BitLease Technologies Ltd. A subsidiary of 49G Holding Ltd. Incorporated in Abu Dhabi Global Market (ADGM) Registered Address: Unit PC-1, Level 7, Al Maryah Tower, Abu Dhabi Global Market Square, Abu Dhabi, Al Maryah Island, United Arab Emirates
ADGM Registration No.: 34619
Last Updated: 21 March 2026
Effective Date: 21 March 2026
Version: 1.0
This Cookie Policy (“Policy”) explains how BitLease Technologies Ltd. (“BitLease,” “we,” “us,” or “our”) uses cookies and similar tracking technologies on the BitLease platform, website, and mobile application (collectively, the “Platform”). It describes what these technologies are, why we use them, the specific cookies deployed, and your rights and choices regarding their use.
We want you to understand exactly what happens when you visit or use the Platform, and to have full control over which non-essential technologies are active on your device.
This Policy should be read in conjunction with our Privacy Policy, which provides comprehensive information about how we collect, use, and protect your personal data.
This Policy applies to all visitors to the BitLease website (www.bitlease.com), all registered users of the Platform (Clients and Lessors), all devices used to access the Platform (desktop, mobile, tablet), and cookies and similar technologies set by BitLease (first-party) and by our authorized service providers (third-party).
BitLease’s use of cookies complies with applicable law, including the EU/EEA ePrivacy Directive (Directive 2002/58/EC) as implemented by national laws (including the requirement for informed consent before placing non-essential cookies), the UK Privacy and Electronic Communications Regulations 2003 (PECR) as supplemented by ICO guidance, the UAE/ADGM Data Protection Regulations 2021 and applicable UAE federal data protection provisions, the Singapore Personal Data Protection Act 2012 (PDPA) including Do Not Call and consent provisions, and applicable national cookie and electronic communications laws in other jurisdictions where BitLease operates.
Where consent is required for the placement of non-essential cookies, BitLease obtains that consent before the cookies are set.
Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website or use an application. They are widely used to make websites and applications function properly, enhance user experience, and provide information to the operator.
First-party cookies are set by BitLease directly, by the domain you are visiting (bitlease.com).
Third-party cookies are set by domains other than BitLease, by our authorized service providers who perform functions on our behalf (such as analytics or security services).
Session cookies are temporary. They exist only for the duration of your browsing session and are deleted when you close your browser. They are used for essential functions like maintaining your login state while you navigate the Platform.
Persistent cookies remain on your device for a defined period (set by the cookie’s expiry date) or until you delete them manually. They are used for functions that need to recognize you across sessions, such as remembering your preferences or tracking analytics over time.
In addition to cookies, BitLease may use the following similar technologies:
Local storage: Data stored in your browser’s local storage (HTML5) for maintaining application state and user preferences. Functions similarly to persistent cookies but can store larger amounts of data.
Pixel tags (web beacons): Tiny, transparent image files embedded in web pages or emails that allow us to track whether a page has been viewed or an email has been opened. Used primarily for analytics and email delivery confirmation.
Device fingerprinting: Collection of device and browser characteristics (screen resolution, installed fonts, browser version, timezone) to create a device profile. Used primarily for fraud prevention, security, and detecting unauthorized access from Restricted Jurisdictions.
Software Development Kits (SDKs): Code libraries embedded in the BitLease mobile application that enable specific functionality such as analytics, crash reporting, and security monitoring.
BitLease uses four categories of cookies, each serving a distinct purpose. Only strictly necessary cookies and security/compliance cookies are placed without your consent. All other categories require your affirmative consent before activation.
| Category | Consent Required? | Can it be disabled? | Impact of Disabled |
|---|---|---|---|
| Strictly Necessary | No, essential for Platform operation | No, disabling will prevent Platform use | The platform will not function |
| Security and Compliance | No, it's essential for legal and security obligations | No, it's required for fraud prevention and regulatory compliance | Security and compliance controls compromised |
| Performance and Analytics | Yes, requires your consent | Yes, via cookie settings or the browser. | We lose insight into Platform performance; no impact on your experience |
| Functional and Preference | Yes, requires your consent | Yes, via cookie settings or the browser. | The platform reverts to default settings; your preferences are not remembered |
These cookies are essential for the Platform to function. Without them, the Platform cannot operate, and you cannot access your account or use LTO services. They are placed automatically when you access the Platform and do not require your consent.
| Cookie / Technology | Purpose | Type | Duration |
|---|---|---|---|
| __session_id | Maintains your authenticated session after login. Ensures continuity as you navigate between pages without requiring re-authentication. | First-party, session | Duration of browsing session |
| __csrf_token | Cross-Site Request Forgery protection. Prevents unauthorized commands from being submitted on your behalf. Essential security measure. | First-party session | Duration of browsing session |
| __device_id | Unique device identifier for multi-factor authentication (MFA) and trusted device recognition. Enables MFA workflows. | First-party, persistent | 12 months |
| __auth_token | Encrypted authentication token enabling secure, persistent login (when “remember me” is selected). | First-party, persistent | 30 days (or until logout) |
| __cookie_consent | Records your cookie consent preferences. Ensures non-essential cookies are not placed until you consent. | First-party, persistent | 12 months |
| __geo_check | Stores the result of jurisdiction verification to enforce access restrictions (Restricted Jurisdictions, US person blocking). Does not store the precise location. | First-party session | Duration of browsing session |
| __wallet_session | Maintains the connection state between your browser and your LTO Wallet for transaction processing. | First-party session | Duration of browsing session |
| __rate_limit | Tracks request frequency to prevent abuse and protect against brute-force attacks. | First-party session | Duration of browsing session |
These cookies support BitLease’s legal and regulatory obligations, including fraud prevention, AML/CFT compliance, sanctions enforcement, and platform security. They are classified as essential because they are required to comply with applicable law and protect the integrity of the Platform.
| Cookie / Technology | Purpose | Type | Duration |
|---|---|---|---|
| __fraud_sig | Device fingerprint used for fraud detection and prevention. Helps identify unauthorized access attempts, compromised accounts, and bot activity. | First-party, persistent | 6 months |
| __ip_check | Records IP-based jurisdiction information for sanctions compliance and restricted jurisdiction enforcement. Used to detect VPN/proxy usage that may indicate circumvention. | First-party session | Duration of browsing session |
| __risk_score | Session-level risk assessment indicator used by the compliance monitoring system. Does not contain personal data, only a numeric risk score. | First-party session | Duration of browsing session |
| __sec_event | Security event logging. Records security-relevant events (failed login attempts, password changes, MFA challenges) for audit and incident response. | First-party, persistent | 90 days |
| __bot_detection | Bot and automated access detection. Distinguishes between human users and automated scripts to prevent platform abuse. | First-party session | Duration of browsing session |
These cookies help us understand how the Platform is used, identify performance issues, and improve the user experience. They collect aggregated, anonymized, or pseudonymized data. They are placed only with your consent.
| Cookie / Technology | Purpose | Provider | Type | Duration |
|---|---|---|---|---|
| _ga | Google Analytics: Distinguishes unique users by assigning a randomly generated identifier. Used to calculate visitor counts, session counts, and campaign data. | Google LLC | Third-party, persistent | 24 months |
| _ga_[ID] | Google Analytics 4: Maintains session state and tracks page navigation. | Google LLC | Third-party, persistent | 24 months |
| _gid | Google Analytics: Distinguishes users for 24 hours. Used for session-level analytics. | Google LLC | Third-party, persistent | 24 hours |
| _gat | Google Analytics: Throttles request rate to manage data collection volume. | Google LLC | Third-party session | 1 minute |
| [analytics_provider] | [Alternative analytics provider if used]: Platform usage analytics, feature interaction tracking, conversion analysis. | [Provider] | Third-party, persistent | [Duration] |
| __perf_mon | Internal performance monitoring. Tracks page load times, API response times, and client-side error rates. No personal data. | BitLease | First-party session | Duration of browsing session |
Google Analytics Privacy Protections:
IP anonymization is enabled, meaning your full IP address is not stored by Google. Data sharing with Google is limited to aggregated analytics only. Advertising features are disabled, so there is no remarketing and no demographic reporting. User-level data is retained for a maximum of 14 months, then automatically deleted. No cross-site tracking is enabled. Google Analytics data is not used for any purpose other than Platform performance analysis.
These cookies remember your preferences and settings to provide a more personalized experience. They are placed only with your consent.
| Cookie / Technology | Purpose | Type | Duration |
|---|---|---|---|
| __lang | Remembers your language preference so you do not need to re-select on each visit. | First-party, persistent | 12 months |
| __theme | Remembers your display theme preference (e.g., dark mode settings). | First-party, persistent | 12 months |
| __currency_display | Remembers your preferred display currency for portfolio value (e.g., USD, EUR, AED equivalent). Does not affect contract denomination (which is always stablecoins). | First-party, persistent | 12 months |
| __notification_pref | Stores your notification display preferences (which notifications to show, which to suppress). | First-party, persistent | 12 months |
| __dashboard_layout | Remembers your dashboard customization choices. | First-party, persistent | 12 months |
For clarity and transparency, BitLease confirms that it does not use the following:
| Cookie Type | Status | Reason |
|---|---|---|
| Advertising/marketing cookies | Not used | BitLease does not run advertising networks, retargeting campaigns, or programmatic ads on the Platform. |
| Cross-site tracking cookies | Not used | BitLease does not track your activity across other websites. |
| Social media tracking cookies | Not used | No social media plugins (Facebook Pixel, Twitter tracking, and LinkedIn Insight) are embedded on the platform. |
| Third-party data broker cookies | Not used | BitLease does not sell, share, or provide data to data brokers or third-party data aggregators. |
| Remarketing/ retargeting cookies | Not used | BitLease does not use cookies to serve you ads on other websites based on your Platform activity. |
If BitLease introduces any of the above categories in the future, this Policy will be updated, and your consent will be obtained before any such cookies are placed.
When you first visit the Platform, a cookie consent banner is displayed. The banner informs you that the Platform uses cookies, provides a clear summary of cookie categories, and offers you three choices: Accept All, Reject Non-Essential, or Customize your preferences. No non-essential cookies are placed until you make a choice. The banner is compliant with the ePrivacy Directive’s requirement for informed, prior consent for non-essential cookies.
Accept All activates all cookie categories (strictly necessary + security + performance + functional).
Reject Non-Essential activities, only strictly necessary and security cookies. Performance and functional cookies are not placed.
Customize allows you to enable or disable each non-essential category individually.
The consent mechanism allows granular, per-category control. You can see exactly what you are consenting to and make informed choices:
| Category | Default State (Before Consent) | Can Be Toggled? |
|---|---|---|
| Strictly Necessary | Always on | No, cannot be disabled |
| Security and Compliance | Always on | No, cannot be disabled |
| Performance and Analytics | Off until consent | Yes, on/off |
| Functional and Preference | Off until consent | Yes, on/off |
BitLease does not use cookie walls. You are never required to accept non-essential cookies as a condition of accessing the Platform. Full Platform functionality (including LTO Contracts, LTO Wallets, Buyouts, and all financial services) is available with only strictly necessary and security cookies active.
Your consent preferences are recorded (via the __cookie_consent cookie) and retained for twelve (12) months. After expiry, you will be asked to renew your consent. The consent record includes the date and time of consent, the categories accepted or rejected, and the Platform version.
You can view and change your cookie preferences at any time through the Cookie Settings Panel, accessible from the Platform footer (link labeled “Cookie Settings” or “Cookie Preferences”), or through Privacy Settings within your account settings under the Privacy section. The cookie consent banner can be re-triggered from either location.
Changes take effect immediately. Cookies that are no longer consented to are deleted at the end of your current session (for session cookies) or flagged for non-renewal (for persistent cookies that cannot be retroactively deleted server-side).
You can also manage cookies through your browser settings. Most browsers allow you to view cookies currently stored on your device, delete some or all cookies, block all cookies or only third-party cookies, and set preferences for specific websites.
Browser-specific guidance:
| Browser | Settings Path |
|---|---|
| Google Chrome | Settings, Privacy and Security, Cookies and other site data |
| Mozilla Firefox | Settings, Privacy & Security, Cookies and Site Data |
| Apple Safari | Preferences, Privacy, Manage Website Data |
| Microsoft Edge | Settings, cookies, and site permissions, Manage and delete cookies |
| Mobile Safari (iOS) | Settings, Safari, Clear History and Website Data |
| Mobile Chrome (Android) | Settings, Privacy and Security, Clear browsing data |
Important: If you block all cookies (including strictly necessary cookies) through your browser, the Platform will not function. You will not be able to log in, access your LTO Wallet, or manage your contracts. We recommend using the Platform’s cookie settings panel for granular control rather than blanket browser-level blocking.
BitLease honors the “Do Not Track” (DNT) browser signal. When DNT is enabled, all non-essential cookies (performance and functional) are disabled, regardless of any prior consent. Only strictly necessary and security cookies remain active. No analytics data is collected for users with DNT enabled.
BitLease recognizes and respects the Global Privacy Control (GPC) signal where applicable. When GPC is detected, non-essential cookies are not placed, and the signal is treated as an opt-out of non-essential tracking.
The following third-party service providers may set cookies or process cookie-derived data on the Platform:
| Provider | Purpose | Data Processed | Cookie Category | Privacy Policy |
|---|---|---|---|---|
| Google LLC | Google Analytics, Platform usage analytics | Anonymized IP, page views, session data, device/browser info | Performance & Analytics (consent required) | https://policies.google.com/privacy |
| Fireblocks | Session integrity for custody operations | Session tokens (no personal data in cookies) | Strictly Necessary | https://www.fireblocks.com/privacy-policy |
| [KYC Provider] | Identity verification session management | Session tokens during verification flow | Strictly Necessary | [URL] |
| [Payment Processor] | Payment session integrity | Session tokens during payment flow | Strictly Necessary | [URL] |
All third-party service providers are bound by data processing agreements (DPAs) with BitLease, required to process data only for the specified purposes, subject to the security and privacy requirements described in our Privacy Policy, and prohibited from using cookie-derived data for their own marketing or advertising purposes.
BitLease does not allow third-party advertisers, ad networks, or data brokers to place cookies on the Platform.
The BitLease mobile application uses device-level storage and SDKs that function similarly to cookies. These include app session tokens that maintain authenticated sessions within the app, device identifiers used for MFA, fraud prevention, and trusted device recognition, analytics SDKs that collect anonymized usage data (if you have consented to analytics), and push notification tokens that enable delivery of payment reminders, contract status updates, and security alerts.
You can manage mobile analytics and notification preferences through the app’s Settings under the Privacy section, or through your device’s operating system settings (for push notifications and app permissions).
Most cookies used by BitLease do not contain personal data. They contain randomly generated identifiers, numeric scores or flags, encrypted session tokens, and preference settings.
Where a cookie contains or is linked to personal data (e.g., the __device_id cookie linked to your account through server-side records), that data is processed in accordance with our Privacy Policy, including all data subject rights (access, rectification, erasure, portability, objection).
Cookie-derived data may be transferred to countries outside your country of residence for processing by our service providers (e.g., Google Analytics data processed by Google in the United States). All cross-border transfers are subject to the safeguards described in the Privacy Policy (SCCs, adequacy decisions, or supplementary measures).
| Cookie Category | Data Retention |
|---|---|
| Strictly Necessary | Duration of session or as specified per cookie (max 12 months) |
| Security and Compliance | As specified per cookie (max 6 months for persistent; session for others) |
| Performance and Analytics | Google Analytics: 14 months from collection. Internal analytics: 24 months, then aggregated and anonymized. |
| Functional and Preference | 12 months from setting, then refreshed if consent renewed |
| Consent record | 12 months from consent date |
Upon expiry, cookie data is deleted or anonymized in accordance with our data retention practices.
The Platform is not intended for individuals under eighteen (18) years of age or the age of legal majority in their jurisdiction. We do not knowingly place cookies on devices belonging to minors. If we become aware that cookie data has been collected from a minor, we will delete that data.
We may update this Cookie Policy to reflect changes in our practices, technology, applicable law, or cookie usage. Material changes will be communicated through a prominent notice on the Platform, an updated cookie consent banner requiring renewed consent where applicable, and updates reflected in the “Last Updated” date at the top of this Policy.
Where changes affect the scope of cookie categories or introduce new tracking technologies, we will obtain your renewed consent before any new non-essential cookies are placed.
Previous versions of this Policy are available upon request from privacy@bitlease.com.
If you have questions about this Cookie Policy or our use of cookies:
BitLease Technologies Ltd. A subsidiary of 49G Holding Incorporated in Abu Dhabi Global Market (ADGM) Registered Address: Unit PC-1, Level 7, Al Maryah Tower, Abu Dhabi Global Market Square, Abu Dhabi, Al Maryah Island, United Arab Emirates
ADGM Registration No.: 34619
| Department | |
|---|---|
| Data Protection Officer | dpo@bitlease.com |
| Privacy Inquiries | privacy@bitlease.com |
| General Inquiries | info@bitlease.com |
Website: www.bitlease.com