Cookie Policy

Glossary

Capitalised terms shall have the meanings assigned to them in these Terms, unless the context requires otherwise.

“Personal data” means any information relating to an identified or identifiable natural person. 

‍“Controller” means the entity that determines the purposes and means of processing personal data. 

‍“Processor” means a service provider that processes personal data on our behalf and according to our instructions. 

‍“EEA/UK” means the European Economic Area and the United Kingdom. 

‍“KYC/AML” means know‑your‑customer and anti‑money‑laundering compliance checks. 

1. Who we are

This Cookie Policy (the Policy) explains how Bleap Ltd and Bleap Finance Sp. z o.o. (together, “Bleap”, “we”, “us”, or “our”) use Cookies and similar technologies on our websites, mobile applications, and any online service that links to this Policy (together, the Services).

For information about our broader personal data practices, please see our Privacy Policy .

1.1 Controller and operating entities

For UK GDPR/EU GDPR purposes, the controller for personal data collected via Cookies is the Bleap group entity identified in the Privacy Policy: Bleap Ltd, 9th Floor, 107 Cheapside, London, EC2V 6DN, United Kingdom (serving UK and rest-of-world users), and Bleap Finance Sp. z o.o., ul. Domaniewska 37, lok. 2.43, 02-672 Warszawa, Poland (serving EEA users). In limited cases we act as joint controllers within the group; your primary point of contact is the operating entity serving you.

2. Scope

This Policy applies to:

• bleap.finance and associated domains/sub-domains;
  ‍
•  the Bleap mobile applications (iOS and Android);
  ‍
  
• Electronic identification/verification (EIDV) information: selfie photos or short videos used to verify likeness against your ID; may include biometric templates generated by our ID verification vendors where permitted by law. Where required, we will obtain your explicit consent. 
  ‍
  
• in-product webviews, widgets, and embedded content operated by or on behalf of Bleap; and
  ‍
  
• third-party tags and software development kits (SDKs) integrated into our Services.
  

3. What are Cookies and similar technologies?

Cookies are small text files placed on your device (computer, smartphone, or tablet) when you visit a website. They help websites function, enhance user experience, and provide information to operators. We also use related technologies, including local and session storage, SDKs in our mobile apps, pixels/tags/beacons, and device/advertising identifiers provided by mobile operating systems. In this Policy we refer to all of these collectively as Cookies.

4. Our principles for Cookies

• Data minimisation: We deploy only those Cookies necessary for operation and security, or those for which you have provided consent.
  ‍
• Non-custodial architecture: We do not access or store your seed phrase, private keys, or on-chain signing material through Cookies or SDKs.
  ‍
  
• Transparency and control: You can manage your preferences at any time via Cookie Settings (available in our website footer) and relevant device/browser settings.
  ‍
  

5. Categories of Cookies we use

5.1 Strictly Necessary

Essential for basic functionality such as secure page loading, session continuity, network routing, fraud prevention, and platform protection. These operate on the basis of our legitimate interests and do not require consent.

5.2 Performance / Analytics

Help us understand how the Services are used so we can improve reliability and performance (for example, measuring pages/screens viewed, session length, navigation paths, and feature adoption; running privacy-preserving A/B tests). These are used only with your consent, except where a limited exemption applies under local law.

5.3 Functionality

Enable enhanced features such as remembering interface settings and maintaining continuity of in-product support conversations. These are used only with your consent.

5.4 Targeting / Advertising

Support measurement of our marketing and, where you consent, help us show or suppress marketing to you on other services (for example, recognising that a visit led to a sign-up so we can cap or exclude further adverts). These are used only with your consent.

6. What information is collected via Cookies

Depending on your choices, Cookies may collect pseudonymous information including:

• Security and availability signals (strictly necessary): network and request metadata, device and browser characteristics, timestamps, and bot-detection or risk signals.
  
  
• Usage and performance metrics (analytics): a pseudonymous identifier, timestamps, pages/screens viewed, navigation flows, referral/UTM parameters, interaction events, device/app type, operating system, language, and approximate location at country or region level. We configure analytics to reduce identifiability where feasible.
  
  
  
• Support continuity data: a pseudonymous device or session identifier, session status, and basic context needed to re-open prior support conversations within the app or on the web.
  
  
• Marketing measurement and attribution data (targeting/advertising): a pseudonymous advertising or site identifier, referral/UTM parameters, high-level conversion events, and information indicating whether subsequent ads should be capped or suppressed. Where available and permitted, advertising systems may link this pseudonymous data to their own profiles to deliver or measure campaigns.

We do not collect precise geolocation via Cookies. IP address is used transiently to derive a coarse location (country/region) and for security/risk controls. We do not use Cookie-derived data to infer special category data about you.

7. Legal basis and consent management

• Legal basis: We rely on consent under applicable ePrivacy rules (UK PECR / EU ePrivacy laws as implemented) for all non-essential Cookies. For strictly necessary Cookies we rely on legitimate interests to operate secure, efficient Services.
  
  
• Consent capture: On first visit we display a banner with “Accept all”, “Reject non-essential”, and “Learn more and manage” options. Our consent layer (banner and preference centre) applies prior opt-in for non-essential Cookies in the UK/EEA and offers granular choices by purpose and, where relevant, by vendor. Non-essential Cookies are blocked until you opt in. Refusing non-essential Cookies is as easy as accepting them, and you may revisit your choices at any time via Cookie Settings.
  
  
• Proof of consent: We keep a record of consent signals (timestamp, choices, and a pseudonymous identifier) for compliance. We may ask you to refresh your choices periodically or when our purposes or providers change.
  
  
• Withdrawal: You can change or withdraw consent at any time via Cookie Settings, permenantly available in the website's footer.
  
  
• Signals: We honour Global Privacy Control (GPC) for targeting/advertising purposes where applicable. We do not respond to Do Not Track (DNT) signals.
  

Some service providers act under our instructions as processors; certain analytics/advertising partners may act as independent controllers for their own purposes when you consent. Details are presented in Cookie Settings.

Access to our core Services is not conditioned on consenting to non-essential Cookies. Where a lawful equivalent is offered (for example, an ads-free paid version), details will be provided separately.

8. Mobile applications and SDKs

Our apps use SDKs that perform similar functions to Cookies. You may manage advertising identifiers in your device settings and adjust in-app privacy controls. Where you consent to analytics or marketing measurement, SDKs may collect pseudonymous usage and attribution data consistent with sections 5–6.

9. Managing Cookies

You may manage Cookies by:

• Using our Cookie Settings to change or withdraw consent;
• Adjusting browser settings to block or delete Cookies; and
  
• Managing mobile advertising identifiers in device settings

Blocking certain Cookies may affect availability or functionality of features. Strictly necessary Cookies are required for core functionality.

Our Services may include embedded content or links to third-party sites (for example, support widgets, media players, or social plugins). Those parties may set their own Cookies when you interact with such content. Your choices in Cookie Settings apply to our use of Cookies; for third-party processing on their own sites, please review their notices and settings.

10. Retention

We retain Cookie-derived data only for as long as necessary for the purposes described above. Where specific periods are configured in Cookie Settings, those periods apply. Consent records are retained for up to five (5) years or longer, where required by law, to demonstrate compliance.

11. International transfers

Where Cookie-derived personal data is transferred outside the UK/EEA, we implement appropriate safeguards (such as adequacy decisions or standard contractual clauses) and, where required, transfer risk assessments. Further details are provided in our Privacy Policy.

12. Children

Our Services are not directed to children. We do not knowingly use Cookies to profile users below the relevant age thresholds under applicable law. If you believe a child has provided consent to non-essential Cookies, please contact us so we can remove such consent.

13. Contact us

If you have questions about this Policy or our use of Cookies, contact Bleap Ltd, 9th Floor, 107 Cheapside, London, United Kingdom, EC2V 6DN; email privacy@bleap.finance. You may also contact our Data Protection Officer at dpo@bleap.finance. For EEA matters, you may contact Bleap Finance Sp. z o.o., ul. Domaniewska 37, lok. 2.43, 02-672 Warszawa, Poland.

14. Changes to this Policy

We may update this Policy from time to time to reflect changes in technology, law, or our practices. When we make material changes, we will update the date at the top of this Policy and, where appropriate, display a prominent notice or obtain renewed consent.