Global Privacy Policy & Data Governance Statement

Effective Date: 25.02.2026

Document Classification: Public / Legal

Preamble

Our company (“Company,” “we,” “our,” or “us”) is committed to maintaining the highest standards of data privacy and security. This Global Privacy Policy & Data Governance Statement (“Policy”) details our rigorous protocols regarding the collection, processing, storage, and protection of your personal and financial data when you access and utilize the MixFind platform (the “Portal”).

By utilizing the Portal to initiate a transaction inquiry or statement clarification, you acknowledge and consent to the data practices outlined in this Policy.

1.0 Data Classification and Collection

To facilitate accurate transaction routing and statement reconciliation, we must collect specific data points. We operate on the principle of data minimization, collecting only the information strictly necessary to execute your inquiry.

1.1 Information You Provide Directly:

• Financial Inquiry Data: To locate a specific charge, we may collect partial financial identifiers, such as the exact transaction amount, the settlement date, and truncated payment card information (e.g., the first six or last four digits of a primary account number). Note: We do not request, process, or store full, unmasked credit card numbers or CVV codes through this Portal.
• Contact Information: Email addresses, phone numbers, or names provided for the purpose of receiving inquiry updates, resolutions, or customer support communications.

1.2 Automated Telemetry and Technical Data:

• System Data: IP addresses, browser types, operating systems, and device identifiers collected to ensure system integrity, prevent fraudulent access, and maintain the operational security of the Portal.
• Usage Logs: Time-stamped logs of your interactions with the Portal, utilized strictly for auditing, security monitoring, and performance optimization.

2.0 Purpose of Data Processing

We process your data strictly for legitimate, operational, and legally permissible purposes, including:

• Transaction Reconciliation: To communicate information about your request to our partners. 
• Customer Support: To communicate findings, provide transaction receipts, or assist with dispute resolution.
• Security and Fraud Prevention: To authenticate users, detect anomalous or malicious activity, and protect the financial ecosystem from unauthorized reconnaissance.
• Regulatory Compliance: To comply with applicable financial regulations, anti-money laundering (AML) laws, and legal mandates.

3.0 Information Sharing and Third-Party Disclosure

We do not sell, rent, or monetize your personal or financial data. We only share your data under the following strictly controlled circumstances:

• Authorized Billing Partners: We may securely transmit your inquiry data to the specific merchant, payment gateway, or acquiring bank associated with the charge in question solely to facilitate the reconciliation process.
• Service Providers: We may engage vetted, compliant third-party infrastructure providers (e.g., secure cloud hosting, encrypted communication platforms) who process data under strict confidentiality agreements.
• Legal and Regulatory Authorities: We will disclose information if legally compelled to do so by a subpoena, court order, or formal request from a recognized regulatory or law enforcement agency.

4.0 Data Security and Cryptographic Protocols

Protecting your financial inquiries is our paramount operational priority. We implement a defense-in-depth strategy encompassing administrative, technical, and physical safeguards:

• Encryption: All data transmitted between your device and the Portal is secured using industry-standard Transport Layer Security (TLS/SSL) cryptographic protocols. Data at rest is protected utilizing advanced encryption standards (AES).
• Access Controls: Internal access to user inquiry data is heavily restricted, logged, and granted only to authorized personnel utilizing multi-factor authentication (MFA) on a strict principle of least privilege.
• Compliance Frameworks: Our data handling procedures are designed to align with the principles of the Payment Card Industry Data Security Standard (PCI-DSS) regarding the handling of truncated payment data.

5.0 Data Retention Policies

We retain your personal and inquiry data only for the duration necessary to fulfill the purposes outlined in this Policy, resolve your inquiry, or as mandated by applicable financial record-keeping regulations and tax laws. Once the statutory retention period expires, your data is securely and permanently purged or irreversibly anonymized.

6.0 User Rights and Data Control

Depending on your governing jurisdiction, you may possess specific rights regarding your personal data, which may include:

• The Right to Access: Requesting a formal record of the personal data we hold about you.
• The Right to Rectification: Requesting the correction of inaccurate or incomplete data.
• The Right to Erasure (“Right to be Forgotten”): Requesting the deletion of your personal data, subject to our overriding legal or financial compliance obligations.
• The Right to Restrict Processing: Requesting a temporary halt to the processing of your data under specific conditions.

To exercise these rights, please submit a formal, authenticated request to our Data Protection Officer using the contact information provided in Section 8.0.

7.0 Modifications to this Policy

We reserve the right to amend this Global Privacy Policy periodically to reflect changes in global privacy legislation, technological advancements, or corporate structuring. Material updates will be communicated via a prominent notice on the Portal, and the “Effective Date” will be explicitly updated.

8.0 Corporate Contact and Data Protection Officer (DPO)

If you have inquiries, formal disputes, or require clarification regarding our data governance practices, please direct all correspondence to our dedicated privacy and compliance team: info@mixfind.com