Privacy Policy

Last updated: April 2026

Effective date: April 2026

1. General

1.1. This policy describes what data [FBM] CARDS (the "Service") collects, how it is used, who it is shared with, and how it is protected.

1.2. By using the Service, you agree to the terms of this policy.

2. Data We Collect

Registration data

  • name, email, Telegram contact, team name, role;
  • promo code (referral source).

Verification data

  • documents requested by payment providers as part of KYC procedures (when required).

Transaction data

  • card transaction history: amounts, dates, MCC codes, statuses;
  • top-up history: amounts, wallet addresses, transaction hashes.

Technical data

  • IP address, browser type, operating system;
  • login and activity logs within the dashboard;
  • 2FA authentication data.

3. How We Use Data

  • Service delivery — card issuance, transaction processing, balance crediting.
  • Security — anti-fraud monitoring, decline rate control, prevention of unauthorized access.
  • Communication — account status notifications, terms updates, support.
  • Service improvement — usage analytics for product development.
  • Legal compliance — AML/KYC requirements.

We do not sell user data to third parties and do not share it with advertisers.

4. Who We Share Data With

  • Payment providers — to the extent necessary for card issuance and transaction processing.
  • Card networks (Visa, Mastercard) — as part of transaction processing.
  • Regulators and law enforcement — only upon lawful request.

There are no other data recipients.

5. How We Protect Data

  • Encryption of data in transit and at rest.
  • Two-factor authentication for account access.
  • Restricted access: only the minimum necessary personnel have access to user data.
  • Full activity logging within the system.

6. Data Retention

  • Account data — for the duration of the account and 3 years after closure.
  • Transaction data — 5 years from the date of the transaction.
  • Login logs — 1 year.

Retention periods are determined by AML legislation requirements.

7. Your Rights

You may:

  • request a copy of your data stored by the Service;
  • request correction of inaccurate data;
  • request deletion of data (subject to AML retention requirements — we cannot delete transaction data before the retention period expires);
  • opt out of marketing communications.

To exercise your rights, contact your account manager.

8. Cookies

The Service uses a minimal set of cookies:

  • Session cookies — to maintain authorization.
  • Analytics cookies — for usage analysis.

No advertising cookies or third-party trackers are used.

9. Policy Updates

The Service may update this policy. Users will be notified of material changes via email or the dashboard.

10. Contact

For data-related inquiries: Telegram