Privacy Policy

1. Introduction

Flo Technologies Ltd. ("Flo," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, APIs, website, and related services. We process personal data in accordance with the General Data Protection Regulation (GDPR), the BVI Data Protection Act, and other applicable data protection laws. By using our Services, you consent to the data practices described in this policy.

2. Data We Collect

Flo is B2B infrastructure. We contract with businesses — fintechs, exchanges, neobanks, and other integrators — not with their end users. Each integrator runs its own end-user KYC/AML program in its own jurisdiction; Flo does not collect, process, or store end-user personal data or identity documents.

3. How We Use Your Data

• Provide, operate, and maintain the Services
• Process and settle trades and transactions initiated by integrators
• Verify your business and comply with KYB/AML requirements
• Monitor for fraud, market manipulation, and unauthorized access
• Send transactional communications (order confirmations, settlement receipts)
• Improve and optimize the performance and reliability of our APIs
• Analyze usage patterns to develop new features and services
• Comply with legal obligations and respond to lawful requests
• Enforce our Terms of Service and protect our rights

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases: (a) Performance of contract — processing necessary to provide the Services you have requested; (b) Legal obligation — processing required to comply with applicable laws, including KYB/AML regulations and financial reporting requirements; (c) Legitimate interests — processing necessary for fraud prevention, security, service improvement, and business analytics, where such interests are not overridden by your rights; (d) Consent — where you have provided explicit consent for specific processing activities, such as marketing communications.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with: (a) Service providers and processors who assist in operating the Services, including cloud infrastructure providers, identity verification services, and analytics platforms, each bound by data processing agreements; (b) Regulated financial intermediaries, including our custody partner Interactive Brokers, as necessary to execute and settle trades; (c) Compliance and regulatory bodies when required by law, regulation, or legal process; (d) Professional advisors, including auditors, legal counsel, and accountants, as necessary for business operations; (e) In connection with a merger, acquisition, or sale of assets, subject to the acquiring entity honoring this Privacy Policy.

6. International Data Transfers

Your data may be transferred to and processed in jurisdictions outside your country of residence, including the British Virgin Islands, the United States, and the European Economic Area. Where we transfer data internationally, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, and ensure that recipients provide an adequate level of data protection.

7. Data Security

We implement industry-standard technical and organizational measures to protect your data, including: encryption of data in transit (TLS 1.3) and at rest (AES-256); multi-factor authentication for account access; role-based access controls and audit logging; regular penetration testing and vulnerability assessments; SOC 2 Type II certified infrastructure; and incident response procedures with 72-hour breach notification. No method of transmission or storage is 100% secure, but we continuously review and improve our security practices.

8. Data Retention

We retain your personal data for as long as necessary to provide the Services and fulfill the purposes described in this policy. Specific retention periods include: account data retained for the duration of your account plus 5 years after closure; trading records retained for 7 years as required by financial regulations; KYB/AML records retained for 5 years after the end of the business relationship; API logs retained for 90 days for operational purposes; marketing consent records retained until consent is withdrawn. After the applicable retention period, data is securely deleted or anonymized.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data: (a) Right of access — request a copy of the personal data we hold about you; (b) Right to rectification — request correction of inaccurate or incomplete data; (c) Right to erasure — request deletion of your data, subject to legal retention requirements; (d) Right to restrict processing — request limitation of how we process your data; (e) Right to data portability — receive your data in a structured, machine-readable format; (f) Right to object — object to processing based on legitimate interests or for direct marketing; (g) Right to withdraw consent — withdraw consent at any time where processing is based on consent. To exercise any of these rights, contact us at privacy@flo.finance. We will respond within 30 days.

10. Cookies and Tracking Technologies

We use cookies and similar technologies on our website. Essential cookies are required for the website to function properly. Analytics cookies help us understand how visitors interact with our website. For detailed information about our cookie practices, please refer to our Cookie Policy. You can manage your cookie preferences through your browser settings or our cookie consent banner.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Services after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact our Data Protection Officer at privacy@flo.finance or write to: Flo Technologies Ltd., Craigmuir Chambers, PO Box 71, Road Town, Tortola, British Virgin Islands. For EU residents, you also have the right to lodge a complaint with your local data protection supervisory authority.