Security
Privacy & Data Protection
Enterprise-grade security and PDPO compliance built into every layer of our platform.
Privacy Policy & Terms
We collect authentication images (sneaker photos), business contact details, authentication metadata, usage patterns, and analytics data. All data collection follows PDPO compliance standards with explicit user consent.
Your data is used exclusively for authentication processing, service improvement through AI model training (on anonymized data), analytics and reporting, and communication regarding your account and services. We never sell or share your data with third parties without explicit consent.
Authentication images are retained for 30 days post-authentication for dispute resolution, then deleted. Business data is retained for the duration of your partnership plus 12 months. You can request data deletion at any time via our contact form, subject to legal retention requirements.
We do not share personal data with third parties except as required by law or with your explicit consent. Our infrastructure partners (AWS) operate under data processing agreements that ensure your data remains protected and compliant with PDPO.
You have the right to access your personal data, correct inaccuracies, request deletion, opt-out of marketing communications, and request data portability. You also have the right to lodge a complaint with the Hong Kong Privacy Commissioner if you believe your rights have been violated.
To exercise any of your data rights, submit a formal request via our contact form. We will respond to all data enquiries within 30 days and provide you with the information or action you request. For urgent matters, please contact us directly.
Need more information? Have specific questions about our privacy practices? Contact us and we'll be happy to help.
Data Inventory & Security
Complete transparency on how we store and protect your data.
| Data Type | Storage Location | Access Level |
|---|---|---|
| Authentication Images | AWS S3 (Singapore Region) | Internal AI System Only |
| Business Contact Details | Encrypted CRM (Salesforce) | Sales Team Only |
| Authentication Hash/Keys | AWS RDS (AES-256 Encrypted) | System + Authorized Partners Only |
| Usage & Analytics Data | AWS CloudWatch | Internal Team Only |
Encryption Standards
All sensitive data is encrypted using AES-256, the same standard used by government and military institutions. Authentication hashes are generated using cryptographic algorithms that prevent reverse-engineering.
Encryption keys are stored separately from encrypted data and rotated regularly per security best practices.
Data Protection
All data in transit is protected by TLS 1.3 encryption. We implement role-based access control (RBAC) ensuring only authorized personnel access specific data. Regular security audits and penetration testing ensure continuous protection.
We maintain PDPO compliance and are regularly audited by third-party security firms.
Security Measures
PDPO Compliance
Full compliance with Hong Kong Personal Data Protection Ordinance, including data subject rights and lawful basis for processing.
Zero-Knowledge Design
Our system processes authentication data without storing raw images longer than necessary, implementing zero-knowledge proofs where applicable.
Regular Audits
Third-party security audits and penetration testing conducted quarterly to identify and remediate vulnerabilities.
Incident Response
24/7 monitoring and incident response team, with transparent notification protocols in case of any security events.
Security You Can Trust
Your data is your business. We treat it with the security it deserves.
Request Security Documentation