Privacy Policy

Effective date: 21 July 2025

We never on-board Russian-domiciled persons or entities.

1. Data We Collect

To provide our services and meet our regulatory obligations, we collect data from our institutional clients. This includes KYC/AML documentation for the entity and its Ultimate Beneficial Owners (UBOs), transactional data, technical usage logs for security auditing, and essential cookies for platform functionality.

2. How We Use Data

Your data is used exclusively for identity verification, transaction processing, regulatory reporting to bodies like the Bank of Thailand, and securing our platform against fraud and financial crime. We do not use your data for marketing or profiling purposes.

3. Lawful Basis for Processing

Our processing of your data is based on clear legal grounds under GDPR and other applicable data protection laws. This includes Article 6(1)(b) for the performance of our contract with you, and Article 6(1)(c) for compliance with our legal obligations, particularly in the areas of AML and financial regulation.

4. Storage & Retention

All client data is encrypted at rest using AES-256 and stored securely within Cloudflare R2's distributed data storage system. In compliance with financial regulations, we are required to retain all transactional and compliance-related data for a minimum period of seven (7) years after the conclusion of our business relationship.

5. Third-Party Sharing

We do not sell your data. We only share information with essential partners when legally required or necessary to provide our service. This is limited to our banking partners for transaction settlement and regulatory bodies (e.g., financial intelligence units) upon valid legal request.

6. International Transfers

As a global service, data may be processed by our partners in different jurisdictions. All international data transfers are protected by legally binding agreements, such as Standard Contractual Clauses (SCCs), to ensure your data receives a level of protection consistent with GDPR standards.

7. Your Rights

Subject to our legal retention obligations, you have the right to access, rectify, or request erasure of your personal data. You may also object to or request the restriction of certain processing activities. To exercise these rights, please contact your designated relationship manager.

8. Contact

For any questions or concerns regarding this Privacy Policy or our data practices, please contact our Data Protection Officer through the official channels provided in your client agreement.