OPIN.ART / COOKIE & PECR POLICY

Effective Date: 14 April 2026

Entity: MONOLITH LABS LTD (Co. No. 17154388)

ICO Registration: ZC126753

Registered Address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ

Contact: info@monolithlabs.uk

Preamble: The Anti-Tracking Commitment

MONOLITH LABS LTD (the “Company”) operates the OPIN.ART platform (the “Platform”) on a strict Zero-Tracking Doctrine. We do not use marketing cookies, we do not build advertising profiles, and we do not sell your browsing data to third parties.

Because the Platform deploys only Strictly Necessary storage mechanisms as defined under Regulation 6(4) of the Privacy and Electronic Communications Regulations 2003 (PECR), no disruptive consent banner is required or displayed. This Policy explains our approach to browser storage in compliance with PECR and the UK General Data Protection Regulation (UK GDPR) as incorporated into UK law by the European Union (Withdrawal) Act 2018. This Policy forms part of the OPIN.ART Legal Framework and should be read alongside the Codex (Terms of Service) and the Data Minimisation Doctrine (Privacy Policy), both available at https://opin.art/legal/terms.

Article 1. Scope of Browser Storage

When you interact with the Platform, the Company may place small data files on your device. These may include HTTP cookies, HTML5 Local Storage, and Session Storage (collectively, “Storage Mechanisms”). In a Web3 architecture, these Storage Mechanisms are technically essential for client-side interface rendering and for maintaining a secure connection with your non-custodial wallet. All Storage Mechanisms deployed by the Platform fall exclusively within the Strictly Necessary exemption described in Article 2 below.

Article 2. The Strictly Necessary Exemption

Under Regulation 6(4) of the PECR, explicit user consent is not required for Storage Mechanisms that are:

(a) used for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or

(b) strictly necessary for the provision of an information society service explicitly requested by the user.

The Company has assessed all Storage Mechanisms deployed on the Platform and confirms that each falls within one or both of the categories above. No Storage Mechanisms are deployed for marketing, profiling, or any purpose beyond those set out in Article 3 of this Policy.

Article 3. Storage Mechanisms Deployed

3.1. Edge Security and Infrastructure — Cloudflare.

The Company utilises Cloudflare, Inc. to protect its infrastructure from DDoS attacks, malicious bot activity, and to enforce the strict jurisdictional geo-fencing requirements set out in Articles 6 and 7 of the Codex. Cloudflare may place technical security tokens on your device, including cookies such as __cf_bm and cf_clearance. These tokens are mandatory security mechanisms used to distinguish human users from automated scripts. They do not track your activity across the internet, they do not build advertising profiles, and they cannot be disabled without rendering the Platform inaccessible. Cloudflare acts as a data processor bound by a data processing agreement with the Company. Further information about Cloudflare’s data practices is available at cloudflare.com/privacypolicy.

3.2. Web3 Wallet Connection State.

When you connect a non-custodial wallet (such as Phantom or Solflare) to the Platform, the interface uses your browser’s Local Storage or Session Storage to retain your wallet connection state and public key for the duration of your active session. This prevents the requirement for repeated cryptographic reconnection upon page refresh. This data is held exclusively within your browser and is not transmitted to the Company’s servers for any profiling or identification purpose. It is cleared upon session termination or wallet disconnection.

3.3. User Interface Preferences.

The Platform may store benign interface preferences — such as display mode selection or RPC endpoint preferences — in Local Storage. This storage is strictly for the purpose of fulfilling your requested interface customisations and is held locally on your device only.

Article 4. The Analytics and Tracking Prohibition

The Company expressly declares that the Platform does not deploy and will not deploy without prior notice and compliant consent collection:

• Marketing or retargeting cookies of any kind, including Meta Pixels, Google Ads tracking tags, or cross-site advertising beacons.
• Session recording or behavioural analytics tools that capture mouse movements, keystrokes, scroll depth, or individual browsing paths.
• Cross-site tracking identifiers of any kind.

Future Provision: Should the Company ever determine it necessary to implement non-essential analytics — for example, privacy-preserving aggregated analytics — it will deploy a fully compliant consent management platform (CMP) in accordance with PECR and UK GDPR prior to implementing any such change, and will update this Policy accordingly with appropriate notice in accordance with Article 3 of the Codex. Until such time, no non-essential storage mechanisms exist on the Platform.

Article 5. Third-Party Protocol Interactions

You acknowledge that the Platform acts as a neutral routing interface to independent third-party decentralised protocols, including without limitation Magic Eden, Tensor, and Jupiter API. The Zero-Tracking Doctrine applies strictly to the opin.art domain and frontend environment operated by the Company. The Company cannot govern, control, or accept responsibility for the storage practices, cookie policies, or data architectures of any third-party protocol or marketplace with which you interact through the Platform. Your interaction with any third-party protocol is governed by that provider’s own terms and privacy documentation.

Article 6. Your Browser Controls

Because the Platform deploys only Strictly Necessary Storage Mechanisms, no opt-out toggle is provided within the Platform interface — removal of these mechanisms would prevent the Platform from functioning and from defending itself against cyber threats.

You retain full control over your browser environment. You may configure your browser to block or delete all cookies and local storage data at any time. However, you acknowledge that doing so will result in: disconnection of your wallet from the Platform; disruption to the user interface; and the likely triggering of Cloudflare’s security mechanisms, which may render the Platform temporarily inaccessible. The Company accepts no liability for any losses or failures arising from user-side browser storage restrictions, as set out in Article 43 of the Codex.

Article 7. Relationship to the Data Minimisation Doctrine

This Policy should be read as a companion document to the OPIN.ART Data Minimisation Doctrine (Privacy & Data Protection Policy). Where this Policy addresses browser-level Storage Mechanisms under PECR, the Data Minimisation Doctrine addresses the broader framework of personal data processing under UK GDPR and EU GDPR. Together, these documents constitute the complete data governance framework of the Platform.

Article 8. Updates to This Policy

The Company reserves the right to update this Policy to reflect changes in applicable law, regulatory guidance, or the Company’s technical infrastructure. Material changes will be communicated in accordance with Article 3 of the Codex. The Effective Date at the head of this document will be updated to reflect any amendments. Your continued use of the Platform following notification of any material change constitutes your acknowledgment of the revised Policy.

Article 9. Contact and Enquiries

If you have questions regarding the Company’s application of the PECR Strictly Necessary exemption, the Zero-Tracking Doctrine, or any aspect of this Policy, please contact:

Email: info@monolithlabs.uk

Post: MONOLITH LABS LTD, 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ