Privacy Policy

Bseech ("Company," "we," "us," "our") respects your privacy. This Privacy Policy describes our practices regarding the collection, use, storage, sharing, and protection of your personal information when you use our platform, website, and services (collectively, the "Platform").

IMPORTANT: By creating an account, you acknowledge that we are legally required to collect, process, and retain certain sensitive personal information, including government-issued ID documents, Social Security Numbers (SSNs), and Individual Taxpayer Identification Numbers (ITINs), to comply with anti-money laundering (AML), counter-terrorism financing (CTF), and Internal Revenue Service (IRS) regulations. This Policy is incorporated into our Terms of Service.

We collect the following categories of personal information, including sensitive personal information as defined under applicable privacy laws (e.g., CCPA, GDPR):

A. Identity Verification Information (Legal Requirement)

• Government IDs: Passport, driver's license, national ID card, or state-issued identification (including photo, signature, document number, expiration date).
• Tax Identification Numbers: Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN) for IRS reporting under IRC §6050W and §3406.
• Business Information: Employer Identification Number (EIN), articles of incorporation, beneficial ownership details, and business address.
• Biometric Data: Facial recognition scans or liveness detection images collected solely for identity verification purposes (retained only as required by law).
• Proof of Address: Utility bills, bank statements, or lease agreements.

B. Account & Transaction Information

• Full name, date of birth, email address, phone number, and physical address.
• Payment instrument details (bank account numbers, routing numbers, payment card information) – tokenized and stored via PCI-compliant processors.
• Transaction history, including amounts, counterparties, dates, IP addresses, and device fingerprints.
• Communications with customer support (including recorded calls and chat logs).

C. Technical & Usage Data

• IP address, browser type, operating system, device identifiers, and geolocation data (approximate).
• Cookies, web beacons, and similar tracking technologies (see Section 9).
• Platform activity logs (pages visited, features used, search queries).

We process your personal information only for legitimate business purposes and as required by law, relying on the following legal bases:

• Legal Obligation (AML/KYC/IRS): To verify your identity, screen against OFAC sanctions lists, detect suspicious transactions, and file reports with FinCEN and the IRS (including Forms 1099-K and SARs).
• Performance of Contract: To facilitate transactions, process payments, resolve disputes, and provide customer support.
• Legitimate Interests: To prevent fraud, enhance platform security, improve our services, and enforce our Terms of Service.
• Consent: For optional marketing communications or cookies (where required).

We do NOT use sensitive personal information (SSN, biometric data, ID images) for automated decision-making unrelated to identity verification or fraud prevention.

We share your personal information only in the following circumstances:

• Government & Regulatory Authorities: We share identity and transaction data with:
  • Internal Revenue Service (IRS) – tax reporting (Forms 1099-K, 1099-MISC, 1099-NEC).
  • Financial Crimes Enforcement Network (FinCEN) – Suspicious Activity Reports (SARs).
  • Office of Foreign Assets Control (OFAC) – sanctions screening.
  • Law enforcement agencies pursuant to subpoena, court order, or warrant.
• Identity Verification Service Providers: We share ID documents and biometric data with third-party KYC/AML vendors (e.g., Persona, Sumsub, Onfido) solely for verification purposes. These vendors are contractually prohibited from using your data for any other purpose.
• Financial Partners: Bank account information is shared with payment processors (Stripe, PayPal, etc.) and escrow agents to complete transactions.
• Professional Advisors: Attorneys, auditors, and accountants as necessary for legal compliance.
• Business Transfers: In the event of merger, acquisition, or bankruptcy, your data may be transferred to a successor entity.

We do NOT sell your personal information (including SSN/ITIN, ID documents, or biometric data) to any third party. We do not share your data for cross-context behavioral advertising.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Policy, and as required by law:

• Identity Verification Records (KYC/AML): Five (5) years after account closure, as mandated by 31 CFR § 1010.410 (Bank Secrecy Act).
• Transaction Records: Seven (7) years for tax reporting compliance (IRS guidelines).
• Active Account Data: Duration of your account activity.
• Biometric Data (liveness checks): Deleted immediately after verification unless required for fraud investigation (max 30 days).

After retention periods expire, your data is securely deleted or anonymized. You may request deletion earlier, but legal obligations may prevent complete deletion until the statutory period ends.

We implement industry-standard security measures to protect your data, including:

• Encryption: AES-256 at rest and TLS 1.3 in transit.
• Access Controls: Role-based access, multi-factor authentication (MFA), and least-privilege principles.
• Audit Logs: All access to sensitive data is logged and monitored.
• Third-Party Certifications: SOC 2 Type II compliance for our data processors.

However, no method of transmission over the Internet is 100% secure. In the event of a data breach, we will notify affected users and regulators as required by applicable law (e.g., 72 hours under GDPR, without unreasonable delay under CCPA/state laws).

Depending on your jurisdiction (e.g., California, EU, UK, Canada, Australia), you may have the following rights:

• Right to Know/Access: Request a copy of the personal information we hold about you, including categories, sources, and purposes.
• Right to Deletion: Request deletion of your personal information, subject to legal retention exceptions (e.g., AML/IRS obligations).
• Right to Correct: Request correction of inaccurate information.
• Right to Opt-Out of Sale/Sharing: We do not sell data. To opt out of cross-context behavioral advertising (where applicable), use our "Do Not Share My Info" link or enable GPC (Global Privacy Control).
• Right to Portability: Receive your data in a structured, machine-readable format.
• Right to Withdraw Consent: For processing based solely on consent (e.g., marketing).
• Right to Non-Discrimination: We will not deny services, charge different prices, or provide a different level of service for exercising your privacy rights.

To exercise your rights, submit a verifiable request via email to privacy@bseech.com or through your account dashboard. We will respond within 30 days (GDPR) or 45 days (CCPA). Identity verification is required to prevent fraud.

You may designate an authorized agent to submit privacy requests on your behalf. The agent must provide your signed written permission and verify their own identity.

If we deny your request (in whole or in part), you may appeal by contacting privacy-appeals@bseech.com within 30 days. We will respond within 60 days with the outcome of the appeal.

We use essential, functional, and analytics cookies to operate the Platform, remember preferences, and improve performance. Non-essential cookies (marketing) require your consent.

You may manage cookie preferences via our Cookie Consent Manager or browser settings. Disabling essential cookies will prevent Platform functionality. For detailed information, see our Cookie Policy.

Our Platform is strictly for users aged 18 years or older. We do not knowingly collect personal information from children under 18. If we discover that we have inadvertently collected data from a minor, we will delete it immediately.

If you are a parent/guardian and believe your child has provided us with personal information, contact us at privacy@bseech.com.

Bseech operates from the United States. If you access our Platform from outside the US, your data will be transferred to and processed in the US.

For users in the European Economic Area (EEA), we rely on the following transfer mechanisms: (a) Standard Contractual Clauses (SCCs) approved by the European Commission, and (b) the EU-US Data Privacy Framework (if certified). You may request a copy of the SCCs by contacting privacy@bseech.com.

We may update this Policy from time to time. Material changes (e.g., new data sharing practices, changes to sensitive data use) will be communicated via email or prominent platform notice at least 30 days in advance.

The "Last Amended" date at the top of this Policy indicates when changes were made. Your continued use of the Platform after changes become effective constitutes acceptance of the revised Policy.

For privacy inquiries, data subject requests, or to contact our Data Protection Officer:

• Privacy Requests: privacy@bseech.com
• Data Protection Officer: dpo@bseech.com

If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France, or California Attorney General).