# Privacy Policy
**Effective date:** 2026-02-27
This Privacy Policy explains how **Datalink Analytix, Inc.** ("Provider", "we", "us", or "our") collects, uses, stores, shares, and protects personal data when you register for or use our services (the "Service").
---
## 1. Data Controller / Contact
**Controller:** Datalink Analytix, Inc.
**Email:** [support@datalinkanalytix.com](mailto:support@datalinkanalytix.com)
---
## 2. Personal Data Collected
We may collect the following categories of personal data:
* **Account registration:** full name, email address, password (stored as a salted scrypt hash), source country, source currency.
* **Transaction data:** receiver full name, destination country, destination currency, send amount (USD equivalent), exchange rate, fees, destination amount, transfer purpose, transfer ID, status, timestamps.
* **Session data:** session cookies (server-side sessions using `APP_SESSION_SECRET`) and session-stored pending transfer details while in-process.
* **Technical data:** IP address, browser/user agent string, request timestamps, and server logs.
---
## 3. How We Use Your Data
We use personal data to:
* Provide and maintain the Service (account creation, authentication, quoting, transaction recording).
* Process transfer quotes and record confirmed transfers.
* Ensure security and prevent fraud (account protection, verification processes, and compliance checks where required).
* Communicate with users (e.g., transactional emails or notifications related to account activity).
---
## 4. Data Sharing and Third Parties
We may share data with trusted third parties as necessary to operate the Service:
* **Payment / FX / KYC Providers:** to facilitate transactions and comply with regulatory obligations.
* **Rate Providers:** to retrieve foreign exchange rates (e.g., external rate APIs).
* **Email / Notification Providers:** to send transactional communications (e.g., email providers).
* **Legal Authorities:** when required by law, regulation, or legal process.
We only share the minimum data necessary for these purposes.
---
## 5. Data Retention
We retain personal data only as long as necessary to provide the Service and comply with legal obligations.
* Account and transaction data may be retained for a minimum of **5 years** to comply with financial regulations, anti-money laundering (AML), and audit requirements.
* Session and technical data are retained for shorter periods as needed for security and operational purposes.
---
## 6. Security Measures
We implement appropriate technical and organizational safeguards, including:
* Passwords stored as salted hashes using `hashlib.scrypt`.
* Secure session management using `starlette` SessionMiddleware and `APP_SESSION_SECRET`.
* Use of HTTPS and secure infrastructure in production environments.
* Protection of secrets and credentials outside of source code.
---
## 7. SMS Communications and Consent
By providing your phone number within the Datalink Analytix application, you consent to receive SMS messages for authentication and account verification purposes.
* Messages include **one-time passcodes (OTP)** required to securely access your account.
* Messages are sent **only in response to user-initiated actions** such as login or verification requests.
* **No marketing or promotional messages are sent.**
* Message frequency varies based on user activity.
* Standard message and data rates may apply.
You may opt out of SMS communications by contacting support. However, opting out may prevent you from using certain authentication features of the Service.
---
## 8. Your Rights
Depending on your jurisdiction, you may have rights to:
* Access your personal data
* Correct inaccurate data
* Request deletion of your data
* Request data portability
To exercise these rights, please contact us at [support@datalinkanalytix.com](mailto:support@datalinkanalytix.com).
---
## 9. International Data Transfers
Your data may be processed or stored in countries outside your jurisdiction, including the United States and other locations where our service providers operate.
We implement appropriate safeguards as required by applicable law.
---
## 10. Children
The Service is not intended for individuals under the age of 13. We do not knowingly collect personal data from children.
---
## 11. Breach Notification
In the event of a data breach, we will notify affected users and relevant authorities as required by applicable law.
---
## 12. Legal Basis for Processing
We process personal data based on the following legal grounds:
* **Consent:** where users explicitly provide consent (e.g., SMS verification).
* **Contractual necessity:** to provide the Service and fulfill transactions.
* **Legal obligations:** to comply with financial and regulatory requirements.
* **Legitimate interests:** to improve security, prevent fraud, and maintain service functionality.
---
## 13. No Sale of Personal Data
Datalink Analytix, Inc. does **not sell, rent, or trade personal data** to third parties for marketing purposes.
---
## 14. Changes to this Policy
We may update this Privacy Policy from time to time. The updated version will be posted with a revised Effective Date.