Privacy Policy

Last updated

June 2, 2026

OPAL IR BVI LTD (“Opal”, “we”, “us” or “our”) operates the website at opal.co and the associated Opal platform, through which users may access certain digital asset, stablecoin, wallet-connected, balance-viewing, purchase, redemption and platform product services.

This Privacy Policy explains how we collect, use, disclose, store and protect information relating to individuals who access or use our website, platform, products, platform services or communications.

For the purposes of this Privacy Policy, “Personal Information” means information which identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with an identified or identifiable individual.

By accessing or using our website or platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you should not access or use the website or platform.

The operator of the website and platform is:

OPAL IR BVI LTD

Quijano Chambers

Road Town

Tortola

British Virgin Islands

For privacy-related enquiries, you may contact us at:

legal@opal.co

1. Scope of This Privacy Policy

This Privacy Policy applies to Personal Information processed by Opal in connection with:

your access to or use of opal.co;
your creation or use of an Opal account;
your interaction with the Opal platform;
your purchase, redemption or use of Opal products or services;
your connection of a wallet to the platform;
your participation in strategies, vaults or other platform products;
your communications with us;
our compliance, security, fraud prevention and legal obligations;
our business, operational, marketing and administrative activities.

This Privacy Policy does not apply to third-party websites, applications, wallets, protocols, blockchains, custodians, payment providers, analytics providers or other independent services that may be linked to, integrated with, or accessible from our website or platform. Those third parties may process your information in accordance with their own privacy policies and terms, and we encourage you to review those independently.

2. Information We Collect

The categories of Personal Information we may collect depend on how you interact with us.

2.1 Account Information

When you create or use an account, we may collect:

email address;
authentication credentials;
account identifiers;
account preferences;
information relating to your access to, and use of, the platform.

We do not store passwords in plain text.

2.2 Wallet and Transaction-Related Information

Where you choose to connect a wallet or interact with the platform using digital assets, we may process:

wallet addresses;
wallet connection information;
transaction hashes;
purchase and redemption records;
balance, holding and platform position information;
information required to display your holdings, transaction history, strategy participation or platform activity.

Blockchain transactions may be public, permanent and independently verifiable. Information recorded on public blockchains is not controlled by Opal and may remain publicly accessible even if you close your account or request deletion of Personal Information held by us.

2.3 Compliance and Eligibility Information

Where necessary for compliance, sanctions, fraud prevention, anti-money laundering, eligibility, legal or risk-management purposes, we may collect or process information required to satisfy our internal policies, applicable laws, legal requirements or third-party service provider requirements.

This may include information relating to:

identity, eligibility or account verification;
sanctions or restricted-party screening;
fraud, abuse or suspicious activity prevention;
source of funds or similar compliance information, where required;
corporate or business account verification, where applicable;
legal, tax, accounting, regulatory or dispute-related matters.

We aim to collect only the information reasonably required for the relevant purpose.

2.4 Communications Information

If you contact us, subscribe to updates, participate in investor or platform communications, or otherwise communicate with us, we may collect:

your name, where provided;
email address;
company or role, where provided;
the content of your communications;
preferences relating to communications or marketing;
records of our interactions with you.

2.5 Technical and Usage Information

When you access the website or platform, we may collect limited technical information necessary to operate, secure and improve the website and platform, including:

IP address;
device type;
browser type and version;
operating system;
approximate location derived from technical data;
log data;
session information;
error reports;
security and authentication information.

At present, we intend to use only strictly necessary cookies and similar technologies unless and until additional analytics or optional cookies are introduced in accordance with this Privacy Policy.

3. How We Collect Information

We may collect Personal Information:

directly from you when you create an account, contact us, subscribe to communications, connect a wallet, make a purchase, request a redemption or use the platform;
automatically when you access or use the website or platform;
from connected wallets, blockchain networks or transaction records where relevant to your use of the platform;
from service providers assisting us with hosting, security, compliance, communications or platform operations;
from public sources or third-party providers where necessary for compliance, fraud prevention, sanctions, security or legal purposes.

4. How We Use Personal Information

We may use Personal Information for the following purposes:

4.1 Platform Operation

To:

create, administer and secure user accounts;
enable access to the website and platform;
process purchases, transfers, redemptions and related platform activity, where applicable;
display holdings, balances, transaction history and strategy participation;
provide user support;
maintain platform functionality, reliability and availability;
communicate with you regarding your account or platform activity.

4.2 Compliance, Risk and Security

To:

conduct compliance, eligibility, sanctions, fraud prevention, anti-money laundering and risk-management checks;
monitor for suspicious, unlawful, abusive or prohibited activity;
protect the integrity and security of the website, platform, users and our business;
delay, restrict or decline certain activity where necessary for compliance, security, fraud prevention or legal reasons;
comply with applicable law, court orders, lawful requests or legal processes;
establish, exercise or defend legal rights.

4.3 Business and Administrative Purposes

To:

operate and improve our business;
maintain internal records;
conduct audits and quality assurance;
develop, test and improve products and services;
understand platform usage and performance;
manage relationships with users, service providers, advisers and counterparties;
support corporate transactions, restructuring, financing, asset sales or similar business events.

4.4 Communications and Marketing

From time to time, we may use your contact information to send:

platform updates;
product announcements;
investor or business communications;
newsletters;
operational or administrative notices;
other information relating to Opal, our products or services.

You may opt out of non-essential marketing communications at any time by following the unsubscribe instructions in the relevant communication or by contacting us at legal@opal.co.

Even if you opt out of marketing communications, we may still send you important administrative, security, legal, transactional or service-related communications.

5. Legal Basis and Processing Principles

We process Personal Information only where we have a lawful or legitimate basis to do so. Depending on the circumstances and applicable law, this may include processing because:

it is necessary to provide the website, platform or services;
it is necessary to perform or administer our relationship with you;
it is necessary for compliance, sanctions, anti-money laundering, fraud prevention, tax, accounting, security or legal purposes;
it is necessary to protect our legitimate business interests, users, platform, systems or legal rights;
you have consented to the processing;
it is otherwise permitted or required by applicable law.

We seek to process Personal Information fairly, lawfully, transparently and only to the extent reasonably necessary for the purposes described in this Privacy Policy.

6. Disclosure of Personal Information

We do not sell Personal Information.

We may disclose Personal Information only where reasonably necessary for the purposes described in this Privacy Policy, including to the following categories of recipients:

6.1 Service Providers

We may share Personal Information with third-party service providers who support our business and platform, including:

cloud hosting and infrastructure providers;
database, storage and security providers;
wallet infrastructure or blockchain service providers;
compliance, sanctions, fraud prevention and risk-management providers;
communications and email providers;
analytics providers, where implemented;
customer support and operational service providers;
legal, accounting, tax, audit, insurance and professional advisers.

Such providers are expected to process Personal Information only as necessary to provide services to us and subject to appropriate contractual, confidentiality and data protection obligations.

6.2 Compliance, Legal and Regulatory Recipients

We may disclose Personal Information where we believe it is necessary or appropriate to:

comply with applicable law or legal process;
respond to lawful requests from courts, regulators, law enforcement agencies or public authorities;
satisfy sanctions, anti-money laundering, fraud prevention or similar compliance requirements;
investigate or prevent unlawful, abusive, fraudulent or prohibited activity;
enforce our rights, agreements, policies or platform rules;
protect the rights, property, privacy, security or safety of Opal, users, counterparties or others.

6.3 Business Transactions

We may disclose or transfer Personal Information in connection with any proposed or actual financing, investment, merger, acquisition, reorganisation, restructuring, sale, transfer or other disposition of all or part of our business, assets, shares or operations.

7. Cookies and Similar Technologies

We may use cookies and similar technologies to operate the website and platform, maintain security, support authentication and improve functionality.

7.1 Strictly Necessary Cookies

Strictly necessary cookies and similar technologies may be used to:

enable core website and platform functionality;
maintain login sessions;
support account security;
prevent fraud or abuse;
remember essential preferences;
monitor service availability and technical performance.

These technologies are necessary for the website and platform to function and cannot generally be disabled through our systems.

7.2 Optional Cookies and Analytics

We do not currently intend to use non-essential advertising cookies or cross-context behavioural advertising technologies on the website.

If we introduce optional analytics, performance, advertising or similar technologies, we will provide appropriate information and, where required by applicable law, obtain consent or provide relevant preference controls.

7.3 Managing Cookies

Most browsers allow you to block, delete or manage cookies through browser settings. If you disable certain cookies, parts of the website or platform may not function properly.

8. International Processing and Transfers

Opal is a British Virgin Islands company. Our service providers, infrastructure, advisers, personnel and counterparties may be located in various jurisdictions.

Accordingly, Personal Information may be stored, accessed or processed outside your country of residence, including in jurisdictions that may not provide the same level of data protection as your home jurisdiction.

Where required by applicable law, we will take appropriate steps to protect Personal Information transferred internationally, which may include contractual safeguards, operational controls and other lawful transfer mechanisms.

9. Data Retention

We retain Personal Information for as long as reasonably necessary for the purposes for which it was collected, including to provide the website and platform, administer accounts, comply with legal and compliance obligations, resolve disputes, prevent fraud and enforce our rights.

The criteria used to determine retention periods include:

the duration of our relationship with you;
the nature of the relevant information;
legal, regulatory, sanctions, anti-money laundering, tax, accounting and audit requirements;
fraud prevention and security requirements;
limitation periods for claims or disputes;
whether retention is necessary to establish, exercise or defend legal rights.

Where information is no longer required, we will delete, anonymise or otherwise securely handle it in accordance with applicable law and internal policies.

Please note that certain information, including blockchain transaction data, may remain publicly available on public blockchains and may not be capable of deletion by Opal.

10. Information Security

We use reasonable technical, organisational and administrative measures designed to protect Personal Information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

These measures may include access controls, encryption, secure infrastructure, monitoring, authentication controls, internal policies and service provider diligence.

However, no method of transmission, processing or storage is completely secure. We cannot guarantee that Personal Information will be absolutely secure. If you believe your interaction with us is no longer secure, please contact us immediately at legal@opal.co.

11. Your Responsibilities

You are responsible for maintaining the confidentiality of your account credentials, securing your devices and wallets, and ensuring that any information you provide to us is accurate, complete and up to date.

If you provide Personal Information relating to another individual, you confirm that you have authority to do so and, where required, have provided that individual with appropriate notice of this Privacy Policy.

12. Your Rights

Subject to applicable law, you may have certain rights in relation to the Personal Information we hold about you. These may include rights to:

request access to your Personal Information;
request correction of inaccurate or incomplete Personal Information;
request deletion of Personal Information;
object to or restrict certain processing;
withdraw consent where processing is based on consent
request information about how your Personal Information has been used or disclosed;
request portability of certain Personal Information;
lodge a complaint with a competent data protection authority.

We will respond to valid requests in accordance with applicable law.

We may need to verify your identity before responding to a request. We may refuse, limit or defer a request where permitted or required by law, including where retention or processing is necessary for compliance, sanctions, anti-money laundering, fraud prevention, tax, accounting, security, dispute resolution, legal or platform integrity purposes.

You may exercise privacy rights by contacting us at:

legal@opal.co

13. Sensitive Information

We ask that you do not provide sensitive Personal Information unless specifically requested by us or required for compliance, security, legal or platform purposes.

Where sensitive or higher-risk information is required, including information relating to identity verification, sanctions screening, fraud prevention, source of funds or similar compliance information, corporate verification or similar compliance matters, we will process such information only to the extent reasonably necessary and in accordance with this Privacy Policy and applicable law.

14. Third-Party Websites, Wallets and Services

The website or platform may contain links to, integrations with, or functionality provided by third-party websites, wallets, protocols, infrastructure providers, blockchains, service providers or applications.

We are not responsible for the privacy, security or information practices of third parties acting independently of Opal. Your use of third-party services is subject to the relevant third party’s own terms and privacy policies.

Connecting a wallet or interacting with a blockchain may involve disclosure of information to third-party wallet providers, blockchain networks, node operators, analytics providers or other infrastructure participants. Such activity may be public, irreversible and outside Opal’s control.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

The “Last Updated” date at the top of this Privacy Policy indicates when it was last revised. Any changes will become effective when the revised Privacy Policy is posted on the website, unless otherwise stated.

Your continued use of the website or platform after any update means that you acknowledge the revised Privacy Policy.

16. Governing Law

This Privacy Policy and any dispute or claim arising out of or in connection with it, including non-contractual disputes or claims, shall be governed by and construed in accordance with the laws of England and Wales, unless mandatory applicable law requires otherwise.

17. Contact

If you have any questions, concerns or requests regarding this Privacy Policy or the way we handle Personal Information, please contact us at: