Privacy Policy

Sendico takes the protection of personal data seriously. This Privacy Policy describes how we collect, use, store and protect your personal information when you use our platform. By using the Sendico platform, you consent to the collection and use of information in accordance with this Policy. If you do not agree with this Privacy Policy, please do not use our services.

We collect the following categories of personal data: Registration data: - First name, last name - Email address - Phone number - Company information (for legal entities) - Position and authorization data Verification data (KYC): - Passport or other identity documents - Proof of address - TIN and other tax information - Beneficial ownership data (for legal entities) - Photos and video for identity verification Financial data: - Bank account and card details - Transaction history - Information about payment sources - Credit and risk information Technical data: - IP address and device location - Browser type and operating system - Cookies and similar technologies - Platform activity logs - Session information Communication data: - Correspondence with support - Feedback and reviews - Survey and questionnaire responses

We use your personal data for the following purposes: Service delivery: - Account creation and management - Payment transaction processing and execution - Technical support provision - Fulfillment of our contractual obligations Compliance: - Identity verification (KYC) - Anti-money laundering (AML) - Tax law compliance - Regulatory compliance Platform improvement: - Service usage analysis - Development of new features - User experience optimization - Bug fixing and performance enhancement Communication: - Transaction notifications - Service change information - Marketing communications (with your consent) - Responses to your inquiries Security: - Fraud prevention - Detection of suspicious activity - Protection from unauthorized access - Transaction security

We process your personal data on the basis of the following legal grounds: Consent: You provide explicit consent to process certain categories of data, for example, for marketing communications. Contract performance: Processing is necessary to perform the contract between you and Sendico, including the provision of our services. Legal obligations: Processing is necessary to comply with legal obligations, including AML/KYC requirements, tax legislation and regulatory requirements. Legitimate interests: Processing is necessary to protect our legitimate interests, such as fraud prevention, platform security and service improvement.

We may share your data with the following categories of recipients: Service providers: - Payment systems and processors - Cloud service providers - Analytics and monitoring services - KYC verification service providers - Technical support services All our service providers are required to comply with strict confidentiality requirements and may only use your data to provide services to us. Regulatory authorities: We may disclose information to government authorities as required by law, including: - Law enforcement agencies - Tax authorities - Financial regulators - Courts Business partners: With your consent, we may share data with our business partners to provide integrated services. Reorganization transfers: In the event of a merger, acquisition or sale of the business, your data may be transferred to the new owner.

We apply modern technologies and organizational measures to protect your personal data: Technical measures: - Data encryption in transit (SSL/TLS) - Data encryption at rest - Firewalls and intrusion detection systems - Regular software updates - DDoS protection Organizational measures: - Access control based on minimum necessary rights principle - Staff training on data security issues - Confidentiality agreements with employees - Regular security audits - Incident response plan Physical measures: - Secure data processing centers - Restricted physical server access - Video surveillance systems - Data backup

We retain your personal data only for the period necessary to achieve the purposes for which it was collected, or in accordance with legal requirements. Retention periods: - Financial data and documents: minimum 5 years after the last transaction (legal requirement) - KYC/AML data: minimum 5 years after termination of business relationship - Marketing data: until consent withdrawal or 3 years from last interaction - Technical logs: 12 months - Inactive account data: 3 years from last activity After the retention period expires, data is securely deleted or anonymized.

In accordance with applicable data protection legislation, you have the following rights: Right of access: You can request a copy of your personal data that we process. Right to rectification: You can request correction of inaccurate or incomplete personal data. Right to erasure: You can request deletion of your personal data in certain cases. Right to restrict processing: You can request restriction of processing of your data under certain circumstances. Right to data portability: You can request to receive your data in a structured, machine-readable format. Right to object: You can object to processing based on our legitimate interests. Right to withdraw consent: You can withdraw your consent to data processing at any time. To exercise these rights, contact us at privacy@sendico.com. We will respond to your request within 30 days.

We use cookies and similar technologies to improve platform operation. Cookies are small text files stored on your device. Types of cookies: - Necessary cookies: provide basic platform functionality - Functional cookies: remember your preferences - Analytical cookies: help us understand how you use the platform - Marketing cookies: used to personalize advertising You can manage cookies through your browser settings. Detailed information is provided in our Cookies Policy.

Our platform is not intended for persons under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have accidentally received personal data from a person under 18 years of age, we will take steps to delete this data as soon as possible. If you believe we may have information about a child under 18 years of age, please contact us at privacy@sendico.com.

Your data may be processed in countries outside the Russian Federation, including countries that may not provide the same level of data protection. When transferring data internationally, we ensure appropriate safeguards: - EU Standard Contractual Clauses - Data transfer agreements - Verification of adequacy of protection in the recipient country - Additional technical and organizational measures We only work with service providers who guarantee adequate personal data protection.

We may periodically update this Privacy Policy to reflect changes in our practices or applicable legislation. We will notify you of material changes: - By email - Through platform notification - By posting an updated version on our website The date of last update is indicated at the beginning of the document. We recommend periodically reviewing this Policy for changes. Continued use of the platform after changes are made means your agreement with the updated Privacy Policy.

For questions related to personal data protection, contact: Data Protection Officer Email: privacy@sendico.com Address: Moscow, Russian Federation Phone: +7 (495) XXX-XX-XX You also have the right to lodge a complaint with the data protection supervisory authority if you believe that the processing of your personal data violates applicable legislation. We strive to respond to all requests within 30 days.