Sceptre - Privacy Policy
Last Updated: June 29th, 2026
Introduction
This Privacy Policy (the "Privacy Policy") explains how Rome Blockchain Labs (the "Company", "we", "us", or "our") handles the personal data of individuals — referred to as "Data Subjects", "you", or "your" — in connection with accessing and using the website and any services available at https://sceptre.fi (together referred to as the "Services").
The Services include Sceptre’s liquid staking protocols on Flare and Partisia, and a Real World Asset (RWA) Vault. Given the nature of these Services, the personal data we process is limited primarily to blockchain-related identifiers. We do not collect names, email addresses, or other traditional personal data unless you contact us directly.
This Privacy Policy is governed by and complies with the General Data Protection Regulation (GDPR) as applicable to users in the European Economic Area (EEA), the applicable data protection laws of Panama, and, to the extent applicable, U.S. state privacy laws including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) as they apply to residents of California and other U.S. states with substantially similar legislation.
Categories of Personal Data Collected, Purposes of and Bases for Processing
When providing the Services, certain personal data may be processed for the following purposes:
-
Providing access to the Sceptre protocols (liquid staking on Flare and Partisia; RWA Vault on Ethereum): Wallet addresses, on-chain transaction data, and balance information (Legal Ground: Contractual obligations, Terms of Service).
-
Communicating with you regarding inquiries or support requests: Any information you voluntarily provide when contacting us (e.g. content of your message) (Legal Ground: Legitimate interests / contractual obligations).
-
Complying with legal and regulatory obligations: Wallet addresses and transaction data as required by applicable law (Legal Ground: Legal obligation).
Your personal data is collected directly from you or from public blockchain networks that you interact with through the Services. We do not process special categories of personal data (such as health, biometric, or political data) and do not seek to do so.
If you would like to learn more about the definitions used throughout this document, such as "legal grounds" and "legitimate interests", EEA residents may visit the Information Commissioner’s Office website at https://ico.org.uk.
Blockchain Data and Public Networks
Sceptre’s Services operate across multiple public blockchain networks, including Flare, Partisia, and Ethereum. You should be aware that:
-
Transactions on public blockchains are recorded immutably and cannot be erased, modified, or altered by us or any other party.
-
Blockchain data is publicly visible and may be subject to forensic analysis, which can lead to deanonymization, particularly when combined with other data sources.
-
Because these are decentralized, third-party networks not controlled or operated by the Company, we are unable to fulfil erasure or rectification requests in relation to data recorded on-chain.
We recommend that you consider the public and permanent nature of blockchain transactions before interacting with the Services.
Cookies and Automatically Collected Data
Cookies are small files placed on the hard drive of your computer or mobile device. Sceptre uses cookies solely for functional purposes, for example, to record your acknowledgment of the privacy banner on its website. We do not use cookies for analytics or advertising purposes.
In addition, we may process certain technical data when you visit the Site, including IP address, approximate location derived from IP address, and device identifiers. We use this data to operate and secure the Site, to prevent fraud and abuse, to screen for sanctioned and prohibited persons, to apply geographic access controls required for compliance (including for the RWA Vault), and to maintain and improve the Services. The legal bases for this processing are our legal obligations and our legitimate interests in the security, integrity, and lawful operation of the Services. Where required, we apply IP-based geographic restrictions to certain Services.
If you are a resident of the European Economic Area and you are under the age of 16, please do not submit any personal data through the Services or the website. We do not knowingly collect or process personal data about children, where a child under the GDPR is defined as an individual below the age of 16.
Your Rights With Regard to Personal Data Processing
In connection with accessing and using the Services, you are entitled to exercise certain rights. Where the GDPR applies to you as an EEA resident, those rights include the following (subject to the limitations described below):
Right to Access: you may request a copy of the personal data we hold about you by contacting us via the email address set out below.
Right to Rectification: where technically possible, you may request correction of inaccurate personal data. Note that data recorded on public blockchain networks cannot be rectified by us.
Right to Erasure (Right to be Forgotten): you may request deletion of personal data we hold about you, to the extent technically possible. As noted above, on-chain data cannot be erased.
Right to Restriction of Processing: you may request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability: where applicable, you may request that we provide your personal data in a structured, commonly used, and machine-readable format.
Right to Object: you may object to processing based on legitimate interests where you believe your rights and freedoms override those interests.
Automated Decision-Making and Profiling: we do not carry out automated decision-making or profiling in relation to your personal data. Your consent will be sought before undertaking any such activities.
Consent Withdrawal: where processing is based on your consent, you may withdraw that consent at any time by contacting us.
You also have the right to lodge a complaint with a competent data protection supervisory authority in your country of residence.
Please note that the exercise of some of these rights may be limited or not possible given the nature of the Services, particularly in relation to data held on public blockchain networks.
Personal Data Storage Period
Your personal data will be stored only for as long as necessary for the purposes for which it was collected. Specifically:
-
For as long as it is necessary to render you the Services;
-
Until you make a valid data deletion request (where technically possible);
-
As required by applicable law or regulatory obligation; or
-
In other circumstances prescribed by applicable law.
In any event, your personal data will not be stored for periods longer than is necessary for the purposes of the processing.
Personal Data Recipients and Transfer of Personal Data
For the purposes of rendering the Services and operating the website, your personal data may be shared with the following categories of recipients:
Service Providers: providers, consultants, advisors, vendors, and partners acting as data processors (meaning they process your personal data on our behalf and according to our instructions). These may include hosting providers and technical infrastructure providers. We enter into data processing agreements with all such parties as required by applicable law to protect and secure your personal data using appropriate technical and organisational measures.
RWA Service Providers: where you use the RWA Vault, on-chain identifiers such as your wallet address and transaction data may be shared with Vandros and Trad.Fi, as independent third-party providers of the RWA Vault and related lending services, for the purpose of operating those services and meeting their own legal and compliance obligations. These parties act as independent controllers in respect of the data they receive, and their own privacy terms apply.
Governmental and Regulatory Authorities: only in strict compliance with applicable law, your personal data may be shared with governmental authorities pursuant to a legal decision or court order mandating disclosure. In any such case, we will endeavour to disclose only the minimum portion of data required.
Third Parties at Your Request: your personal data may be shared with other third parties where you have explicitly requested us to do so, provided doing so does not infringe applicable law.
Where personal data is transferred outside of the EEA, we will ensure appropriate safeguards are in place in accordance with GDPR requirements, such as standard contractual clauses or equivalent mechanisms.
Security of Processing
We take appropriate technical and organisational measures to protect your personal data from loss, misuse, or unauthorised access. These measures apply both during transmission and once data is received. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.
Contacts and Requests; Changes to this Privacy Policy
Please send all requests, queries, and complaints in connection with your rights relating to personal data protection and processing to [email protected]
For the purposes of Article 27 of the GDPR, our representative in the European Economic Area is Joel Monteiro, who can be contacted at [email protected]. EEA residents may contact our representative in relation to the processing of their personal data.
Changes to this Privacy Policy are indicated by the "Last Updated" date at the top of this document. We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal data.