Privacy Policy

1. INTRODUCTION

Taplet Platform Limited ("Taplet", "we", "our", or "us") is committed to respecting your privacy and protecting your personal data. This Privacy Policy explains in extensive detail how we collect, use, store, disclose, and protect your information when you use our access platform, interact with our systems, or engage with our services. Our platform serves users globally, with particular focus on the United Kingdom, the Americas, and the European Union. This policy is designed to comply with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and all relevant laws in the jurisdictions where we operate.

2. SCOPE OF THIS POLICY

This Privacy Policy applies to:

• All users of the Taplet Platform, including businesses, individual users (12+), and organizational clients;

• All personal data processed through our websites, APIs, dashboards, onboarding flows, and contact forms;

• Data collected through third-party integrations (e.g., Sumsub for identity verification, payment processors);

• Any content uploaded or generated on our platform.

It does not apply to third-party websites, platforms, or applications not operated or controlled by Taplet, even if linked from our platform.

3. TYPES OF DATA WE COLLECT

We collect a broad range of personal and technical information to ensure security, compliance, and high-quality service delivery. The categories of personal data include, but are not limited to:

3.1 Identification and Contact Data

• Full name;

• Email address;

• Phone number;

• Billing address and/or residential address.

3.2 Verification and Compliance Data

• Government-issued ID documents (passport, national ID);

• Facial scans and biometric data (processed by Sumsub);

• Proof of address documents (e.g., utility bills, bank statements);

• AML screening results and sanctions checks.

3.3 Account and Authentication Data

• Login credentials (username, hashed passwords);

• Authentication tokens and access logs;

• KYC status and identity verification timestamps.

3.4 Payment and Financial Data

• Credit/debit card data (processed securely by third-party processors);

• Payment history and invoices;

• Transaction references and billing tokens.

3.5 Technical and Usage Data

• IP address and geolocation data;

• Browser, device, and operating system information;

• Session activity, clicks, API call logs, and time stamps.

3.6 Content and Interaction Data

• Files, text, and metadata uploaded or generated by users;

• User support inquiries and related email/message threads;

• Usage preferences, feature configurations, and saved settings.

We do not knowingly collect or process data from individuals under the age of 12. If we become aware that such data has been collected, we will take immediate steps to delete it.

4. HOW WE USE YOUR DATA

We use your data only when there is a lawful basis to do so. The legal grounds may include consent, legitimate interests, contractual necessity, and legal obligations. Our purposes for data processing include:

• Identity verification and regulatory compliance, including KYC and AML checks;

• Account management, including authentication, access control, and user support;

• Platform functionality, including API interactions, data hosting, and session persistence;

• Billing and payments, including invoicing, reconciliation, and fraud prevention;

• Security and fraud prevention, including intrusion detection and anomaly monitoring;

• Product development and analytics, including bug reporting, usability optimization, and new feature testing;

• Legal obligations, including responding to lawful requests, subpoenas, and tax audits.

5. DATA SHARING AND THIRD PARTIES

We do not sell or rent your personal data to third parties. However, we may share your data with trusted service providers who perform essential functions on our behalf:

• Identity verification: Sumsub (Sum and Substance Ltd.) for KYC and AML processing;

• Payments: Third-party processors (e.g., Stripe, Checkout.com) for handling transactions securely;

• Cloud infrastructure: In-house infrastructure hosted in secure Tier IV data centers;

• Customer support tools: Used to manage inquiries and track response timelines.

All third-party providers are contractually bound to strict confidentiality, data protection, and security standards aligned with GDPR and other applicable regulations.

We may disclose your data to competent authorities:

• If required by law or court order;

• In the event of an investigation into illegal activity;

• To protect the rights, safety, or property of Taplet, our users, or others.

6. INTERNATIONAL DATA TRANSFERS

Your data may be transferred and processed in jurisdictions outside the European Economic Area (EEA), including the United States and other countries with different data protection laws. When we transfer data internationally:

• We use standard contractual clauses approved by the European Commission;

• We implement robust encryption, access control, and audit mechanisms;

• We ensure equivalent levels of protection and regulatory oversight.

7. DATA RETENTION

We retain personal data only for as long as necessary for the purposes outlined in this Policy. Retention periods vary based on data type and legal/regulatory obligations:

• KYC records: Retained for a minimum of five (5) years post-account closure to comply with AML directives;

• Transaction and billing data: Retained for at least seven (7) years for tax and audit purposes;

• User-generated content: Retained until account deletion or per contractual terms;

• Support data: Retained for up to three (3) years for quality control and compliance.

Data may be retained longer if required for ongoing legal claims or investigations.

8. YOUR RIGHTS

Subject to local law, you have the following rights with respect to your personal data:

• Right of access – to know what data we hold and receive a copy;

• Right to rectification – to request correction of inaccurate or incomplete data;

• Right to erasure – to request deletion of data in certain circumstances;

• Right to restriction – to limit our processing in specific cases;

• Right to data portability – to obtain your data in a structured, machine-readable format;

• Right to object – to object to processing for direct marketing or based on legitimate interest;

• Right to withdraw consent – at any time where processing is based on consent.

To exercise any of these rights, please contact us at support@tokenest.app. We may require you to verify your identity before processing the request.

9. SECURITY MEASURES

We implement a multi-layered security framework to protect your personal data:

• Encryption at rest and in transit using industry-standard protocols;

• Role-based access control and privileged access management;

• Multi-factor authentication for internal administrative tools;

• Continuous monitoring, anomaly detection, and intrusion prevention systems;

• Periodic penetration testing and third-party security audits.

Despite our efforts, no system is completely immune from risk. Users are responsible for maintaining the confidentiality of their login credentials and promptly notifying us of any suspected breach.

10. AUTOMATED PROCESSING AND PROFILING

We may use automated decision-making and profiling for fraud detection, compliance assessments, and user experience optimization. These systems:

• Operate under defined logic and scoring models;

• Are reviewed regularly by our compliance and engineering teams;

• Do not result in significant legal effects without human intervention.

If you believe a decision has been made unfairly, you may request human review.

11. CHILDREN’S PRIVACY

Taplet does not knowingly collect or solicit personal information from children under the age of 12. If we discover that a child under 12 has provided us with personal data, we will delete such data immediately and may disable the associated account.

12. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update or modify this Privacy Policy at any time. If material changes are made, we will provide notice via email or prominent notice on our platform. Your continued use of the Platform after such changes constitutes your acceptance of the revised policy.

13. CONTACT INFORMATION

For inquiries, concerns, or requests relating to this Privacy Policy or our data processing practices, please contact:

If you are located in the European Union, you may also lodge a complaint with your local data protection authority.

This Privacy Policy is effective as of the date indicated above and remains in effect unless superseded by a revised version duly communicated to users.