GDPR Compliance

At Sipharmony, we take data protection seriously. We comply with the General Data Protection Regulation (GDPR) and ensure that your personal data is:

• Processed lawfully, fairly, and transparently
• Collected for specified, explicit, and legitimate purposes
• Limited to what is necessary
• Accurate and kept up to date
• Stored only as long as necessary
• Processed securely and protected against unauthorized access

We maintain a strict data retention policy that includes our "Purge the Dead" automated system. This monthly process automatically removes customer data when:

• The account has no active phone numbers
• The account balance is zero
• There are no pending transactions or obligations
• The account has been inactive for a specified period

When an account meets these criteria, we permanently delete all associated personal data, ensuring your right to be forgotten is automatically enforced.

Under GDPR, you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision making

We implement robust security measures including:

• End-to-end encryption for all communications
• Regular security audits and penetration testing
• Strict access controls and authentication
• Regular staff training on data protection
• Secure data centers with physical security
• Automated threat detection and prevention

We maintain detailed records of our data processing activities, including:

• Purpose of processing
• Categories of personal data collected
• Recipients of personal data
• Data retention periods
• Technical and organizational security measures