Privacy Policy.

Who we are.

The Binary Holdings (DIFC) Ltd is a private company limited by shares, incorporated in the Dubai International Financial Centre (DIFC) and authorised by the Dubai Financial Services Authority (DFSA) as a Virtual Asset Service Provider (VASP). Our principal offices are at the DIFC Innovation Hub, Dubai, with operating presence in Bangkok, Thailand. Latham & Watkins LLP serves as our counsel of record.

This policy applies to thebinaryholdings.com and to all corporate-level interactions you may have with us. It does not apply to the partner host applications in which BinaryOS is embedded; those are governed by each partner's own privacy posture and per-partner Data Processing Agreement.

The data we handle.

The Binary Holdings handles four classes of data, each under a distinct governance model:

• Corporate-site visitor data — analytics, page views, and contact-form submissions on this website.
• Investor-portal data — sign-in credentials, dashboard activity, and document-access logs for shareholders, SAFE holders, and approved IR contacts.
• Partner-owned application data — behavioural and transactional data generated inside partner host applications. The partner is the data controller. The Binary Holdings operates strictly as data processor under an executed Data Processing Agreement with each partner, with national data residency and partner-side encryption.
• BNII intelligence outputs — anonymised cross-market indices, propensity and LTV scores, and authored regional briefs. Anonymisation floor of k=50 is enforced at the query layer, not by policy. Row-level extraction is not possible by construction.

How we use it.

Corporate-site visitor data is used solely for site operation, reach analysis, and routing your enquiries. Investor-portal data is used to authenticate access and surface materials approved for your access tier. Partner-owned application data is processed under partner instruction only — TBH does not access, query, or repurpose it outside the executed DPA's bounds. BNII outputs are licensed to brands, consultants, market research firms, and macro researchers; partner-private outputs (propensity and LTV scores) remain under partner control.

Anonymisation, code-enforced.

The k=50 floor on BNII outputs is implemented at the query engine, not declared as a contractual promise. Any query returning a cohort smaller than fifty unique behavioural identities is rejected before the result is composed. This guarantees that no individual user can be re-identified through a chain of permitted queries, regardless of the requester's intent. Methodology versions are committed to the Binary Network on-chain and are reviewable by partners and regulators.

National residency.

Behavioural and transactional data originating in a market remains resident in that market. Cross-border movement, when required for indexing into BNII, is governed by the per-partner DPA and complies with the destination jurisdiction's data-protection law. Where local law requires it, data is processed in-country and never leaves national infrastructure.

Your rights.

If you are a corporate-site visitor or investor-portal user, you have the right to access your data, correct it, port it, and request deletion. If you are an end user of a partner host application, your rights are governed by that partner's privacy policy under applicable national law — TBH operates only on the partner's instruction. To exercise corporate-level rights, write to us at the address below.

How to reach us.

For privacy and data-protection enquiries, write to privacy@thebinaryholdings.com. For regulator-level enquiries, write to legal@thebinaryholdings.com. We acknowledge corporate-level enquiries within one business day; statutory time-limits apply to regulator enquiries.

Changes to this policy.

This policy is versioned. The current version is 4.0, effective May 7, 2026. Material changes are surfaced on this page and on the corporate newsletter at least thirty days before they take effect. Prior versions are archived and available on request.