Privacy Policy

This Privacy Policy ("Privacy Policy") sets out the manner and legal basis on which ORO Labs Pte. Ltd., a company incorporated under the Applicable Laws of Singapore (referred to as "ORO Labs", "We", "Us", or "Our"), including its affiliates and associated entities (unless the context otherwise requires), collects, uses, discloses, processes, and protects Personal Data in accordance with the PDPA and all other applicable data protection laws.

This Privacy Policy applies to all Personal Data provided to or collected by ORO Labs in connection with Your access to or use of Our website https://orogold.app, including all subdomains, web pages, applications, and content made available by ORO Labs (the "Platform"), except for any specific components that directly facilitate, or are intended to facilitate, regulated financial services or trading activities (“Trading Components”), which are operated solely by independent Third-Party Service Providers and governed by their respective policies.

ORO Labs operates solely as a technology interface provider and does not engage in any activity regulated under Singapore law, including but not limited to the issuance, custody, brokerage, or trading of digital assets. Accordingly, this Privacy Policy governs only Our collection and processing of personal data as a technology provider and does not extend to any third-party services accessible via the Platform, including services offered through the Trading Components. Users are advised to review the privacy practices of any Third-Party Service Providers they engage with through or outside the Platform.

By accessing or using the Platform, submitting any personal data to Us, or otherwise interacting with ORO Labs, You acknowledge that You have read, understood, and agree to the terms of this Privacy Policy. If You do not agree with this Privacy Policy or any part thereof, You must immediately discontinue use of the Platform and refrain from providing any personal data to Us.

(a) "$GOLD" refers to the proprietary token issued by independent Third-Party Service Providers, representing a digital form of gold ownership and backed by physical gold. Its issuance, management, and operation are conducted in accordance with applicable legal and regulatory frameworks by the Third-Party Service Providers.

(b) "AML/CFT" means applicable anti-money laundering and counter-terrorist financing laws, regulations, and guidelines.

(c) "Applicable Law" means any statute, law, regulation, rule, ordinance, code, directive, decree, judgement, order, policy, guideline, or other legal requirement issued by any governmental, regulatory, judicial, or statutory authority, including any amendments, re-enactments, or replacements thereof, that are applicable to the subject matter of this Privacy Policy.

(d) "Cookies" refer to small data files placed on Your device when You access or use the Platform. They allow Us and selected third parties to recognise Your browser or device and gather information about Your preferences or past activity.

(e) "DPO" refers to a data protection officer who is responsible for ensuring that ORO Labs is compliant with the PDPA.

(f) "Intellectual Property" includes all ideas, concepts, creations, discoveries, inventions, improvements, know-how, trade secrets, proprietary techniques, methods, processes, systems, algorithms, works of authorship, research, software programs, databases, electronic codes, and other confidential or proprietary information. It also encompasses trademarks, service marks, designs, models, tools, devices, principles, formulas, teaching techniques, documents, records, user guides, and any other tangible or intangible assets, whether in written, electronic, or any other form, regardless of whether they are copyrightable, patentable, or otherwise legally protectable.

(g) "KYC" refers to the know-your-customer requirements and the process of verifying a User's identity in compliance with Applicable Laws and regulations.

(h) "ORO Labs," "We," "Us," or "Our" refers to ORO Labs Pte. Ltd. as defined in the introductory section of this Privacy Policy.

(i) "PDPA" means the Personal Data Protection Act 2012 of Singapore, including all subsidiary legislation, regulations, guidelines, advisory notes, and amendments thereto, as may be updated, supplemented, or replaced from time to time.

(j) "Personal Data" means any information, whether true or not, that can identify an individual:

(k) "Platform" has the meaning assigned to it in the introductory section of this Privacy Policy.

(l) "Privacy Policy" refers to this privacy policy.

(m) "Services" refers to limited functionality and services provided directly by ORO Labs through the Platform, including user interface access, technical support, non-transactional features, and any related services made available by ORO Labs, as further described in the Terms of Use.

(n) "Terms of Use" refers to the Terms of Use available at orogold.app/terms-and-conditions.

(o) "Third-Party Service Providers" means independent entities, platforms, or service providers that offer services accessible through or referenced on the Platform, including but not limited to the issuance, trading, custody, redemption, or other facilitation of $GOLD and other digital assets. This includes, without limitation, token issuers, digital asset exchanges, custodians, payment processors, regulatory compliance providers, technology vendors, and marketing affiliates. Third-Party Service Providers operate independently of ORO Labs and are not owned, managed, or controlled by ORO Labs. All the respective services offered by these Third-Party Service Providers are subject to their independent terms and conditions.

(p) "Trading Component" has the meaning assigned to it in the introductory section of this Privacy Policy.

(q) "User," "You," or "Your" refers to any person who accesses the Platform or utilises the Services, whether as a registered or unregistered user.

(a) Headings and defined terms are for convenience only and do not affect the interpretation of these Terms.

(b) In these Terms, unless repugnant to the context:

2.1 This Privacy Policy applies to all Personal Data collected, used, and disclosed by ORO Labs in connection with Your use of Our Platform in accordance with the PDPA and other applicable data protection laws in Singapore. It governs how We handle the Personal Data of Users who visit Our website or utilise Our Services.

2.2 This Privacy Policy applies to all Personal Data that ORO Labs collects, uses, discloses, processes, or stores in connection with:

2.3 This Privacy Policy does not apply to:

2.4 This Privacy Policy supplements but does not replace any other consents You may have provided to Us regarding Your Personal Data.

2.5 We may amend this Privacy Policy from time to time. Any updates will be posted on Our Platform, and Your continued use of Our Platform and Services constitutes Your acceptance of the revised Privacy Policy.

3.1 Depending on Your interactions with Us, We may collect, use, and process various types of Personal Data, including but not limited to the following:

3.2 We collect Personal Data through the following means:

3.3 Exclusions

3.4 Some Personal Data may be required to fulfil contractual or legal obligations. If You choose not to provide certain Personal Data, We may not be able to offer certain features or respond to specific requests.

4.1 We process Personal Data in accordance with Applicable Laws and only for purposes that are necessary, lawful, and relevant, including but not limited to:

4.2 If We rely on Your consent for any processing activities, You may withdraw Your consent at any time by contacting Us. However, this will not affect the legality of processing carried out before consent was withdrawn.

4.3 We do not sell or share Your Personal Data with unaffiliated third parties for their direct marketing purposes without Your express consent.

4.4 In accordance with Applicable Law, We process Personal Data under one or more of the following lawful bases:

5.1 ORO Labs may disclose or share Your Personal Data with Third-Party Service Providers, partners, or other third parties to the extent necessary for the purposes set out in this Privacy Policy and as permitted under Applicable Laws. This includes supporting Our operations, products, Platform functionality, regulatory compliance, and service delivery.

5.2 Such disclosures may include (but are not limited to) Third-Party Service Providers that assist with:

5.3 These Third-Party Service Providers are granted access to Your Personal Data solely for the purpose of performing their designated services. ORO Labs shall require them to adhere to strict confidentiality obligations and implement appropriate data protection and security measures in compliance with Applicable Laws.

5.4 We may also disclose aggregated or anonymised data that does not directly or indirectly identify any individual. Such data may be shared with third parties for research, analytics, platform optimisation, security improvements, or similar business purposes.

5.5 The Platform may contain embedded tools, software, or links that connect You to external applications or services operated by Third-Party Service Providers. If You choose to interact with such third-party services—whether through a direct integration or by following a link—You acknowledge and agree that:

5.6 To the fullest extent permitted by Applicable Law, ORO Labs shall not be liable for any loss, damage, unauthorised access, or misuse of Personal Data that occurs outside of Our systems or arises from the actions or omissions of any Third-Party Service Provider, except to the extent that such exclusion is prohibited by Applicable Law. We do not warrant the accuracy, security, or lawfulness of their practices and accept no responsibility for consequences resulting from Your direct disclosure of Personal Data to them.

5.7 We may disclose Your Personal Data to governmental agencies, regulatory authorities, courts, or law enforcement bodies where such disclosure is required:

5.8 In the event of a merger, acquisition, reorganisation, sale of assets, or similar corporate transaction involving ORO Labs, Your Personal Data may be transferred to or accessed by the acquiring or successor entity as part of the transaction. We will ensure that any such transfer is handled in accordance with Applicable Law and, where feasible, subject to appropriate safeguards.

6.1 If You provide ORO Labs with Personal Data relating to any third party (including but not limited to Your affiliates, employees, agents, or representatives), You represent and warrant that:

6.2 You are solely responsible for ensuring that any third-party Personal Data provided to ORO Labs is complete, accurate, current, and not misleading. Failure to do so may result in delays, errors, or inability to provide Services, and may also constitute a breach of Applicable Law.

6.3 You agree to fully indemnify and hold harmless ORO Labs, its affiliates, officers, employees, and agents from and against any and all claims, liabilities, losses, damages, or expenses (including reasonable legal fees) arising from or in connection with:

7.1 In the course of providing the Platform and related Services, ORO Labs may transfer, store, or otherwise process Your Personal Data in jurisdictions outside of Your country of residence, including but not limited to Singapore and other countries where Our Third-Party Service Providers, affiliates, or data centres are located. Where such cross-border transfers occur, We will take reasonable steps to ensure that Your Personal Data continues to be protected to a standard comparable to that under Applicable Law, including the PDPA.

7.2 Your Personal Data is currently stored and processed using infrastructure provided by Neon, a third-party database provider operating on Amazon Web Services (AWS) infrastructure located in the United States. By accessing or using the Platform, You acknowledge and consent to this cross-border storage and to any necessary transfers of Your Personal Data that support Platform operations, maintenance, and disaster recovery.

7.3 We implement appropriate safeguards to protect Personal Data transferred internationally. These safeguards may include:

7.4 By using the Platform, You acknowledge and consent to the transfer of Your Personal Data to jurisdictions that may have different and potentially less protective data protection standards than those in Your home country. If You do not wish for Your Personal Data to be transferred in this manner, please refrain from using the Platform.

8.1 ORO Labs will retain Your Personal Data for as long as is reasonably necessary to fulfil the purposes for which it was collected, as described in this Privacy Policy, or as otherwise required under Applicable Law. This may include retaining Personal Data for purposes such as tax, accounting, AML/CFT and KYC compliance, regulatory reporting, or complying with lawful requests from competent authorities.

8.2 Where relevant, Personal Data may also be retained for an extended period if it is reasonably necessary for the establishment, exercise, or defence of legal claims or in connection with any actual or potential investigation, litigation, or dispute involving ORO Labs.

8.3 Once Personal Data is no longer required for the purposes for which it was collected, and where there is no legal or business need to retain it, ORO Labs will take reasonable steps to:

9.1 ORO Labs is committed to safeguarding Your Personal Data and implements reasonable administrative, organisational, physical, and technical measures to protect it against unauthorised access, loss, misuse, disclosure, alteration, or destruction in accordance with the PDPA and other Applicable Laws. These measures are designed to be appropriate to the nature of the Personal Data and the risks associated with its processing.

9.2 Access to Personal Data is restricted to personnel who require access to perform their roles and are contractually bound to maintain the confidentiality, integrity, and security of such data. These individuals are required to process Your Personal Data strictly in accordance with this Privacy Policy and applicable data protection laws.

9.3 While ORO Labs takes reasonable steps to protect the security of Your Personal Data within Our systems, ORO Labs does not control and is not responsible for the data-protection practices of Neon, AWS, or any other third-party service providers engaged to store or process data on Our behalf.

9.4 While We take reasonable steps to protect the security and integrity of all Personal Data within Our control, You acknowledge and agree that no method of transmission over the internet, or method of electronic storage, is completely secure or risk-free. Accordingly, ORO Labs does not warrant or guarantee that Your Personal Data will be completely secure from unauthorised access, interception, loss, or misuse by third parties.

9.5 In the event of a Personal Data breach that is likely to result in a risk to Your rights or freedoms, ORO Labs will:

9.6 To the fullest extent permitted by Applicable Law, ORO Labs disclaims any liability for unauthorised access, disclosure, loss, or corruption of Personal Data that occurs outside of Our reasonable control, including but not limited to incidents arising from cyber-attacks, system vulnerabilities, failure of Third-Party Service Providers, or other force majeure events.

10.1 In accordance with the Applicable Laws and regulations, You may be entitled to:

10.2 You may opt out of receiving marketing communications from Us at any time by using the “unsubscribe” option provided in Our emails. However, even if You opt out, We may still send You service-related messages necessary for the use of Our Platform or Services.

10.3 To ensure the security of Your Personal Data, We may require You to provide specific information to verify Your identity before processing any privacy-related requests.

10.4 Due to Our limited role in processing Personal Data (as described in the Terms of Use), the extent to which We may assist You in exercising these rights may be subject to certain technical or legal limitations. We will respond to all legitimate requests within one (1) month. If Your request is complex or if multiple requests have been made, We may require additional time and will notify You accordingly.

11.1 Our Platform and Services are not intended for individuals under the age of eighteen (18). We do not knowingly collect Personal Data from individuals under eighteen (18) years old. If We become aware that We have inadvertently collected such information, We will take appropriate steps to delete it. If You believe that We may have mistakenly or unintentionally collected Personal Data from an individual under eighteen (18), please contact Us immediately.

12.1 If You have any questions regarding this Privacy Policy, concerns about Our data practices, or wish to exercise any rights outlined in this Privacy Policy, You may contact our Data Protection Officer at:

12.2 To assist Us in processing Your request efficiently, You should provide sufficient details about Your inquiry, including any supporting evidence or relevant information. We will treat all requests and complaints confidentially. Our team will serve as the first point of contact for all privacy-related matters and will ensure compliance with Our data protection obligations.

12.3 We are committed to addressing any concerns or complaints related to the collection, use, disclosure, or processing of Personal Data. We have established a process for receiving, investigating, and responding to such complaints in a timely and appropriate manner.

12.4 If You wish to raise a concern or lodge a complaint regarding Our data protection practices or compliance with this Privacy Policy or Applicable Law, please contact Our Data Protection Officer using the details provided in Clause 12.1. We will acknowledge receipt of Your complaint and aim to provide a substantive response within a reasonable period, typically within thirty (30) calendar days.

12.5 If additional information is required, We will reach out to You. Upon reaching a determination, We will notify You in writing, which may include electronic communication via email.

12.6 If You are unsatisfied with Our response, You may also have the right to escalate the matter to the Personal Data Protection Commission of Singapore or the relevant supervisory authority in Your jurisdiction.

13.1 We ensured that Our employees and relevant personnel are made aware of and provided with access to the Our data protection policies and practices. All staff handling Personal Data receive periodic training and updates regarding their obligations under Applicable Law and this Privacy Policy.

13.2 Internal procedures, including policies on access control, data minimisation, retention, and complaint handling, are documented and communicated to all relevant staff to support consistent and compliant Personal Data handling practices.

14.1 By using the Platform, You acknowledge and agree that We may update this Privacy Policy at Our sole discretion from time to time. We may notify You of significant changes by:

14.2 Changes will take effect upon publication. Your continued use of Our Platform and Services after the effective date constitutes:

15.1 ORO Labs may use Cookies and similar tracking technologies (such as web beacons, pixels, and local storage) on the Platform to improve functionality, analyse usage patterns, enhance security, and deliver personalised content.

15.2 We use the following types of Cookies:

15.3 Where required under Applicable Law, We obtain Your explicit consent before placing non-essential Cookies on Your device. Upon Your first visit to the Platform, You will be presented with a Cookie banner that allows You to:

15.4 You may also manage Your Cookie preferences at any time by adjusting Your browser settings or using the Cookie management tools provided on Our Platform. Please note that disabling certain Cookies may affect the availability or functionality of some features of the Platform.

15.5 We may permit selected Third-Party Service Providers to use Cookies or similar technologies on the Platform for analytics, advertising, and User support. If You choose to interact with these third parties, their use of Your data will be governed by their own privacy and cookie policies. You are responsible for reviewing those policies before engaging with them, and ORO Labs disclaims any responsibility for third-party data practices.

15.6 The information collected through Cookies and similar technologies may constitute Personal Data and will be processed in accordance with this Privacy Policy and Applicable Law, provided Your selection, save Strictly Necessary Cookies, You expressly consent the use of Cookies as made available in this Privacy Policy.

16.1 Through the Platform, we make certain interface-only Services available to users throughout the world. ORO Labs Pte. Ltd. is incorporated in Singapore and is therefore primarily regulated by the Personal Data Protection Act 2012. In addition, because we may process Personal Data of individuals located inside the European Economic Area (“EEA”) or the United Kingdom, we comply, only to the extent legally required, with Regulation (EU) 2016/679 and the UK General Data Protection Regulation (together, “GDPR”).

16.2 The purpose of the following information is to provide you with a concise explanation, in accordance with Articles 13 and 14 GDPR, of how we intend to process your Personal Data when the GDPR applies. If the GDPR is not directly applicable to you, this clause does not extend any additional rights or obligations. Should you require further clarification, or wish to exercise any right, please contact our DPO.

16.3 We recognise the below rights which you enjoy under the applicable data protection law with respect to your personal data:

This Supplemental Privacy Policy applies to you only if you are a natural person and you are a resident of any state in the United States with a privacy-related consumer-protection law. This Supplemental Privacy Policy is incorporated into and forms part of the ORO Labs Privacy Policy.

Please note that the rules implementing some of these laws have not yet been finalised. We are continuously working to better comply with these laws, and we will update our processes, disclosures and this notice as these implementing rules are finalised.

This Supplemental Privacy Policy provides supplemental notices that are unique to the US states referenced above.

17.1 Categories of Personal Information We Collect, and How We Use and Share that Information.

The Personal Information we may collect, use and share over the next 12 months is set out above in this Privacy Policy.

17.2 Manage Cookie.

Global Privacy Control (“GPC”) is a setting you can enable in your web browser to communicate your privacy preference for not having certain information about your webpage visits collected across websites. For all the details, including how to turn on GPC, visit https://globalprivacycontrol.org/.

17.3 Sharing of Personal Information.

We have allowed third-party ad providers to collect Personal Information from visitors to certain Platform pages (for example, our websites) for the purposes of advertising and analytics. This practice may constitute the “sharing” of Personal Information. To the extent that our practices constitute the sharing of your Personal Information, you have the right to opt out of such sharing with the third parties identified in this Privacy Policy by contacting us using the details in Section 12 (Contacting ORO Labs). You can also opt out by enabling Global Privacy Control (mentioned above).

17.4 We Do Not Sell Your Personal Information.

You have the right to know whether your Personal Information is being sold. ORO Labs does not sell your Personal Information. Your Personal Information is “sold” when it is provided to a third party for monetary or other valuable consideration for a purpose that is not a “business purpose” under the CCPA or other U.S. state data-privacy laws. A “sale” does not include when we disclose your Personal Information at your direction or when otherwise permitted by law.

17.5 Right to Opt-out of Sharing

17.6 Non-Discrimination.

U.S. state privacy laws prohibit businesses from discriminating against you for exercising your rights under the law. Discrimination may include denying services, providing a different level or quality of service, or charging different prices. ORO Labs does not discriminate.