Get Started
Privacy Policy

Collecting Personal Information

This Privacy Policy explains how Siraboon Solution inc. (” Siraboon Solution inc.”, “we”, “our”, “us”) collects, uses, shares and safeguards personal data when you visit or use our website, products, mobile applications and related services (collectively the “Services”). It also describes your rights and how to exercise them.

Controller
Siraboon Solution inc.
Registered address: ———
Company ID (IČO): ———
General enquiries: support@siraboon.com‍

Postal: Data Protection Officer, Siraboon Solution inc., ———. We operate in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) and Act No 110/2019 Sb. on the Processing of Personal Data.

1. Definitions
‍Personal Data – any information that relates to an identified or identifiable individual.
Special category data – sensitive personal data such as racial or ethnic origin, biometric identifiers, health-related data, etc. (Art. 9 GDPR).
Criminal offence data – data concerning criminal convictions or offences (Art. 10 GDPR).
Processing – any action or set of actions performed on personal data.
Controller – the entity that determines why and how personal data is processed.
Processor – a person or organization that processes personal data on behalf of the controller.

2. Data We Collect
2.1 Information You Provide

Account setup & onboarding – name, date of birth, nationality, home address, email, phone number, password.
KYC/AML verification – copies of government IDs, selfies or video verification, biometric data extracted from them, proof of address, source of funds, tax or VAT details.
Business accounts – company registration documents, beneficial owner/shareholder details, identification of directors, business address, corporate banking details.
Transactions & wallet activity – wallet addresses, transaction values, asset types, card or bank references.
Support & communication – emails, support tickets, recorded calls, chat logs.

2.2 Automatically Collected Data

Cookies & similar tools – device details, language preferences, referral links, website activity.
Log data – IP address, browser type, operating system, timestamps, browsing actions.

2.3 Data from External Sources

Identity verification provider (Sum & Substance Ltd., UK) – verification outcomes, risk ratings, AML screening results.
Payment providers – confirmation of payments, partial card or banking identifiers.
Public and commercial databases – checks for PEP status, sanctions, or negative media.

3. Special Category & Criminal Data

During identity verification, Siraboon Solution inc. processes biometric information (e.g., facial data from images or videos) and, where necessary, data related to criminal records or sanctions. This processing is carried out in the public interest to prevent financial crime (Art. 9(2)(g) GDPR) and to comply with Czech AML legislation (Act No. 253/2008 Coll., Art. 10 GDPR).

4. Purposes and Legal Grounds

Account management – contract performance (Art. 6(1)(b))
KYC/AML checks – legal obligation / public interest (Art. 6(1)(c), Art. 9(2)(g))
Transaction handling & custody – contract performance and legitimate interest (Art. 6(1)(b), (f))
Fraud prevention & security – legitimate interest (Art. 6(1)(f))
Marketing – user consent (Art. 6(1)(a))
Regulatory compliance & audits – legal obligation (Art. 6(1)(c))
Analytics & improvement – legitimate interest (Art. 6(1)(f))

5. Automated Decision-Making

We use automated risk assessment tools (e.g., provided by SumSub) to detect potentially risky users.
However, no decisions with legal or significant consequences are made solely by automated systems. All such decisions are reviewed by a compliance officer before being finalized.

6. Data Sharing

Identity verification provider – for KYC/AML checks (protected under EU–UK adequacy decision)
Payment processors – handling transactions (PCI-DSS and GDPR compliant)
IT and hosting providers – infrastructure and security (with safeguards such as SCCs where needed)
Analytics/marketing partners – usage analysis and advertising (based on consent)
Authorities and courts – to meet legal requirements
Corporate affiliates or successors – in case of restructuring or mergers (legitimate interest)
We do not sell personal data under any circumstances.

7. International Transfers

Most data is stored within the European Economic Area (EEA).
If data is transferred outside the EEA:

United Kingdom – covered by an adequacy decision
Other countries – protected through Standard Contractual Clauses and additional safeguards (e.g., encryption)
After retention periods expire, data is deleted or anonymized.

8. Data Retention

KYC data – 5 years after account closure
Biometric data – 30 days after verification (unless needed for investigation)
Transaction records – 10 years
Marketing data – until consent is withdrawn or after 24 months of inactivity
Support communications – 5 years
Cookies & analytics – 1 to 13 months

9. Security Measures

We implement strong technical and organizational protections, including:
Encryption in transit (TLS 1.3)
Encryption at rest (AES-256)
Secure EU-based data centers (ISO 27001 certified)
Access controls and multi-factor authentication
Regular security testing
Continuous monitoring and incident response procedures

10. Your Rights

You have the right to:

Access your data
Correct inaccurate data
Request deletion (where applicable)
Restrict processing
Transfer your data
Object to processing
Withdraw consent at any time

How to exercise your rights:
Contact us at: support@siraboon.com

We will respond within one month and may request identity verification.

Complaints:
You may file a complaint with the Czech Data Protection Authority:
Office for Personal Data Protection (ÚOOÚ)
Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
https://uoou.cz

11. Children’s Privacy

Our services are not intended for individuals under 18. We do not knowingly collect personal data from minors. If such data is identified, it can be requested for deletion.

12. Policy Updates

This Policy may be revised periodically. Significant changes will be announced on our website or via email. The latest version is indicated by the “Last updated” date.

13. Contact Information

For any questions regarding this Policy or data protection matters, please contact:
Email: support@siraboon.com
Address: Siraboon Solution inc., ———

‍© 2026 Siraboon Solution inc. – All rights reserved.