Privacy Policy

Updated April 16, 2026

1. Introduction

Ontorium (“we”, “our”, or “us”) is committed to protecting user privacy while ensuring compliance with applicable laws and regulations. This Privacy Policy explains how we collect, use, and safeguard information in connection with our platform and services.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree with our Privacy Policy, do not access or use the Services.

For any questions regarding this Privacy Policy, please contact us at: contact@ontorium.io

2. Information We Collect

We collect information necessary to provide our Services, comply with legal obligations, and ensure platform integrity.

Individual Users

  • Full legal name
  • Date of birth
  • Nationality and country of residence
  • Government-issued identification (e.g., passport, ID card)
  • Phone number (for verification and security purposes)
  • Contact information (e.g., email address)
  • Source of funds (for compliance and risk assessment, where required)

Institutional Users

For institutional users, we may collect additional information as part of Know Your Business (KYB) procedures, including but not limited to:

  • Company information, such as legal entity name, registration number, date of incorporation, legal structure, and registered or operating address
  • Information relating to directors, representatives, and authorized persons
  • Ownership and control structure, including shareholders, members, and their respective ownership interests
  • Information relating to ultimate beneficial owners (UBOs), including identity, nationality, and level of ownership or control, which may be subject to separate identity verification procedures
  • Information required for compliance screening, including sanctions, politically exposed persons (PEP), and adverse media checks

Wallet and On-Chain Data

  • Wallet address (used to link verified identity with on-chain activity, where applicable)
  • Transaction history (public blockchain data)
  • Smart contract interactions

Blockchain data is publicly available and not controlled by Ontorium. Such data may be associated with your wallet address but cannot be altered or deleted by us.

Automatically Collected Information

  • IP address
  • Device information
  • Browser type
  • Access logs
  • Usage data (interaction with the platform)

Information from Third Parties

We may receive information from third-party service providers, including but not limited to:

  • Identity verification providers (e.g., Sumsub)
  • Compliance and sanctions screening providers
  • Custody and settlement partners (e.g., vault operators, gold custodians, logistics partners)

3. How We Use Your Information

We use your information for the following purposes:

  • To provide, operate, and maintain the Services, including managing user accounts and enabling access to platform functionalities
  • To verify identity and comply with KYC/AML (Know Your Customer and Anti-Money Laundering) requirements, including transaction monitoring and risk assessment
  • To link verified identities with wallet addresses and enable interaction with on-chain services
  • To process minting and redemption of assets (e.g., OXAU), including physical redemption where applicable
  • To ensure security, prevent fraud, detect abuse, and protect the integrity of the platform
  • To comply with legal and regulatory obligations, including responding to lawful requests and supporting internal and external audits
  • To improve platform performance, functionality, and user experience

Sharing and Disclosure of Information

We may share your information with third parties, including but not limited to:

  • Service Providers
    Third-party service providers that support the operation of our Services, including identity verification providers (e.g., Sumsub), blockchain analytics providers, cloud infrastructure providers, and other technical service providers
  • Compliance and KYC/AML Providers
    Providers that assist with identity verification, sanctions screening, transaction monitoring, and compliance obligations
  • Custody and Asset-Related Partners
    Custody providers, vault operators, and infrastructure partners involved in the issuance, storage, management, and settlement of real-world assets
  • Physical Redemption and Logistics Partners
    Authorized partners responsible for handling physical redemption, delivery, or pickup of assets, where applicable
  • Regulatory Authorities
    Regulatory bodies, law enforcement agencies, or other authorities where disclosure is required by applicable laws or regulations

We do not sell or share users’ personal information with third parties for marketing or promotional purposes.

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your information from unauthorized access, loss, misuse, or alteration. This includes the use of industry standard encryption for data in transit and at rest, access controls that restrict data access to authorized personnel on a need-to-know basis, and secure infrastructure designed to maintain system integrity and availability. We also monitor our systems for potential vulnerabilities, unauthorized access, and other security risks, and work with trusted third-party providers to ensure the secure handling of identity verification, custody, and asset-related processes. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security of your information.

5. Data Retention

We retain personal information for as long as necessary to provide our Services, comply with legal and regulatory obligations, and support legitimate business purposes. This includes retaining information required for KYC/AML compliance, transaction monitoring, and record-keeping obligations. In accordance with applicable regulatory requirements, KYC/AML-related records are generally retained for a minimum of five (5) years following the end of a business relationship or the completion of a transaction. Retention periods may vary depending on the nature of the data and applicable legal requirements. When personal information is no longer required, we take reasonable steps to securely delete or anonymize such information.

6. Age Restrictions

Our Services are not intended for individuals under the age of 18, and we do not knowingly collect or solicit personal information from minors. If you are under 18, you should not access or use the Services. If we become aware that we have collected personal information from a minor without proper authorization, we will take appropriate steps to delete such information and restrict access to the Services.

7. User Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information, including the right to access, correct, or request deletion of your data, restrict or object to certain processing activities, and withdraw consent where applicable. You may also have the right to request a copy of your personal data. We will respond to such requests in accordance with applicable laws and may require identity verification before processing your request.

8. Cross-Border Data Transfers

Your personal information may be transferred to, stored, and processed in jurisdictions outside your country of residence, including locations where our service providers and partners operate. These jurisdictions may have data protection laws that differ from those in your country. We take appropriate measures to ensure that such transfers are conducted in accordance with applicable legal requirements and that your personal information remains protected.

9. Cookies and Tracking Technologies

We may use cookies and similar tracking technologies to enhance user experience, analyze platform usage, and improve the performance of our Services. Users may control or disable cookies through their browser settings; however, doing so may affect certain functionalities of the Services.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any updates will be posted on this page with a revised effective date. Continued use of the Services after such changes constitutes acceptance of the updated Privacy Policy.

11. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: contact@ontorium.io