Privacy Policy.

Last Updated: 27 November 2025

Beam Interface, a Cayman Islands exempted company (including all affiliates, collectively referred to as “Beam”, “we”, “us” or “our”), currently provides certain information about the Beam ecosystem (a gaming ecosystem consisting of technologies, projects, communities, organizations and persons, utilizing, relying on, securing, or developing (as applicable) the Beam network, protocols and applications deployed on Beam network and their related smart contract systems), as well as related content and functionality about Beam through the website located at https://www.onbeam.com or any sub-URL of such a website (the “Website”).

This privacy policy (“Privacy Policy”) applies to all Personal Data (defined below) collected through the Website and cookies used, as well as marketing campaigns, product feedback forms, surveys, events, and sales. We collect and use your Personal Data in accordance with this Privacy Policy and in compliance with applicable data protection legislation, including but not limited to the Cayman Islands’ Data Protection Act, 2021 (“DPA”), EU General Data Protection Regulation ((EU) 2016/679) (“GDPR”), EU Privacy and Electronic Communications Directive (2002/58/EC), and the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.).

1. Personal Data

“Personal Data” or “Personal Information” refers to any personally identifiable information that can be used to identify or contact you, which may include, but is not limited to:

Name
Date of birth
Email
Phone number
Mailing address
IP address
Wallet ID and associated metadata
Usage data

2. Overview of how we process your Personal Data

Purpose of the processing	Categories of Personal Data	Legal basis	Retention period
To operate, maintain, secure and improve the Website (including to provide information, communicate with users, personalize experience, and respond to support requests)	Contact and account information (name, email, phone); device data (IP address, device type, OS, browser, identifiers); online activity data (pages viewed, session data, navigation paths, timestamps); correspondence	Performance of our Terms of Use (where applicable) and legitimate interest in providing and improving the Website	For as long as necessary to operate and maintain the Website; typically up to 3 years after last interaction, unless longer required for compliance or security purposes
To enable third-party logins (e.g., Google, Apple, Facebook)	Third-party account identifiers; name; email; profile information shared by the external service; metadata about authorization	Performance of our Terms of Use (to provide account access) and legitimate interest in enabling interoperability	For as long as the account remains active or linked; deleted upon unlinking or account closure
To conduct research and development (analyze and improve the Website, develop new products and services)	Usage and analytics data; device and interaction data; anonymized technical data	Legitimate interest in improving and developing services	Up to 12 months; anonymized thereafter (no retention limit applies to anonymized data)
To conduct surveys and collect feedback	Identification and contact details; feedback content and survey responses	Legitimate interest in improving services and user experience	Up to 3 years after receipt of feedback
For compliance, fraud prevention, and safety (to protect rights, investigate misuse, ensure legal compliance)	Device/browser data; IP address; wallet ID and transaction metadata; identification data where required by law	Legitimate interest in protecting systems and users, and/or legal obligation (e.g., responding to law enforcement)	As long as necessary for detection and enforcement; typically up to 5 years
To process and respond to user rights requests (access, deletion, rectification, etc.)	Identification and contact details; supporting documentation (e.g. ID if required)	Legal obligation under GDPR and DPA	For the time necessary to process the request and up to 5 years thereafter (statutory limitation period)
To obtain and process blockchain transaction data (when interacting with the Beam network or verifying wallet-based access)	Wallet address; transaction identifiers; sender/recipient addresses; on-chain metadata; related IP information when using RPC nodes	Performance of our Terms of Use (to process authorized transactions) and legitimate interest in ensuring transparency and traceability	Blockchain data is permanent and cannot be deleted; associated off-chain data retained for up to 5 years after last interaction

3. Cookies and Automatic Data Collection

We use different types of cookies on our website. Cookies are small pieces of data — usually text files — placed on your computer, tablet, phone or similar device when you use that device to access our services. In this connection, we use Google Adsense conversion tracking to help measure how our ads on other platforms perform and how users interact with our site through them. They allow us to see how many users visit after clicking on an ad and which pages they engage with. To measure the effectiveness of these ads, Google Adsense conversion tracking may set cookies or track interactions.

You can opt out of having your online activity and device data collected through these third-party services, including by:

Blocking cookies in your browser by following the instructions in your browser settings. For more information about cookies, including how to see the cookies on your device, manage them, and delete them, visit www.allaboutcookies.org.
Blocking or limiting the use of your advertising ID on your mobile device through the device settings.
Using privacy plug-ins or browsers. Certain browsers and browser extensions can be configured to block third-party cookies and trackers.
Using the platform opt-out provided by Google at https://adssettings.google.com and https://myadcenter.google.com. You can learn more about how Google uses your information by reviewing Google’s privacy policy at https://policies.google.com/privacy.
Using advertising industry opt-out tools on each device or browser where you use the services, available at http://optout.aboutads.info and http://optout.networkadvertising.org.
You can also adjust your ad settings with Google here.

We also use the following other techniques to automatically collect information through the Website:

Local storage technologies, like HTML5, provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

4. Sharing of Personal Information & Third Party processings

With the exception of the provider(s) of the Website, we do not make your Personal Data available to third parties unless you have expressly consented to it, if we are legally obligated to, or if this is necessary to enforce our rights concerning a contractual relationship. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.

Service providers

We may share your Personal Information with third party companies and individuals that provide services on our behalf or help us operate the Website (such as customer support, hosting, data processors, analytics, email delivery, marketing, identity verification, and database management services).

Web3 projects and collaborators

We may share your Personal Information with web3 projects and collaborators as necessary to provide the Website.

Professional advisors

We may disclose your Personal Information to professional advisors, such as lawyers and auditors, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety

We may share your Personal information for compliance, fraud prevention, and safety purposes described above.

Financial transactions

If you conduct financial transactions by credit card or debit card through the Website, your credit/debit card information will be processed by the credit/debit card issuer and the credit/debit card acquirer. If you choose to use a credit/debit card, you may be asked to provide all the necessary information. The legal basis for processing is determined by the third party that processes your data, we do not have access to such data.

5. Your Rights and Choices

Opt out of marketing communications

You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.

Data protection rights

Depending on where you live, you may have the following rights, as provided under applicable law and subject to any limitations in such law:

To access the Personal information we hold about you (including, if applicable, to receive it in a structured and commonly used machine-readable format);
To request we correct any inaccurate Personal Data we hold about you;
To request we delete any Personal Information we hold about you;
To restrict the processing of Personal Data we hold about you;
To object to the processing of Personal Information we hold about you; and/or
To withdraw your consent to the processing of Personal Data we hold about you, when we have relied on consent as the legal basis to process your Personal Information.

Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity. In addition, we may have valid legal reasons to refuse your request and will inform you if that is the case. For more information on your rights, please contact us using the details in the “How to contact us” section below.

Please note that part of the Website incorporates blockchain technology. A blockchain is a shared and synchronized digital database that is stored on multiple nodes (computers that store a local version of the database). As, by design, data on a blockchain cannot be changed or deleted, your ability to exercise your data protection rights such as your right to erasure, or your rights to object or restrict processing with respect to onchain Personal Data may be affected.

6. International Data Transfers

By using the Website, you understand and acknowledge that we may transfer your Personal Information to service providers or other third parties who are located in countries which may not provide the same protections as the data protection laws where you are based. This includes service providers of the Website and e-commerce providers such as payment solution providers to assist us in the processing of your online payments. When we transfer your Personal Data to third parties abroad for the purposes of the data processing described in this Privacy Policy, unless we can rely on a derogation provided under data protection law, we will ensure that relevant safeguards are in place to afford adequate protection for your Personal Information and we will comply with applicable data protection laws, in particular if you reside in (i) the British Virgin Islands, UK or the EEA by relying on a UK government adequacy regulation or adequacy decision by the European Commission, (ii) the United States, by relying the the California Consumer Privacy Act, or (iii) other jurisdictions, by relying on contractual protections for the transfer of your Personal Information. For more information about how we transfer Personal Data internationally, please contact us as set out in the “How to contact us” section below.

The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.) affords consumers residing in California certain rights with respect to their personal information. If you are a California resident, this section applies to you.

7. Notice to California Residents

California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of certain categories of personal information to third parties for those third parties’ direct marketing purposes. To make such a request, please contact us using the information in the “How to Contact Us” section below. This request may be made no more than once per calendar year.

If you are a California resident, you have certain additional rights with respect to your personal information pursuant to the CCPA.

We are required to inform you of:

What categories of information we may collect about you, including during the preceding 12 months: See the section above “Information Obtained”.
The purposes for which we may use your personal information, including during the preceding 12 months: See the section above “Use of Personal Information”.
The purposes for which we may share your personal information, including during the preceding 12 months: See the section above “Sharing of Personal Information”. In addition, we may share the following categories of information with the following parties:
- Identity information: Service providers such as KYC service providers.
- Contact information: Marketing partners and event partners.
- Financial information: Service providers such as payment service providers and logistics providers.
- In the preceding 12 months, we have not sold any personal information of consumers.

You have the right to request to know: (i) the categories of personal information we have collected about you in the last 12 months; (ii) the specific pieces of personal information we have about you; (iii) the categories of sources from which that personal information was collected; (iv) the categories of your personal information that we sold or disclosed in the last 12 months; (v) the categories of third parties to whom your personal information was sold or disclosed in the last 12 months; and (vi) the purpose for collecting and selling your personal information. These rights are subject to limitations as described in the CCPA. We may deny your request if we need to do so to comply with our legal rights or obligations.

We will not discriminate against any consumer for exercising their CCPA rights.

You may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. To protect your information, we may need to verify your identity before processing your request, including by collecting additional information to verify your identity, such as government issued identification documents. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected personal information. We will only use the personal information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose. When we verify your agent’s request, we may verify your identity and request a signed document from your agent that authorizes your agent to make the request on your behalf. To protect your personal information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

If you would like to exercise any of these rights, please contact us at the email in the “How to Contact Us” section below.

8. Other Sites, Applications and Services

The Website may contain links to other websites, mobile applications, blockchain protocols, blockchain applications, blockchain exchanges and other online and blockchain services (collectively, “Third Party Resources”) operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included in Third Party Resources that are not associated with us. We do not control Third Party Resources, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your Personal Information. We encourage you to read the privacy policies of the Third-Party Resources you use.

9. Security Practices

We take precautions to protect your stored Personal Data against manipulation, partial or complete loss, and unauthorized access by third parties of Personal Information we maintain. Unfortunately, data transmission over the internet (including via blockchain) cannot be guaranteed as completely secure. Please note that any data transmission on the internet (including through blockchains) is generally not secure or may be accessed by third parties, and we accept no liability for data transmitted to us via the internet or through a blockchain.

10. Children

The Website is not intended for use by children under 13 years of age. If we learn that we have collected Personal Information through the Website from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.

11. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Website. We may also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Website.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Website (or as otherwise indicated at the time of posting).

12. How to Contact Us

If you have a concern about our privacy practices, including the way we handle your Personal Information, please contact us at: legal@onbeam.com. We will endeavor to respond to your complaint as soon as possible. You can also report it to your local data protection authority that is authorized to hear those concerns. Contact details for certain data protection authorities can be found using the links below:

For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
For individuals in Cayman Islands: https://ombudsman.ky/data-protection
For individuals in the UK: https://ico.org.uk/global/contact-us/
For individuals in Switzerland: https://www.edoeb.admin.ch/en/contact-2
For individuals in California: https://cppa.ca.gov/about_us/contact.html