Privacy Policy - Fujerra

1. Introduction

Fujerra ("Company," "we," "us," "our") is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our mobile application, website, and services ("Services").

Please read this policy carefully. If you disagree with our privacy practices, you should not use Fujerra. Your use of Fujerra indicates your acceptance of this Privacy Policy.

2. Scope and Applicability

This Privacy Policy applies to:

All users of the Fujerra mobile application and website
All personal data collected through our Services
Data handled by Fujerra and our authorized service providers

This policy does not apply to third-party websites, services, or partners. Links on Fujerra are subject to their separate privacy policies.

3. Types of Information We Collect

3.1 Information You Provide Directly

Account Registration: Name, email address, phone number, date of birth
KYC Verification: Government-issued ID, passport, driver's license, biometric data (facial recognition)
Address Verification: Residential address, proof of residence (utility bills)
Bank Information: Bank account details for RMB payments and deposits
Payment Information: Wallet addresses, transaction history, payment methods
Customer Support: Messages, chat logs, support tickets, dispute records
Feedback and Communication: Surveys, feedback forms, emails to support

3.2 Information Collected Automatically

Device Information: Device type, operating system, unique device identifiers
Location Data: IP address, approximate location (city/country level)
Usage Analytics: Pages visited, transaction history, feature usage, time spent in app
Connection Information: Session duration, login/logout times, access logs
Cookies and Tracking: Unique identifiers, session cookies, local storage data
Blockchain Data: Public wallet addresses, transaction details (on blockchain)

3.3 Information from Third Parties

KYC Providers: Verification results from SumSub or similar KYC services
Payment Processors: Transaction status and payment confirmation data
Financial Institutions: Bank information for payment verification
Public Records: Information from public databases for fraud prevention
Other Users: Reports of disputed transactions or suspicious activity

4. Purpose of Data Collection

4.1 Account Management and Service Provision

Create and maintain your account
Verify your identity and prevent fraud
Process transactions and wallet management
Send transaction confirmations and receipts
Manage withdrawals, deposits, and P2P transfers

4.2 Regulatory Compliance and AML/CFT

Comply with KYC/AML regulations (Singapore, local jurisdictions)
Monitor for money laundering and terrorist financing
Detect and prevent sanctions violations
Maintain audit trails for regulatory reporting
Report suspicious activities to financial authorities

4.3 Security and Fraud Prevention

Detect and prevent unauthorized access
Identify suspicious transaction patterns
Implement security measures and encryption
Investigate and resolve account compromises
Protect against phishing, malware, and cybercrime

4.4 Customer Service and Support

Respond to customer inquiries and support requests
Resolve disputes and handle complaints
Improve customer experience and service quality
Send notifications about service updates

4.5 Analytics and Business Improvement

Analyze user behavior and usage patterns
Improve app performance and features
Develop new services and products
Understand market trends and customer needs

4.6 Legal and Compliance Obligations

Comply with court orders and legal requests
Enforce Terms and Conditions
Protect legal rights and prevent fraud
Respond to government investigations

5. Legal Basis for Processing (GDPR/CCPA Compliance)

5.1 Legitimate Interests

Operating and improving our Services
Preventing fraud and maintaining security
Analyzing usage and optimizing user experience

5.2 Contractual Necessity

Processing necessary to fulfill your account and transaction requests
Maintaining wallet function and transaction processing

5.3 Legal Obligation

AML/KYC compliance and regulatory reporting
Financial anti-fraud regulations
Data retention requirements

5.4 Consent

For marketing communications (opt-in basis)
For optional analytics and tracking
For cookies beyond strictly necessary ones

6. How We Share Your Information

6.1 Internal Sharing

Fujerra Team: Authorized employees on a need-to-know basis
Compliance Team: For AML/KYC regulatory compliance
Support Team: To handle customer service requests
Security Team: For fraud detection and prevention

6.2 Third-Party Service Providers

We share data with trusted vendors who assist us:

KYC Providers: SumSub for identity verification
Payment Processors: For transaction processing
Cloud Hosting: For secure data storage and backups
Analytics Services: For usage analytics and app optimization
Security Firms: For penetration testing and security audits
Legal Advisors: For regulatory compliance consultation

6.3 Law Enforcement and Authorities

We comply with lawful requests from government agencies
We provide information if required by court order or subpoena
We report suspicious activities to financial authorities (FinCEN, etc.)
We cooperate with law enforcement investigations

6.4 Business Transfers

If Fujerra is acquired or merged, your data may be transferred
We will provide notice before any such transfer
The acquiring company must honor this Privacy Policy

6.5 Public Blockchain Data

Cryptocurrency transaction data is permanently recorded on public blockchains and cannot be made private. Your wallet address and transaction history are publicly visible on the blockchain.

7. International Data Transfers

Your data may be transferred to and stored in countries outside your jurisdiction
These countries may have different data protection laws
By using Fujerra, you consent to international data transfers
We ensure equivalent protection through contracts and security measures
For EU residents: We rely on Standard Contractual Clauses (SCC) for transfers

8. Data Retention and Deletion

8.1 Retention Periods

Data Type	Retention Period	Reason
Account Information	For account duration + 5 years	Tax compliance and audit trail
KYC Documents	5-7 years	AML/CFT regulatory requirement
Transaction Records	7 years	Financial crime investigation
Support/Chat Logs	3 years	Dispute resolution and audit
Marketing Emails	Until unsubscribe	Communication preference
Blockchain Data	Permanently	Blockchain is immutable

8.2 Right to Deletion

You can request deletion of non-transaction data after account closure
We will retain data required by law (tax, AML, fraud investigation)
Blockchain transaction data cannot be deleted (immutable by design)
Deletion requests will be processed within 30 days

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Essential Cookies: Required for login, session management, security
Analytics Cookies: Track usage patterns (Google Analytics)
Functionality Cookies: Remember preferences and settings
Marketing Cookies: For targeted advertising (third-party)

9.2 Cookie Management

You can disable cookies in your browser settings
Disabling essential cookies may impair Fujerra functionality
We respect Do Not Track (DNT) requests where applicable

9.3 Third-Party Tracking

Google Analytics collects anonymized usage data
We do not sell tracking data to advertisers
You can opt-out via Google Analytics opt-out browser extension

10. Your Privacy Rights

10.1 Right to Access

You have the right to request all personal data we hold about you
Submit requests via support@fujerra.com with "Data Access Request" subject line
We will respond within 30 days with a downloadable copy

10.2 Right to Rectification

You can correct inaccurate or incomplete data
Submit corrections via your account settings or support contact
Changes will be applied within 7 business days

10.3 Right to Erasure ("Right to Be Forgotten")

You can request deletion of non-transaction personal data
We will comply unless retention is required by law
Blockchain transaction data cannot be deleted

10.4 Right to Data Portability

Request your data in a portable, machine-readable format (CSV, JSON)
We will provide this within 30 days of request
Blockchain data is inherently portable via your private keys

10.5 Right to Restrict Processing

You can restrict how we use your data in certain circumstances
Examples: pending investigation, data accuracy disputes

10.6 Right to Object

Object to marketing communications: Unsubscribe from emails or adjust app settings
Object to analytics: Disable tracking in privacy settings

10.7 Right to Lodge a Complaint

If you believe we violate privacy laws, file a complaint with your data protection authority
Singapore: Personal Data Protection Commission (PDPC)
EU: Your local Data Protection Authority
US: California Attorney General (for CCPA violations)

11. Data Security Measures

11.1 Technical Safeguards

Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
Multi-Factor Authentication: 2FA/biometric authentication required
Cold Storage: Private keys and sensitive data stored offline
Regular Backups: Encrypted daily backups to multiple secure locations
Firewalls: Advanced firewalls and DDoS protection
Intrusion Detection: 24/7 monitoring for unauthorized access attempts

11.2 Organizational Safeguards

Limited employee access on a need-to-know basis
Confidentiality agreements for all staff handling data
Regular security training and awareness programs
Background checks for employees with data access

11.3 Compliance Certifications

Regular third-party security audits and penetration testing
Compliance with OWASP Top 10 security standards
ISO 27001 information security management (if applicable)

11.4 Limitations

No security system is 100% impenetrable. While we implement industry-best practices, Fujerra cannot guarantee absolute security against all threats. Users should maintain their own device security.

12. Data Breach Notification

12.1 Our Commitment

If a data breach occurs, affected users will be notified without unreasonable delay
Notification will include: nature of breach, data types affected, and remedial steps
We will notify relevant regulators as required by law (usually within 72 hours)

12.2 User Responsibilities

Monitor your account for unauthorized activity
Change your password immediately if you suspect compromise
Enable 2FA and biometric authentication
Report suspicious activity to support immediately

13. Third-Party Links and Services

Fujerra is not responsible for privacy practices of external websites or services
Links to third-party sites are provided for convenience only
Read third-party privacy policies before providing information
We do not share data with third parties except as disclosed here

14. Children's Privacy

Fujerra Services are not intended for children under 18
We do not knowingly collect data from minors
If you discover we have collected a child's data, notify us immediately
We will delete the data and close the account

15. California Privacy Rights (CCPA/CPRA)

15.1 Rights for California Residents

Right to Know: Request categories and specific pieces of data we collect
Right to Delete: Request deletion of collected personal information
Right to Opt-Out: Opt-out of "sales" or sharing of data
Right to Non-Discrimination: We will not discriminate against you for exercising rights

15.2 California Collection Notice

We collect the following categories of personal information:

Identifiers (name, email, phone, IP address)
Commercial information (transaction history, account balance)
Biometric information (facial recognition for KYC)
Geolocation data
Internet activity (cookies, usage analytics)

16. EU Privacy Rights (GDPR)

16.1 Legal Basis for Processing

Contractual necessity (providing Services)
Legal obligations (AML/CFT compliance)
Legitimate interests (fraud prevention, analytics)
Explicit consent (marketing communications)

16.2 Data Protection Officer

Contact our Data Protection Officer: dpo@fujerra.com
Exercise GDPR rights by contacting DPO directly
Response time: 30 calendar days

17. Policy Changes and Notifications

We may update this Privacy Policy at any time
Material changes will be communicated via in-app notification or email
Continued use after notification constitutes acceptance
Historical versions available upon request

18. Contact Information

For privacy questions, requests, or concerns, contact us at:

General Support: support@fujerra.com
Response Time: 5-7 business days