Privacy Policy

Last Revised: 28  July 2025

This Privacy Policy (the “Policy”) explains how Bentobox Labs LLC ("Bentobox Labs", "we", "us" or "our") collects, uses, discloses and safeguards Personal Data when you visit https://www.strata.money or use any related applications, products or services (collectively, the “Services”). By accessing or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use the Services.

Bentobox Labs LLC is a technology company incorporated in Sharjah Media City Free Zone (Shams), Sharjah, United Arab Emirates, formation no. 2326826, business‑licence no. 2326826.01.

1. PERSONAL DATA WE COLLECT

Category

Examples

Source

Wallet Data

Public blockchain addresses, on‑chain transactions, token balances

Public blockchains, user input

Contact Data

E‑mail address, support tickets, feedback forms

User input

Device & Usage Data

IP address, browser type/version, operating system, referring URL, clickstream data, time‑stamp

Automated via cookies and server logs

Third‑Party Integration Data

Analytics events, referral codes, partner‑integration metadata

Third‑party providers

Support Communications

Chat transcripts, e‑mails with our support team

User input

Aggregated / De‑identified Data

Statistical metrics that cannot reasonably identify an individual

Derived internally

We do not intentionally collect names, national ID numbers, precise geolocation, or special‑category data (e.g., health, biometric or political‑opinion data).

2. HOW WE USE PERSONAL DATA

Purpose

Examples

Operate & secure the Services

Provide wallet‑connect functionality; prevent fraud and abuse; debug and monitor performance; enforce our Terms of Service

Customer support

Respond to enquiries and resolve issues

Analytics & product improvement

Measure usage, improve user experience, develop new features

Marketing & communications

Send newsletters or product updates (you may opt‑out at any time)

Legal & compliance

Comply with AML/CFT, sanctions, tax or other regulatory obligations

Corporate transactions

Conduct due‑diligence or transfer assets in a merger, acquisition, financing or re‑organisation

Aggregation / anonymisation

Produce de‑identified statistics for research, business or ecosystem purposes

We do not sell Personal Data and do not engage in automated decision‑making that produces legal or similarly significant effects.

3. LEGAL BASES FOR PROCESSING

Where applicable data‑protection law (e.g., EU GDPR, UK GDPR or the UAE Federal Decree‑Law No. 45 of 2021) requires a lawful basis, we rely on:

  • Contract necessity – operating and providing the Services you request.

  • Legitimate interests – security, fraud prevention, analytics and product improvement (balanced against your rights).

  • Consent – sending marketing e‑mails (withdraw at any time by clicking “unsubscribe”).

  • Legal obligations – compliance with sanctions screening, anti‑money‑laundering and tax laws.

4. DISCLOSURE OF PERSONAL DATA

Recipient

Purpose

Service Providers

Cloud hosting, analytics, customer‑support platforms, security vendors, e‑mail delivery (bound by written data‑processing agreements)

Legal / Regulatory Authorities

Where required to comply with law, court order or applicable sanctions, or to protect rights, property or safety

Corporate Successors

As part of, or during negotiations for, a merger, acquisition, asset sale or similar transaction

Others with Your Consent

Any additional disclosure you explicitly authorise

We may share aggregated or de‑identified data that cannot reasonably be used to identify you.

5. COOKIES AND SIMILAR TECHNOLOGIES

We use:

  • Essential cookies – enable core site functionality and security;

  • Analytics cookies – collect pseudonymous usage metrics via tools such as Plausible or Google Analytics.

You can disable cookies in your browser settings, but some features may not function. We do not respond to “Do Not Track” signals.

6. YOUR RIGHTS

Depending on your jurisdiction, you may have the right to:

  • Access, correct or delete Personal Data;

  • Restrict or object to processing;

  • Port your Personal Data to another controller in a structured, machine‑readable format;

  • Withdraw consent to marketing communications;

  • Lodge a complaint with your local data‑protection authority.

To exercise these rights, e‑mail [email protected]. We may ask you to verify your identity.

7. INTERNATIONAL TRANSFERS

Personal Data may be processed in, and transferred to, countries outside your home jurisdiction (including the European Economic Area, the UAE and the United States) that may not provide the same level of data protection. Where legally required, we implement appropriate safeguards—such as Standard Contractual Clauses or Intra‑Group Data‑Transfer Agreements—to protect your Personal Data.

8. DATA SECURITY

We employ commercially reasonable administrative, technical and physical safeguards, including:

  • TLS encryption in transit and encryption at rest;

  • Access controls on a least‑privilege basis;

  • Continuous monitoring, vulnerability scanning and periodic penetration testing.

No transmission or storage system is 100 % secure; you are responsible for safeguarding wallet keys, seed phrases and device credentials.

9. DATA RETENTION

Data Category

Typical Retention Period

Wallet & blockchain data

Recorded on public ledgers (indefinite)

Contact & support data

3 years after last interaction

Server logs

12 months

Marketing lists

Until you unsubscribe

Aggregated / de‑identified data

Indefinite

We retain Personal Data only as long as necessary for the purposes set out in this Policy or as required by law.

10. CHILDREN

The Services are not directed to individuals under 18 years of age. We do not knowingly collect data from children. If you learn that a minor has provided Personal Data, please contact [email protected] and we will delete it.

11. THIRD‑PARTY LINKS AND FEATURES

Links or integrations to third‑party websites, wallets or protocols are operated by those third parties, and their privacy practices apply. Bentobox Labs is not responsible for such practices.

12. CHANGES TO THIS POLICY

We may modify this Policy at any time. Material changes will be announced via banner on the Platform or e‑mail where feasible. The “Last updated” date indicates the effective version. Continued use of the Services after an update constitutes acceptance of the revised Policy.

13. CONTACT

Questions, concerns or requests? E‑mail [email protected] or write to Bentobox Labs LLC, Sharjah Media City (Shams), Sharjah, United Arab Emirates.

© 2025 Bentobox Labs LLC. All rights reserved.

PreviousTerms of Service

Last updated