Privacy Policy

Blacksheep Operations Pty Ltd (ABN 76 621 581 584) is committed to providing quality digital currency exchange and remittance services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/.

What is Personal Information and why do we collect it?

Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect includes names, addresses, email addresses, phone numbers, date of birth, government identification documents, financial information, and transaction records.

This Personal Information is obtained in many ways including correspondence, by telephone, by email, via our website www.blacksheep.money, through our mobile application, identity verification processes, customer support interactions, KYC sharing arrangements with other regulated providers (with your consent), and from third parties such as identity verification services and payment processors. We don't guarantee website links or policy of authorised third parties.

We collect your Personal Information for the primary purpose of providing our digital currency exchange services to you, including:

• Creating and managing your account
• Verifying your identity and conducting compliance checks
• Processing cryptocurrency transactions and payments
• Meeting our legal obligations under anti-money laundering (AML) and counter-terrorism financing (CTF) laws
• Providing customer support and communications
• Improving our services and conducting analytics

We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure, such as fraud prevention, security monitoring, regulatory reporting, and KYC sharing arrangements (with your consent) to streamline verification processes with other regulated providers. You may unsubscribe from our marketing communications at any time by contacting us in writing or updating your preferences in your account.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

For our digital currency exchange services, we may collect sensitive information including:

• Biometric information (such as facial recognition data) for identity verification
• Political affiliation information for politically exposed person (PEP) screening
• Criminal history information for enhanced due diligence and compliance screening

Sensitive information will be used by us only: 

• For the primary purpose for which it was obtained 

• For a secondary purpose that is directly related to the primary purpose 

• With your consent; or where required or authorised by law (including AML/CTF obligations)

Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties including identity verification service providers, payment processors, other financial institutions, and regulatory databases. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

KYC Sharing Agreements

We may participate in Know Your Customer (KYC) sharing arrangements with other regulated financial service providers to streamline verification processes. This means:

• Receiving your data: With your consent, we may receive your already-verified KYC information from another provider (such as another cryptocurrency exchange, bank, or financial institution) to avoid requiring you to complete the full verification process again

• Providing your data: With your consent, we may share your verified KYC information with other regulated providers you choose to use, allowing them to rely on our verification rather than requiring you to start the process from scratch.

These arrangements only operate with your explicit consent and are designed to improve your experience by reducing duplicated verification requirements while maintaining the same security and compliance standards. You can withdraw your consent for KYC sharing at any time by contacting us.

Disclosure of Personal Information

Your Personal Information may be disclosed in a number of circumstances including the following:

• Service providers including identity verification services, payment processors, cloud storage providers, customer support services, and technology vendors 

• Cryptocurrency exchanges for transaction processing and settlement 

• Regulatory bodies and law enforcement including AUSTRAC, ASIC, Australian Federal Police, Australian Taxation Office, courts, and foreign regulatory authorities where required by law 

• Professional advisors including lawyers, accountants, auditors, and compliance consultants 

• Third parties where you consent to the use or disclosure, including KYC sharing arrangements with other regulated financial service providers for streamlined verification 

• Business transactions including potential buyers if we sell our business 

• Emergency situations where disclosure is necessary to prevent serious harm

Overseas Disclosure

Your Personal Information may be disclosed to recipients located overseas, including in the United States, European Union countries, Singapore, and the United Kingdom. This may occur when we use overseas service providers for cloud storage, identity verification services, cryptocurrency exchanges, or other business operations.

We take reasonable steps to ensure that overseas recipients comply with Australian privacy standards and have appropriate data protection measures in place.

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. Our security measures include:

• Encryption of data in transit and at rest 

• Secure servers with restricted access controls 

• Multi-factor authentication requirements for account access 

• Regular security monitoring and assessments 

• Staff training on privacy and security obligations 

• Incident response procedures for security breaches

For cryptocurrency-specific security, we have a non-custodial approach, however we also implement: 

• Cold storage for non-user balances

• Multi-signature wallet configurations 

• Hardware security modules for key management 

• Real-time transaction monitoring

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most Personal Information will be stored for the following minimum periods: 

• Financial transaction records: 7 years after completion 

• Identity verification documents: 7 years after verification 

• Customer communications: 3 years from last contact

Access to your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing at privacy@blacksheep.money or through your account dashboard.

Blacksheep Operations Pty Ltd will not charge any fee for your access request, but may charge an administrative fee for providing extensive copies of your Personal Information.

In order to protect your Personal Information. we may require identification from you before releasing the requested information. We may refuse access in certain circumstances, such as where it would pose a serious threat to safety or unreasonably impact others' privacy.

Maintaining the Quality of your Personal Information

It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

You can update basic information through your account dashboard or by contacting our customer support team.

Cookies and Website Tracking

We use cookies and similar technologies on our website and mobile application to: 

• Enable essential website functionality and security 

• Remember your preferences and settings 

• Analyse website usage and improve our services 

• Provide targeted advertising (with your consent)

You can manage cookie settings through your browser, but this may affect website functionality. For more information about cookies, see our Cookie Policy available on our website.

Direct Marketing

We may use your Personal Information to send you information about our products and services that may be of interest to you. You can opt out of receiving marketing communications by: 

• Updating your preferences in your account dashboard (if applicable) 

• Clicking unsubscribe links in emails 

• Contacting us at hello@blacksheep.money

You can also withdraw your consent for KYC sharing arrangements at any time using the same contact methods.

Data Breach Notification

If we experience a data breach that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with Australian privacy law requirements.

Anonymity and Pseudonyms

Where practical, you may deal with us anonymously or using a pseudonym. However, for our regulated digital currency exchange services, we are required by law to verify your identity, so anonymity is generally not possible for account creation, transactions, or compliance-related activities.

Policy Updates

This Policy may change from time to time and is available on our website at www.blacksheep.money. We will notify you of material changes by email or through your account dashboard.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at:

Level 11, 88 Tribune St, South Brisbane, Queensland, 4101

hello@blacksheep.money

If you are not satisfied with our response to your privacy complaint, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au or 1300 363 992.

‍Last updated: 2 September 2025