Privacy Policy

1. Information We Collect

We collect information you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources. The types of information we may collect include:

Personal Information

• Contact information (name, email address, phone number, mailing address)
• Professional information (job title, company name, industry)
• Account credentials and authentication information
• Payment and billing information
• Communication preferences and marketing consents

Financial and Business Data

• Financial statements and accounting records (when using our platform)
• Transaction data from payment processors and banking systems
• Counterparty information and business relationships
• Risk assessment data and compliance information
• Custom configurations and user-defined parameters

Technical Information

• Device information (IP address, browser type, operating system)
• Usage data and analytics (pages visited, time spent, click patterns)
• Cookies and similar tracking technologies
• Log files and system performance data

2. How We Use Your Information

We use the information we collect for various purposes, including:

• Providing, maintaining, and improving our financial risk management services
• Processing transactions and managing your account
• Performing financial data analysis, risk assessment, and generating reports
• Sending technical notices, updates, security alerts, and administrative messages
• Responding to your comments, questions, and customer service requests
• Communicating with you about products, services, offers, and events
• Monitoring and analyzing trends, usage, and activities in connection with our services
• Detecting, investigating, and preventing fraudulent transactions and other illegal activities
• Complying with legal obligations and regulatory requirements
• Protecting the rights, property, and safety of DuoShield, our users, and others
• Enforcing our terms and conditions and other legal agreements

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific context:

• Contract Performance: Processing necessary to perform our services under our agreement with you
• Legitimate Interests: Processing for our legitimate business interests, such as improving our services and preventing fraud
• Legal Compliance: Processing necessary to comply with legal obligations
• Consent: Processing based on your explicit consent, which you may withdraw at any time

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except as described in this policy:

Service Providers and Business Partners

• Third-party vendors who perform services on our behalf (cloud hosting, payment processing, customer support)
• Professional service providers (auditors, legal counsel, consultants)
• Technology partners for system integration and data processing

Legal and Regulatory Requirements

• Government agencies and regulatory bodies when required by law
• Law enforcement agencies in response to valid legal requests
• Courts and legal proceedings when compelled by subpoena or court order

Business Transfers

• In connection with mergers, acquisitions, or asset sales
• During due diligence processes with appropriate confidentiality protections

Consent and Other Circumstances

• With your explicit consent for specific purposes
• To protect the rights, property, and safety of DuoShield, our users, and others
• In aggregated or anonymized form that cannot identify you personally

5. Data Security and Protection

We implement comprehensive technical and organizational measures to protect your personal information:

• Encryption of data in transit using TLS 1.3 and at rest using AES-256
• Multi-factor authentication and access controls
• Regular security assessments, penetration testing, and vulnerability scans
• Employee training on data protection practices and security protocols
• Incident response procedures and breach notification protocols
• SOC 2 Type II compliance and regular third-party security audits
• Network security monitoring and intrusion detection systems
• Secure development practices and code review processes
• Data backup and disaster recovery procedures

6. Data Retention and Deletion

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law:

• Account information: Retained while your account is active and for 7 years after closure
• Financial data: Retained according to regulatory requirements (typically 7-10 years)
• Communication records: Retained for 3 years for customer service purposes
• Marketing data: Retained until you opt out or for 2 years of inactivity
• Technical logs: Retained for 12 months for security and performance monitoring

When we no longer need personal information, we securely delete or anonymize it using industry-standard data destruction methods.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access and Portability

• Request access to your personal information and receive a copy
• Request data portability in a structured, machine-readable format

Correction and Updates

• Correct inaccurate or incomplete personal information
• Update your account information and preferences

Deletion and Restriction

• Request deletion of your personal information (subject to legal obligations)
• Request restriction of processing in certain circumstances

Objection and Withdrawal

• Object to processing based on legitimate interests
• Withdraw consent for marketing communications
• Opt out of automated decision-making and profiling

To exercise these rights, please contact us using the information provided at the end of this policy. We will respond to your request within 30 days (or as required by applicable law).

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and use personal information about you. For detailed information about our use of cookies, including how to manage your preferences, please see our Cookie Policy.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection laws
• Binding Corporate Rules for intra-group transfers
• Certification schemes and codes of conduct

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. Third-Party Links and Services

Our website may contain links to third-party websites and services. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending email notifications for significant changes
• Providing in-app notifications when you next use our services

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.