1. Overview

This Privacy Policy explains how FirstKYC Pte. Ltd. (“FirstKYC,” “we,” “us,” or “our”) collects, uses, shares, and safeguards personal data when you visit our website Firstkyc, use our mobile applications (“App”), or engage with our identity verification and compliance platform and related services (collectively, “Services”). By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Services.

2. Scope

This Policy applies to all personal data and business information collected directly from you or from third-party sources in connection with your use of the Services. It does not govern information collected by third-party websites or applications linked from our Services.

3. Definitions

1. Personal Data: Any information relating to an identified or identifiable individual.
2. Business Information: Information about a legal entity and its controllers, directors, or beneficial owners.
3. Account Data: Data you provide when registering on our Platform (e.g., name, email, phone number, organization details).
4. Verification Data: Identity documents, live facial images, video recordings, proof-of-address documents, and bank-account or card data provided for KYC/AML checks.
5. Technical Data: IP address, device identifiers, browser type, operating system, cookies and similar tracking technologies.
6. Usage Data: Information about how you access and interact with our Services (e.g., pages viewed, features used, error logs).

4. Information We Collect

We collect and process the following categories of data:

Category	Examples
Account Data	Name, email, phone number, mailing address, company name, business registration details
Verification Data	Scanned identity documents (passport, ID card), selfies or video, proof of address documents
Payment Data	Tokenized card details (no full card storage), transaction reference—processed by PCI-compliant providers
Technical Data	IP address, device type, OS, browser, cookies, usage logs
Usage Data	Feature usage, timestamps, error reports, clickstream, integration logs
Support Data	Communications with our support team, ticket history, screenshots

Note: We do not collect Sensitive Data (e.g., race, religion, health) unless explicitly required and with your consent.

5. How We Use Your Information

We use your data to:

1. Provide and Improve Services: Perform identity and AML verifications, authenticate users, facilitate subscriptions, maintain and support the Platform.
2. Compliance: Meet regulatory obligations (e.g., PDPA, AML/KYC requirements, law enforcement requests).
3. Communication: Respond to inquiries, send administrative notices, security alerts, and service updates.
4. Provide and Improve Services: Analyze usage patterns to optimize features and user experience.
5. Compliance: Send promotional materials about our services; you may opt out at any time.
6. Communication: Detect and prevent fraud, unauthorized access, and other misuse.

6. Legal Bases for Processing (PDPA)

Under Singapore’s Personal Data Protection Act (PDPA), we rely on the following grounds:

1. Contract Performance: Processing necessary to fulfill our contract with you.
2. Legal Obligation: Compliance with laws and regulations.
3. Legitimate Interest: Protecting our Services, ensuring platform security, improving user experience.
4. Consent: When you have expressly agreed to specific processing activities (e.g., marketing communications).

7. Disclosure and Sharing of Data

We may share your data with:

1. Group Entities: Affiliates in order to deliver Services.
2. Third-Party Providers: Identity verification partners, payment processors, IT and hosting services, analytics and email platforms—subject to confidentiality and security obligations.
3. Regulators and Law Enforcement: When required by law or regulation.
4. Acquirers: In connection with a merger, acquisition, or business transfer (we will notify you).
5. De-identified Aggregates: For research, analytics, or marketing, where individuals cannot be re-identified.

8. International Transfers

Your data may be stored and processed in Singapore or in jurisdictions where our service providers operate. We implement contractual safeguards (e.g., standard contractual clauses) to ensure adequate protection of your data when transferred across borders.

9. Data Security and Retention

1. Security Measures: We employ administrative, technical, and physical safeguards (e.g., encryption, access controls, secure hosting) to protect your data.
2. Data Retention: We retain personal data for as long as necessary to provide Services, comply with legal obligations, resolve disputes, and enforce agreements.
3. Data Deletion: Upon request and subject to legal or contractual restrictions, you may request erasure of your personal data.

10. Your Rights and Choices

You may exercise the following rights under PDPA by contacting us (Section 16):

1. Access & Correction: Obtain copies of your data or correct inaccuracies.
2. Withdrawal of Consent: For processing based on your consent (e.g., marketing).
3. Opt-Out: From direct marketing communications.
4. Data Portability: Receive your data in a structured, machine-readable format.
5. Deletion: Request removal of personal data, subject to legal or operational constraints.

We will respond to all legitimate requests within thirty (30) days.

11. Cookies and Tracking

We use cookies and similar technologies for authentication, security, analytics, and personalization. For details, see our Cookie Notice.

12. Children's Privacy

Our Services are not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe we have collected data of a minor, please contact us for deletion.

13. Changes to this Policy

We may update this Policy periodically. We will post the revised version on our Website with a new effective date. Continued use of our Services constitutes acceptance of the updated Policy.

14. Contact Information

---

End of Privacy Policy