Privacy Policy

1. Introduction and Scope

This Privacy Policy (the "Policy") governs the collection, processing, and storage of personal data by Beens (the "Platform", "we", "us", or "our"). By accessing the Platform or creating an account, you ("User") acknowledge the practices described herein. This Policy is designed to comply with applicable data protection laws and relevant international standards.

2. Operational Definition of User Roles

To ensure clarity in data processing, Beens defines the following roles:

• User: A registered user who purchases access to Plans (paid activities) with other users.

• Host: A registered user who manages a Plan for paying users.

3. Categories of Data Collected

We collect three primary categories of information.

3.1 Personal Identification Information (PII)

We collect your legal name, email address, phone number, and the city of residence provided in your profile. City data is used exclusively for localized Plan discovery and is not derived from real-time GPS tracking unless explicitly authorized by your device settings.

3.2 Sensitive Personal Data and Explicit Consent

To prevent fraud and ensure platform integrity, we require identity verification via our third-party partner, Sumsub. This process involves:

• Identity Documentation: Submission of government-issued identification documents.

• Biometric Data Processing: We collect a "selfie" for liveness checks. By submitting your selfie, you provide explicit consent for the processing of this biometric data, which is considered sensitive personal data under applicable law. This data is processed strictly for the purpose of identity verification and fraud prevention by Sumsub and is subject to their specialized security protocols.

3.3 Technical and Usage Data

We utilize Google Analytics, Meta, and Firebase to collect metadata including IP addresses, browser types, unique device identifiers, and in-app navigation patterns. This information is processed through Google Cloud and AWS infrastructure to optimize performance, monitor application stability via crash reporting, and measure marketing effectiveness.

3.4 Wallet and Payout Data

When Hosts earn through Plans, gifts, or tips, we collect and maintain a record of wallet balances, payout requests, instant cashout transactions, transaction IDs, and timestamps. This information is used to process payouts, support dispute resolution, comply with anti-money laundering obligations, and provide accurate earnings statements to Hosts.

3.5 In-App Engagement Data

We collect data relating to your participation in core platform mechanics, including:

• Bid entries placed on Plans and the outcomes of bid draws (winning or non-winning entries).

• Gifts and tips sent or received within the Platform, including amounts, timestamps, and associated Plans.

• In-app messages and Plan interactions necessary to operate the booking and communication features.

This data is processed to facilitate Plan participation, settle payments, prevent abuse, and improve service quality.

3.6 Legal Basis for Processing

We rely on the following legal grounds to process your personal data:

• Contractual Necessity: Processing data necessary for creating your account, providing the platform services, facilitating transactions, and executing the terms of our agreement with you.

• Legal Obligations: Processing data required to comply with applicable laws and regulations, such as identity verification for Anti-Money Laundering (AML) purposes, tax auditing, or responding to lawful government requests.

• Legitimate Interest: Processing data necessary for our legitimate interests, provided these interests do not override your fundamental rights and freedoms. This includes platform security, fraud prevention, service improvement, and managing internal operations.

• Consent: Processing data where you have provided your explicit, informed consent, particularly for non-essential purposes like marketing communications or the processing of Sensitive Personal Data (as detailed in Section 3.2).

3.7 Email Address for Marketing and Product Communications

When you register for Beens, we collect your email address for two distinct purposes:

(a) Transactional and Service Communications. We use your email to send messages necessary to operate your account, including booking confirmations, payment receipts, wallet payout notifications, identity verification updates, security alerts, and changes to these Policies. These communications are sent on the basis of contractual necessity and cannot be opted out of while your account remains active.

(b) Marketing and Product Updates. With your consent, we also use your email to send marketing communications, including promotional offers, new Plan recommendations, Host launch announcements, product feature updates, and platform news. You may opt out of marketing communications at any time using the one-click unsubscribe link included in every marketing email, or by adjusting your communication preferences within the app. Opting out of marketing emails will not affect your receipt of the transactional communications described in (a).

By creating an account, you acknowledge this notice. Where required by applicable law, we will request your explicit opt-in consent before sending marketing communications.

4. Financial Transactions

All payment processing within the application is handled by Xendit. Beens does not store full credit card numbers or CVV codes. Xendit provides us with transaction tokens and limited payment metadata (e.g., expiry date, last four digits) to facilitate billing and dispute resolution.

Beens maintains an in-app wallet that records Host earnings from Plans, gifts, and tips. The wallet supports real-time payout tracking and instant cashout requests. Wallet records (balances, payout history, transaction references) are stored in association with your account and used solely to operate payments, calculate platform fees, and meet financial reporting obligations.

5. Data Storage and Hosting

All data collected through the Platform is stored on secure, Singapore-based servers. Our core infrastructure and user databases are hosted and managed through Amazon Web Services (AWS) and MongoDB.

We utilize Cloudinary to store and serve user-generated media, including profile photos and the sensitive identity verification assets processed during your KYC check.

We implement administrative, technical, and physical safeguards designed to protect your personal information. This includes the use of secure, encrypted environments within Firebase and Google Cloud to monitor system integrity and prevent unauthorized access, loss, or alteration.

6. Prohibited Uses and Restrictions

Any use of the Platform that involves the following is strictly prohibited and constitutes a material breach of our Agreements:

• Automated Data Extraction: Using "bots," "spiders," or "scrapers" to harvest user data or Plan details.

• Identity Fraud: Providing false KYC documentation or impersonating another individual or entity.

• System Interference: Attempting to bypass security measures, probe system vulnerabilities, or introduce malicious code.

• Unauthorized Commercialization: Re-selling Platform data or user information for external commercial solicitation.

• Illegal Conduct: Using the Platform to facilitate money laundering, human trafficking, or any activity prohibited by local or international law.

7. Data Retention Policy

We retain personal data and transaction records for a period of seven (7) years from the date of account deactivation or the final transaction. This duration is mandated to ensure compliance with Anti-Money Laundering (AML) regulations, tax auditing requirements, and legal statute of limitations for contract disputes. After this period, data is either permanently deleted or rendered anonymous.

8. Third-Party Data Sharing

We do not sell your personal data to third parties. We disclose information only to the following service providers necessary for Platform operation:

• Infrastructure and Hosting: User data and databases are hosted on secure, Singapore-based servers using Amazon Web Services (AWS) and MongoDB. App performance and backend services are managed through Firebase and the Google Cloud Console.

• Payment Processing: All financial transactions are handled by Xendit. We do not store full credit card details.

• Communications: We use Twilio for SMS verification. Transactional and marketing email communications are processed through SendGrid and Brevo. We may also facilitate support or login via Google and Apple.

• Platform Distribution: Basic account identifiers are processed by the Google Play Store and Apple Developer platforms during app installation and updates.

9. User Rights and Disclosures

Users maintain the right to access their data, request corrections, withdraw consent for marketing communications, or request account deletion (subject to the 7-year retention rule in Section 7). You may unsubscribe from marketing emails at any time via the one-click unsubscribe link in any marketing message or through your in-app communication preferences.

To exercise any of these rights, contact our Data Protection Officer (DPO) at hello@beens.app.

10. Data Breach Notification

We are committed to maintaining the security and confidentiality of your personal data. In the event of a confirmed personal data breach that poses a risk to the rights and freedoms of data subjects, we will notify the Personal Data Protection Committee and the affected individuals without undue delay, as required by applicable law.

11. Amendments

We reserve the right to modify this Policy at any time. Significant changes will be communicated via in-app notification or email. Continued use of the Platform following such notice constitutes acceptance of the revised Policy.

For further questions, contact hello@beens.app