Privacy & Policy

Website: ico.rocafi.com · Effective date: 12 Aug 2025 · Last updated: 17 Oct 2025
Contents
  1. Introduction
  2. Scope & Definitions
  3. Data We Collect
  4. How We Use Data
  5. Data Retention
  6. Disclosure & Transfers
  7. Security
  8. Your Privacy Rights
  9. Cookies & Similar Technologies
  10. Children’s Privacy
  11. Automated Decision-Making
  12. Third-Party Links
  13. Changes to this Policy
  14. Contact

1) Introduction

This Privacy Policy explains how ico.rocafi.com (“we”, “us”, “our”, or the “Site”) collects, uses, shares, and protects personal data. It also describes the rights and choices available to individuals regarding their personal information.

We aim to comply with applicable data protection laws where relevant. This Policy should be read together with our Terms of Use and any in-product notices.

2) Scope & Definitions

This Policy applies to personal data processed through ico.rocafi.com and related sub-pages, forms, and dashboards.

Key terms

  • Personal data: information that identifies or can be reasonably linked to an individual.
  • Controller: the entity that determines purposes and means of processing personal data.
  • Processor: a third party that processes personal data on behalf of the Controller.
  • Special category data: sensitive data (e.g., government IDs, biometrics), subject to enhanced safeguards.

3) Data We Collect

3.1 Information you provide

  • Identification & contact details (full name, email, phone, postal address).
  • Account credentials (username, password—stored hashed).
  • KYC/AML information (ID, liveness checks, proof of address) where required by law or policy.
  • Support communications and feedback (tickets, emails, messages, attachments).
  • Preferences (marketing opt-ins/opt-outs, language, communication settings).

3.2 Information collected automatically

  • Usage and device data (IP, user-agent, device/OS, timestamps, pages viewed, referrers).
  • Diagnostic logs and security signals (error logs, request fingerprints, abuse indicators).
  • Cookies and similar technologies (see Cookies).

3.3 Information from third parties

  • Identity verification and sanctions/PEP screening providers.
  • Payment and blockchain analytics providers (fraud monitoring).
  • Marketing/analytics platforms (aggregated performance and attribution reports).

4) How We Use Data

Purpose Examples of Data
Provide and operate the Site and services (account creation, dashboards)Identity data, credentials, usage logs
KYC/AML, sanctions screening, fraud prevention and securityKYC docs, screening results, device/IP, logs
Customer support and service communicationsContact details, ticket contents
Improvement, analytics, and product R&DAggregated usage data, telemetry
Marketing communications (optional)Email, preferences
Legal compliance and enforcementAny data necessary to comply with law or defend claims

5) Data Retention

We retain personal data only as long as necessary for the purposes described above, or as required by law. Typical periods (subject to change per legal requirements):

  • Account records: for the life of the account + up to 5 years after closure.
  • KYC/AML documentation: up to 7–10 years from last transaction or as required by financial regulations.
  • Logs and security records: 6–24 months (aggregated/anonymous data may be kept longer).
  • Marketing preferences: until you withdraw consent or object.

When retention ends, we delete or irreversibly anonymize data.

6) Disclosure & International Transfers

6.1 Who we share with

  • Processors: hosting, cloud infrastructure, analytics, email delivery, KYC/AML vendors.
  • Professional advisors: auditors, legal counsel, compliance partners.
  • Authorities: law enforcement or regulators where legally required.
  • Corporate transactions: merger, acquisition, or asset sale (with safeguards).

6.2 International transfers

Where data is transferred outside your jurisdiction, we rely on appropriate safeguards (e.g., standard contractual clauses, adequacy decisions, contractual protections) and implement technical/organizational measures to protect your data.

7) Security

We implement reasonable technical and organizational measures to protect personal data, including:

  • TLS encryption in transit; encryption and access controls at rest (where relevant).
  • Least-privilege, role-based access, and MFA for staff and admin systems.
  • Network/app firewalls, DDoS and bot-mitigation layers.
  • Logging, monitoring, vulnerability management, and periodic assessments.

No method is 100% secure; we cannot guarantee absolute security, but we continuously improve our controls.

8) Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access to your personal data and processing information.
  • Rectification of inaccurate or incomplete data.
  • Erasure in certain circumstances.
  • Restriction of processing in certain circumstances.
  • Portability of data you provided in a structured, commonly used format.
  • Objection to processing based on legitimate interests and to direct marketing.
  • Withdraw consent where processing relies on consent (does not affect prior lawful processing).

To exercise your rights, contact us at [email protected]. We may need to verify your identity before responding.

8.1 Complaints

You can lodge a complaint with your local data protection authority. We encourage you to contact us first so we can address your concerns.

9) Cookies & Similar Technologies

We use cookies, web beacons, and similar technologies to provide essential functionality, remember preferences, perform analytics, and (where applicable) support marketing.

Category Purpose Examples Retention
Strictly Necessary Authentication, security, load balancing Session ID, CSRF token Session
Preferences Remember language and theme settings Locale, UI state Up to 12 months
Analytics Measure usage and performance Page views, events (aggregated) 6–24 months
Marketing (optional) Personalize or measure campaigns Attribution IDs Up to 24 months

You can manage preferences via your browser settings and (where provided) our in-site consent banner. Blocking some cookies may impact functionality.

10) Children’s Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us to request deletion.

11) Automated Decision-Making

We may use automated checks (e.g., fraud signals, sanctions screening) to protect users and comply with legal obligations. These do not produce legal or similarly significant effects without human review. You can request human intervention or challenge a decision by contacting us.

12) Third-Party Links & Services

The Site may link to third-party websites or services. Their privacy practices are governed by their own policies. We are not responsible for third-party content or practices.

13) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you by posting an updated Policy on this page and adjusting the “Effective date” above, and/or via in-product notice or email.

14) Contact

Questions or requests about this Policy or your personal data?

Email: [email protected]
Website: ico.rocafi.com

For faster handling, include “Privacy Request” in the subject and describe the right you wish to exercise (e.g., access, deletion). We aim to respond within statutory deadlines.

© Rocafi. All rights reserved. — This document is provided for transparency and does not constitute legal advice.
© 2025 Roca Finance. All Right Reserved.