Privacy Policy
Your privacy is fundamental to how we build and operate BSystem. This policy explains what data we collect, why we collect it, and how we keep it safe.
Effective Date: January 1, 2026 · Last Updated: February 13, 2026
Table of Contents
1. Information We Collect
We collect information to provide, maintain, and improve our banking services. The types of information we collect include:
1.1 Information You Provide
- Account Registration: Full legal name, date of birth, email address, phone number, Social Security Number (SSN), Social Insurance Number (SIN), or National Insurance Number (NIN).
- Identity Verification: Government-issued photo ID, proof of address, biometric data (facial recognition for identity verification).
- Financial Information: Bank account details, income information, employment status, and source of funds declarations.
- Communications: Messages sent through our support channels, surveys, and feedback forms.
1.2 Information We Collect Automatically
- Transaction Data: Payment history, transfer records, card transactions, and account balances.
- Device Information: IP address, browser type, operating system, device identifiers, and mobile network information.
- Usage Data: Pages visited, features used, session duration, and interaction patterns.
- Location Data: Approximate location based on IP address, precise location if you grant permission for fraud prevention.
1.3 Information from Third Parties
- Credit Reference Agencies: Credit history and creditworthiness data (Equifax, Experian, TransUnion).
- Identity Verification Services: Results from KYC (Know Your Customer) checks.
- Regulatory Bodies: Sanctions screening and PEP (Politically Exposed Person) database checks.
2. How We Use Your Information
We process your personal data for the following purposes:
Service Delivery
Opening and managing accounts, processing transactions, issuing cards, and facilitating transfers.
Legal Compliance
Meeting regulatory obligations including AML/KYC requirements, tax reporting (FATCA, CRS), and sanctions screening.
Security & Fraud Prevention
Detecting unauthorised access, preventing fraudulent transactions, and monitoring suspicious activity patterns.
Product Improvement
Analysing usage patterns (in anonymised/aggregated form) to improve features, performance, and user experience.
3. Data Sharing & Disclosure
We do not sell your personal data. We may share your information only in the following circumstances:
- Service Providers: Third-party vendors who perform services on our behalf (payment processors, cloud infrastructure, identity verification), bound by contractual obligations to protect your data.
- Regulatory & Legal Obligations: When required by law, regulation, legal process, or governmental request, including responses to court orders and subpoenas.
- Financial Partners: Card networks (Visa, Mastercard), banking partners, and correspondent banks necessary to process your transactions.
- With Your Consent: When you explicitly authorise us to share your data with a third party, such as open banking connections.
- Business Transfers: In connection with any merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
4. Data Security
We implement industry-leading security measures to protect your data:
- AES-256 encryption for data at rest and TLS 1.3 for data in transit
- Multi-factor authentication (MFA) for all account access
- Regular penetration testing and vulnerability assessments
- SOC 2 Type II certified infrastructure
- 24/7 security monitoring and incident response
- Role-based access controls with principle of least privilege
5. Data Retention
We retain your data only as long as necessary for the purposes described in this policy, or as required by law:
| Data Type | Retention Period |
|---|---|
| Account Information | Duration of account + 7 years |
| Transaction Records | 7 years (regulatory requirement) |
| KYC/Identity Documents | 5 years after relationship ends |
| Support Communications | 3 years |
| Usage/Analytics Data | 26 months (anonymised thereafter) |
6. Your Rights & Choices
Depending on your jurisdiction, you may have the following rights:
US Residents (CCPA/State Laws)
Right to know, delete, correct, and opt-out of sale/sharing of personal information. Right to non-discrimination for exercising these rights.
UK Residents (UK GDPR)
Rights of access, rectification, erasure, restriction, portability, and objection. Right to withdraw consent and lodge a complaint with the ICO.
Canadian Residents (PIPEDA)
Right to access, correct, and challenge compliance. Right to withdraw consent (subject to legal/contractual restrictions).
To exercise any of these rights, contact our Data Protection Officer at privacy@bsystem.com.
7. International Data Transfers
As we operate across the US, UK, and Canada, your data may be transferred between jurisdictions. We ensure all international transfers are protected by:
- Standard Contractual Clauses (SCCs) approved by the UK ICO
- Data Processing Agreements with all third-party service providers
- Adequacy assessments for all receiving jurisdictions
- Compliance with the UK International Data Transfer Agreement (IDTA)
8. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information promptly.
9. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email or through a prominent notice on our platform at least 30 days before the changes take effect.
10. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
BSystem Technologies Ltd.
Data Protection Officer
Email: privacy@bsystem.com
Phone: +1 (800) 555-0199
UK Regulator: Information Commissioner's Office (ICO)
Canada Regulator: Office of the Privacy Commissioner of Canada (OPC)