Privacy policy

Account info (name, email, mobile, country), KYC documents (CNIC/passport, selfie, address proof), transactional data (deposits, token purchases, rental payouts, withdrawals), platform usage data (logins, IP addresses, device identifiers), and communications with our team.

To verify your identity, comply with AML obligations, process your transactions, deliver rental payouts, secure your account, prevent fraud, improve the product, and contact you about important changes.

Personal data is stored in secure, encrypted databases primarily located in the European Union (Supabase) with appropriate technical and contractual safeguards. KYC documents are stored in private object storage with signed-URL access only.

KYC and identity-verification providers, payment processors, regulators and law-enforcement where legally required, our independent auditors, and tax authorities (Federal Board of Revenue) for the issuance of tax statements. We never sell your data.

For the period required by Pakistani law (currently a minimum of 10 years for AML-relevant records) and longer where necessary to enforce our agreements, defend legal claims, or comply with regulatory requirements.

You can request access to, correction of, or deletion of your personal data (subject to legal retention obligations). You can withdraw marketing consent at any time. Contact privacy@reptostate.com to exercise these rights.

Encryption in transit (TLS) and at rest, role-based access controls, two-factor authentication for staff, immutable audit logs, regular penetration testing. No system is perfectly secure but we treat data protection as a first-order concern.

Material changes will be notified via email at least 14 days before they take effect. The current version is always available at this URL.