ARCANE Get early access
Commodities How it works About Contact Early access →
§ Legal

Privacy Policy

How Meridian Digital Group LLC collects, uses, shares, and protects your personal information.

Effective
April 10, 2026
Updated
April 10, 2026
Controller
Meridian Digital Group LLC
At a glance

We collect what we need to verify your identity, process your transactions, secure your account, and meet our legal obligations. We do not sell your personal information. We do not share it for cross-context behavioral advertising.

1. Introduction

This Privacy Policy ("Policy") describes how Meridian Digital Group LLC ("Meridian," "we," "us," or "our") collects, uses, shares, and protects personal information in connection with the Arcane website (arcane.finance and subdomains), the Arcane trading application (the "Trading App"), and related services (collectively, the "Services"). By using the Services, you acknowledge the practices described here. If you do not agree, please do not use the Services.

This Policy supplements, and does not replace, any other notices we may provide at the point of data collection. Capitalized terms not defined in this Policy have the meanings given in our Terms of Service.

2. Information We Collect

2.1 Information you provide directly

  • Identity information: full legal name, date of birth, nationality, residential address, government-issued identification (passport, driver's license, national ID card), photo or selfie for liveness checks, signature, taxpayer identification number, and similar verification data.
  • Contact information: email address, phone number, company or organization name, job title.
  • Financial information: source of funds, wealth, and occupation disclosures; bank account and wire routing details; linked card information (tokenized); wallet addresses; transaction history; beneficial ownership information for entity accounts.
  • Account information: username, password hash, security questions, multi-factor authentication settings, recovery contacts, and account preferences.
  • Communications: messages you send us through contact forms, email, chat, phone, support channels, and social media, including any recordings where notified and permitted.
  • Early-access and marketing: name, email, country, region, role, interests, and any preferences you submit via our forms.
  • User-generated content: feedback, survey responses, testimonials, and any other content you submit.

2.2 Information collected automatically

  • Device and browser: IP address, device identifiers, device model and manufacturer, operating system and version, browser type and version, language preferences, time zone, screen resolution.
  • Usage: pages visited, features used, button clicks, session duration, referring URLs, search queries within the Services, error and crash logs, performance metrics.
  • Location: approximate geographic location derived from IP address. We do not collect precise GPS location unless you explicitly grant permission on a mobile device.
  • Authentication and security telemetry: login attempts, device fingerprints, risk signals used for fraud prevention.

2.3 Information from third parties

  • Identity verification providers: KYC/AML vendors who return verification results, watchlist matches, sanctions screening outcomes, and risk scores.
  • Blockchain analytics providers: wallet risk scores, on-chain transaction patterns, and counterparty exposure data relevant to sanctions, AML, and fraud compliance.
  • Payment processors, banks, and custodians: deposit and withdrawal confirmations, wire details, reserve status, and physical-delivery coordination data.
  • Fraud and security vendors: device reputation signals, bot detection, and threat intelligence.
  • Public sources: corporate registries, sanctions lists, adverse media databases, and public blockchain explorers.
  • Advertising and analytics partners: aggregated or deidentified reporting on marketing campaigns.

3. How We Use Information

We use personal information to:

  • Provide, operate, and maintain the Services;
  • Verify your identity and comply with KYC, BSA, AML, OFAC, Travel Rule, and other regulatory obligations;
  • Process mints, redemptions, transfers, and fund movements, including communication with banks, custodians, and payment processors;
  • Detect, investigate, and prevent fraud, money laundering, sanctions evasion, market manipulation, account takeovers, and other prohibited activity;
  • Secure our Services and your account, including through authentication, session management, and threat detection;
  • Communicate with you about account activity, security alerts, transactional notices, policy updates, and support requests;
  • Send, with your consent or where permitted by law, marketing and promotional communications about our Services and, subject to your preferences, those of trusted partners;
  • Improve the Services through analytics, A/B testing, debugging, and usage research;
  • Comply with legal obligations, court orders, regulatory examinations, subpoenas, and lawful government inquiries;
  • Enforce our Terms of Service and protect our rights, property, and the rights and safety of our Users and the public;
  • Evaluate and complete corporate transactions such as mergers, acquisitions, financings, and reorganizations, subject to appropriate confidentiality obligations.

Where applicable (for example, under the EU General Data Protection Regulation, the UK GDPR, or similar regimes), we rely on one or more of the following legal bases to process personal information:

  • Performance of a contract with you, including providing the Services you request;
  • Compliance with a legal obligation, including KYC/AML, tax reporting, and sanctions compliance;
  • Our legitimate interests in operating, improving, and securing the Services, preventing fraud, and communicating with customers, provided those interests are not overridden by your rights;
  • Your consent, which you may withdraw at any time without affecting the lawfulness of prior processing;
  • Compliance with a legal claim or public interest, where applicable.

5. How We Share Information

We share personal information only in the following circumstances:

  • Service providers who perform services on our behalf — including KYC/AML vendors, cloud infrastructure providers, analytics providers, customer support platforms, email and messaging delivery, fraud detection vendors, blockchain analytics providers, and professional services firms — in each case subject to contractual confidentiality and data-protection obligations;
  • Custodians, banks, payment processors, and clearing partners as necessary to process your transactions and to maintain reserves;
  • Auditors, counsel, and professional advisors under professional duties of confidentiality;
  • Regulators and law enforcement when required by Applicable Law, court order, subpoena, or in response to a lawful government request, or where we believe in good faith that disclosure is necessary to protect rights, property, or safety;
  • Affiliates within the Meridian group, who are bound by this Policy;
  • Successors in connection with a merger, acquisition, reorganization, financing, or sale of all or a portion of our assets, subject to appropriate confidentiality protections;
  • With your direction or consent, for any other purpose disclosed at the time of collection.

We do not sell personal information for monetary consideration as those terms are defined under the CCPA and similar laws. We do not share personal information for cross-context behavioral advertising.

6. Cookies and Tracking Technologies

We use cookies, pixels, local storage, and similar technologies to operate the Site, remember preferences, authenticate sessions, prevent fraud, and measure usage. We use both first-party and third-party cookies. You can control cookies through your browser settings, our in-product cookie preferences (where available), or industry opt-out tools. Disabling cookies may impair some functionality. We honor Global Privacy Control ("GPC") signals where applicable under state law.

Categories of cookies we use:

  • Strictly necessary — required for authentication, security, and core Service functionality. Cannot be disabled.
  • Functional — remember preferences like language and display settings.
  • Analytics — help us understand usage patterns and improve the Services. Typically deidentified or aggregated.
  • Marketing — used only with your consent where required, to measure the performance of our marketing.

7. Blockchain Data

Blockchain transactions are public and generally immutable. Wallet addresses, token balances, transaction amounts, timestamps, and the relationships between wallets may be visible on the underlying public blockchains. Meridian cannot delete, modify, or anonymize data that has been recorded on a public blockchain. You should not expect privacy with respect to on-chain activity. We may use blockchain analytics to correlate on-chain addresses with accounts for compliance purposes.

8. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. Our program includes, without limitation: encryption of data in transit (TLS 1.3) and at rest (AES-256), role-based access controls, network segmentation, hardware-backed key storage, privileged-access management with multi-factor authentication, continuous logging and monitoring, vulnerability management, regular third-party penetration testing, formal incident response procedures, and SOC 2 Type II controls. No security program is perfect, and we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and using the security features we make available, including multi-factor authentication.

9. Data Retention

We retain personal information for as long as necessary to provide the Services, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. BSA/AML regulations require us to retain certain records for at least five (5) years after the termination of your account or the date of a relevant transaction. Tax records may be retained for up to seven (7) years. Records related to actual or threatened litigation, audits, or regulatory investigations may be retained longer. Records with no ongoing legal, operational, or customer-service purpose are deleted, anonymized, or aggregated in accordance with our retention schedule.

10. Your Rights

Subject to Applicable Law and the limitations discussed below, you may have the right to:

  • Access — obtain a copy of the personal information we hold about you;
  • Correct — request correction of inaccurate or incomplete information;
  • Delete — request deletion of your personal information, subject to our retention obligations;
  • Restrict or object — restrict or object to certain processing, including direct marketing;
  • Portability — receive a copy of your personal information in a structured, commonly used, machine-readable format;
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing;
  • Complaint — lodge a complaint with a supervisory or data protection authority.

To exercise any of these rights, contact us at privacy@arcane.finance. We may need to verify your identity before responding. We will respond within the time frames required by Applicable Law. We will not discriminate against you for exercising your rights. In certain cases, we may be unable to honor a request — for example, where retention is required by law, where deletion would impair our ability to detect fraud, or where the rights of another person are implicated.

11. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), provides you with specific rights, including the right to know what personal information we collect, the right to delete, the right to correct, the right to opt out of any "sale" or "sharing" (we do not sell or share for cross-context behavioral advertising as those terms are defined), the right to limit use of "sensitive personal information," and the right to non-discrimination for exercising these rights.

To exercise these rights, email privacy@arcane.finance. You may also designate an authorized agent to make a request on your behalf. In the preceding twelve (12) months, we have collected the categories of personal information described in Section 2, used it for the purposes described in Section 3, and shared it with the categories of recipients described in Section 5. We retain each category for the periods described in Section 9.

12. European Economic Area and United Kingdom Rights

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the GDPR, UK GDPR, or applicable Swiss law as described in Section 10. Our legal bases for processing are described in Section 4. The controller of your personal information is Meridian Digital Group LLC. Where required, we have appointed an EU/UK representative whose contact details are available on request. You have the right to lodge a complaint with your local data protection authority; for EU residents this is typically the authority in your country of residence.

13. International Transfers

Meridian is based in the United States. If you access the Services from outside the U.S., your information will be transferred to, stored, and processed in the U.S. and other jurisdictions where our service providers operate. Some of these jurisdictions may not provide the same level of data protection as your home jurisdiction. Where required, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and, for UK transfers, the UK International Data Transfer Addendum, supplemented by additional organizational and technical measures.

14. Children

The Services are not directed to individuals under 18 years of age, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@arcane.finance and we will take appropriate steps to delete it.

15. Marketing Communications

We may send you marketing communications about our Services where permitted by Applicable Law. You can opt out of marketing emails by clicking the unsubscribe link in any such email, by updating your preferences in your account settings, or by emailing us. Opting out of marketing does not affect transactional, security, or legal notices, which are necessary for the Services.

16. Third-Party Links and Services

The Site and Trading App may contain links to third-party websites, services, or integrations. This Policy does not apply to third-party practices. We encourage you to review the privacy notices of any third parties before providing them with information.

17. Do Not Track

Some browsers offer a "Do Not Track" signal. There is currently no industry consensus on how such signals should be interpreted, and we do not currently respond to generic Do Not Track signals. We honor Global Privacy Control ("GPC") signals where applicable under state law, as described in Section 6.

18. Changes to This Policy

We may update this Policy from time to time. The "Updated" date at the top indicates when this Policy was last revised. For material changes, we will provide notice by email or through an in-app notice before the changes take effect, except where a shorter notice period is required by Applicable Law. Your continued use of the Services after the effective date of an updated version constitutes acceptance of the changes.

19. Contact Us

Meridian Digital Group LLC
Attn: Privacy Officer
1309 Coffeen Avenue, Suite 1200
Sheridan, WY 82801
United States
Privacy: privacy@arcane.finance
Legal: legal@arcane.finance

© Meridian Digital Group LLC · All rights reserved