Privacy Policy

Last updated: 1 January 2025

RupChain ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.

1. Data We Collect

Account Information: Email address, full name, username, and password (hashed).
Identity Documents: CNIC front/back images and selfie photos submitted for KYC verification.
Transaction Data: Trade history, wallet transactions, payment references, and order history.
Payment Information: JazzCash/Easypaisa numbers, bank account details you add to your profile.
Device & Usage Data: IP addresses, browser/device info, session timestamps, and activity logs.
Communication Data: Messages sent in trade chat, support tickets, and dispute evidence.

2. How We Use Your Data

Identity Verification: KYC documents are used solely to verify your identity and comply with anti-money laundering regulations.
Service Delivery: To facilitate trades, process payments, and operate platform wallet services.
Security: To detect and prevent fraud, money laundering, and unauthorized access.
Communication: To send transaction notifications, security alerts, and platform updates.
Compliance: To comply with applicable Pakistani laws and regulatory requirements.
Platform Improvement: Anonymized usage data helps us improve performance and user experience.

3. CNIC & Identity Document Handling

Storage: CNIC images are stored encrypted using AES-256 encryption on secure cloud infrastructure.
Access: Only authorized KYC review staff can access identity documents.
Retention: Documents are retained for 5 years after account closure as required by Pakistani financial regulations.
No Sharing: We do not sell or share your CNIC data with third parties, except as required by law or court order.
Security: Documents are transmitted over TLS and stored with access controls and audit logging.

4. Data Sharing

No Selling: We never sell your personal data to third parties.
Service Providers: We share minimal data with trusted providers (cloud hosting, email delivery) under strict data processing agreements.
Legal Requirements: We may disclose data to law enforcement or government authorities when legally required.
Business Transfer: In the event of a merger or acquisition, users will be notified before any data transfer.

5. Cookies & Tracking

Session Cookies: Used to maintain your login session. Required for the platform to function.
Security Tokens: CSRF tokens are used to protect against cross-site request forgery attacks.
No Ad Tracking: We do not use third-party advertising trackers or analytics that identify you individually.

6. Your Rights

Access: You can request a copy of all personal data we hold about you by emailing fazalelahi5577@gmail.com.
Correction: You can update your profile information at any time from Settings.
Deletion: You may request account deletion by contacting fazalelahi5577@gmail.com. Some data may be retained as required by law.
Portability: You may request your trade history and transaction data in machine-readable format.
Withdrawal of Consent: You may withdraw consent for optional data processing at any time, though this may limit platform functionality.

7. Data Security

Encryption: All data is transmitted via TLS 1.3 and sensitive data at rest is encrypted.
Access Controls: Staff access to user data is role-based, logged, and audited.
Incident Response: We have a data breach response plan. Affected users will be notified within 72 hours of discovery.

8. Data Retention

Active Accounts: Data is retained for the duration of your account.
Closed Accounts: Transaction records and KYC documents are retained for 5 years per regulatory requirements.
Anonymization: After the retention period, identifying information is anonymized rather than deleted.

Privacy Inquiries

Email: fazalelahi5577@gmail.com

We aim to respond to all privacy requests within 30 days.