Rails Technology Inc. treats privacy and personal data protection with rigor, responsibility, and in accordance with applicable international regulatory standards. Information is processed exclusively within the scope of its compliance, risk management, due diligence, and institutional onboarding services.

Data Collection

We collect only the information strictly necessary to deliver our services, including compliance activities, due diligence, onboarding with banks and PSPs, and risk analysis.
Collected data may include corporate documentation, identification information of shareholders, directors, and ultimate beneficial owners, contact details, operational information, transaction evidence, and other data required by financial institutions or regulatory authorities.

Use of Data

Collected information is used exclusively for:

• Delivery of the contracted services
• Preparation and maintenance of regulatory documentation
• Communication with banks, PSPs, and other financial institutions
• Activities related to compliance, risk management, and due diligence

Rails Technology Inc. does not use personal or corporate data for marketing, advertising, commercial prospecting, or any activities outside the contractual scope.

Data Sharing

Data may be shared only when necessary and on a limited basis with:

• Banks and PSPs involved in onboarding or operational processes
• Providers of compliance tools and services
• Regulatory or judicial authorities, when legally required

Rails Technology Inc. does not sell, rent, or commercialize information under any circumstances.

Information Storage and Security

We implement strict technical and organizational controls to protect information under our control, including encryption mechanisms, access restrictions, segregation of duties, and audit logs.
Data is retained in accordance with AML requirements for a minimum period of five years, or a longer period where applicable. After the regulatory retention period ends, information is securely deleted.

User Rights

Clients and data subjects may request, where legally permitted:

• Correction or updating of information
• Access to records under processing
• Deletion of data, provided there is no legal or regulatory retention obligation

Requests will be assessed in accordance with AML rules and other applicable regulatory requirements.

Contact

For privacy and data protection inquiries, you may contact us at:
privacy@railstechnology.xyz