Opincur
OPINDEXOPIN.ARTTOKENOMICSWHITE PAPERCONTACT
OPINCUR HUB / PRIVACY POLICY

Effective Date: 14 April 2026

Data Controller: MONOLITH LABS LTD

Company Number: 17154388 | ICO Registration: ZC126753

Registered Address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ

Contact: info@monolithlabs.uk

1. Introduction

MONOLITH LABS LTD (the "Company", "we", or "us") operates the OPINCUR HUB application (the "Application"). This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) as incorporated into UK law by the European Union (Withdrawal) Act 2018, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

This Privacy Policy forms an inseparable part of the OPINCUR HUB End User License Agreement and Terms of Service. By using the Application, you accept both this Privacy Policy and the Terms of Service.

2. Data We Do Not Collect

Because OPINCUR HUB is not a cryptocurrency wallet and does not interact with blockchain transaction signing, the Company does not collect, store, or have access to private keys, seed phrases, or wallet passwords; digital asset balances or transaction signing data; or any data from your OPINDEX Wallet, which is a separate product governed by its own privacy policy.

3. Data We Collect and Why

3.1. OAuth Authentication Data. Login to the Application is provided exclusively via OAuth providers (Apple Sign-In, Google Sign-In, Facebook Login). Upon authentication, we receive and process the following data from your chosen provider, strictly as necessary to create and maintain your account: your OAuth provider's unique user identifier (Profile ID); your public display name or first name as provided by the OAuth provider; and your email address as provided by the OAuth provider, used solely for account identification and cross-device synchronisation. We do not receive or store your OAuth provider password. We do not have access to any data beyond what is described above.

3.2. User-Generated Profile Data. Upon onboarding, you create a unique nickname which serves as your ecosystem identifier and referral code. This nickname is stored and associated with your account.

3.3. CIO Points and Activity Data. We collect and store data relating to your ecosystem activity, including your CIO Points balance, accrual history, transfer history, community network structure (your referral chain up to five tiers), and login timestamps. This data is necessary to operate the loyalty assessment system described in the Terms of Service.

3.4. Device and Technical Data. We collect standard technical data including device type, operating system version, Application version, IP address, and time zone. This data is used for security, fraud prevention, and Application performance purposes.

3.5. Usage and Analytics Data. We collect anonymised data regarding how you interact with the Application — including screens visited, features used, and error logs — for the purpose of improving Application performance and user experience.

3.6. Advertising Data. As described in Section 5 below, third-party advertising networks integrated into the Application may collect data about your device and interactions for the purpose of serving targeted advertisements, subject to your consent where required by PECR and UK GDPR.

4. Legal Bases for Processing

The Company processes your personal data only where a valid legal basis exists under UK GDPR.

OAuth account data, your nickname and profile, and CIO Points and activity data are all processed on the basis of contractual necessity pursuant to Article 6(1)(b) UK GDPR — this processing is required to provide the Application's core functionality.

Device and technical data is processed on the basis of the Company's legitimate interests in maintaining security and preventing fraud, pursuant to Article 6(1)(f) UK GDPR.

Usage and analytics data is processed on the basis of the Company's legitimate interests in improving the Application's performance and user experience, pursuant to Article 6(1)(f) UK GDPR.

Personalised advertising data is processed on the basis of your consent pursuant to Article 6(1)(a) UK GDPR and PECR. Contextual advertising (where no tracking is involved) is processed on the basis of the Company's legitimate interests pursuant to Article 6(1)(f) UK GDPR.

5. Third-Party Advertising Networks and Tracking Consent

5.1. The Application is supported by third-party advertising networks including, without limitation, Meta Ads (Facebook and Instagram) and AppLovin. These networks may use cookies, mobile advertising identifiers (such as IDFA on iOS and GAID on Android), and similar tracking technologies to serve personalised advertisements based on your prior activity within the Application and across other platforms.

5.2. Consent Requirement. In accordance with PECR and UK GDPR, personalised advertising tracking requires your prior consent. Upon first use of the Application, you will be presented with a consent request for tracking in accordance with Apple's App Tracking Transparency (ATT) framework on iOS and equivalent mechanisms on other platforms. You may withdraw your consent at any time through your device settings.

5.3. Effect of Declining. If you decline tracking consent, you will continue to receive advertisements within the Application, but these will be contextual rather than personalised. Declining tracking consent does not affect your access to the Application's core features.

5.4. Third-Party Data Practices. Each advertising network processes data in accordance with its own privacy policy. The Company does not control and is not responsible for the data practices of third-party advertising networks. You are encouraged to review the privacy policies of Meta and AppLovin directly.

5.5. Proprietary Ad Network. The Company may operate its own advertising service within the Application as described in the Terms of Service. Data processed in connection with the Company's proprietary advertising activity is processed on the basis of the Company's legitimate interests in promoting its ecosystem products.

6. Sharing Data With Third Parties

The Company does not sell your personal data. Data is shared only with the following categories of trusted third parties.

OAuth providers — Apple Inc., Google LLC, and Meta Platforms Inc. — act as authentication providers. Their data practices are governed by their own privacy policies. Infrastructure and security providers, including Cloudflare and our hosting providers, process technical data as data processors bound by data processing agreements that prohibit the use of your data for their own commercial purposes. Advertising networks — Meta Ads and AppLovin — receive data subject to your tracking consent as described in Section 5. Legal authorities may receive your Technical Data if strictly required by a valid court order or under applicable UK law.

7. International Data Transfers

Your personal data may be processed outside the United Kingdom — including by OAuth providers and advertising networks based in the United States. Wherever data is transferred outside the UK, the Company ensures appropriate safeguards are in place, including the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses, to ensure your data receives equivalent protection regardless of its physical location.

8. Data Retention

The Company retains your personal data only for as long as is strictly necessary for the purposes described in this Policy.

Account and profile data, together with CIO Points and activity data, are retained for the duration of your account plus 30 days following account deletion. Technical and security logs are retained for a maximum of 90 days. Anonymised analytics data is retained for a maximum of 12 months. Advertising consent records are retained for as long as required by applicable law.

9. Your Rights — Including Account Deletion

Under UK GDPR, you have the following rights in respect of your personal data.

Right of Access: You may request a copy of the personal data we hold about you.

Right to Rectification: You may request correction of inaccurate personal data.

Right to Erasure (Account Deletion): You have the right to request deletion of your account and associated personal data. To exercise this right, navigate to Settings → Account → Delete Account within the Application. Upon confirmation, your account and associated personal data will be permanently deleted within 30 days. Please note that your CIO Points balance and community network data will be permanently and irrecoverably destroyed upon account deletion. This action cannot be undone.

Right to Restriction: You may request restriction of processing of your personal data in certain circumstances.

Right to Object: You may object to processing based on legitimate interests.

Right to Withdraw Consent: You may withdraw consent for personalised advertising tracking at any time through your device settings, without affecting the lawfulness of processing prior to withdrawal.

To exercise any of the above rights other than account deletion, which is available in-app, please contact: info@monolithlabs.uk

10. Children's Privacy

The Application is strictly intended for individuals aged 18 and over in accordance with the Terms of Service. The Company does not knowingly collect personal data from any person under the age of 18. If the Company becomes aware that it has inadvertently collected data from a minor, it will immediately delete such data.

11. Security

The Company implements reasonable technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. However, no digital system is completely secure. You use the Application at your own risk and are responsible for maintaining the security of your device and OAuth account credentials.

12. The Information Commissioner's Office (ICO)

If you believe the Company has mishandled your personal data, you have the right to lodge a complaint at any time with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, at www.ico.org.uk (ICO Registration Number: ZC126753). The Company welcomes the opportunity to address your concerns directly. Please contact info@monolithlabs.uk in the first instance.

13. Changes to This Privacy Policy

The Company reserves the right to update this Privacy Policy to reflect changes in applicable law, regulatory guidance, or the Application's features. Material changes will be communicated via an in-application notification. The Effective Date at the top of this document will be updated to reflect any amendments. Continued use of the Application following notification of any material change constitutes your acknowledgment of the revised Policy.

© 2026 MONOLITH LABS LTD. All rights reserved. Company Number: 17154388. ICO Registration: ZC126753. Registered in England and Wales.

Contact: info@monolithlabs.uk