Privacy Policy

2) Retention, Security, and Transfers

Data protection and retention periods by category

2.1 Retention Periods

We retain data for a period appropriate to its purpose.

- Account data: for the lifetime of the account and a reasonable period after closure to meet security and evidentiary obligations.
- Transaction data: according to applicable accounting, tax, and compliance requirements.
- Technical logs: limited duration, proportionate to security, audit, and diagnostic needs.

After retention periods expire, data is deleted, anonymized, or archived under restricted access in line with legal requirements.

2.2 Security Measures

We implement appropriate technical and organizational measures: access segmentation, permission controls, security event monitoring, sensitive secret encryption, backups, and continuity mechanisms.

Despite these measures, no system is infallible. We recommend using a strong, unique password and never sharing your verification codes.

2.3 Processors and Transfers

Certain operations may be handled by service providers (hosting, email delivery, security, support) acting as processors under our contractual instructions.

For international transfers, we apply appropriate safeguards (contractual clauses, technical controls, access restrictions) to ensure a protection level consistent with applicable requirements.

2.4 Security Incident Response

We maintain internal detection and incident-management processes to identify suspicious behavior, classify severity, isolate impacted components, and apply corrective actions. Where required, affected users and relevant authorities may be informed within legally applicable timeframes.

Users are expected to promptly report any suspected compromise, phishing attempt, credential leak, or unauthorized transaction to reduce potential impact.