Privacy Policy

Introduction

This Privacy Policy ("Policy") governs the collection, use, storage, disclosure, and protection of personal data of individuals processed while using the website, mobile applications and Solutions of almaza.io (hereinafter — "Almaza", "Company", "we", "us", "Service", "Solution", "or", "our").

Almaza is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our virtual card services, mobile application, and website.

We understand that financial services require the highest level of trust, and we are committed to being transparent about our data practices and giving you control over your personal information.

General Provisions

This Policy applies to all Users, regardless of their location, when using the Solution, including the website, mobile applications, APIs, referral programs, and other platforms administered by the Company.

By using the Solution, you confirm that you have read, understood, and agreed to the processing of your personal data in accordance with this Policy.

If you do not agree with the terms of this Policy, you must stop using the Solution.

Information We Collect

We collect several types of information to provide and improve our services:

Personal Information

• Full name and date of birth
• Email address and phone number
• Contact information
• Residential address
• Government-issued identification documents

Financial Information

• Transaction history and payment details
• Account balances and card usage
• Payment method information

Technical Information

• IP address and device identifiers
• Device type, operating system, and browser information
• App usage patterns and preferences
• Location data (when permitted)

How We Use Your Information

We use the collected information for the following purposes:

• Providing and maintaining our virtual card services
• Managing your account and processing transactions
• Detecting and preventing fraud and ensuring security
• Complying with legal and regulatory requirements
• Communicating with you about your account and our services
• Improving our services and developing new features

Information Sharing and Disclosure

We may share your information in the following circumstances:

Service Partners

• Payment processors and card networks (Visa, Mastercard)
• Identity verification and KYC service providers
• Analytics and marketing platforms (with your consent)

Legal Requirements

• When required by law or regulatory authorities
• To protect our rights and prevent illegal activities
• In response to legal process or government investigations

Data Security

We implement industry-standard security measures to protect your information:

• End-to-end encryption for all sensitive data transmission
• Strict access controls and employee authentication
• 24/7 security monitoring and threat detection
• PCI DSS compliance for payment card industry standards
• Regular security audits and penetration testing

Your Privacy Rights

You have the following rights regarding your personal information:

• Access to your personal information and how it's being used
• Correction of inaccurate or incomplete information
• Deletion of your personal information (subject to legal requirements)
• Data portability to transfer your information
• Restriction of processing in certain circumstances
• Objection to processing based on legitimate interests

Cookies and Tracking

We use cookies and similar technologies to enhance your experience and analyze usage patterns.

For detailed information, please see our Cookie Policy

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account information: Retained while your account is active
• Closed accounts: Up to 7 years for regulatory compliance
• Legal obligations may require longer retention periods

Purposes of Data Processing

We process personal data for the following purposes:

• User registration and account management
• Access to Solution functionality
• Identity verification (KYC) and risk assessment (AML)
• Fulfillment of contractual obligations including transaction processing
• User support and response to requests
• Fraud and illegal activity detection/prevention
• Analytics, statistics, and service improvement
• Personalization of interface, notifications, and recommendations
• Marketing communications, including advertising
• Compliance with legal obligations and government requests

Legal Basis for Processing

Processing is based on:

• Execution of a contract with the User
• User consent
• Company's legitimate interests (e.g., fraud prevention, analytics)
• Legal obligations under incorporation jurisdiction

Automation and Profiling

We may use automated processing and profiling to:

• Assess risks and prevent fraud
• Provide personalized features and notifications
• Improve UX and interface
• Automate decision-making (e.g., pre-approval for operations or KYC)

Data Protection Measures

The Company implements technical, organizational, and legal measures to protect data from unauthorized access, alteration, destruction, disclosure, accidental loss, and illegal processing.

Measures include:

• Data encryption in transit
• Access segmentation and authorization
• Log and security audit trails
• Two-factor authentication
• DDoS and malware protection
• Regular infrastructure testing

External Links

The Service may contain links to third-party websites. The Company does not control their privacy policies or security practices. We recommend reviewing their policies separately.

Policy Updates

We reserve the right to amend this Policy at any time. Updates take effect upon publication on the website or within the Solution interface. Users are advised to periodically review it. Continued use indicates acceptance of the revised Policy.

Governing Law and Jurisdiction

This Policy is governed by and construed in accordance with the laws of the Company's country of incorporation. Disputes regarding personal data processing shall be resolved in the appropriate court of that jurisdiction.