Privacy Policy

Last Updated: December 2025

1. Introduction

OpenHouse Technologies LTD ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

We are committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: OpenHouse Technologies LTD Company Number: 16575062 Registered Address: 106 Flat 6, Lower Road, Hullbridge, Hockley, England, SS5 6DD Data Protection Contact: dpo@openhouse.finance

2. Information We Collect

2.1 Information You Provide

• Identity Information: Full name, date of birth, nationality

• Contact Information: Email address, phone number, postal address

• Identity Documents: Passport, driving licence, proof of address (for KYC)

• Financial Information: Source of funds declarations

• Wallet Information: Public wallet addresses

2.2 Information Collected Automatically

• Device Information: Browser type, operating system, device identifiers

• Usage Information: Pages visited, features used, transaction history

• Location Information: IP address, approximate location

• Blockchain Data: Transaction hashes, wallet balances (publicly available on-chain)

2.3 Information from Third Parties

• KYC Provider: Identity verification results from Persona

• Payment Processors: Transaction data from MoonPay

• Authentication Provider: Login and wallet data from Privy

3. How We Use Your Information

We use your information for the following purposes:

Purpose	Legal Basis
Provide and maintain the Platform	Contract performance
Process transactions	Contract performance
Verify your identity (KYC/AML)	Legal obligation
Prevent fraud and money laundering	Legal obligation
Send service communications	Contract performance
Send marketing (with consent)	Consent
Improve our services	Legitimate interest
Comply with legal requirements	Legal obligation
Respond to legal requests	Legal obligation

4. Data Sharing

We may share your information with:

4.1 Service Providers

• Privy: Authentication and embedded wallet services

• Supabase: Database hosting and storage

• MoonPay: Fiat-to-crypto payment processing

• Persona: Identity verification (KYC)

• Google Analytics: Website analytics (with your consent)

• Cloud hosting providers: Infrastructure services

4.2 Legal Requirements

We may disclose information to:

• Law enforcement agencies

• Regulatory authorities (including the FCA)

• Courts or tribunals

• As required by applicable law

4.3 Business Transfers

In connection with any merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. International Transfers

Your data may be transferred outside the UK/EEA to process transactions on blockchain networks and to our service providers. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)

• Adequacy decisions where applicable

• Other approved transfer mechanisms

6. Data Retention

We retain your information for the following periods:

Data Type	Retention Period
Account information	Duration of account + 7 years
Transaction records	7 years (regulatory requirement)
KYC documents	7 years after relationship ends
Marketing preferences	Until consent withdrawn
Technical logs	90 days

7. Your Rights

Under UK GDPR, you have the right to:

• Access: Request a copy of your personal data

• Rectification: Correct inaccurate data

• Erasure: Request deletion (subject to legal retention requirements)

• Restriction: Limit how we process your data

• Portability: Receive your data in a portable format

• Object: Object to processing based on legitimate interests

• Withdraw Consent: Where processing is based on consent

To exercise these rights, contact: dpo@openhouse.finance

We will respond within one month of receiving your request.

8. Security

We implement appropriate technical and organisational measures including:

• Encryption of data in transit and at rest

• Access controls and authentication

• Regular security assessments

• Staff training on data protection

• Incident response procedures

9. Cookies

We use cookies and similar technologies. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

Essential cookies are necessary for the Platform to function and cannot be disabled.

Analytics cookies (Google Analytics) are only set with your consent and help us understand how visitors use our Platform.

You can manage your cookie preferences at any time via the "Cookie Settings" link in our website footer.

10. Children

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or Platform announcement. The "Last Updated" date at the top indicates when revisions were made.

12. Contact & Complaints

Data Protection Contact: dpo@openhouse.finance General Enquiries: hello@openhouse.finance Postal Address: 106 Flat 6, Lower Road, Hullbridge, Hockley, England, SS5 6DD

If you are unsatisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk

• Helpline: 0303 123 1113