Privacy Policy

Effective date: May 16, 2026
‍Last updated: May 16, 2026

Blue Gold Limited and its subsidiaries ("Blue Gold," "we," "us," "our") respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains what personal information we collect through [bluegold.com / insert URL] (the "Site"), how we use and disclose it, and the rights and choices available to you.

This Policy applies to personal information collected through the Site and through related communications (including investor relations enquiries and mailing list subscriptions). It does not apply to information collected offline, through third-party services that link to the Site, or in connection with employment.

By using the Site, you acknowledge that you have read and understood this Policy.

1. Who we are

Blue Gold Limited is a publicly listed mining company. The contact responsible for personal information collected through the Site is:
Blue Gold Limited
94 Solaris Avenue, Po Box 1348
Grand Cayman, KY1-1108
Cayman Islands

Email: [privacy@bluegold.com]

For questions about this Policy or our handling of your personal information, contact us at the address above.

2. Information we collect

We collect personal information in the following ways:

Information you provide directly. When you contact us through the Site, subscribe to our investor mailing list, request investor materials, or otherwise communicate with us, we may collect:

• Name
• Email address
• Telephone number (if provided)
• Company / firm name and role (if provided)
• Country of residence
• Investor classification (e.g., retail, institutional, accredited — where you self-identify)
• The content of your enquiry or correspondence
  ‍

Information collected automatically. When you visit the Site, we and our service providers automatically collect certain information about your device and browsing activity, including:

• IP address and approximate location (derived from IP)
• Browser type, operating system, device identifiers
• Referring URL, pages viewed, time spent, clicks
• Date and time of access
• Cookie and similar tracking identifiers
  ‍

Information from third parties. We may receive information about you from our service providers (e.g., email marketing platforms, analytics providers), from publicly available sources, or from our transfer agent and other capital markets intermediaries where relevant to investor communications.

We do not knowingly collect special categories of personal data (such as health, racial or ethnic origin, religious beliefs, or biometric data) through the Site.

3. How we use your information

We use personal information for the following purposes:

• To respond to enquiries submitted through contact forms or sent to our investor relations team.
• To send investor communications, including news releases, regulatory disclosures, corporate updates, and event invitations, where you have subscribed to receive them or where permitted by applicable law.
• To operate and improve the Site, including diagnosing technical issues, monitoring performance, and analysing usage patterns.
• To comply with legal and regulatory obligations, including securities laws, anti-money-laundering requirements, and recordkeeping obligations applicable to public issuers.
• To protect the security and integrity of the Site, our systems, and our communications, including detecting and preventing fraud, abuse, and unauthorised access.
• For corporate transactions, including financings, mergers, acquisitions, reorganisations, or the sale of assets, where personal information may be disclosed as part of due diligence or transferred to a successor entity.
  ‍

4. Legal bases for processing (EEA / UK users)

Where the EU General Data Protection Regulation (GDPR) or UK GDPR applies, we rely on the following legal bases:

• Consent — for marketing communications and non-essential cookies. You may withdraw consent at any time.
• Legitimate interests — to operate and secure the Site, respond to enquiries, communicate with shareholders and prospective investors, and conduct corporate activities, where these interests are not overridden by your rights.
• Legal obligation — to comply with securities laws, tax laws, and other legal requirements.
• Performance of a contract — where processing is necessary to provide a service you have requested.
  ‍

5. Cookies and similar technologies

The Site uses cookies and similar technologies (pixels, tags, local storage) to operate the Site, remember your preferences, measure usage, and — where you consent — for analytics and marketing purposes.

The categories of cookies we use include:

• Strictly necessary cookies — required for the Site to function (e.g., session management, security).
• Analytics cookies — help us understand how visitors use the Site (e.g., Google Analytics or equivalent).
• Functional cookies — remember preferences such as language or region.
• Marketing cookies — used to deliver investor-relevant content and measure campaign performance, where applicable.
  ‍

Where required by law, we request your consent through a cookie banner before setting non-essential cookies. You can manage your preferences at any time via [cookie settings link] or your browser settings. Disabling certain cookies may affect Site functionality.

6. How we share your information

We do not sell your personal information. We share it only as described below:

• Service providers. Vendors that host our Site, send our communications, provide analytics, manage CRM, or otherwise support our operations. These providers are bound by contract to use personal information only as instructed by us.
• Professional advisors. Legal, accounting, audit, and other professional advisors, where reasonably necessary.
• Regulators and authorities. Securities regulators, stock exchanges, courts, and other authorities where required by law or to protect our legal rights.
• Corporate transactions. Counterparties, advisors, and successors in connection with a financing, merger, acquisition, reorganisation, or sale of assets.
• With your consent or at your direction.
  ‍

7. International transfers

Blue Gold operates internationally. Personal information may be transferred to and processed in countries other than your country of residence, including jurisdictions whose data protection laws differ from your own.

Where we transfer personal data from the EEA, UK, or Switzerland to a country not deemed to provide an adequate level of protection, we put appropriate safeguards in place, including the European Commission's Standard Contractual Clauses (and the UK Addendum, where applicable), and supplementary measures where required.

You may request a copy of the safeguards we rely on by contacting [privacy@bluegold.com].

8. Data retention

We retain personal information only for as long as necessary for the purposes set out in this Policy, including to comply with our legal, accounting, regulatory, and reporting obligations. Retention periods are determined based on:

• The nature and sensitivity of the information
• The purposes for which it is processed
• Applicable legal and regulatory requirements (including securities and tax recordkeeping)
• Whether the purpose can be achieved through other means

When personal information is no longer required, we securely delete or anonymise it.

9. Your rights

Depending on where you live, you may have the following rights in relation to your personal information:

For EEA, UK, and Swiss users (GDPR / UK GDPR):

• Access to your personal data
• Rectification of inaccurate data
• Erasure ("right to be forgotten")
• Restriction of processing
• Objection to processing (including direct marketing)
• Data portability
• The right to withdraw consent at any time
• The right to lodge a complaint with a supervisory authority (e.g., the UK ICO or your local EU data protection authority)
  ‍

For Canadian users (PIPEDA and applicable provincial laws, including Quebec Law 25):

• Access to your personal information held by us
• Correction of inaccurate or incomplete information
• Withdrawal of consent, subject to legal or contractual restrictions
• Information about disclosures to third parties
• The right to lodge a complaint with the Office of the Privacy Commissioner of Canada or the applicable provincial regulator (including the Commission d'accès à l'information du Québec)
• ‍

For California users (CCPA / CPRA):

• The right to know what personal information we collect, use, disclose, and (if applicable) share or sell
• The right to delete personal information, subject to exceptions
• The right to correct inaccurate personal information
• The right to opt out of the sale or sharing of personal information (we do not sell or share personal information as those terms are defined under the CCPA)
• The right to limit the use of sensitive personal information (we do not use sensitive personal information for purposes that trigger this right)
• The right to non-discrimination for exercising your rights
  ‍

California residents may designate an authorised agent to make a request on their behalf, subject to verification.

Categories of personal information collected, disclosed, and sold/shared in the past 12 months (for CCPA purposes): We collect the categories of information described in Section 2 and disclose them to the categories of recipients described in Section 6. We have not sold or shared personal information as those terms are defined under the CCPA in the past 12 months.

To exercise any of these rights, contact us at [privacy@bluegold.com]. We will respond within the timeframes required by applicable law. We may need to verify your identity before fulfilling your request.

10. Marketing communications

You may unsubscribe from our investor mailing list at any time by clicking the unsubscribe link in any marketing email, or by contacting [privacy@bluegold.com]. We will continue to send you transactional or legally required communications (for example, responses to your enquiries or regulatory disclosures we are required to deliver).

11. Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information from loss, misuse, unauthorised access, disclosure, alteration, and destruction. No method of transmission over the internet or method of electronic storage is fully secure, however, and we cannot guarantee absolute security.

12. Third-party links

The Site may link to third-party websites, including those of regulators, news outlets, data providers, and stock exchanges. We are not responsible for the privacy practices of those websites. We encourage you to review their privacy policies before providing personal information.

13. Children

The Site is not directed to children, and we do not knowingly collect personal information from individuals under the age of 16. If you believe a child has provided us with personal information, please contact [privacy@bluegold.com] and we will take steps to delete it.

14. Forward-looking and investor information

Information on the Site, including news releases, presentations, and other investor materials, may contain forward-looking statements and is provided for general informational purposes only. It does not constitute an offer to sell or a solicitation of an offer to buy any securities. Please refer to our public regulatory filings for complete and current disclosure.

15. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this Policy indicates when it was last revised. Material changes will be notified through the Site or by other appropriate means. Your continued use of the Site after changes take effect constitutes acceptance of the revised Policy.

16. Contact us

For questions, requests, or complaints regarding this Policy or our handling of personal information:

Blue Gold Limited — Privacy Office
‍94 Solaris Avenue, Po Box 1348
Grand Cayman, KY1-1108
Cayman Islands

Email: [privacy@bluegold.com]Attn: Data Protection Officer / Privacy Officer