Privacy Policy

Last Updated: May 19th, 2026

EmeraldPay Ltd ("EmeraldPay", "Company", "us", "we", or "our") is the data controller responsible for personal data processed in connection with the websites at emerald.cash and its subdomains, our wallet applications, the Emerald Weather application, and our other products and services (together, the "Services"). This Privacy Policy ("Policy") explains what information we handle, how we handle it, and the rights you have. The Sierra API service is covered by a separate Privacy Notice and is not addressed here.

Summary

EmeraldPay is built around minimising data collection. The Services do not require accounts and do not ask for your name, email address, phone number, identity documents or financial information. We do not custody your funds, your private keys or your recovery phrases — those remain solely on your device.

The only information we routinely process about you when you use the Services is technical information generated by your device communicating with our servers (such as IP addresses and request logs), and any information you choose to send us when you contact us. The rest of this Policy explains what that means in detail.

Who We Are and How to Contact Us

EmeraldPay Ltd is a company registered in England and Wales (company number 15604412), with its registered office at 86-90 Paul Street, London, England, EC2A 4NE. If you have a question about this Policy or want to exercise any of your rights, please contact us at [email protected].

Information We Collect

Information You Choose to Provide

We do not operate user accounts for the Services covered by this Policy. We do not ask for your name, email address, phone number or any other personal information in order to use them.

If you contact us by email or through another communication channel (for example, support, legal, partnerships, press), we will receive the information you choose to send, which may include your name, email address or other contact details, the contents of your message, and any attachments. We use that information only to respond to you and to maintain a record of the correspondence.

Information We Collect Automatically

When you visit our websites or use our applications, our servers may automatically receive and record certain technical information, which may include:

  • Internet Protocol (IP) address of the device you are using;
  • user agent string (browser type, application version, operating system);
  • referring and exit pages (for websites);
  • date and time of the request; and
  • the resource or endpoint requested.

This information is used for the limited purposes set out in "How We Use the Information" below. It is not combined with any other personal data, and it is not used to build a profile of you or to track you across other sites or applications.

Information About Transactions on Public Blockchains

If you use a wallet (desktop, mobile or console) to send or receive cryptocurrency, the transaction is recorded on the relevant public blockchain. Information recorded on a public blockchain (including addresses, amounts and timestamps) is publicly accessible and is not under our control. We do not associate that public on-chain information with any personal data.

Information Collected by Mobile Operating Systems and App Stores

If you install Emerald Weather from the Apple App Store or Google Play, the relevant store will collect certain information about installations, updates and crashes in accordance with its own privacy policy. Apple and Google may share aggregated or anonymised data with us through their developer dashboards. Information collected by the app stores is governed by their privacy policies, not ours.

Cookies and Similar Technologies

Our websites may use cookies and similar technologies (such as local storage). We aim to keep this use to a minimum:

  • Strictly necessary cookies — required for the site to function (for example, security and load balancing). These do not require your consent.
  • Functional cookies — used to remember preferences such as language or theme. These are set only with your consent where required by law.
  • Analytics or marketing cookies — we do not currently use these. If we do in the future, we will update this Policy and seek your consent where required.

You can control cookies through your browser settings. Blocking strictly necessary cookies may prevent parts of the site from working correctly.

How We Use the Information and Our Legal Basis

We use the information described above for the following purposes, relying on the legal bases under Article 6 of the UK GDPR shown alongside each purpose:

  • To operate, maintain and secure the Services (legal basis: our legitimate interests in providing a secure, reliable service and preventing fraud and abuse).
  • To diagnose technical problems and improve the performance and reliability of the Services (legal basis: our legitimate interests in maintaining and improving the Services).
  • To respond to your communications and to keep a record of correspondence (legal basis: our legitimate interests in handling enquiries; in some cases, the performance of a contract or steps taken at your request).
  • To comply with legal and regulatory obligations and to respond to lawful requests from public authorities (legal basis: compliance with a legal obligation to which we are subject).
  • To establish, exercise or defend legal claims (legal basis: our legitimate interests in protecting our rights, and, where required, compliance with a legal obligation).

We do not use your information for marketing, profiling or automated decision-making.

Sharing and Disclosure of Information

We do not sell your personal data. We share information only with:

  • Service providers acting on our behalf, such as hosting and infrastructure providers, that process information under written contracts which require them to use it only for the purposes we specify and to keep it secure;
  • Professional advisers (such as lawyers, accountants and auditors) where we need to do so to obtain advice, manage our business or respond to legal proceedings;
  • Public authorities, courts and regulators, where we are required or permitted by law to share information; and
  • Acquirers or successors in the event of a corporate transaction (such as a merger or sale of assets), under appropriate confidentiality arrangements.

International Data Transfers

Some of our service providers are located outside the United Kingdom and the European Economic Area. Where we transfer personal data outside the UK, we rely on one of the following safeguards required under UK GDPR:

  • transfers to a country that the UK has determined provides an adequate level of data protection;
  • the UK International Data Transfer Agreement (IDTA), or the European Commission Standard Contractual Clauses together with the UK International Data Transfer Addendum; or
  • another appropriate safeguard recognised under UK GDPR.

If you would like more information about the safeguards we use for international transfers, please contact us using the details above.

How Long We Keep Information

We keep personal data only for as long as we need it for the purposes set out in this Policy, after which we delete or anonymise it. As an indicative guide:

  • Website server access logs (for example, requests to our marketing site and Receipt): kept for up to 90 days for operational and security purposes, after which they are deleted or anonymised.
  • API request logs: our API supports both our own applications (including Emerald Weather and our wallet Services) and the Sierra API service used by third-party customers. All API requests pass through the same infrastructure and are recorded in the same logs. Because we cannot technically separate requests originating from our own free Services from requests made by paid Sierra customers, all API request logs are retained on the same basis. We keep them for as long as we need them, and at least for the period required by applicable record-keeping laws (typically at least six years for accounting and tax records under UK law). We retain these logs to: (i) investigate or respond to security incidents and abuse; (ii) investigate, defend or pursue legal claims; (iii) comply with statutory record-keeping and audit obligations; and (iv) maintain billing, usage and audit records for the Sierra service. Access to retained logs is restricted to staff with a specific need.
  • Email correspondence: kept for as long as needed to handle your enquiry and for a reasonable period afterwards, typically up to 24 months, unless we are required to retain it for longer for legal or regulatory reasons.
  • Records we are required to keep by law (for example, accounting and tax records): kept for the period required by the applicable law (typically at least six years in the UK).

Data Security

We use technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure or destruction. These include encryption in transit (TLS) for traffic with our servers, access controls and logging on our internal systems, and restricting access to personal data to staff who need it to perform their duties.

No security measures are perfect. While we work to protect personal data, we cannot guarantee absolute security. For wallet users: your private keys and recovery phrases remain on your device. We cannot recover them for you. Keeping them secure is your responsibility.

Your Rights and Choices

Where we hold personal data about you, you have the following rights under UK GDPR:

  • Right of access — to obtain a copy of the personal data we hold about you.
  • Right to rectification — to have inaccurate or incomplete personal data corrected.
  • Right to erasure ("right to be forgotten") — to have personal data deleted in certain circumstances.
  • Right to restriction of processing — to ask us to limit how we use your personal data in certain circumstances.
  • Right to object — to object to our processing of your personal data where we rely on our legitimate interests.
  • Right to data portability — to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller, where we process it on the basis of consent or contract and by automated means.
  • Right to withdraw consent — where we rely on your consent, you can withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

Because most of the Services do not require an account and we collect very limited information, we may not always be able to identify the data we hold about you without further information from you (for example, a specific date and IP address). We will tell you if that is the case and work with you to identify the relevant records if we can.

To exercise any of these rights, please contact us at [email protected].

If you believe that we have not handled your personal data properly, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or with the data protection authority in the country where you live or work.

Mobile Application Specifics

Some specific points about our mobile applications:

  • We do not track you across other companies' apps and websites for advertising purposes.
  • We do not use the App Tracking Transparency framework to request permission to track you.
  • Location data, contacts, photos, and microphone are not accessed by our apps unless and until we explicitly tell you and (where required) ask for your permission.
  • The privacy disclosures we publish on the Apple App Store (Privacy Nutrition Labels and Privacy Manifest) and on Google Play (Data Safety section) reflect the position described in this Policy.

Third-Party Links

Our Services may contain links to, or interoperate with, third-party websites, applications, blockchain networks, smart contracts and other services. We have no control over and assume no responsibility for the content, privacy practices or terms of any third party. Use of any third-party service is governed by that party's privacy policy and terms.

Children's Privacy

The Services are not directed at children under 13, and we do not knowingly collect personal data from children under 13. If you are a parent or guardian and you believe a child has provided personal data to us, please contact us and we will take steps to delete that information.

Changes to This Privacy Policy

We may update this Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. If we make material changes to how we handle personal data, we will use reasonable efforts to bring those changes to your attention, for example by posting a prominent notice on the Services. We encourage you to review this Policy periodically.

Contact Us

If you have any questions about this Policy or our data practices, or to exercise any of your rights, please contact us at:

Email: [email protected]

Mail: EmeraldPay Ltd, 86-90 Paul Street, London, England, EC2A 4NE