinct from network fees (Gas Fees) and distinct from any financial fees charged by third-party partners. (B) Responsibility: The user agrees to be responsible for paying all applicable fees presented on the Platform at the time of the transaction. 2.8. Absence of Fiduciary Duty. This Agreement is not intended to create, and does not create, any fiduciary duties on the part of PICNIC to the User. To the maximum extent permitted by law, the User acknowledges and agrees that PICNIC owes no loyalty, financial care duty, or asset management to the User. Our only obligations are the strictly technical ones described in these Terms (software provision). 2.9. Price Routing and Execution. PICNIC's smart routing technology seeks to find efficient routes for User swaps. However: (A) Due to the volatility and speed of the Blockchain, PICNIC does not guarantee that the price displayed in the simulation will be exactly the executed price, nor that it will be the best price available in the global market at that millisecond. (B) The User acknowledges that the final price may vary between the time of signing and the time of the transaction. 3. ACCOUNT SETUP AND IDENTITY 3.1. Access Account Registration. To use PICNIC's Technology Services, it may be necessary to register a user profile on the Platform (a “PICNIC Account”). Registration involves providing data such as name, email address, and creating access credentials to the software. 3.1.1. Nature of the Account. The PICNIC Account is intended exclusively to: (i) manage software settings; (ii) allow technological access to Additional Services; and (iii) store activity history. The PICNIC Account is not a bank, payment, or deposit account. Creating the PICNIC Account does not imply, under any circumstances, the transfer of the user's asset ownership to PICNIC. 3.2. Identity Verification (KYC) for Software Security. Although PICNIC acts strictly as a Technology Provider, the security of the digital environment and compliance with global standards require user identification, especially to enable integrations with regulated partners (e.g., card issuers). Thus, the user agrees to provide the requested information for identity verification, risk analysis, and anti-money laundering policies (KYC / AML). 3.2.1. Use of Information. The user authorizes PICNIC to use their data to validate their identity and, when the user chooses to use the PICNIC Card, to share such data with partner financial institutions, strictly to enable the service provision by the partner. 3.3. Account Password vs. Private Key. It is essential that the user understands the difference between PICNIC Account credentials and their Wallet credentials: (A) PICNIC Account Credentials: (Login/Password). Allow access to the software/application. (B) Private Key or Recovery Phrase (Seed Phrase): These are the mathematical codes that control the Virtual Assets on the blockchain. PICNIC DOES NOT HAVE ACCESS, DOES NOT STORE, AND CANNOT RECOVER YOUR PRIVATE KEY. PICNIC's operational model is self-custodial. If the user loses their Private Key, they will lose access to their assets, without PICNIC being able to intervene. The use of the platform and the technology services provided implies full and unrestricted awareness of this aspect of the technology provided. 4. TRANSACTIONS AND INTERACTION WITH THE BLOCKCHAIN 4.1. The technology provided by PICNIC allows the user to manage their own funds and interact directly with public blockchain networks. By initiating a transaction through the Platform (whether sending, receiving, swapping, or interacting with smart contracts), the user acknowledges that: (A) The transaction is signed exclusively by the user's Private Key, stored locally on the user's device (or in a personal encrypted cloud solution), without PICNIC having access to this signature; (B) PICNIC does not act as a counterparty in the transaction. The purchase and sale occur between the user and decentralized protocols (Smart Contracts) or other network users (P2P); (C) PICNIC software acts only as a transmitter of the message signed by the user to the blockchain network nodes. 4.2. Integration with Fiat Currency (Fiat On-Ramp/Off-Ramp). PICNIC does not receive, hold, or process fiat currency (Reais, Dollars, etc.). To facilitate the conversion between fiat currency and Virtual Assets, the Platform may technologically integrate services provided by third parties (“Liquidity Partners”). (A) By choosing to buy or sell crypto assets using Reais (BRL), the user establishes a direct contractual relationship with the Liquidity Partner. (B) PICNIC only provides the viewing window (widget) for access to the Partner's service. The financial settlement, exchange, and regulatory compliance of this operation are the sole responsibility of the Liquidity Partner. (C) The user understands that any bank transfer made to a Liquidity Partner is intended for the purchase of digital assets that will be delivered directly to the user's self-custodial wallet address, without passing through PICNIC's possession. 4.3. Unlike traditional banking systems or centralized exchanges, blockchain transactions are, by nature, irreversible. (A) Once the user signs and transmits a transaction through PICNIC technology to the network, it cannot be canceled, reversed, or modified. PICNIC does not have the technical capability to refund transactions, even in cases of error, theft, or fraud. (B) It is the user's sole responsibility to verify the destination address, selected network, and amounts before signing the transaction. 4.4. Network Fees (Gas Fees) and Service Fees. (A) Network Fees (Miners/Validators): Every transaction on the blockchain incurs a processing fee (Gas Fee) paid to the network validators. The User acknowledges that PICNIC may, at its sole discretion and for greater convenience, facilitate the payment of this fee through fee abstraction mechanisms. In these cases, PICNIC may advance the payment of the network fee on behalf of the User, being fully reimbursed by retaining the corresponding amount in the token used in the transaction. (B) Fee Independence: In cases where the facilitation mentioned in item (A) does not occur, the fee fluctuates according to network demand and is not defined or controlled by PICNIC. (C) Technology Fees: For using the technological solution that facilitates interaction (such as smart swap routing or fee payment convenience), PICNIC may charge a service fee, which will be added to the transaction and clearly displayed to the User before signing. 4.5. As a non-custodial wallet, the user's address on the blockchain can technically receive any asset compatible with that network. However, PICNIC's Platform filters and displays only a selected list of Virtual Assets (“Viewable Assets”) to ensure a better user experience and security. (A) Sending Unlisted Assets: If the user sends an asset to their address that is not visually supported by PICNIC software, the asset is not lost (as it is on the blockchain) but may not appear in the graphical interface. The user may need to import their Recovery Phrase into another compatible software to view/move that asset. (B) Support Termination: PICNIC may stop displaying certain assets in the interface at any time. This does not affect the user's ownership of the asset, only the visualization through PICNIC's tool. 4.6. Specific Risks of DeFi Protocols and DEXs. PICNIC technology allows access to Decentralized Finance (DeFi) protocols and DEXs for asset exchange or liquidity provision. Unlike centralized exchanges that curate listed assets, DEXs are open environments. (A) High-Risk Assets: The user acknowledges that DEXs and dApps may list assets without any prior verification. This includes assets with high illiquidity risk, extreme volatility, lock-up risk, or fraudulent tokens (scam tokens/rug pulls). It is the user's sole responsibility to verify the asset's contract address before trading. (B) Third-Party Prices and Fees: The user may incur fees imposed by the dApps or DEXs themselves (in addition to network fees). PICNIC does not receive or control these third-party fees. 4.7. Blockchain networks may undergo protocol changes (“Forks” or splits). PICNIC does not control these changes. (A) Discretion: PICNIC reserves the right to decide whether to update its software to support a specific Fork. (B) No Obligation: PICNIC is not obligated to support new chains resulting from forks, nor to ensure that the user receives tokens generated in forks (Fork airdrops). 4.8. (A) All Virtual Assets associated with the user's wallet address are the exclusive property and direct possession of the user. (B) PICNIC DOES NOT hold, store title, have custody, or manage the user's assets. The assets are not on PICNIC's balance sheet. (C) Only the Private Key holder (the user) can move the assets. PICNIC has no technical means to freeze, seize, or move the user's funds, even under judicial request (as the technology does not allow such access). 4.9. Since PICNIC does not have access to private keys, PICNIC cannot recover wallets whose passwords or Recovery Phrases have been lost by the user. Backup management is the user's sole responsibility. 4.10. It is strictly prohibited to use PICNIC's interface to perform or attempt to perform: (A) Market Manipulation: Practices that violate market integrity, including but not limited to tactics known as Rug Pulls, Pump and Dump, and Wash Trading; (B) Cyber Attacks: Any activity that seeks to interfere, intercept, or compromise the integrity of Smart Contracts, including reentrancy attacks, malicious front-running, or protocol bug exploitation; (C) Securities Violation: Offering or trading assets that may be characterized as unregistered securities or prohibited derivatives in the User's jurisdiction. 5. OPERATIONAL LIMITS OF THE SOFTWARE 5.1. The use of PICNIC's Technology Services and, in particular, the Additional Services (such as fiat currency conversion or use of the PICNIC Card), is subject to operational limits. Such limits may restrict the financial volume, transaction frequency, or access to certain Platform functionalities within a given period. 5.2. The limits are established based on security criteria, fraud prevention, and regulatory compliance, and may vary according to: (i) The level of Identity Verification (KYC) completed by the user; (ii) The requirements imposed by operational partners and card issuers; (iii) The software usage history and risk assessment. 6. SUSPENSION AND TERMINATION OF ACCESS 6.1. Without prejudice to other rights provided in these Terms, PICNIC, as the software license provider, may: (A) Refuse to process or transmit any technical instruction from the user to the blockchain network (for example, if the transaction is identified as malicious, fraudulent, or intended for internationally sanctioned addresses); (B) Temporarily or permanently block the user's login to the PICNIC Platform; (C) Restrict access to specific Additional Services (such as suspending the use of the PICNIC Card) without necessarily blocking wallet viewing access. 6.2. Reasons for Suspension or Termination. Such measures may be taken, including with immediate effect, if: (i) The user violates any provision of these Terms; (ii) There is reasonable suspicion that the PICNIC Account is being used for illicit activities, money laundering, fraud, or currency evasion; (iii) A judicial or competent authority order requires blocking access to the software; (iv) The user's use of the technology jeopardizes the technical stability of the Platform. Any suspension or termination of the user's account on the PICNIC platform does not grant PICNIC the ability to access or transfer the user's funds. The user's wallet remains accessible on the blockchain through other platforms. 6.3. Consequences of Termination/Suspension: Since PICNIC does not hold custody of the assets, terminating access to the Platform does not imply confiscation of the assets on the blockchain, provided the user has their self-custody credentials. (A) If PICNIC terminates the user's access to the software, the user can access and move their Virtual Assets using their Private Key or Recovery Phrase in any other compatible wallet software available on the market (e.g., hardware wallets or other open-source applications). (B) Termination of the PICNIC Account will result in the loss of access to transaction history, personalized settings, and data stored on PICNIC's servers, but will not affect the immutable record of transactions on the blockchain. (C) If the user has outstanding financial obligations related to Additional Services (e.g., card debt or unpaid service fees), the user remains legally obligated to settle them, even after access suspension. 6.4. Irreversibility. The user acknowledges that, due to the immutable nature of the blockchain, PICNIC does not have the technical capability to reverse, cancel, or refund transactions that have already been transmitted to the network, even in cases of account suspension. The suspension of the service only prevents the initiation of new transactions through the PICNIC interface. 6.5. Whenever possible and provided it does not violate applicable laws or compromise security investigations, PICNIC will notify the user about the suspension or termination of access, presenting the general reasons for the decision. 6.6. PICNIC may, at its sole discretion, discontinue, modify, or alter the Platform's architecture or any Technology Service at any time. In the event of a complete discontinuation of PICNIC's operations, the user will continue to have full control over their assets through their Recovery Phrase, regardless of the existence of the PICNIC platform, reinforcing the uncensorable nature of self-custody. 7. LIABILITY AND LIMITATIONS 7.1. If the user has a dispute with third parties, including but not limited to: (i) other users; (ii) smart contract developers; (iii) token issuers; (iv) liquidity partners or card issuers; (v) blockchain network validators, (vi) hackers, the user expressly agrees to hold PICNIC, its directors, and employees harmless from any claims, demands, and damages of any kind arising from or related to such disputes. PICNIC only provides the access tool (interface); it is not a party to transactions conducted on the blockchain. 7.2. The user agrees to indemnify and hold harmless PICNIC and its technology partners against any costs, losses, liabilities, and expenses (including reasonable attorney fees) arising from: (A) Misuse of Technology Services or violation of these Terms by the user; (B) Violation of any applicable law or regulation by the user. 7.3. Financial Liability Limitation (Indemnity Cap). CONSIDERING THAT PICNIC IS A SOFTWARE PROVIDER AND NOT AN ASSET CUSTODIAN: Except in cases of proven willful misconduct or gross negligence, PICNIC's total and cumulative liability for any damages or losses suffered by the user will be strictly limited to the total amount of service fees paid by the user to PICNIC (excluding gas fees and partner fees) in the 12 (twelve) months preceding the event giving rise to the claim. Under no circumstances will PICNIC's liability be calculated based on the value of Virtual Assets held by the user on the blockchain, as PICNIC does not hold possession or control of such assets. 7.4. Specific Exclusion of Damages (Technology Risks). In addition to the above limitations, PICNIC WILL NOT be liable for losses arising from: (A) Key Loss: Loss, theft, forgetting, or compromise of the user's Recovery Phrase, Private Key, or passwords. PICNIC does not have copies of these data and cannot recover them; (B) Blockchain Failures: Network congestion, high transaction fees, consensus failures, 51% attacks, or bugs in the underlying blockchain protocol; (C) User Errors: Sending assets to incorrect addresses, incompatible networks, or interacting with malicious contracts (Honeypots, Phishing); (D) Third-Party Risks: Bankruptcy, insolvency, or technical failures of Liquidity Partners, card issuers, or DeFi protocols accessed through the interface; (E) Lost Profits: Loss of profit opportunity, loss of expected revenue, or losses due to market volatility. 7.5. PICNIC's Technology Services are provided "as is" and "as available." (A) PICNIC does not guarantee that transactions transmitted to the blockchain will be mined/validated in time or at a specific cost. (B) No information displayed on the Platform constitutes investment advice, legal advice, or tax advice. The user operates at their own risk. (C) Like all software, PICNIC's Platform may contain bugs or experience instabilities. PICNIC does not guarantee that the service will be uninterrupted or error-free, although it makes its best efforts to promptly correct failures. 7.6. No Profit Guarantee. The User acknowledges and accepts that any yield functionality available on the Platform is based on interactions with third-party decentralized protocols and variable digital assets. PICNIC does not guarantee, under any circumstances, any profit, fixed return, or specific financial return. 7.7. Any return rates displayed on the interface are mere estimates based on historical or real-time data from underlying protocols and may undergo drastic and immediate variations due to market volatility, changes in DeFi protocol rules, or blockchain network conditions. The final return may be significantly lower than estimated, and may even be zero or negative. 7.8. By using any yield strategy, the User declares to be fully aware that: (A) Autonomous Decision: The choice of asset and strategy is the sole responsibility of the User; (B) Market Risks: The value of underlying assets may drop drastically, impacting the total invested value, regardless of the yield generated; (C) Technological Risks: The User accepts the risks of bugs, cyber attacks, or loss of parity (de-peg) of stablecoins in the protocols where the assets are allocated. 7.9. PICNIC, as a software provider, does not act as an investment advisor or asset manager. The User holds PICNIC harmless from any financial losses, direct or indirect damages arising from price variations or the performance of assets chosen within the platform. 7.10. Force Majeure and Network Events. PICNIC will not be liable for delays or failures in fulfilling its obligations due to events beyond its reasonable control, including but not limited to: governmental acts, wars, terrorism, pandemics, failures in the global internet infrastructure, or critical blockchain network events (such as contentious forks or network halts). 8. AVAILABILITY AND ACCURACY OF TECHNOLOGY SERVICES 8.1. Software Access and Availability. Access to PICNIC's Technology Services may experience degradations, slowdowns, or temporary unavailability due to technical maintenance, third-party server failures, or periods of high congestion on supported blockchain networks. (A) Although PICNIC is dedicated to maintaining Platform stability, we do not guarantee that the technological solution will be available uninterrupted or error-free. (B) The user acknowledges that delays in transaction confirmation or order transmission failures may occur due to instabilities in the blockchain network itself (miners/validators), factors entirely beyond PICNIC's technical control. (C) PICNIC emphasizes that, due to the non-custodial nature of the services, any unavailability of the PICNIC Platform DOES NOT prevent the user from accessing their Virtual Assets. If PICNIC software is unavailable, the user can, at any time, use their Recovery Phrase or Private Key to access and move their funds through other compatible software or wallets available on the market. For this reason, PICNIC will not be liable for any damages, loss of opportunity, or asset devaluation resulting from the temporary inability to use the Platform, as access to assets on the blockchain is independent of PICNIC software availability. 8.2. Accuracy of Information and Network Data. PICNIC's Platform acts as a viewer of public data recorded on the blockchain and third-party price sources (Oracles or market APIs). (A) Although PICNIC seeks to present information (such as balances, history, and quotes) accurately and up-to-date, there may be latency (delay) between the data being recorded on the blockchain and its visualization on the Platform. (B) The user acknowledges that the "source of truth" about their balances and transactions is the immutable record on the blockchain network, not the cached view presented by PICNIC software. In case of discrepancy, blockchain network data prevails. (C) The Virtual Asset price quotes displayed are estimates based on third-party data. PICNIC does not guarantee the accuracy of these quotes and is not responsible for purchase or sale decisions made by the user based on this visual information. 8.3. Third-Party Content and Links. The Platform may display links, news, or integrations with third-party services (including block explorers, DeFi protocols, and liquidity partners). The user acknowledges and agrees that PICNIC does not control, endorse, or assume responsibility for the content, accuracy, policies, or practices of these third-party services. Access to such external resources is entirely at the user's responsibility and risk. 9. PROMOTIONAL CAMPAIGNS, BONUSES, AND REWARDS 9.1. PICNIC may, at its sole discretion, offer promotions, referral programs, sign-up bonuses, or other rewards ("Promotions"). The User's participation in any Promotions is conditioned on acceptance and compliance with the specific terms of each campaign, as well as eligibility rules, regional restrictions, and account verification in effect at the time of participation. 9.2. PICNIC reserves the right to modify, suspend, or terminate any Promotion at any time without prior notice, as well as change eligibility criteria or reward values, not granting the User any acquired rights over future bonuses or discontinued campaigns. 9.3. PICNIC reserves the right to disqualify the User, block the account, and revoke, refund, or cancel any rewards (even if already credited) if it identifies, at its sole discretion, but not limited to: a) Creation of multiple accounts or use of false data; b) Use of robotic means, emulators, VPNs to bypass geographic restrictions, or automation scripts; c) Self-referral or collusion between accounts to manipulate the reward system; d) Any violation of the acceptable use policy or suspicion of fraud. 9.4. The User acknowledges that rewards paid in crypto assets are subject to market volatility. PICNIC is not responsible for value fluctuations, technical failures that prevent immediate participation, or manifest material errors in bonus configuration, reserving the right to correct such failures and adjust balances as necessary. 10. CUSTOMER SERVICE, FEEDBACK, AND DISPUTE RESOLUTION 10.1. If the user has questions, suggestions, feedback, or encounters technical difficulties using the Platform, they should contact PICNIC's Technical Support team via email at oi@usepicnic.com or through the official channels indicated on the usepicnic.com page. For the purpose of receiving legal notices or formal extrajudicial notifications, PICNIC indicates the following physical/electronic address: legal@usepicnic.com 10.2. Scope of Support and Limitations. The user acknowledges that the support offered by PICNIC is strictly limited to the functioning of the technology and software interface. (A) What we support: Login issues on the PICNIC Account, display errors in the app, difficulties integrating with partner services (Card), and interface bugs. (B) What we CANNOT support: PICNIC support does not have the technical means to recover funds sent to wrong addresses, reverse transactions on the blockchain, recover Private Keys lost by the user, or accelerate pending transactions on the network. Complaints of this nature will be technically impossible to be resolved by PICNIC. 10.3. Amicable Dispute Resolution. Except where prohibited by applicable law, before initiating any legal or administrative proceedings against PICNIC, the user agrees to first contact our support team to try to resolve the issue amicably. The user agrees to grant PICNIC a period of up to 30 (thirty) days, from the formal receipt of the complaint with all necessary information, to analyze the case and propose a technical solution or clarification. If the user initiates a dispute without first exhausting this amicable resolution attempt, PICNIC reserves the right to request the suspension of the process until the support procedure is completed. 10.4. These Terms are governed by the laws of the British Virgin Islands. 11. DATA PROTECTION AND PRIVACY 11.1. Personal Data Processing. By using PICNIC's Technology Services, the user acknowledges that PICNIC may collect and process personal data, in accordance with PICNIC's Privacy Policy, which is an integral part of these Terms. Data processing is carried out for the purposes of: (i) Providing the software use license and personalizing the user experience; (ii) Complying with legal and regulatory obligations (including fraud and money laundering prevention); (iii) Enabling integration with Additional Services (such as fiat currency conversion or PICNIC Card issuance with banking partners). 11.2. Data on the Blockchain (Public Data). The user understands and accepts a fundamental characteristic of blockchain technology: Transparency and Immutability. By conducting a transaction through PICNIC's interface, the user's public wallet address and transaction details are permanently recorded on the blockchain. (A) Public Data: These data are public, decentralized, and not controlled or stored on PICNIC's servers. (B) Impossibility of Deletion: The user acknowledges that PICNIC does not have the technical capability to alter, anonymize, or delete data that has already been recorded on the blockchain. Therefore, rights of deletion or forgetting provided by data protection legislation do not apply to immutable blockchain records, but only to data maintained in PICNIC's internal databases (such as email and name registration). 11.3. Sharing with Partners. For the provision of Additional Services (especially connected financial services, such as the PICNIC Card), the user authorizes PICNIC to share their registration and identification data with partner institutions (card issuers, banks, or liquidity partners), strictly for the execution of the contract and compliance with regulatory norms (Compliance) of these institutions. 11.4. User Declarations. The user declares that all information provided to PICNIC is true and current. The user undertakes to keep their data updated on the Platform and acknowledges that reading and accepting the Privacy Policy is an indispensable condition for using the services. 12. USER SECURITY AND PROTECTION 12.1. Responsibility for Credentials and Devices. To use PICNIC software, the user must create access credentials to the Platform (Login and Password). The user is solely and fully responsible for the security of their electronic device and for maintaining proper control of their security data. 12.2. Critical Security Distinction (App vs. Blockchain). The user must understand the difference between two levels of security: (A) PICNIC Account Security: Refers to access to the application interface. PICNIC can assist in recovering the app password (password reset via email) if the user forgets it. (B) Wallet Security (Self-Custody): Refers to the Private Key or Recovery Phrase that controls the funds on the Blockchain. PICNIC NEVER requests, stores, or has access to your Private Key. ATTENTION: If the user loses, forgets, or has their Private Key/Seed Phrase stolen, PICNIC CANNOT recover access to the funds or reverse transactions. The security of the Private Key is the user's sole responsibility. 12.3. Phishing and Scam Prevention. Picnic is not responsible for damages resulting from accessing external links, third-party advertisements (in search engines or social networks), or fraudulent sites that simulate the official service interface. It is the User's duty to verify the authenticity of the URL and ensure they are in the official environment before entering any data or conducting transactions. 12.4. Security Breach. If the user suspects that their PICNIC Account (app access) has been compromised: (A) The user must IMMEDIATELY notify PICNIC Support for temporary access blocking to the interface; (B) The user must IMMEDIATELY use their Recovery Phrase in another secure interface to transfer their funds to a new secure wallet, as PICNIC does not have the power to "freeze" funds on the blockchain. 12.5. Picnic declares that it adopts technical, organizational, and administrative information security measures strictly aligned with the standards required by the General Data Protection Law (Law No. 13.709/2018 - LGPD) and applicable regulatory norms. These measures aim to protect personal data against unauthorized access and accidental or unlawful situations of destruction, loss, or alteration. 13. INTEGRATION WITH NOAH SERVICES 13.1. By using the fiat-to-crypto conversion functionalities available on the platform, the User acknowledges and agrees that these services are provided directly by Noah Savings Inc. ("Noah") and its banking partners, and not by Picnic. Thus: 13.2. Acceptance of Third-Party Terms: To use these services, the User automatically adheres to and must observe Noah's Terms of Service and Privacy Policy. 13.3. Data Sharing: The User authorizes Picnic to share their registration data, KYC (Know Your Customer) information, and wallet details with Noah for identity validation and anti-money laundering prevention purposes, as required by applicable regulation. 13.4. Geographic Restrictions and Sanctions: The service is not available to Users residing, citizens, or attempting to access the platform from jurisdictions classified as "Prohibited Countries" by Noah. The User declares not to have any connection with the following locations: Afghanistan, Albania, Algeria, Bangladesh, Belarus, Qatar, China, Democratic Republic of the Congo, North Korea, Cuba, Eritrea, Ethiopia, Gaza Strip, Yemen, Iran, Iraq, Kosovo, Lebanon, Libya, North Macedonia, Mali, Morocco, Myanmar, Nepal, Nicaragua, Niger, Pakistan, Central African Republic, Russia, Syria, Somalia, Sudan, South Sudan, Ukraine, Venezuela, West Bank, and Zimbabwe. 13.5. Limitation of Liability: Picnic acts only as a technological integrator. Any failure, delay, custody of funds, or dispute related to currency conversion or financial settlement is the sole responsibility of Noah, with Picnic being exempt from liability for losses arising from these specific services. 14. PASSKEYS 14.1 Starting April 6, 2026, the use of passkeys is mandatory for all accounts created with email on Picnic. Accounts created with an external wallet remain under the original access conditions and are not affected by this Clause. 14.2. The Passkey is generated and stored exclusively on the User's secure device hardware. Picnic does not have access to the User's Private Key under any circumstances and cannot request it. Picnic only stores the Public Key, necessary to verify the authenticity of signatures. 14.3. The passkeys implemented by Picnic follow the WebAuthn (FIDO2) standard, the same adopted by Apple, Google, and Microsoft for passwordless authentication. Biometric authentication occurs locally on the user's device. No biometric data is transmitted to Picnic or third parties. 14.4. Each transaction requires individual and direct biometric approval by the User on their device. There is no persistent session. Each action requires confirmation at the time it is performed. 14.5. By design of the WebAuthn standard, the User's Passkey is linked to the origin usepicnic.com. The Passkey will not work on any other domain or application, even if visually identical to Picnic. Picnic will never ask the User to provide, export, or share their Passkey or any biometric data. ℹ Biometric authentication (Face ID, Touch ID, fingerprint) occurs locally on your device. Your biometric data is never sent to Picnic, the blockchain, or any third party. What the network receives is only the cryptographic signature produced by your device. 14.6. USER RESPONSIBILITIES: 14.6.1. The User is solely responsible for the custody, security, and control of the device on which the Passkey is stored. Picnic has no responsibility for losses resulting from theft, loss, unauthorized access, or compromise of the User's device. 14.6.2 The User is responsible for controlling who has access to the biometrics registered on their device. Anyone whose face or fingerprint is registered on the User's device can authenticate transactions on Picnic. Picnic has no means of distinguishing between the User and authorized third parties on the device. 14.6.3 The User is responsible for managing their account in the Passkey Manager of the platform they use (Apple ID, Google account, or compatible manager). The synchronization of the Passkey between devices is a third-party functionality over which Picnic has no control. 14.6.4 The User is strongly encouraged to set up their Passkey before April 6, 2026. After this date, account access will be conditioned on the completion of the setup. The assets remain secure on the blockchain independently, but access to the Picnic interface will require the active Passkey. 14.6.5 The User is responsible for monitoring notifications sent by Picnic during the Protection Period of a recovery. Picnic will send daily notifications during the 7 days of the Protection Period. The User must immediately cancel any recovery they did not initiate. 14.6.6 The User acknowledges and accepts that the Passkey is the only transaction authorization mechanism in their Smart Wallet. The definitive loss of access to the Passkey without recovery possibility through the Recovery Guard implies the permanent loss of access to the assets. Picnic cannot intervene in this situation. USER RESPONSIBILITY: You are the sole guardian of your Passkey. Picnic cannot recover your access outside the process described in Clause 14.6. If you lose your device and your Recovery Guard at the same time, without access to the Passkey Manager, access to your assets may be permanently lost. 14.7. TECHNICAL LIMITATIONS AND PICNIC'S DISCLAIMER. 14.7.1. Picnic does not have access, does not store, and cannot recover the User's Private Key under any circumstances. This is a structural technical component, not an operational policy. 14.7.2 Picnic has no control over third-party Passkey Managers (Apple, Google, 1Password, Bitwarden, or others). Picnic is not responsible for failures, unavailability, policy changes, or discontinuation of these services that affect the User's access to their Passkey. 14.7.3 Picnic is not responsible for secure hardware failures (Secure Enclave or equivalent), operating system updates that affect the functioning of passkeys, or any other technical limitations of the User's devices. 14.7.4 Picnic is not responsible for transactions made by third parties who have gained access to the User's device, registered biometrics on the device, or the User's Passkey Manager, unless proven exclusive failure of Picnic. 14.8. ACCOUNT RECOVERY 14.8.1. The only account recovery mechanism available on Picnic is the process described in this Clause 14.8. Picnic does not offer any other recovery channel, whether through human support, administrative reset, or any other means. 14.8.2 The Recovery Guard is the Magic wallet previously linked to the User's email. After adopting passkeys, the Recovery Guard has no signing powers in the main transaction flow — it acts exclusively as a recovery mechanism in the social recovery module of the Smart Wallet. 14.8.3 To initiate a recovery, the User must: (i) Access Picnic on a new device; (ii) Authenticate with the email associated with the Account, activating the Recovery Guard; (iii) Register a new Passkey on the new device; (iv) Wait for the 7 (seven) calendar day Protection Period; (v) Confirm the activation of the new Passkey at the end of the Protection Period. 14.8.4 The 7-day Protection Period is a security protection and not an operational limitation. It exists to ensure that any unauthorized recovery attempt — such as an attempt by someone who has access to the User's email — can be detected and canceled by the legitimate User before being completed. 14.8.5 During the 7 days of the Protection Period, Picnic will send the User: (a) Immediate notification at the start of the recovery; (b) Daily reminder notifications while the process is active; (c) Final notification when the new Passkey is ready to be activated. 14.8.6 If the User receives notification of a recovery they did not initiate, they must cancel it immediately through the channel indicated in the notification. Picnic is not responsible for recoveries completed during the Protection Period where the User received notifications and did not take action to cancel. 14.8.7 If the User simultaneously loses: (a) access to the Passkey; (b) access to the Passkey Manager; and (c) access to the email associated with the Recovery Guard — account access may be permanently irrecoverable. The assets will remain on the blockchain, but there will be no technical mechanism available to authorize transactions. Picnic cannot intervene in this situation. CRITICAL ATTENTION: The email associated with your account is your safety net. Maintain access to it. If you lose your Passkey and email access at the same time, without recovery possibility via Passkey Manager, your assets may become permanently inaccessible. 14.9. DEVICE SYNCHRONIZATION. 14.9.1. Passkey synchronization between devices is a functionality provided exclusively by the User's Passkey Manager, not by Picnic. Picnic has no control over the synchronization process, its availability, or its technical requirements. 14.9.2 Picnic's passkey implementation is compatible with the following Passkey Managers, without guarantee of future availability or compatibility: (a) Apple iCloud Keychain — synchronization between Apple devices connected to the same Apple ID; (b) Google Password Manager — synchronization between Android devices and Chrome browsers connected to the same Google account; (c) WebAuthn-compatible password managers, including 1Password, Bitwarden, and Dashlane, among others; (d) Cross-platform authentication (mobile and computer) via QR Code and Bluetooth proximity. 14.9.3 In case of migration between ecosystems (e.g., from Android to iPhone), the Passkey may not be automatically transferred. In such cases, the User must use the recovery process described in Clause 14.8 to register a new Passkey on the new platform. 14.9.4 The User is responsible for ensuring that their Passkey synchronization is correctly configured on their devices. Picnic is not responsible for access failures resulting from improper configuration of the Passkey Manager. 14.10. TECHNOLOGICAL UPDATES AND CHANGES TO THE PASSKEY SYSTEM. 14.10.1. Picnic reserves the right to update, modify, or replace the passkey system described in this Clause 14 due to technological developments, security requirements, or regulatory changes, provided with adequate prior notice to the User. 14.10.2 Material changes to the authentication and signature system will be communicated to the User with a minimum of 30 (thirty) days' notice, except in cases of security urgency requiring immediate response. 14.10.3 Picnic commits to maintaining compatibility with the WebAuthn (FIDO2) standard as long as it remains the industry standard for passwordless authentication. Any change in technological standard will be communicated under the terms of Clause 14.10.2. 14.11 The User's use of the passkey functionality constitutes express acceptance of all the terms of this Clause 14, including the responsibilities assigned to the User and the limitations of Picnic's liability. 14.12. This Clause 14 should be read in conjunction with the other clauses of these Terms of Use, especially the clauses relating to Picnic's nature as a software interface, asset self-custody, and general liability limitations. 15. GENERAL PROVISIONS 15.1. The user agrees to use PICNIC's Technology Services in strict compliance with applicable laws, including anti-money laundering regulations. The user declares that the funds moved through the interface have a lawful origin. 15.2. All content, design, source code, logos, graphics, and interfaces provided by PICNIC (“Content”) are the exclusive property of PICNIC or its licensors. The use of the Platform grants the user only a limited, revocable, non-exclusive, and non-transferable license for personal use of the software. Copying, reverse engineering, or redistribution of the Content without express authorization is prohibited. 15.3. These Terms do not create any partnership, joint venture, mandate, franchise, or employment relationship between the user and PICNIC. 15.4. Tax Aspects. Due to the non-custodial nature, PICNIC does not withhold taxes at source on crypto asset transactions. The user is solely responsible for calculating, declaring, and collecting any taxes due on their capital gains from transactions facilitated by the Platform. PICNIC does not provide tax advice. 15.5. Inapplicability of "Unclaimed Property." Unlike banks or custodial exchanges, PICNIC does not hold possession of assets. Therefore, there is no "dormant account" or "unclaimed property" subject to appropriation or transfer to the State by PICNIC. If the user stops using the Platform for years, their assets will remain secure on the blockchain, accessible only by whoever holds the Private Key. 15.6. Succession and Death. PICNIC warns that due to blockchain encryption, it is not possible to transfer the deceased user's funds to heirs if they do not have the Recovery Phrase. (A) Account Access: Upon presentation of a valid Inventory or Judicial Order, PICNIC may transfer the PICNIC Account (login/access to the interface) to the executor or heir. (B) Fund Access: Transferring the login DOES NOT guarantee access to the funds if the deceased did not leave the Private Key/Password accessible to the heirs. PICNIC has no technical means to "break" the wallet's encryption to deliver values to the estate. It is the user's sole responsibility to carry out their digital succession planning. 15.7. Entire Agreement and Assignment. These Terms constitute the entire agreement between the parties. PICNIC may assign or transfer its rights and obligations under this contract (in case of merger, acquisition, or asset sale) without prior user consent, provided notification is given. 15.8. Changes to the Terms. PICNIC may change these Terms at any time. Changes will take effect on the date of their publication on the Platform. Continued use of the services after the change implies tacit acceptance. If the user does not agree, they must immediately cease using the interface. APPENDIX 1: COMMUNICATIONS AND NOTIFICATIONS POLICY 1. Considering the exclusively digital nature of the services provided by PICNIC, the user agrees and expressly authorizes the receipt of all communications, contracts, documents, legal notices, and disclosures (collectively, “Communications”) by electronic means. Communications may include, but are not limited to: (A) Terms and Policies: Updates to these Terms of Use, the Privacy Policy, and other security guidelines; (B) Account Activity: Confirmations of actions performed on the interface, viewed transaction history, security alerts, and receipts related to Additional Services (e.g., use of the PICNIC Card); (C) Legal Notices: Notifications required by tax, fiscal, or anti-money laundering regulations, when applicable to operations with partners; (D) Support: Responses to technical support requests and updates on maintenance status on the Platform. 1.1. Communications will be considered delivered and valid when: (i) published on the Platform or PICNIC's Site; (ii) sent to the email registered in the user's profile; (iii) sent via push notification in the mobile app; or (iv) transmitted via support chat or SMS. 2. PICNIC does not support communications via physical mail or paper. If the user revokes their authorization to receive electronic Communications, this will make the provision of Technology Services unfeasible. Consequently, PICNIC reserves the right to immediately terminate the user's access to the interface and the PICNIC Account, without prejudice to the user's right to continue accessing their assets directly on the blockchain (without using PICNIC software). 3. It is the user's sole responsibility to keep their email address and phone number updated and accessible. (A) The user understands and agrees that if PICNIC sends an electronic Communication to the email address on file, the communication will be considered received and delivered, even if: (i) the user's email is incorrect or outdated; (ii) the inbox is full; or (iii) the user's spam filter or firewall blocks the message. (B) The user can update their contact information at any time through the settings menu in the app or by contacting support through official channels. 4. Picnic communicates with the User exclusively through the official channels identified in the app and on the usepicnic.com site. Picnic will never ask the User, through any channel: (a) Export, share, or disclose their Passkey or Private Key; (b) Biometric data of any kind; (c) Transaction confirmation outside the official app; (d) Remote access to the User's device. 4.1. Any request received by the User — whether by email, message, social media, phone call, or any other channel — should be treated as an attempted fraud. The User should report it immediately to Picnic's official support. APPENDIX 2: COMPLIANCE POLICY 1. Although PICNIC is a non-custodial technology provider, we have an ethical and legal commitment to prevent our software from being used to facilitate illicit activities. Our policy is based on community protection and respect for global anti-money laundering (AML), combating the financing of terrorism (CFT), and economic sanctions norms. 2. PICNIC's operation is carried out through integration with licensed and regulated financial and payment infrastructure providers (including, but not limited to, electronic money issuers and fiat currency payment processors). PICNIC conducts rigorous due diligence on its suppliers ("Know Your Partner" or KYP), selecting exclusively partners that demonstrably adopt strict anti-money laundering (AML), combating the financing of terrorism (CFT), and fraud prevention controls, in compliance with global norms (including FATF/GAFI guidelines). 2.1. The User acknowledges and agrees that the PICNIC platform reflects, in real-time, the security policies and restrictions imposed by these infrastructure partners. Consequently, access to the interface or order execution may be automatically blocked or suspended in the following cases: (A) transaction execution will be prevented if the wallets or identities involved are flagged by our partners' monitoring systems as being on official sanctions lists. (B) access to services may be restricted if the User's IP address or tax residence originates from embargoed or high-risk jurisdictions classified by our partners. Using VPNs to circumvent such restrictions constitutes a serious violation of these terms. (C) transactions may be rejected if the blockchain analysis tools used by our settlement partners identify interaction with high-risk addresses. 2.2. Regardless of the automated restrictions above, PICNIC reserves the right to suspend, block, or terminate the User's account upon express request from any of its financial partners, resulting from suspicion of fraud, platform abuse, swindling, or scams. The merit analysis conducted by regulated partners will be considered valid and sufficient for decision-making by PICNIC. 3. SERVICES REQUIRING IDENTIFICATION (KYC). For functionalities that connect the crypto world to the traditional financial system (the "Additional Services"), such as the PICNIC Card, fiat-to-Crypto conversion, user identification is mandatory. In these cases: (A) The user must submit documents (photo of ID/CNPJ, selfie, etc.) directly to PICNIC's regulated partners. (B) If the partner refuses the user's registration for compliance reasons, PICNIC will automatically revoke access to that specific functionality in the app. 4. USER OBLIGATIONS. By using PICNIC software, you declare, under penalty of law, that: (A) You are not on any international sanctions or trade restriction list; (B) Your funds have a lawful origin and do not derive from criminal activities; (C) You will not use the platform to conceal assets, evade currency, or finance illegal activities. 5. CONSEQUENCES OF VIOLATION. If our systems identify a violation of this Policy or the Terms of Use, PICNIC will block access to our site and app. You will no longer be able to use our visual tool. PICNIC reserves the right to report suspicious activities to the competent authorities if illicit use of our technology is proven.

⚖️ Legal

Privacy Policy - English

Last updated: February 12, 2026 This Privacy Policy ("Policy") describes the terms and conditions under which Defi Basket Labs ("We," "Us," "Company"), a company incorporated in the British Virgin Islands (BVI), processes information and data in relation to the Picnic platform. Clause 1. Nature of the Service Picnic is a decentralized software interface. By using Picnic, you acknowledge that we are solely technology providers facilitating your direct interaction with the blockchain. We do not have custody of your assets nor do we control or intermediate transactions executed on the network. This Policy must be read together with the Picnic Terms of Use. By accepting this Policy, you consent to the data processing necessary for the technological operation of the interface and acknowledge the automatic acceptance of the privacy policies of our infrastructure partners. Clause 2. Applicable Data Protection Laws Given the decentralized nature of Picnic’s software, which resides on blockchain infrastructure rather than centralized servers, the processing of your personal data shall be governed by the data protection laws applicable in the country where you, the user, are located at the time of access. We commit to observing the principles of the LGPD (Brazil), CCPA (United States), GDPR (European Union), and the BVI Data Protection Act (DPA), as geographically applicable. Clause 3. Categories of Data Collected 3.1 Data Collected Directly by Picnic Registration data: email address and telephone number. On-chain identifiers: public wallet address. Purpose: basic user identification, support communications, account security, and technical enablement of the interface to read balances and transaction history on the network. 3.2 Data Collected By or For Infrastructure Partners KYC and compliance data: full name, identification documents (ID card, tax ID, driver’s license or equivalent), proof of address, and facial biometric verification (selfie). Purpose: compliance with Know Your Customer (KYC), Anti-Money Laundering (AML), and Counter-Terrorism Financing obligations as required by infrastructure partners. Wallet integration: in certain cases, we share your specific wallet address for technical integration and asset settlement purposes. 3.3 Technical and Browsing Data Log data: IP address (processed temporarily for geofencing and security), device type, browser version, and operating system. Purpose: performance optimization, error debugging, and access restriction in sanctioned jurisdictions. Clause 4. Use of Data We use collected data to provide services by maintaining, customizing, and improving the interface and software; to ensure security and protection by detecting, investigating, and preventing fraudulent, unlawful, or unauthorized activities; to comply with legal obligations, governmental requests, and AML regulations; and to send communications such as legal notices, terms updates, security alerts, and technical support messages electronically. Clause 5. Data Sharing with Partners The user acknowledges and accepts that the sharing of personal and transactional data between Picnic and its partners is strictly necessary to enable selected products, such as payment cards and fiat on/off-ramps. When using such services, you provide data that will be processed by partners acting as independent data controllers. Clause 6. Public Nature of Blockchain Data The user acknowledges that transactions carried out through Picnic are recorded on public blockchains. By technological design, data recorded on blockchain networks, including wallet addresses and transfer values, are immutable, transparent, and inherently public. The exercise of certain privacy rights, such as deletion or rectification, is technically impossible with respect to on-chain records. Clause 7. Circumstances for Data Sharing We may share data under the following circumstances: sharing wallet addresses with infrastructure providers and blockchain analytics services to detect and mitigate financial crime where there is reasonable suspicion involving a specific wallet or user; where strictly necessary to enable the Picnic Card, fiat conversion services, or related operations; to prevent harm to the Company or users, or in response to substantiated requests from regulated partners; and in the event of a merger, acquisition, or asset sale, provided equivalent privacy protections are maintained. Clause 8. Security Measures Picnic implements rigorous security protocols to ensure data integrity and confidentiality during communications with external partners. For most services, communication occurs exclusively between the Picnic backend and partners, meaning the user’s browser or application does not directly interact with such services. All transmissions are protected using standard transport encryption (TLS). In the case of the authentication provider Magic, the Picnic backend does not access communications between the user’s device and Magic’s servers. This interaction occurs end-to-end via TLS encryption, ensuring authentication credentials and sensitive data remain isolated from our infrastructure. Users may consult Magic’s security documentation for additional information. Clause 9. User Rights (General) As a BVI entity, we guarantee users the right to request access to personal data held by the Company. Subject to applicable law, users have rights to confirmation of processing, correction of data, and, where legally permitted, anonymization or deletion of unnecessary data. Requests must be submitted to legal@usepicnic.com . Clause 10. Information for Data Subjects in Brazil (LGPD – Law No. 13,709/2018) We process personal data based on the following legal grounds: user consent (for example, marketing communications); performance of a contract or preliminary procedures; compliance with legal obligations such as KYC and AML requirements; and legitimate interests, provided fundamental rights and freedoms are respected. Under the LGPD, users have the right to confirmation and access, correction, anonymization, blocking or deletion, data portability, and withdrawal of consent. Blockchain notice: due to blockchain immutability, on-chain data such as transaction history and wallet addresses cannot be deleted, rectified, or modified by the Company. Clause 11. Information for Data Subjects in the European Union (GDPR) We process personal data for the purposes described in Clause 4 under the following legal bases: consent, contractual necessity, legal obligation, and legitimate interests not overridden by your fundamental rights. Under the GDPR, you have the right to request access to your personal data, request rectification or erasure, object to or restrict processing, request data portability, and withdraw consent at any time. However, we cannot modify or delete information stored on blockchain networks, including transaction data, wallet addresses, or assets associated with such addresses, as these remain outside our control. To exercise GDPR rights, contact legal@usepicnic.com . Clause 12. Information for Users in the United States For users residing in the United States who utilize fiat conversion services, data processing is conducted in accordance with applicable federal and state laws. The user acknowledges and accepts that Noah US Inc. acts as the technological and regulatory partner enabling financial operations in the United States. To use these services, users must provide identity verification data directly to Noah for KYC and AML purposes. Processing of such data, including access and deletion rights subject to mandatory legal retention, is governed exclusively by Noah’s Privacy Policy available at https://noah.com/en/privacy-notice . Clause 13. Electronic Communications The user expressly agrees to receive all communications, contracts, and legal notices electronically, including terms updates, security alerts, and support communications. Clause 14. Corporate Changes and Policy Updates In the event of a merger or sale of Defi Basket Labs, data may be transferred to the successor entity under the same privacy standards established herein. This Policy may be updated periodically. Continued use of the platform following updates constitutes acceptance of the revised terms. Clause 15. Material Changes and Contact If we make material changes to this Policy, we will notify you through the Services. Continued use of the Services reflects your periodic review of this Policy and constitutes consent to its terms. If you have any questions regarding this Policy or how we collect, use, or share your information, please contact us at legal@usepicnic.com.

📊 Fees, Reports & Documents

How to Download Your Transaction History

You can now export a detailed statement of your transactions on Picnic directly from the web version. This document is ideal for organizing your finances or verifying amounts. Step-by-step Export Guide The download of the history is available through your user dashboard: 1. Log in to the web version of Picnic. 2. On the homepage, click on your profile picture in the upper right corner. 3. Click on the "Transaction History" option. 4. Click the "Export History" button. 5. Set the filters (dates, currency, and language) and click "Export". What You'll Find in the Statement When you download the file, the data will be organized in the following columns: - Date and Description: Time of the transaction and details of the establishment. - Type: Indicates whether the transaction added (Credit) or reduced (Debit) funds. - Amount in: Amount in the base currency used in the transaction. - Amount in reference currency: Equivalent amount in the selected currency (e.g., BRL). - Receipt: Clickable link to the blockchain explorer. At the end of the document, you will find sections with detailed information and explanatory notes about the statement. Frequently Asked Questions Can I export the history on my phone? Yes! Exporting is now also available in the app. To download the history via the app: 1. On the homepage, click "See All" next to History. 2. Tap the button with the downward arrow (download icon). 3. From there, follow the same steps as the web version: set the filters (dates, currency, and language) and click "Export". Does the generated file serve as a tax receipt? In the case of apps that operate with network assets (especially if they involve self-custody or DeFi protocols), the statement is a raw record. The responsibility to consolidate gains, calculate the average price, and convert to Reais (using the exchange rate on the transaction day) is solely the user's. Still need help? If you have trouble generating the file, contact our team via chat. See Also Income Tax Purchase and Refund Receipts: How to Download and Share

🔐 Security & Access

'Failed to create Candide subscription' error in the Picnic app

If you're seeing the message 'Failed to create Candide subscription' in the Picnic app when opening the home screen or when tapping 'Verify existing passkey', this article explains why it happens and shows the right way to keep using your account normally. Symptoms You open the Picnic app and, on the passkey screen, one of these behaviors appears: - An error message with the text 'Failed to create Candide subscription'. - The screen freezes when you tap 'Verify existing passkey'. - The continue button spins, goes back to the start, or shows the error above right after login. Why this happens This behavior appears when your main Picnic login is through an external wallet, such as MetaMask, Rabby Wallet or similar, rather than email login. Today, managing your account with an external-wallet login is only available on Picnic Pro, our web version at www.usepicnic.com. The passkey flow in the app was designed for accounts that sign in with email, so it can't complete when it detects an external wallet as the main login method. The 'Failed to create Candide subscription' message is an internal app notice that appears exactly in this case. Your account is active and your balances remain normal. How to fix it To access and manage your account, follow the step-by-step below on a computer: 1. Open your browser (Chrome, Edge, Brave, Firefox or Safari). 2. Go to www.usepicnic.com. 3. If you're still logged in from a previous session, log out. 4. On the login screen, choose the Wallet option. 5. Connect the same external wallet you used when you created your account (MetaMask, Rabby or another compatible wallet). 6. Once connected, you'll have access to Picnic Pro, with all of your account's features available. For now, this flow on the computer is the official path for accounts with external-wallet login. Important points - Your balances and your card remain active. The error in the app is just a flow limitation — it doesn't affect your money. - You don't need to create a new account. Signing in with your external wallet on Picnic Pro takes you to the same account you already have. - Don't try to switch login types (from external wallet to email) without talking to our support team first. That process can split balances and create unnecessary friction. Frequently asked questions Can I use the mobile app after logging in to Picnic Pro? Accounts with external-wallet login mainly use Picnic Pro on the computer, where all the account-management features live. You can keep an eye on balances from your phone's browser at www.usepicnic.com. Does the 'Failed to create Candide subscription' message mean my account is blocked? No. It's how the app signals that this specific flow doesn't apply to your type of login. Your account remains active and your balances are safe. See also - Picnic Pro: Focused on crypto and DeFi - How to log in to my Picnic account - How to access your wallet in another interface - How to recover or replace your passkey on Picnic - Using the same account on your phone and on your PC - Security and self-custody at Picnic: how your passkeys protect your account If the problem persists even after following the steps above, talk to us through the chat on the Picnic website or the chat inside the Picnic app.