Last updated: March 28, 2025
FIRA AML platform.ai ("FIRA AML platform," "we," "us" or "our") is committed to protecting your privacy and ensuring the security of personal information. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our website and services globally. It is designed to comply with key data protection laws, including the EU's General Data Protection Regulation (GDPR), the Australian Privacy Act 1988 (including the Australian Privacy Principles), Nepal's privacy laws (such as the Privacy Act 2018), and other applicable regulations in the regions where we operate. By using the FIRA AML platform website or services, you agree to the terms of this Privacy Policy.
This Privacy Policy applies to all users of the FIRA AML platform.ai website, our SaaS (Software-as-a-Service) platform, and any related services offered by FIRA AML platform worldwide. We operate globally and commit to complying with all relevant data protection laws in every jurisdiction where we do business, now and in the future.
FIRA AML platform will adhere to the strictest requirements of applicable privacy frameworks, including the GDPR for European users, the Australian Privacy Principles (APPs) for Australian users, Nepal's privacy laws for Nepalese users, and comparable laws elsewhere. If local law imposes a higher standard of protection than this Policy, we will meet that higher standard for data collected in that jurisdiction.
FIRA AML platform offers both cloud-based SaaS solutions and on-premise software deployments:
Please note that this Privacy Policy covers personal data handled by FIRA AML platform in connection with our website and services. It does not cover any third-party services or applications that customers use in conjunction with FIRA AML platform, or any data handling that customers perform on their own systems. Customers who deploy our on-premise solution are expected to maintain their own privacy and security practices in compliance with applicable laws.
FIRA AML platform collects and processes personal information for the purposes outlined in this Policy. The way we handle data depends on the context in which it is provided:
When our customers (e.g. financial institutions) use FIRA AML platform's platform to process data about their own clients or individuals for anti-money laundering (AML) and compliance purposes, FIRA AML platform acts as a data processor. This means:
We do not store our customers' end-user data beyond what is necessary to perform our services or as instructed by the customer. Typically, any personal data about our customers' clients is processed transiently and not persistently stored by FIRA AML platform, unless the customer has contractually agreed that we will host or log such data for them. If we do retain any data for troubleshooting or debugging (only upon the customer's request and consent), it is handled confidentially and deleted as soon as the support issue is resolved.
FIRA AML platform also collects personal information directly from individuals who interact with our website or communicate with us. In this context, FIRA AML platform acts as the data controller because we determine how this information is used. This includes:
When you fill out forms on our site (such as "Request a Demo" or contact forms), download content, or sign up for newsletters, we may collect details like your name, job title, company name, email address, phone number, and any information you choose to provide. We use this information to respond to your requests, provide you with information about our services, and follow up on potential business opportunities.
If you use our live chat feature or communicate with us via email or other channels, we will collect the information you provide during the conversation (which may include contact details and other personal information). For example, our website's chat and customer engagement tool (such as Zoho SalesIQ) may capture your name, email, and the content of your messages. We use these communications to assist you, answer your questions, and improve our customer service.
Like many websites, we use cookies and similar tracking technologies to collect certain technical information automatically when you visit FIRA AML platform.ai. This may include:
We may receive personal data about prospects or business contacts from third-party sources. For instance, we might obtain your business contact details from professional networking platforms like LinkedIn (e.g. via LinkedIn Sales Navigator) or from marketing partners, or if your employer designates you as a contact person for using our services. We treat any such acquired information in accordance with this Policy and applicable laws.
We use the personal data we collect for purposes including:
We will only use your personal information in a manner consistent with the purpose for which it was collected, or for closely related purposes you would reasonably expect or that are otherwise authorized by law. If we need to use your personal data for an unrelated new purpose, to the extent required by law we will notify you and obtain your consent.
To provide our SaaS services and operate our website, FIRA AML platform relies on reputable cloud infrastructure providers such as Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform. Personal data may be stored and processed on cloud servers managed by these providers. We choose providers that offer strong security and privacy guarantees, and we remain responsible for ensuring that any personal data stored in the cloud is handled in compliance with this Policy and applicable laws. All data stored with our cloud providers is protected with robust security measures (including encryption in transit and at rest) and is accessible only to authorized personnel. These cloud providers may be located in various countries (see Section 6: International Data Transfers), but we ensure that appropriate safeguards are in place for any cross-border data storage.
FIRA AML platform may share personal data within our group of companies and with trusted partners who help us run our business. In particular, Datum Systems Private Limited is our key technology partner involved in the development, maintenance, and support of the FIRA AML platform platform. We want to be transparent about this relationship:
This partner plays a critical role in our technology and service delivery. They may have access to personal data strictly for the purposes of platform development, technical support, and ensuring our services function effectively. Datum Systems is contractually bound to maintain the confidentiality and security of any personal information it processes on our behalf and to use it only in line with our instructions and this Policy. They are not permitted to use your data for any other purpose. We treat Datum Systems as an extension of our own team for privacy and security compliance purposes, meaning the same strict safeguards that apply to FIRA AML platform also apply to any data handled by Datum Systems.
In addition to Datum Systems, FIRA AML platform may in the future establish relationships with other affiliates, subsidiaries, or technology partners as our business grows. We reserve the right to involve new affiliates or partners in our data processing activities without individual notice, provided any such parties are bound by the same strict privacy and confidentiality obligations described in this Policy. We will update this Privacy Policy to reflect any significant changes in our affiliate or partner relationships if required by law. Rest assured that any affiliate or partner that handles personal data on behalf of FIRA AML platform will be required to uphold protections equivalent to those described here.
Aside from our affiliates and key technology partner, FIRA AML platform will not share your personal information with third parties for their own independent use except in the limited situations described elsewhere in this Policy (such as with service providers in Section 4 or in a legal compliance context), or with your explicit consent. We do not sell personal information to third parties.
We use certain third-party services and cookies to understand how our website is used and to reach people who might be interested in FIRA AML platform's solutions. We want to clearly explain our use of these tools:
FIRA AML platform uses cookies and similar technologies on our website to collect information and enhance user experience. When you first visit our site, you will be presented with a notice about our use of cookies (and where required by law, we will request your consent for non-essential cookies). We categorize cookies into a few types:
These are necessary for the website to function properly. They include, for example, cookies that enable you to log in (if applicable), remember your preferences (e.g. language or region selection), or provide security and accessibility features. You cannot opt out of essential cookies, as the website cannot function without them.
These cookies collect information about how visitors use our site (such as which pages are visited most often, how users navigate between pages, or if users encounter error messages). We use this data to improve how our website works and to understand user interests. For instance, we use Google Analytics to gather aggregated site usage statistics. Google Analytics may set cookies to identify repeat visits and to collect information on site usage (e.g. pages viewed, duration on site). We have configured Google Analytics to respect privacy norms (for example, by anonymizing IP addresses in regions where that is required). The information generated by these cookies (including your truncated IP address) is transmitted to Google and stored on their servers. Google uses this information to help us analyze website usage. We only receive aggregated reports — no personally identifiable information is included in these analytics reports. You can opt out of Google Analytics tracking by installing Google's opt-out browser add-on or by rejecting analytics cookies in our cookie banner.
These cookies and pixel tags help us with our marketing efforts. They may be set by third-party advertising platforms we use, such as Facebook and LinkedIn, to measure ad performance and deliver relevant ads to users who have shown interest in our site. For example, we might use the Facebook Pixel and LinkedIn Insight Tag on our site. These tools allow Facebook and LinkedIn to collect or receive certain information from our website and use it to create targeted marketing audiences or provide us with analytics services. This helps us show you FIRA AML platform ads on those platforms after you have visited our site (commonly known as retargeting). The types of data these advertising cookies might collect include your device identifiers, pages visited, and actions taken on our site (e.g. clicking a demo request). We only deploy advertising cookies where permitted by law — for instance, if you are in a jurisdiction that requires consent for such cookies, we will not load them unless you have given consent via the cookie banner settings.
FIRA AML platform engages in B2B marketing to inform potential customers about our products. Below are the key tools and practices we use, and what they mean for your data:
We use Zoho SalesIQ on our website as a live chat service and an analytics tool to understand site visitor engagement. If you use the chat feature, SalesIQ will collect the information you provide in the chat (such as your name, email, and the content of your messages). It may also use cookies to track your navigation on our site (for example, it can tell our team which pages you visited and how you found us, which helps us assist you better in chat). Zoho SalesIQ may log your IP address and geolocation approximation to help us identify the region you're contacting from, enabling us to respond in a contextually appropriate way. All data collected through SalesIQ is stored by Zoho on our behalf; Zoho is under a strict data protection agreement with us and cannot use this data for their own purposes.
When you provide your contact details to FIRA AML platform (through a form, chat, or other means), we store that information in our CRM, which is powered by Zoho CRM. This allows our sales and support teams to manage our communications with you in an organized way. The information in our CRM typically includes your name, contact information, company details, and a log of our interactions (e.g. notes of calls or meetings). Zoho CRM acts as a data processor, only handling your information per our instructions. They are obligated to keep your data secure and confidential. We use the data in the CRM to follow up on your requests, send relevant updates about our services, and maintain our relationship. If at any point you do not wish to be contacted for marketing, you can let us know (see Opt-Out Options below), and we will mark your record accordingly to exclude you from promotional outreach.
As noted, we may use Facebook Ads and LinkedIn Ads to reach new customers or stay in touch with existing ones. If we run an ad campaign, we might use data from our CRM (like business email addresses) to create a "custom audience" – for example, to show an ad on LinkedIn to all our current customers about a new feature. This kind of processing is done in a secure, hashed manner (the platform matches our encrypted data with their user base) and is subject to the terms of those platforms. Additionally, by using the Facebook Pixel and LinkedIn Insight on our site, we get analytics such as conversion tracking (e.g. how many people who saw our ad eventually filled out our form). We do not receive personal details on individuals from these platforms unless you explicitly choose to share them (for example, by filling out a lead-gen form on Facebook for us). Any information collected by these third-party platforms via cookies or our data upload is governed by their privacy policies. You can manage your ad preferences directly on those platforms to limit targeted advertising.
Our team may use professional networking tools like LinkedIn Sales Navigator to identify and connect with professionals who might be interested in FIRA AML platform. This may involve viewing your public LinkedIn profile or sending you a message on that platform if you appear to be a relevant contact for our services. We only use business-related information (like your work contact details or LinkedIn information) for such outreach. If we contact you and you're not interested, we will respect that. Any information we collect from LinkedIn or similar platforms is handled per this Policy and used only for B2B relationship-building.
We respect your rights to control your personal data and marketing preferences:
You can manage your cookie preferences through our website's cookie consent tool (if available) or by adjusting your browser settings. Most web browsers allow you to refuse new cookies, delete existing cookies, or alert you when new cookies are set. Please note that blocking all cookies may impair the functionality of our website; for example, you might not be able to use certain features or your preferences may not be remembered. If you prefer not to have information collected through the use of cookies, refer to your browser's help documentation for procedures to disable cookies. For third-party advertising cookies like those from Google, Facebook, or LinkedIn, you can also use industry opt-out tools (such as the NAI Consumer Opt-Out or YourAdChoices) to opt out of behavioral advertising.
Some browsers offer a "Do Not Track" (DNT) setting that sends a signal to websites to request that your browsing is not tracked. Currently, there is no universally accepted standard for interpreting DNT signals, and as such, FIRA AML platform does not respond to Do Not Track signals. We will continue to monitor developments around DNT; if a standard emerges, we will update our practices accordingly. In the meantime, you can use the other opt-out methods described in this section to control targeted advertising and tracking.
If you subscribe to our newsletter or if we send you marketing emails (based on your consent or as otherwise permitted by law), you can opt out at any time by clicking the "unsubscribe" link in those emails or by contacting us directly (see Contact Us at the end of this Policy). Once you opt out, we will remove you from our marketing list. Please note that even if you opt out of marketing messages, we may still send you transactional or informational communications that are necessary for our ongoing business relationship. For example, if you are a customer, we might still send service updates, security alerts, or billing information. If you have an account with us, you may also manage your communication preferences in your account settings if that functionality is available.
FIRA AML platform's focus is B2B, and we generally do not engage in telemarketing to individual consumers. If we call you, it is likely in response to a request you made or as part of a business discussion. Should we ever engage in broader telephone outreach, we will comply with do-not-call laws in the relevant country. You can always inform us during a call or via email that you do not wish to receive further phone contact for marketing purposes, and we will honor that request.
By using our site and services, you consent to the use of cookies and tracking technologies as described above (to the extent such consent is required by law). We aim to be transparent and give you control, so if you have any questions or preferences regarding cookies or marketing, please contact us.
FIRA AML platform is committed to upholding the rights of individuals regarding their personal data. Depending on your location and the laws that apply to your personal information, you may have some or all of the following rights:
You have the right to request confirmation of whether we are processing your personal data and, if so, to request a copy of that data along with relevant information about how we use it. This is sometimes called a "Subject Access Request." Upon verification of your identity, we will provide you with a copy of the personal data we have about you, in a common format (unless an exception applies). For example, Australian individuals have a right to access their personal information under the Australian Privacy Principles, and EU individuals have a similar right under GDPR.
You have the right to request that we correct any inaccuracies or incomplete personal data we hold about you. We encourage you to contact us if your personal information changes or you find that any of the data we hold is incorrect. We will promptly update our records and notify any third parties as required by law. Under Australian law, and other jurisdictions, we will take reasonable steps to correct data upon request to ensure it is accurate, up-to-date, and complete.
You have the right to request that we delete your personal data in certain circumstances. This is often referred to as the "right to be forgotten." For example, EU residents can request erasure of data that is no longer necessary for the purpose it was collected, or if the processing was based on consent which has now been withdrawn. We will honor erasure requests to the extent required by applicable law. Please note that this right is not absolute – we may need to retain certain information for legal obligations (e.g. tax or compliance record-keeping), or we may anonymize data rather than delete it if deletion is not feasible. If we cannot comply fully with your deletion request, we will explain the reasons to you.
You have the right to object to our processing of your personal data in certain scenarios. For example, you can object to processing that is based on our legitimate interests (if you believe it impacts your rights) or to processing for direct marketing. If you object to direct marketing, we will stop using your data for that purpose immediately. If you object to other processing, we will evaluate your request and cease processing the data in question unless we have a compelling legitimate ground to continue or a legal obligation to do so.
If we are processing your personal data based on your consent (for instance, if you consented to receive our newsletter or to certain cookies), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of any processing conducted prior to your withdrawal. If you withdraw consent for a certain use of your data, we will stop that use. For example, if you withdraw consent for marketing emails, we will cease sending them. In jurisdictions like Australia, even if consent is not the basis (e.g. they allow direct marketing on an opt-out basis), we will still honor any request to stop processing personal data for those purposes.
For jurisdictions that provide this right (such as under the GDPR), you can request to receive certain personal data that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another entity (or have us transmit it, where technically feasible). This right generally applies when the processing is based on your consent or a contract with you and the processing is carried out by automated means.
You have the right to request that we limit the processing of your personal data in certain circumstances. For instance, if you contest the accuracy of your data, you can request we restrict processing while we verify the information. Or if you have objected to processing (see above), you may request restriction while we consider whether our grounds override yours. When processing is restricted, we will continue to store your data but will not use it until the restriction is lifted (except for certain exceptional circumstances, like ensuring the data's security or if needed for legal claims).
In Nepal, the Privacy Act 2018 provides individuals the right not to have their sensitive personal data processed without consent. FIRA AML platform does not seek to collect sensitive personal data (such as information about health, religious beliefs, etc.) from website visitors or customers except where necessary for our business (and usually in a B2B context, sensitive data is not involved). If we ever need to process sensitive data, we will do so in accordance with applicable laws (for example, obtaining explicit consent or adhering to strict security measures). You have the right to refuse or withdraw consent for any processing of sensitive data, unless processing is allowed without consent by law.
You have the right to be informed about the collection and use of your personal data. This Privacy Policy, along with any just-in-time notices we may provide when collecting data (for example, a notification on a form explaining why we ask for certain details), is intended to keep you informed. If you have any questions about how we use your data, you can always contact us for more information.
If you have a concern or complaint about how we have handled your personal data, we encourage you to contact us first so we can try to resolve it (see Contact Us below). We will acknowledge and investigate complaints and, in most cases, respond within 30 days or the timeframe required by law. If you are not satisfied with our response, or if you prefer to skip contacting us, you have the right to lodge a complaint with the relevant data protection authority or pursue other legal remedies:
To exercise your rights, please contact us using the information provided in the Contact Us section of this Policy. We may need to verify your identity before fulfilling certain requests (to protect your privacy and that of others). This verification might involve checking that an email request originates from the email address associated with you, or asking for additional information if necessary. We will respond to your request within the timeframe required by law (for example, GDPR requires response within one month, extendable in certain cases; the Australian Privacy Act requires a reasonable timeframe, etc.). If we need more time, we will let you know and explain why. Note that some rights may not apply universally; their availability depends on factors such as whether FIRA AML platform is considered a data controller in your case, and the legal jurisdiction of your request. We will however make best efforts to accommodate your request and provide an explanation if any part of it cannot be fulfilled.
FIRA AML platform operates on a global scale, which means personal data may be transferred to and stored in countries other than the one in which it was originally collected. For example, if you submit information to us from the European Union, that data may be transferred to servers or offices in Australia, Nepal, the United States, or other countries where FIRA AML platform or its service providers operate. Similarly, if you are in Australia, some of your data might be accessed by our technical teams in Nepal or stored on cloud servers in other regions. We want to ensure you that, regardless of where your data is processed, we protect it in accordance with this Privacy Policy and applicable law.
Whenever we transfer personal data across national borders, we will take appropriate steps to ensure it remains protected:
For transfers of personal data from the European Economic Area (EEA), United Kingdom, or other jurisdictions with data export restrictions, we rely on European Commission-approved Standard Contractual Clauses (or equivalent legal mechanisms) as part of our data transfer agreements. These clauses contractually bind the recipient of the data (e.g. our affiliate or service provider in a third country) to protect the data to the high standard required by EU law. If you are an EU/EEA individual and we transfer your data out of the EEA (for example, to Australia or Nepal), those transfers are governed by SCCs or another valid transfer mechanism (such as an adequacy decision, if applicable in the future). You can request a copy of the relevant SCCs by contacting us.
Data that we transfer to our key partner (Datum Systems in Nepal) or among any FIRA AML platform affiliates is protected by contractual agreements that include stringent data protection clauses. All parties handling the data must adhere to the principles of this Policy, regardless of location. Datum Systems, for instance, is contractually obligated to maintain EU-level data protection standards when handling personal data from anywhere in the world.
We may also use additional safeguards where appropriate, such as encryption (so that data is secure even in transit), access controls (so only authorized personnel can access the data), and regular training on privacy laws for staff in all locations. If required by certain jurisdictions, we will obtain your consent for international transfers (for example, some countries require consent to transfer data abroad).
By using our website or services and providing us with personal information, you acknowledge and consent that your information may be transferred to, stored in, and processed in countries other than your own. We understand that different countries may have different data protection laws, but we will handle your personal data with care and provide a high level of protection no matter where it is processed. If you do not want your data transferred to other jurisdictions, please refrain from using our services or submitting personal information to us; however, note that we need to transfer data as part of our normal operations (e.g., if you are in the EU and request a demo, our response team in another country will access your contact details to follow up).
If you have questions about our international data transfer practices, or need further information about specific transfer mechanisms (such as SCCs), please contact us using the details in the Contact Us section below.
FIRA AML platform takes the security of personal data very seriously. We have implemented a variety of technical and organizational measures to protect your personal information from unauthorized access, misuse, alteration, disclosure, or destruction. These measures include, but are not limited to:
We use strong encryption protocols to protect personal data. Data transmitted between your browser and our website or cloud services is secured via HTTPS/TLS encryption. For sensitive data at rest on our systems (including databases and storage of client data in our SaaS platform), we implement encryption and/or tokenization to add an extra layer of protection. This means that even if data were to be improperly accessed, it would be unreadable without the encryption keys.
We restrict access to personal data strictly to authorized personnel who need that information to operate, develop, or support our services. FIRA AML platform staff and contractors with access to personal data are subject to background checks (where permitted) and are required to sign confidentiality agreements. They receive training on data privacy and security best practices. We follow the principle of least privilege: each person's access is limited to only the data and systems necessary for their role. Administrative access to systems that contain personal data is logged and monitored.
Our systems are protected by network and application security controls. We employ firewalls, intrusion detection/prevention systems, and anti-malware protections to guard against external threats. We continuously monitor our systems for vulnerabilities or unusual activities. Our software development lifecycle incorporates security reviews and testing (including code reviews, vulnerability scanning, and periodic penetration testing by independent experts). We segment our networks to isolate sensitive systems and use secure configuration baselines for our servers and applications.
When we engage third-party service providers (such as cloud hosting, CRM, or analytics providers) to process personal data on our behalf, we vet their security practices and privacy commitments. We enter into Data Processing Agreements (DPAs) with such providers, requiring them to protect personal data to a high standard (for example, by implementing their own security measures, notifying us promptly of any incident, and not sub-processing the data without permission). We also review their compliance certifications (such as ISO 27001, SOC 2, or PCI-DSS if relevant) and stay informed about their security updates.
FIRA AML platform has an incident response plan to handle any suspected data security incidents. Our team is trained to identify and respond to security events (such as unauthorized access or malware infections). In the unlikely event of a data breach involving personal information, we will promptly contain and investigate the incident. We will also notify affected customers and individuals as soon as possible, consistent with any applicable notification laws (for example, the Australian Notifiable Data Breaches scheme, GDPR's 72-hour breach notification requirement to authorities, etc.). We will provide information on the nature of the breach, the data affected, and the steps we are taking to address it, as well as any steps we recommend you take to protect yourself.
We continually evaluate and upgrade our security measures to adapt to new threats and best practices. Security is not a one-time effort; we conduct regular audits and reviews of our procedures. This includes periodic testing of our disaster recovery and business continuity plans to ensure we can maintain operations and protect data even under adverse conditions. We also keep our software and systems updated with the latest security patches and updates.
Despite all these precautions, it is important to note that no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. You can also play a role in keeping your data secure by maintaining the confidentiality of any credentials and passwords related to your use of our services, and by notifying us immediately if you suspect any unauthorized access to your account or data. We will never ask you for your passwords, and we advise you to be wary of unsolicited communications asking for your personal data or login information.
We will retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by applicable laws and regulations. Because retention requirements can vary based on context and legal obligations, we outline here how we approach retention in different scenarios:
If you are a customer of FIRA AML platform (or an authorized user under a customer's account), we retain personal data related to your account for as long as the account is active or as needed to provide services. This includes information like your user profile, configuration data, logs of system use, etc. When a customer's contract with us ends, we will either delete or return any personal data stored on behalf of that customer within a reasonable period after contract termination (as specified in our agreement with the customer), except for any data we are required to retain by law or for legitimate business purposes. For example, we may retain billing records or communications for a certain number of years for tax and accounting purposes, or backup copies for a limited time as described below.
If you have interacted with us but do not become a customer (for example, you requested a demo or downloaded a whitepaper), we may retain your contact information and communications for a reasonable period to follow up with you and analyze our marketing efforts. We will periodically review our marketing contacts and remove or anonymize data that is outdated or no longer needed. If you ask us to stop processing your information (e.g. you unsubscribe from marketing emails or request deletion), we will do so. However, we will keep minimal information to record your preference and to avoid contacting you again inadvertently (for instance, we keep your email on a suppression list so that our systems know not to send further emails to that address).
If you correspond with us via email, chat, or phone, we may retain those communications and any attached information for a period of time that is reasonably necessary to address your inquiry, provide you with assistance, and improve our services. For example, chat transcripts might be stored for several months and then deleted, unless they contain information we need to retain (such as instructions related to your service configuration). If communications lead to a contract or legal agreement, we may retain them as part of our contractual records.
Our systems automatically collect logs and analytics data (as described in Section 2 and 4). Web server logs, security logs, and audit trails for our platform are typically retained for a short period (e.g., a few months) unless a longer retention is required for security analysis. We keep aggregated analytics data (which no longer identifies individuals) for a longer period to observe trends over time. When analytics data is stored in identifiable form (like a user ID or IP address tied to usage metrics), we either delete or anonymize it after a set period, in accordance with our data retention policies or legal requirements.
Certain laws may require us to retain specific data for a defined period. For instance:
We perform regular data backups to ensure service continuity and to prevent data loss. Backup media are retained for a limited period before being overwritten or deleted in accordance with our backup policy. Although backups are intended for system recovery purposes, they may incidentally contain personal data. If we delete data from our active systems, that data will eventually be purged from backups as the backups rotate. During the interim, your personal data may remain in encrypted backups. We apply security protections to backups and restrict access just as we do for live systems. We will not restore data from backups into active systems except as needed for disaster recovery or as required by law.
In summary, our approach is to keep personal data only for as long as it is needed and to delete or anonymize it thereafter. The exact time frames for retention may vary depending on the type of data and the context. If you have specific questions about how long certain data will be retained, you can contact us for more details. When we no longer have a legitimate need to retain your personal information, we will securely dispose of it in accordance with our data disposal policies (for example, by permanent deletion of electronic records, and by shredding any physical documents containing personal data).
We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we do, we will post the updated Policy on our website with a new "Last updated" date. We reserve the right to make changes without prior notice to you, except where notice or consent is required by law.
However, if the changes are material (for example, if we change the purposes for which we use your personal data, or if we were to engage in new data sharing that materially affects your privacy rights), we will take additional steps to inform you. This could include posting a prominent notice on our website or, if we have your email on file, sending you a notification. In certain cases, we may seek your consent to new processing as required by law.
Your continued use of the FIRA AML platform website or services after any changes to this Privacy Policy become effective will constitute your acceptance of the changes. If you do not agree with any updates to the Policy, you should stop using our website and services and you may contact us if you have concerns. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
While FIRA AML platform is committed to protecting personal data as described in this Policy, it is important to clarify the limits of our responsibility, especially in contexts where we do not have full control over data handling. By using our services, you acknowledge the following:
If you use a self-hosted or on-premise version of the FIRA AML platform software, or if you choose to deploy our solution in an environment controlled by you or a third party (such as your own servers or a third-party cloud), you are solely responsible for the security and privacy of personal data in that environment. FIRA AML platform will not have custody or control of the data you process on-premise, except to the extent we are engaged for support services. We provide the software and, in some cases, guidance or best practices, but you (the customer) must ensure that the hosting environment is secure and that you comply with applicable data protection laws when using our software. FIRA AML platform is not liable for any data breach, loss, or unauthorized access that occurs in environments we do not control. For example, if an on-premise installation is not kept up-to-date by the customer or is improperly configured, and a breach occurs, the customer bears that responsibility.
FIRA AML platform's platform may be configured to interface with third-party systems or data sources at the direction of our customers (for instance, pulling in data from a customer's database, or checking information against third-party databases). Any sharing of data between FIRA AML platform's platform and other systems that the customer initiates is under the customer's control. FIRA AML platform is not responsible for personal data once it is transmitted to a customer's systems or a third-party system that the customer has chosen to integrate with. We expect our customers to have appropriate agreements in place with any third-party providers they use in conjunction with FIRA AML platform.
FIRA AML platform cannot be responsible for the actions of third parties that are not acting under our direction. This includes our customers themselves and any third-party partners that our customers use. For example, if a FIRA AML platform customer (like a bank) exports data from our system and then that customer misuses the data or fails to protect it on their end, that is outside the scope of FIRA AML platform's responsibility. Similarly, if you as an individual share your login credentials or fail to safeguard your own devices, we cannot prevent every potential misuse of your data.
We strive to select and work with partners and service providers who maintain high standards, but we do not guarantee the performance, privacy, or security of services that are operated by others. For instance, while we carefully choose cloud providers and require strong contracts, the ultimate operation of those infrastructure services is outside of our direct control. In the unlikely event one of our providers suffers a breach or outage, we will respond and support our customers, but the liability for such incidents may be subject to the terms of our contracts and the contracts we have with those providers.
To the fullest extent permitted by applicable law, FIRA AML platform (and its officers, directors, employees, agents, and affiliates) shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, resulting from any breach of security, disclosure of personal data, or other event arising out of or in connection with the use of our website or services, especially where such event is outside FIRA AML platform's reasonable control. In jurisdictions that do not allow the exclusion or limitation of certain damages, our liability will be limited to the minimum extent permitted by law.
This section is not intended to contravene any statutory rights or legal remedies you may have. Rather, it clarifies that while we take our role seriously, there are boundaries to what we control. Our Terms of Service or contractual agreements with customers may further detail liability allocations. We encourage customers to carefully secure any environments they manage and for all users to practice good security hygiene to help protect their own data.
Our website may include links to third-party websites, embedded content, or social media features (such as sharing buttons), which are not controlled by FIRA AML platform. This section explains how those may affect your privacy:
If you follow a link from our site to an external website (for example, to a partner's site, a news article, or a reference resource), this Privacy Policy no longer applies once you leave our site. The personal data you provide to those external sites or that is collected by those sites is governed by their own privacy policies. FIRA AML platform is not responsible for the content, security, or privacy practices of any external websites. We recommend that you review the privacy policy of any website you visit before providing any personal information.
FIRA AML platform may maintain a presence on social media platforms like LinkedIn, Facebook, or Twitter (now X). If you visit our official pages on those platforms or communicate with us there, any information you submit in that context (for example, commenting on our post or sending us a direct message) is also subject to the privacy policy of the respective platform. We will use any information collected from social media interactions in line with this Policy, but the platform providers have their own ways of using your data that we cannot control. Be mindful of your privacy settings on social media networks and the information you choose to share publicly.
Our website might include features that enable you to share content or connect your account with third-party services (e.g., a "Share on LinkedIn" button, a Twitter feed, or an option to log in using a Google/LinkedIn account). These features may collect information such as your IP address and the page you are visiting on our site, and may set a cookie to function properly. They might also track your interaction with the widget (for example, whether you clicked to share something). Such social media features are either hosted by a third party or directly on our site. Your interactions with these features are governed by the privacy policy of the third-party providing them. For instance, if we have a LinkedIn "share" button on a page, LinkedIn's privacy policy will apply to any data it collects through that button.
A link to a third-party site or the inclusion of a third-party service on our site (like a chat widget or analytics script) does not mean that FIRA AML platform endorses or has reviewed the third party's privacy and security practices. We contract with reputable providers and strive to include only safe links, but we cannot guarantee how third parties handle your data. If you discover any issue with a link or third-party integration on our site, we welcome you to notify us so we can investigate and take appropriate action.
In summary, once you interact with a third-party website or service, that third party's terms and policies apply. We encourage you to exercise caution when leaving our site and to read the privacy statements of each and every website you visit that collects personal information.
FIRA AML platform's services and website are not directed to children under the age of 16, and we do not knowingly collect or solicit personal information from anyone under 16 years old. Our platform and content are intended for business use by professionals in organizations (B2B context) and not for individual consumer or child use.
We do not market our services to minors, and our website is not intended for use by minors. If you are under 16, please do not use our site, register for any services, or send us any personal information (including your name, address, telephone number, or email address). If we discover that we have collected personal information from a person under 16, we will promptly delete that information.
Although our service is not aimed at children, we strive to comply with all relevant laws such as the U.S. Children's Online Privacy Protection Act (COPPA) and similar regulations around the world that impose requirements on collecting data from minors. Given that we do not seek such data, compliance primarily means that if an under-16 individual's data is brought to our attention, we will remove it. Parents have the right to review or delete any personal information we may have inadvertently collected from their children; if you believe FIRA AML platform has any information from or about a child under 16, please contact us immediately.
In the unusual scenario that, as part of providing services to a business customer, FIRA AML platform were to process personal data about children (for instance, if a client used our platform to store information that includes minors' data), that processing would be done as a processor on behalf of the client and under their control. We would expect the client to have obtained any necessary parental consents and to comply with child data protection laws. Our direct relationship remains with the client, not the child. That said, as of the date of this Policy, we are not aware of any use of our services that involve data on children.
By using the FIRA AML platform website or services, you represent that you are at least 16 years of age (or the minimum legal age in your country to provide consent for data processing, if higher). We reserve the right to take appropriate actions (such as deleting accounts or data) if we suspect or are informed that a user is under the applicable age.
When using our Software-as-a-Service (SaaS) platform, customers may provide FIRA AML platform with personal information about their own end users or clients. In these cases, the customer acts as the Data Controller of that end-user data, and FIRA AML platform acts purely as a Data Processor on the customer's behalf. This means we host and process the data only under the customer's documented instructions and for the purposes they have specified. The data we process on behalf of customers may include sensitive or regulated personal information necessary for compliance and fraud prevention (for example, identity details for anti-money laundering checks). FIRA AML platform does not determine the content, scope, or use of this end-user data – we handle it strictly as instructed by our customer in order to provide our services.
FIRA AML platform will not access or use our customers' end-user data for any of our own purposes, such as marketing, advertising, profiling, or product analytics. We process and access this data exclusively as necessary to operate, maintain, and support the FIRA AML platform services requested by the customer. In other words, we only process end-user personal data to fulfill our contractual obligations to the customer (for example, to run transaction screening or compliance checks the customer has configured). We do not share, analyze, or otherwise use such data for FIRA AML platform's independent purposes, except if required by applicable law or lawful order. This ensures that all personal data hosted through our SaaS is used only for its intended regulatory compliance function and nothing else.
In the SaaS deployment model, our customer remains fully responsible for compliance with applicable data protection laws in relation to their end-users' personal data. This includes, for example, providing any required privacy notices to end users, obtaining any necessary consent or establishing another lawful basis for the data processing, and ensuring the personal data is accurate and up-to-date before it is shared with FIRA AML platform. The customer is responsible for determining what data to collect from their clients and for complying with all local privacy regulations (such as the Australian Privacy Principles under Australia's Privacy Act, the EU GDPR, or Nepal's Privacy Act) that apply to that data. FIRA AML platform relies on the customer to have fulfilled these obligations.
We act at the direction of the customer and do not assume the data controller's legal duties for consent, lawfulness, or accuracy of the data. Accordingly, the customer holds sole responsibility for the lawfulness of processing their end-user data, and must ensure that using FIRA AML platform's services for that data is permissible under the relevant laws (for example, that uploading an end-user's information to our platform has been consented to or is otherwise legally justified).
By clearly designating the customer as the controller and FIRA AML platform as the processor, FIRA AML platform's legal responsibility is focused on following the customer's instructions and safeguarding the data. The customer is liable for meeting data protection requirements for the end-user information they provide. FIRA AML platform will assist customers in fulfilling their obligations – for instance, by helping with data subject access or deletion requests upon the customer's direction – but we cannot directly ensure our customers' compliance with laws like GDPR or the Privacy Act, as that is outside our role. This division of responsibility is intended to protect FIRA AML platform legally (by clarifying our role) while ensuring customers understand and uphold their own compliance duties.
As a dedicated data processor, FIRA AML platform is committed to protecting the confidentiality and security of personal data that we host on behalf of our customers. We implement appropriate technical and organizational measures to secure all customer-provided personal information. These measures include industry-standard protections such as encryption in transit and at rest, strict access controls and authentication for our systems, regular security assessments, and auditing of data access. We also ensure that any sub-processors (third-party services we use to store or transmit data) are bound by the same data protection standards and obligations that we adhere to, and we continuously monitor their compliance. FIRA AML platform's practices are designed to meet or exceed the requirements of applicable privacy laws, including the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR), and Nepal's Privacy Act 2075, among others. In line with these regulations, we maintain robust safeguards to prevent unauthorized access, disclosure, or misuse of personal information. We want to be transparent that when we host your data as a service provider, we protect it with high security standards and use it only as permitted, reinforcing our commitment to privacy and data protection.
By integrating these clarifications into our Privacy Policy, FIRA AML platform aims to be transparent about our limited role regarding customer-provided data and to reaffirm our commitment to protecting that data. We believe this clarity strengthens our legal protections and helps customers understand their own responsibilities, all while assuring them (and their end users) that any personal data entrusted to FIRA AML platform's SaaS platform is handled with utmost care, in compliance with privacy laws and solely for its intended purpose.
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to contact us. We are here to help and will respond promptly.
Email: privacy@FIRA AML platform.ai
Postal Address: FIRA AML platform – Data Protection Officer, 26 / 43 Danaher Drive South Morang, VIC, 3752
(The above mailing address is provided for privacy inquiries; please use the appropriate address or contact method if directed to a specific region in other communications.)
If you are an EU or UK resident and would like to contact our representative or Data Protection Officer (if one is appointed) directly, please mention this in your inquiry, and we will provide you with the appropriate contact details or forward your request accordingly.
We value your privacy and trust. Thank you for reading our Privacy Policy. If you have any further questions or need clarifications, feel free to reach out at any time. FIRA AML platform is dedicated to safeguarding your personal information and handling it with the utmost care and respect.