Privacy Policy

Last Updated: July 10, 2026

1. Introduction; Who We Are

This Privacy Policy ("Policy") describes how Aspect Blockchain Holdings, Inc., a Delaware corporation, and its subsidiaries, including Aspect Blockchain LLC, a Texas limited liability company, and Aspect Blockchain UK Limited, a company registered in England and Wales (collectively, "Aspect Blockchain," "we," "us," or "our"), collect, use, disclose, retain, and protect personal information in connection with the website at aspectblockchain.com (the "Site") and our related business activities across the United States, & United Kingdom (together, the "Services").

Data controllers. For personal data collected in connection with our United Kingdom operations, or from individuals in the United Kingdom or European Economic Area, the data controller is Aspect Blockchain UK Limited. For personal data collected in connection with our United States operations, the responsible entity is Aspect Blockchain LLC, with Aspect Blockchain Holdings, Inc. acting as controller for group-level administration, treasury, and corporate functions. Where two or more group entities jointly determine the purposes and means of a given processing activity, they act as joint controllers under intercompany arrangements, and you may exercise your rights against any of them through the contact details in Section 18.

This Policy is provided as a notice of our practices. It does not form part of any contract, and your use of the Site is not conditioned on agreement to it. Your use of the Site is governed by our Terms of Service.

2. Scope

This Policy applies to personal information we process in connection with: visitors to the Site; individuals who contact us by email, telephone, web form, or other means; individuals who register for or attend our events, conferences, or sponsored activities; and individuals acting on behalf of clients, prospective clients, suppliers, introducers, carriers, and other business partners.

This Policy does not apply to: anonymized or aggregated data that cannot reasonably be used to identify you; personal information of employees, contractors, and job applicants, which is covered by separate internal notices; or information collected by third parties operating independently of Aspect Blockchain, including third-party websites linked from the Site.

3. Personal Information We Collect

Categories we collect. Depending on your interaction with us, we collect the following categories of personal information:

  • Identifiers and contact data: name, company name, professional title, business and postal address, email address, and telephone number.
  • Commercial and transactional data: records of inquiries, quotations, contracts, purchases, hosting and logistics arrangements, billing and payment details, bank account details provided for settlement, and transaction histories.
  • Due diligence and compliance data: identity verification information, business registration details, beneficial ownership information, and sanctions and adverse-media screening results, collected where appropriate to the relationship.
  • Communications data: the contents of correspondence, call notes, and meeting records exchanged with our representatives.
  • Technical and usage data: IP address, device identifiers, browser type and version, operating system, referral source, pages visited, timestamps, approximate location derived from IP address, and session activity data.
  • Event and marketing data: event registrations, attendance records, marketing preferences, and engagement with our communications.

Sources. We collect personal information directly from you; automatically through your use of the Site (see Section 7); from your organization, where you act on its behalf; from introductions made by existing clients and partners; from publicly available sources, professional directories, and event organizers; and from screening, verification, and analytics providers acting on our instructions.

Sensitive information. We do not seek to collect, and ask that you do not provide, special category data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data) or other sensitive personal information, except where required for compliance screening and permitted by law. We do not knowingly collect personal information from individuals under eighteen years of age.

4. How We Use Personal Information; Lawful Bases

We use personal information for the purposes set out below. Where the UK GDPR or EU GDPR applies, the lawful basis for each purpose under Article 6 is identified. Where we rely on legitimate interests, we have assessed that our interests are not overridden by your interests, rights, and freedoms; you may request further information about these assessments using the contact details in Section 18.

Responding to inquiries and managing relationships. To respond to inquiries, provide and administer our Services, and manage client, supplier, introducer, and partner relationships throughout their lifecycle. Lawful bases: performance of a contract, or steps taken at your request before entering into a contract; legitimate interests in operating and developing our business.

Billing, payments, and receivables. To invoice, process payments, administer accounts, maintain financial records, and pursue amounts owed to us, including through third-party collection partners. Lawful bases: performance of a contract; legal obligation, in respect of statutory record-keeping; legitimate interests in recovering sums due.

Due diligence and financial-crime prevention. To conduct know-your-client checks, sanctions and restricted-party screening, and other due diligence appropriate to our industry and counterparties. Lawful bases: legal obligation; legitimate interests in preventing fraud, sanctions breaches, and financial crime.

Marketing and business development. To send information about our services, events, and industry developments to business contacts, and to measure engagement with those communications. Lawful bases: legitimate interests in marketing our services to business contacts; consent, where required by applicable law.

Events. To administer registrations, manage attendance, and follow up after events we host or sponsor. Lawful bases: performance of a contract; legitimate interests in organizing and promoting our events.

Site operation, security, and analytics. To operate, maintain, secure, and improve the Site; to authenticate access to restricted areas; to detect, investigate, and prevent misuse, fraud, and security incidents; and to analyze how the Site is used. Lawful bases: legitimate interests in running a secure and effective website; consent, for non-essential cookies where required by law.

Corporate transactions and group administration. To administer our group structure, financing, audit, insurance, and any actual or contemplated merger, acquisition, reorganization, or asset sale. Lawful bases: legitimate interests in the administration and strategic development of our group; legal obligation, where applicable.

Legal compliance and claims. To comply with applicable laws, regulations, and lawful requests from authorities, and to establish, exercise, or defend legal claims. Lawful bases: legal obligation; legitimate interests in protecting our rights, assets, and users.

We do not sell, rent, or otherwise monetize personal information. We do not use personal information for automated decision-making, including profiling, that produces legal or similarly significant effects concerning you.

5. Marketing Communications

Where we send marketing communications, we do so to business contacts in reliance on legitimate interests, or with your consent where applicable law requires it. Every marketing email we send includes a functioning unsubscribe mechanism, and you may opt out at any time by using that mechanism or by contacting us at inquiries@aspectblockchain.com. We will action opt-out requests promptly and in any event within the timeframes required by applicable law. Opting out of marketing does not affect service communications that are necessary to administer an existing relationship, such as invoices, contractual notices, security alerts, or logistics and shipment updates.

6. Disclosure of Personal Information

We disclose personal information to the following categories of recipients, in each case limited to what is necessary for the relevant purpose:

  • Group companies. Aspect Blockchain Holdings, Inc. and its subsidiaries share personal information among themselves for the purposes described in this Policy, subject to intercompany data-protection arrangements.
  • Service providers and processors. Providers of cloud hosting and data storage, IT support and device management, website hosting and analytics, payment processing and banking, customer relationship management, email and communications, marketing distribution, debt collection, identity and sanctions screening, and shipping and logistics services. These parties are bound by contractual obligations to protect the confidentiality and security of personal information, to process it only on our documented instructions, and to use it solely for the purposes for which it was disclosed.
  • Professional advisers. Legal counsel, accountants, auditors, insurers, and other professional advisers, where necessary to obtain advice, maintain insurance, or protect our interests.
  • Authorities and legal process. Courts, regulators, tax authorities, law enforcement, and other public authorities, where disclosure is required by law, in response to valid legal process, or where reasonably necessary to protect the rights, property, or safety of Aspect Blockchain, our clients, or others.
  • Corporate transaction counterparties. In connection with any actual or contemplated merger, acquisition, financing, reorganization, or sale of assets, prospective counterparties and their advisers, subject to appropriate confidentiality protections, with personal information transferred as part of any completed transaction.

We require all third-party recipients to respect the security of personal information and to treat it in accordance with applicable law.

7. Cookies and Similar Technologies

The Site uses cookies, pixels, and similar technologies in the following categories:

  • Strictly necessary cookies, which are required for the Site to function and cannot be switched off in our systems. These are set without consent, as permitted by applicable law.
  • Analytics and performance cookies, which help us understand how visitors use the Site so that we can measure and improve performance. Where applicable law, including the UK Privacy and Electronic Communications Regulations, requires consent for these technologies, they are deployed only after you have given consent through the Site's cookie controls, and you may withdraw that consent at any time through the same controls.

We use third-party analytics providers, such as Google Analytics, which process information including IP addresses, device information, and usage patterns on our behalf; their processing is subject to their own privacy documentation and to the safeguards described in this Policy. You can also manage or delete cookies through your browser settings, though some Site features may not function properly if cookies are disabled.

Do Not Track and Global Privacy Control. Where required by applicable law, we treat a recognized opt-out preference signal, such as the Global Privacy Control, as a valid request to opt out of any processing to which such signals lawfully apply. Because we do not sell personal information or process it for targeted advertising, such signals do not currently alter our processing, but we disclose our treatment of them here for transparency.

8. International Data Transfers

Aspect Blockchain operates in the United States and the United Kingdom, personal information may be transferred between these locations and to service providers in other countries whose data protection laws may differ from those of your jurisdiction.

Where we transfer personal data originating in the United Kingdom to a country not covered by UK adequacy regulations, we implement appropriate safeguards, including the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses. Where we transfer personal data originating in the European Economic Area to a country not covered by a European Commission adequacy decision, we rely on the EU Standard Contractual Clauses or another lawful transfer mechanism. In each case we conduct transfer risk assessments and implement supplementary measures where appropriate. You may request a copy of the relevant safeguards (redacted where necessary to protect commercial confidentiality) using the contact details in Section 18.

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, determined by reference to: the nature and duration of our relationship with you; our legal, tax, accounting, and regulatory obligations; the applicable limitation periods for legal claims; and legitimate business needs. Indicatively: inquiry and marketing data is retained while the relationship remains active and for a reasonable period thereafter; contract, billing, transaction, and financial records are retained for the periods required by applicable tax, accounting, and corporate law, typically six to seven years following the end of the relevant relationship or transaction; and compliance and screening records are retained for the periods required by applicable regulation. When personal information is no longer needed, it is securely deleted, anonymized, or archived in accordance with our retention practices and applicable law.

10. Data Security

We implement technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, loss, or destruction, appropriate to the nature of the data and the risks of processing. These measures include encryption of data in transit, access controls and role-based permissions, centrally managed and monitored devices, vendor security due diligence, and secure data-handling and disposal procedures. We periodically review and update these measures as risks and technologies evolve.

No system or method of transmission over the internet can be guaranteed completely secure. In the event of a personal data breach affecting your information, we will notify you and the relevant supervisory authorities where and as required by applicable law, including within the timeframes prescribed by the UK GDPR where it applies.

11. Your Rights — United Kingdom and European Economic Area

If you are in the United Kingdom or the European Economic Area, you have the following rights under applicable data protection law, subject to certain conditions and exemptions:

  • Access — to obtain confirmation of whether we process your personal data and, where we do, a copy of that data together with prescribed information about our processing.
  • Rectification — to have inaccurate personal data corrected and incomplete personal data completed.
  • Erasure — to have your personal data deleted in certain circumstances, including where it is no longer necessary for the purposes for which it was collected.
  • Restriction — to restrict our processing of your personal data in certain circumstances, including while a dispute about accuracy or our legitimate interests is resolved.
  • Portability — to receive personal data you provided to us, which we process by automated means on the basis of consent or contract, in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible.
  • Objection — to object to processing based on legitimate interests, on grounds relating to your particular situation, and an absolute right to object to processing for direct marketing purposes.
  • Withdrawal of consent — to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.

You also have the right to lodge a complaint with a supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ico.org.uk; +44 303 123 1113). If you are in the European Economic Area, you may complain to the supervisory authority of your habitual residence, place of work, or the place of the alleged infringement. We would, however, welcome the opportunity to address your concerns directly before you approach a regulator.

12. Additional Disclosures for United States Residents

If you are a resident of a US state whose privacy law applies to our processing (which may include, among others, Texas, California, Virginia, and Colorado), the following additional disclosures apply.

Categories collected and disclosed. In the preceding twelve months, we have collected the categories of personal information described in Section 3 from the sources described in Section 3, for the purposes described in Section 4, and we have disclosed those categories to the recipient categories described in Section 6 for business purposes.

No sale or targeted advertising. We do not sell personal information, and we do not share or process personal information for targeted or cross-context behavioral advertising. We have no actual knowledge of selling or sharing the personal information of individuals under sixteen years of age.

Your rights. Subject to applicable law, you may have the right to: confirm whether we process your personal information and access it; correct inaccuracies; delete personal information; obtain a portable copy of personal information you provided to us; and opt out of sales, targeted advertising, and certain profiling (none of which we currently conduct). You may exercise these rights by contacting us at inquiries@aspectblockchain.com. You may also designate an authorized agent to submit requests on your behalf, in which case we may require evidence of the agent's authority and verification of your identity.

Verification, response, and appeals. We will verify your identity to a degree of certainty appropriate to the request before acting on it, respond within the timeframes required by applicable law, and explain the basis for any refusal. Where applicable state law provides a right of appeal, you may appeal a refusal by replying to our decision and marking your message "Privacy Appeal," and we will respond to your appeal within the statutory period, including information on how to contact your state attorney general if you remain unsatisfied.

Non-discrimination. We will not discriminate against you for exercising any of your privacy rights.

13. Children's Privacy

The Site and our Services are not intended for or directed at individuals under the age of eighteen, and we do not knowingly collect personal information from them. If you believe we hold personal information collected from a minor, please contact us and we will delete it promptly.

14. Third-Party Websites

The Site may contain links to third-party websites, plug-ins, and applications. Clicking those links or enabling those connections may allow third parties to collect or share data about you. This Policy does not apply to those third parties, we do not control them, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policy of every site you visit.

15. Data Protection Officer

We have assessed that we are not currently required to appoint a statutory data protection officer under the UK GDPR or EU GDPR. Privacy matters are overseen at senior management level, and all privacy inquiries should be directed to the contact details in Section 18.

16. Updates to This Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, group structure, or legal obligations. When we do, we will post the updated version on this page and revise the "Last Updated" date above. Where a change materially affects how we process personal information, we will take reasonable steps to bring it to your attention before it takes effect, which may include prominent notice on the Site or direct communication where appropriate. We encourage you to review this Policy periodically.

17. Contact and Complaints

If you have questions, requests, or complaints regarding this Policy or our handling of personal information, or wish to exercise any of your rights, please contact:

Aspect Blockchain Holdings, Inc.

8350 N Central Expy

Suite 1900

Dallas

TX 75206

United States

Aspect Blockchain UK Limited

(UK/EEA controller)

167-169 Great Portland Street,

5th Floor, London

W1W 5PF, United Kingdom

Email: inquiries@aspectblockchain.com

We may require verification of your identity before acting on a request, in order to protect the security of your personal information. We aim to acknowledge all privacy requests promptly and to resolve them within the timeframes required by applicable law.

Arrow right icon