A balance-buddy.com company

Privacy Policy

TI Digital Ltd · Version dated 4 January 2026

1. General provisions

1.1. This Privacy Policy (the "Policy") defines how we collect, use, store, transfer, and protect personal data of users ("User", "you") when using our services ("Services") through our website and other access interfaces ("Access Interfaces"), including balance-buddy.com and related sites.

1.2. The data controller is TI Digital Ltd ("we", "us"), unless stated otherwise.

1.3. This Policy forms part of our Terms and applies together with them.

1.4. For users in the European Economic Area (EEA) or the United Kingdom, processing is carried out in accordance with Regulation (EU) 2016/679 (GDPR) and UK GDPR.

2. Legal grounds for processing

We process personal data on the following grounds:

  • (a) performance of a contract — provision of the Services;
  • (b) compliance with legal obligations (e.g. AML/CTF, sanctions, payment system requirements);
  • (c) legitimate interests (security, fraud prevention, risk management, improvement of Services);
  • (d) your consent where required (e.g. marketing).

3. Categories of data processed

Depending on the Services used, we may process, to the extent necessary and proportionate:

  • identification data (full name, date of birth, citizenship);
  • contact data (email address, phone number);
  • identity document data;
  • data required for KYC / AML / sanctions checks;
  • facial image and, where applicable, biometric data used for identity verification and liveness checks;
  • information on source of funds and transactional activity;
  • technical data (IP address, device data, logs);
  • data on the use of the Services and Access Interfaces.

Such data are processed solely for the purposes in Section 4 and are not used beyond what is necessary. Where required by applicable law, cookies and similar technologies are used with your consent.

4. Purposes of processing

Personal data are processed for the following purposes:

  • registration, onboarding, and account maintenance;
  • identity verification and KYC/AML checks (including via third-party verification providers);
  • provision of the Services;
  • compliance with AML/CTF, sanctions, and regulatory requirements;
  • fraud prevention and risk management;
  • customer support;
  • fulfillment of obligations to payment and card partners;
  • improvement and development of the Services;
  • service-related notifications;
  • marketing only where consent is given, if required by law.

5. Transfer to third parties

We may transfer your personal data to: (a) companies within our group (where applicable and for the same or compatible purposes); (b) card issuers and payment partners; (c) custodial and IT service providers; (d) identity verification and KYC/AML service providers (including antifraud); and (e) governmental and regulatory authorities where lawful grounds exist. Transfers are carried out only to the extent necessary for the relevant purpose and subject to contractual or binding confidentiality obligations.

Identity verification. We use third-party identity verification and KYC providers (such as Sumsub) to verify your identity and to comply with AML/KYC and sanctions requirements. These providers process personal data (including identity documents and facial images) on our behalf as data processors. For information on how our identity verification provider processes your data, see Sumsub’s Privacy Notice (service delivery): https://sumsub.com/privacy-notice-service/.

Transfer of data to third parties for marketing purposes is permitted only with your separate consent where required by applicable law. Certain third parties (e.g. card issuers, payment schemes) may process personal data as independent data controllers in accordance with their own privacy policies.

6. Cross-border transfers

Data may be transferred and processed outside your country, including outside the EEA. We ensure appropriate safeguards (e.g. Standard Contractual Clauses or adequacy decisions) in line with applicable law, including GDPR Chapter V.

7. Your rights

Where applicable (e.g. GDPR Articles 15–22 for EEA/UK users), you may: access your data; request correction or update; request deletion (unless retention is required); restrict or object to processing; request data portability; withdraw consent; and lodge a complaint with a supervisory authority. Send requests via our contact channels; we respond within 30 days.

8. Retention and security

We retain data only as long as necessary or as required by law. Under AML/CTF rules, some data (e.g. identity and transaction records) may be kept for 5–10 years after the relationship ends. We use reasonable technical and organisational measures to protect data against loss, unauthorised access, alteration, or disclosure.

9. Automated decision-making

We may use automated systems (e.g. risk and fraud tools). This can lead to temporary restrictions or extra checks. You may request human review where applicable (e.g. under GDPR Article 22) via support.

10. Marketing and cookies

Service and operational notifications are part of providing the Services. Marketing is sent only where permitted by law and, if required, with your consent; you can opt out anytime. We use only strictly necessary cookies unless we obtain further consent; no marketing or tracking cookies without explicit consent. You can manage cookies in your browser or device settings.

11. Changes and contact

We may update this Policy. The current version is available on the Access Interfaces. Continued use constitutes acceptance of the updated version. For data protection questions, contact us at contact@balance-buddy.com or through the Access Interfaces.