Privacy Policy

Liminal, operated by Grey(H)edge Ltd (a company incorporated in the British Virgin Islands), is dedicated to respecting your privacy and minimizing the collection of personal information. We only gather data when it is necessary for service functionality, communication, security, or legal compliance. This Privacy Policy describes how we collect, use, protect, and disclose personal data through our website and services, including Liminal Customized and Liminal Tokenized.

This Privacy Policy may be revised at the Company's discretion at any time. Material changes will be noted with an updated date at the top of this page. Your continued use of the Services after any modifications to this Policy constitutes your acceptance of the revised terms. We encourage you to review this Policy periodically.

Key terms used in this Policy:

• Appropriate Safeguards: Technical and organizational measures implemented to protect personal data during international transfers
• Data Controller: The entity that determines the purposes and means of processing personal data. Grey(H)edge Ltd serves as the Data Controller for the Services
• Data Protection Laws: Applicable data privacy legislation, including the British Virgin Islands Data Protection Act and other relevant regulations
• Data Subject: An identified or identifiable natural person whose personal data is being processed
• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction

A. Personal Data You Provide Directly

• Digital wallet addresses and publicly accessible blockchain activity
• Communications with the Company (support inquiries, feedback)
• Marketing and communication preferences
• Promotion, survey, and contest participation data
• Any other data voluntarily disclosed at the time of collection

Note: We do not typically require sensitive personal data (such as health information, religious beliefs, or biometric data). However, if such data is provided, it will be processed in accordance with this Policy.

B. Personal Data Collected Automatically

• Device information (type, operating system, IP address, approximate location)
• Online activity data (pages viewed, session duration, navigation paths)
• Email engagement tracking (opens, clicks) for marketing communications
• Browser type, timestamps, clickstream data
• Transactional information related to your use of the Services

C. Personal Data from Other Sources

• Public sources (public records, social media profiles, blockchain data)
• Partner organizations (marketing partners, development partners, software providers)
• Third-party services (social login providers, wallet connection services)

We process personal data for the following purposes:

• Service delivery and operations: Providing and maintaining the Services, implementing security features, sending service announcements, and providing customer support
• Service personalization: Understanding user needs, customizing the experience, and remembering user preferences
• Service improvement and analytics: Analyzing usage patterns, developing new features, and improving existing services
• Marketing: Sending direct communications personalized to user interests (with appropriate consent)
• Events, promotions, and contests: Administering participation and communicating with participants
• Compliance and protection: Meeting legal obligations, preventing fraud, and protecting the rights and safety of users and the Company
• Further uses: When processing is necessary for purposes compatible with those listed above, or with your additional consent

We rely on the following legal bases for processing your personal data:

• Consent: Where you have given clear agreement for us to process your personal data for a specific purpose
• Contractual Necessity: Where processing is required to fulfill our obligations under a contract with you, or to take steps at your request prior to entering into a contract
• Compliance with Legal Obligations: Where processing is necessary to comply with applicable laws and regulations
• Vital Interests: Where processing is necessary to protect the health or safety of any individual
• Public or Legitimate Interests: Where processing is necessary for our legitimate interests or the interests of a third party, provided these interests do not override your fundamental rights and freedoms

Processing may be supported by more than one legal basis simultaneously.

We may share your personal data with the following categories of recipients:

• Third-party blockchain networks, decentralized applications, and wallet providers (as necessary for service functionality)
• Service providers (analytics, payment processing, security, cloud storage, and hosting)
• Affiliated entities within our corporate group
• Professional advisors (auditors, lawyers, accountants, and consultants)
• Parties involved in business transactions (mergers, acquisitions, asset sales, or liquidation proceedings)
• Parties to whom you have directed or requested disclosure
• Law enforcement and regulatory bodies (as required by applicable law or legal process)

The Services may contain links to or integrations with third-party platforms, websites, and wallet providers that are not controlled by the Company. Wallet transactions are governed by the privacy policies of the respective wallet providers. The Company disclaims liability for the data handling practices of third-party services. We encourage you to review the privacy policies of any third-party services before engaging with them.

We employ the following tracking technologies:

• Cookies: Both session and persistent cookies, including first-party and third-party cookies, to facilitate site functionality and analytics
• Local Storage: HTML5 local storage and similar technologies for maintaining user preferences
• Web Beacons: Pixel tags and similar technologies to track access and engagement with our Services
• Software Development Kits (SDKs): Third-party code integrated into our Services for analytics, feature enhancement, and service improvement

Your Options

You may manage cookie preferences through your browser settings. Please note that disabling cookies may affect the functionality of certain features. You may also opt out of specific tracking through Google Analytics opt-out tools and Google Ads settings. While we note your 'Do Not Track' browser signals, our site is not currently designed to respond to them.

The Services are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If a parent or guardian becomes aware that their child has provided personal data to us without consent, they should contact us immediately so we can take appropriate steps.

Your personal data may be transferred to, processed in, and stored in jurisdictions outside your country of residence that may have different data protection laws. For transfers of personal data originating in the European Economic Area (EEA), Switzerland, or the United Kingdom to countries that do not provide an adequate level of data protection, we implement appropriate safeguards, including EU Standard Contractual Clauses, to ensure your data remains protected.

We retain your personal data for as long as you continue to use the Services, or as long as necessary to fulfill the purposes described in this Policy. This includes retention for service provision, dispute resolution, audit requirements, legal defense, and compliance with legal obligations. In determining the appropriate retention period, we consider the nature and sensitivity of the data, applicable legal requirements, and whether the original purpose of collection has been achieved.

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no security measures are completely impenetrable, and we cannot guarantee absolute security. In the event of a data breach, we will notify affected individuals within five (5) days, unless applicable Data Protection Laws specify a different notification timeframe.

Subject to applicable data protection laws, you have the following rights:

• Right to information regarding how your personal data is processed
• Right to request access to your personal data
• Right to request correction or rectification of inaccurate data
• Right to request cessation or restriction of processing
• Right to request deletion of your personal data
• Right to opt out of direct marketing communications

Residents of the United Kingdom and European Union may have additional rights under the General Data Protection Regulation (GDPR). All requests will be processed in accordance with applicable data protection laws.

Grey(H)edge Ltd serves as the Data Controller for the purposes of this Privacy Policy. If you have questions, concerns, or wish to exercise your data subject rights, please contact us at: [email protected]