INFRA CORE PLATFORM

Privacy Policy

Last Updated: January 24, 2026 | Effective Date: January 24, 2026

GDPR Compliant

Your Privacy Matters

INFRA CORE PLATFORM is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR), Estonian Data Protection Act, and other applicable privacy laws.

Table of Contents

  1. Data Controller
  2. Data We Collect
  3. Legal Basis for Processing
  4. How We Use Your Data
  5. Data Sharing & Disclosure
  6. International Data Transfers
  7. Data Retention
  8. Data Security
  9. Your Rights (GDPR)
  10. Cookies & Tracking
  11. Children's Privacy
  12. Third-Party Services
  13. Policy Changes
  14. Contact Us

1. DATA CONTROLLER

Data Controller: FFOLLOWME OU

Registration Number: 16785919

Registered Address: Tallinn, Estonia

Data Protection Officer (DPO): dpo@infracoreplatform.com

Privacy Inquiries: privacy@infracoreplatform.com

FFOLLOWME OU is the data controller responsible for your personal data processed through INFRA CORE PLATFORM.

2. DATA WE COLLECT

2.1 Information You Provide

CategoryData TypesPurpose
Identity DataFull name, date of birth, nationality, government ID numbers, photographsAccount creation, KYC/AML compliance
Contact DataEmail address, phone number, residential addressCommunication, service delivery
Financial DataBank account details, payment card information, transaction history, source of fundsPayment processing, compliance
Business DataCompany name, registration number, business address, beneficial owners, directorsBusiness account services
Verification DataID documents, proof of address, selfie photos, video verification recordingsIdentity verification, fraud prevention

2.2 Information We Collect Automatically

CategoryData TypesPurpose
Technical DataIP address, browser type, device ID, operating system, screen resolutionSecurity, fraud detection, analytics
Usage DataPages visited, features used, session duration, click patternsService improvement, personalization
Location DataCountry, city, timezone (derived from IP)Fraud prevention, compliance
Cookie DataSession identifiers, preferences, authentication tokensSession management, personalization

2.3 Information from Third Parties

  • Identity Verification Providers: Verification results, document authenticity checks
  • Credit Reference Agencies: Credit scores, financial history (for eligible products)
  • Sanctions & PEP Databases: Screening results for compliance
  • Payment Partners: Transaction confirmations, payment status
  • Blockchain Networks: Public blockchain transaction data

4. HOW WE USE YOUR DATA

4.1 Essential Services

  • Creating and managing your account
  • Processing financial transactions
  • Providing customer support
  • Sending transactional notifications
  • Managing multi-currency accounts and wallets

4.2 Legal & Compliance

  • Verifying your identity (KYC)
  • Preventing money laundering and terrorist financing (AML)
  • Screening against sanctions and PEP lists
  • Detecting and preventing fraud
  • Fulfilling regulatory reporting obligations
  • Responding to legal requests from authorities

4.3 Security

  • Protecting against unauthorized access
  • Monitoring for suspicious activities
  • Investigating security incidents
  • Implementing security measures

4.4 Improvement & Analytics

  • Analyzing service usage patterns
  • Improving our products and services
  • Conducting research and development
  • Personalizing user experience

4.5 Marketing (with consent)

  • Sending promotional communications
  • Personalized product recommendations
  • Partner offers (only with explicit consent)

5. DATA SHARING & DISCLOSURE

5.1 Service Providers

We share data with trusted third parties who assist in operating our platform:

  • Payment Processors: To process transactions
  • Identity Verification Providers: To verify user identities
  • Cloud Infrastructure: To host and secure our services
  • Customer Support Tools: To manage inquiries
  • Analytics Providers: To understand service usage

5.2 Legal Requirements

We may disclose your data when required by:

  • Court orders or legal process
  • Regulatory authorities and law enforcement
  • Tax authorities for reporting obligations
  • Anti-money laundering requirements

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity with appropriate safeguards.

5.4 With Your Consent

We may share your data with third parties when you have given explicit consent.

We NEVER sell your personal data to third parties for marketing purposes.

6. INTERNATIONAL DATA TRANSFERS

As a global platform, we may transfer your data outside the European Economic Area (EEA). When we do, we ensure appropriate safeguards are in place:

6.1 Transfer Mechanisms

  • Adequacy Decisions: Transfers to countries with adequate data protection (e.g., UK, Switzerland, Japan)
  • Standard Contractual Clauses (SCCs): EU-approved contractual protections
  • Binding Corporate Rules: For transfers within corporate groups
  • Explicit Consent: Where other mechanisms are not available

6.2 Additional Safeguards

  • Encryption of data in transit and at rest
  • Access controls and audit logging
  • Data minimization principles
  • Regular security assessments

7. DATA RETENTION

We retain your data only as long as necessary for the purposes outlined in this policy:

Data CategoryRetention PeriodReason
Account InformationDuration of account + 7 yearsLegal/regulatory requirements
Transaction Records10 years from transaction dateAML regulations, tax requirements
KYC/AML Documents5-10 years after relationship endsRegulatory compliance
Customer Support Records3 years after resolutionService quality, dispute resolution
Marketing PreferencesUntil consent withdrawnConsent-based
Technical Logs90 daysSecurity, troubleshooting
Analytics Data26 months (aggregated)Service improvement

After retention periods expire, data is securely deleted or anonymized.

8. DATA SECURITY

We implement industry-leading security measures to protect your data:

8.1 Technical Measures

  • Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • Access Controls: Role-based access, multi-factor authentication
  • Network Security: Firewalls, intrusion detection, DDoS protection
  • Monitoring: 24/7 security monitoring and alerting
  • Secure Development: Regular security audits and penetration testing

8.2 Organizational Measures

  • Employee security training and awareness
  • Background checks for personnel with data access
  • Confidentiality agreements
  • Incident response procedures
  • Regular compliance audits

8.3 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify relevant supervisory authorities within 72 hours
  • Notify affected individuals without undue delay
  • Document the breach and remediation actions

9. YOUR RIGHTS (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15)

You can request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure / "Right to be Forgotten" (Art. 17)

You can request deletion of your personal data in certain circumstances (subject to legal retention requirements).

Right to Restriction (Art. 18)

You can request that we limit how we use your data while we address your concerns.

Right to Data Portability (Art. 20)

You can request your data in a structured, machine-readable format to transfer to another service.

Right to Object (Art. 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent (Art. 7)

Where processing is based on consent, you can withdraw it at any time without affecting prior processing.

Right to Lodge a Complaint

You have the right to complain to a supervisory authority. For Estonia: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

  • Email: privacy@infracoreplatform.com
  • Subject Line: "GDPR Rights Request - [Right Name]"

We will respond within 30 days. We may request identity verification before processing your request.

10. COOKIES & TRACKING TECHNOLOGIES

10.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies and similar technologies to enhance your experience.

10.2 Types of Cookies We Use

TypePurposeDuration
EssentialRequired for platform functionality, security, authenticationSession / 1 year
PerformanceAnalytics to understand how users interact with our platform2 years
FunctionalRemember preferences, language, region settings1 year
MarketingDeliver relevant advertisements (requires consent)90 days

10.3 Managing Cookies

You can manage your cookie preferences:

  • Through our cookie consent banner
  • In your browser settings
  • By contacting us at privacy@infracoreplatform.com

Note: Disabling essential cookies may affect platform functionality.

11. CHILDREN'S PRIVACY

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

If you believe a child has provided us with personal data, please contact us immediately at privacy@infracoreplatform.com.

12. THIRD-PARTY SERVICES

Our platform may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies.

Key Third-Party Categories

  • Payment Networks: Visa, Mastercard, SWIFT
  • Blockchain Networks: Bitcoin, Ethereum, other supported chains
  • Identity Providers: Onfido, Jumio, or similar
  • Cloud Providers: AWS, Google Cloud, or similar

13. POLICY CHANGES

We may update this Privacy Policy periodically. When we make material changes:

  • We will update the "Last Updated" date at the top
  • We will notify you via email or platform notification
  • For significant changes, we may seek your renewed consent

Continued use of our Services after changes constitutes acceptance of the updated policy.

14. CONTACT US

Data Protection Officer

Email: dpo@infracoreplatform.com

Privacy Inquiries

Email: privacy@infracoreplatform.com

Company Address

FFOLLOWME OU
Registration Number: 16785919
Tallinn, Estonia

Supervisory Authority

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Website: www.aki.ee
Email: info@aki.ee

Privacy Commitment

At INFRA CORE PLATFORM, we are committed to:

  • Transparency in how we collect and use your data
  • Protecting your data with industry-leading security
  • Respecting your privacy rights
  • Complying with all applicable privacy laws
  • Never selling your personal data

Your trust is our most valuable asset. If you have any questions or concerns about your privacy, please do not hesitate to contact us.

Terms of ServiceHelp CenterReturn to Home