Privacy Policy
Last Updated: May 2026
Introduction
This Privacy Policy (the “Policy”) explains how [LEGAL ENTITY NAME — 待补全] (operating the Bricopia platform; “Bricopia”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects your information when you access or use our websites, applications, APIs, blockchain or smart contract interfaces, or any other products and services we operate, including the Biological Asset-Backed Security (BABS) framework and related tooling (collectively, the “Bricopia Services”). This Policy supplements any jurisdiction-specific notices or product-specific disclosures we may provide and does not override them.
Who Is Providing This Notice
Bricopia is committed to protecting and respecting your privacy. The entity on whose behalf this Policy is made is [LEGAL ENTITY NAME — 待补全], together with, where applicable, any affiliated entity, manager, or service provider involved in operating the Bricopia Services (collectively, the “Bricopia Parties”). When we use the terms “we”, “us”, and “our” in this Policy, we are referring to Bricopia and the Bricopia Parties. When you provide us with your personal data, each Bricopia Party that decides how and why personal data is processed may be acting as a “data controller,” meaning it makes decisions on how to use and protect your personal data, but only to the extent that we have informed you about such use or are otherwise permitted by law.
The Data We Collect About You
| Category | Examples |
|---|---|
| Identity Data | First, middle, and last name; date of birth; nationality; ID/passport number; tax ID; gender. |
| Contact Data | Residential and billing address; email address; telephone numbers. |
| Financial & Blockchain Data | Blockchain wallet address and provider; token holdings (e.g., BRIC, BRICO); transaction hashes; on/off-ramp and settlement details; fees paid. |
| Transaction Data | Amount, date/time, counterparty, and related details of activity on the Bricopia Services. |
| Verification Data | KYC/AML records, source-of-funds documentation, sanctions/PEP screening results, and (where applicable) biometric verification data. |
| Technical & Usage Data | IP address, device type, operating system, browser type and version, cookies, and interaction logs. |
| Profile & Marketing Data | Username, preferences, feedback, survey responses, and marketing opt-ins. |
| Location Data | City-level geolocation derived from IP address. |
| Aggregated/Anonymized Data | Statistical or demographic data that cannot identify you. |
Beyond marketing preferences, we do not seek to build profiles of your political opinions, religious beliefs, or similar special categories of data, and we ask that you do not submit such information unless specifically requested for a lawful purpose.
Biological and Sample Data
The Bricopia Services reference underlying biological assets (such as Cord Blood Units) that are collected, processed, and stored by accredited processing, storage, and laboratory partners. Information relating to biological samples — including Proof of Process, Proof of Quality, custody and lifecycle records, and laboratory data — is recorded within our private blockchain registry.
We design the Bricopia Services to be privacy-first: biological and sample data recorded for tokenization purposes is intended to be anonymized or de-identified so that it does not, by itself, identify a donor or patient, and is handled in a manner consistent with applicable health-data and privacy requirements (which may include HIPAA-style safeguards where relevant). Where any health, biometric, or other sensitive personal data is processed, we will do so only on an appropriate legal basis (such as your explicit consent or another basis permitted by applicable law) and with appropriate safeguards. If you are a token user or investor rather than a sample donor, we generally do not collect your health data through the Bricopia Services.
How We Collect Data
- Directly from you — when you register, complete verification, contact us, or otherwise interact with the Bricopia Services.
- Automated technologies — cookies, server logs, smart contract events, and blockchain activity.
- Third-party or public sources — analytics vendors, identity verification and AML providers, banking and payment partners, processing/storage/laboratory partners, and public blockchains.
Why We Process Your Data
| Purpose | Legal Basis |
|---|---|
| Provide and operate the Bricopia Services | Contract performance |
| Verify identity and conduct KYC/AML and sanctions screening | Legal obligation / Legitimate interest |
| Record, verify, and maintain biological asset and tokenization data | Contract performance / Legitimate interest |
| Prevent fraud and secure systems | Legitimate interest |
| Process transactions and settlements | Contract performance |
| Communicate service updates and account notices | Legal obligation / Legitimate interest |
| Marketing of products and events (opt out any time) | Consent / Legitimate interest |
| Analytics and product improvement | Legitimate interest |
| Comply with audits, tax, and regulatory requests | Legal obligation |
We rely on consent only where required by applicable law (for example, sending certain third-party marketing emails, or processing special categories of data). You may withdraw consent at any time.
Sharing Your Data
We may share your data with:
- Bricopia group entities and affiliates;
- Processing, storage, and laboratory partners involved in the biological asset lifecycle;
- Banking and payment partners;
- Custodians, administrators, auditors, and legal and professional advisers;
- Identity verification and AML service providers;
- Cloud hosting, analytics, and communication vendors;
- Regulators, tax authorities, and law-enforcement agencies; and
- Prospective assignees or acquirers in business transactions.
We do not sell personal data for monetary consideration.
International Transfers
Your data may be transferred to and processed in countries outside your jurisdiction (including but not limited to Hong Kong, Singapore, the European Union, the United Kingdom, and the United States). Where required, we implement appropriate safeguards such as Standard Contractual Clauses or obtain your explicit consent.
Data Retention
We retain personal data for as long as necessary to fulfil the purposes outlined in this Policy, including legal, accounting, and regulatory requirements, and will securely delete or anonymize it thereafter.
Security
We employ administrative, technical, and physical safeguards — including encryption, access controls, and firewalls — to protect your data. No system is 100% secure; you are responsible for securing your wallet credentials, private keys, and authentication methods.
Your Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, object to, or port your data, or to withdraw consent. Submit requests via [privacy@bricopia — 待补全邮箱]. We will verify your identity and respond within the statutory timeframe. Please note that certain data recorded on a blockchain may be immutable and cannot be altered or deleted; in such cases we will explain the limits of our ability to act on a request.
Cookies and Tracking
We use cookies and similar technologies for site functionality, security, and analytics. You can disable cookies in your browser, but parts of the Bricopia Services may not function properly. We do not respond to Do-Not-Track signals at this time.
Children
The Bricopia Services are not directed to persons under 18. We do not knowingly collect personal data from minors. If we learn that we have inadvertently done so, we will delete such data promptly.
Changes to This Policy
We may update this Policy periodically. Material changes will be noted via email or a prominent notice on our website. Continued use of the Bricopia Services after the effective date constitutes acceptance of the revised Policy.
Contact Us
If you have questions, concerns, or wish to exercise your rights, please contact us at [privacy@bricopia — 待补全邮箱].
This Policy is provided for information only and does not constitute legal advice. Please consult professional counsel to ensure compliance with all applicable laws.