Privacy Policy

Last updated: 2026-01-20 · Version: 1.0
Tinlake

Privacy Policy

This page contains the Privacy Policy for the mobile application.

Note: some sections may still be placeholders until the full text is provided.
Contents

1. General Provisions

This Privacy Policy (hereinafter referred to as the “Policy”) has been developed by the Public Foundation “Development of Artificial Intelligence and Digital Economy”, registration number: 316206-3301-OF, registered in the Kyrgyz Republic, for the purpose of defining the procedure for the collection, storage, processing, use, and protection of Users’ data obtained when using the mini-application based on the Telegram messenger — https://t.me/tinlake_bot (hereinafter referred to as the “Platform”).

The Platform operates in accordance with the Law of the Kyrgyz Republic “On Personal Information”, as well as other applicable regulations and international standards in the field of information protection.

The User understands and agrees that the Platform functions as a software interface within a third-party service (the Telegram messenger). When launching the mini-application, the Platform automatically gains access to the User’s basic public profile (including Telegram ID, username, and interface language) in accordance with Telegram’s technical protocols and privacy settings.

By registering on the Platform, including creating an account, undergoing identification and verification procedures, as well as by using any functional capabilities and services offered by the Platform (including viewing trading information, performing operations with virtual assets, using a cryptocurrency wallet, contacting customer support, and other actions), the User expresses:

  • Their informed, voluntary, and explicit consent to the collection, storage, systematization, clarification, use, anonymization, blocking, and destruction of their personal data, as well as to the transfer of such data to third parties in accordance with this Policy and applicable law;
  • Recognition of the legal force of this Policy as an integral part of the User Agreement, having equal binding effect;
  • Confirmation that prior to using the Platform, they have familiarized themselves with this Policy, fully understand its content, including the consequences of granting consent to the processing of personal data, as well as possible risks associated with breaches of confidentiality beyond the Platform’s control;
  • Agreement that the Platform has the right to amend this Policy unilaterally by publishing an updated version within the mini-application interface in the “Legal Information” (or “Settings”) section at https://t.me/tinlake_bot, and that continued use of the Platform after such publication constitutes acceptance of the updated Policy;
  • Awareness that refusal to provide mandatory personal data required for identification, verification, or service provision may result in the inability to use certain functions or the Platform as a whole.

The Platform is not responsible for the collection, storage, or processing of data carried out by the Telegram messenger itself under its own privacy policy. This Policy governs only the data that comes directly under the control of the Platform.

If the User does not agree with the terms of this Policy or does not wish to provide personal data to the extent necessary for proper performance of the User Agreement, they must refrain from registering and using the Platform.

2. Purposes of Personal Data Processing

The processing of Users’ personal data is carried out by the Platform exclusively for strictly defined, lawful, and pre-declared purposes aimed at ensuring the legality, transparency, and security of the Platform’s operation, namely:

2.1. Registration and Verification of the User Account

Personal data is used for:

  • identifying the User when creating an account;
  • verifying the accuracy of the information provided;
  • conducting verification (KYC) procedures, including initial checks and periodic data updates;
  • matching data against international sanctions lists, PEP (politically exposed persons) lists, and other registers established by the legislation of the Kyrgyz Republic and international standards.

2.2. Performance of the User Agreement

Data is processed within the framework of concluding, executing, maintaining, and terminating the User Agreement, including:

  • providing access to the personal account;
  • supporting transactions with virtual assets;
  • performing transfers, credits, exchanges, or withdrawals of assets;
  • maintaining an internal history of transactions and other User actions;
  • resolving technical and legal disputes.

2.3. Compliance with AML/KYC Legislation

As part of obligations related to anti-money laundering and counter-terrorist financing, the Platform processes personal data for:

  • identifying sources of funds;
  • monitoring suspicious transactions;
  • analyzing User behavior;
  • interacting with supervisory and authorized state authorities.

2.4. Provision of Services Specified in the User Agreement

For the full provision of all Platform services, including but not limited to:

  • trading operations with virtual assets;
  • wallet management;
  • access to exchange quotations;
  • ensuring technical compatibility with DApps, third-party wallets, protocols, and other services;
  • servicing Users through support and inquiry handling services.

2.5. Compliance with the Legislation of the Kyrgyz Republic

The Platform is required to process personal data in cases expressly provided for by law, including:

  • storage of accounting and financial documents;
  • fulfillment of reporting requirements to state authorities;
  • ensuring compliance with court decisions, requests, and orders of authorized bodies.

2.6. Protection of the Rights and Legitimate Interests of the Platform and/or Third Parties

Personal data may be used for:

  • investigating security incidents;
  • preventing fraudulent actions and other abuses;
  • ensuring compliance with the User Agreement, AML/KYC policy, and this Policy;
  • legal defense in the event of claims, lawsuits, or other legal demands by Users or third parties.

2.7. Sending Notifications, Technical, and Legal Messages

Using contact information, the Platform sends Users:

  • system notifications (about service changes, updates to agreements and policies, technical maintenance);
  • security alerts and notifications of suspicious activity;
  • legal notices related to their rights and obligations;
  • informational messages within the functions provided by the agreement (e.g., transaction confirmations).

2.8. Improving the Quality, Convenience, and Security of Platform Use

The Platform uses personal data to:

  • improve the user interface;
  • adapt services to individual User preferences;
  • conduct analytics of User behavior to optimize functionality;
  • prevent technical errors and system failures;
  • ensure compatibility with various devices, browsers, and operating systems.

3. Categories of Personal Data Subject to Processing

In the course of providing services and operating the Platform, the following categories of Users’ personal data may be processed, depending on specific actions, transactions, services used, and legal requirements:

3.1. Identification Data

Information allowing unambiguous identification of the User, including:

  • last name, first name, patronymic (if applicable);
  • date and place of birth;
  • gender;
  • citizenship (including multiple citizenship);
  • PIN, TIN, or similar identifiers in other jurisdictions (if required);
  • tax residency status (if required by KYC/AML).

3.2. Contact Data

Information necessary to communicate with the User and send legally significant notices:

  • email address;
  • mobile or landline phone number;
  • residential and/or registration address;
  • country and city of location;
  • preferred communication language.

3.3. Identity and Legal Status Documents

Data contained in official documents provided by the User for verification and AML/KYC compliance:

  • passport, ID card, residence permit;
  • driver’s license (if used as an identifier);
  • international passport or other identity documents;
  • documents confirming residence or registration;
  • certificates of registration of individual entrepreneurs, legal entities, powers of attorney (in case of representation);
  • other documents required by internal compliance procedures and legislation.

3.4. Photo, Video, and Biometric Data

For identification, security, and fraud prevention purposes, the following may be processed:

  • facial photographs provided for comparison with documents;
  • video recordings confirming the User’s presence during verification (including “video with a code word”);
  • biometric templates (e.g., facial images for recognition), if processed using relevant technologies (subject to separate User consent);
  • images or scans of documents uploaded by the User via the Platform interface.

3.5. Financial and Transaction Data

Information arising from the use of the Platform and operations with virtual assets:

  • information on deposits and withdrawals;
  • trading, order, and transaction history;
  • information on related payment infrastructure (cryptocurrency wallet addresses, transaction identifiers);
  • information on the source of funds (if required);
  • related financial information, including User risk profile, transaction volumes, and activity frequency.

3.6. Technical Information and Behavioral Data

Information automatically collected by the Platform to ensure functionality, security, and analytics:

  • IP addresses and geolocation;
  • date, time, and duration of sessions;
  • information about the device used, operating system, and browser type;
  • login history and actions on the Platform;
  • behavioral markers (navigation actions, time spent on pages, click sequences);
  • technical identifiers (including cookies, session IDs, user agents).

3.7. Other Data Voluntarily Provided by the User

The Platform may also process:

  • information contained in support requests;
  • data entered in feedback, claim, or review forms;
  • information from open sources (e.g., social networks or public databases) if the User provided links during verification;
  • information obtained from surveys, events, or promotional activities;
  • business information if the User acts on behalf of a company or principal.

5. Storage and Protection of Data

5.1. Personal data is processed on an indefinite basis using all methods permitted by law, including automated, semi-automated, and non-automated processing, with or without computing equipment, in personal data information systems or without them.

5.2. Personal data may be disclosed or transferred only in cases and in the manner expressly provided by the legislation of the Kyrgyz Republic, including upon reasoned requests of authorized state authorities and with appropriate legal grounds.

5.3. The Platform takes all reasonable and necessary organizational, technical, and software-hardware measures to protect personal data from unauthorized access, alteration, destruction, blocking, copying, distribution, and other unlawful actions, taking into account legal requirements, technological development, and risk assessment.

5.4. The Platform is not responsible for disclosure of personal data resulting from actions of the User, including intentional sharing with third parties or negligent handling of account access. Users are advised to observe digital hygiene and protect their authentication data.

6. Transfer to Third Parties

The Platform ensures a strictly limited and controlled access regime to Users’ personal data. Transfer to third parties is permitted only to the extent necessary to achieve processing purposes and with appropriate legal grounds.

6.1. Authorized State Authorities

The Platform may disclose personal data:

  • in response to official requests in accordance with the legislation of the Kyrgyz Republic;
  • pursuant to court decisions, investigative orders, or directives of authorized state bodies;
  • as part of mandatory reporting under laws on virtual assets, personal data, AML/CFT, etc.;
  • when interacting with supervisory, financial intelligence, or tax authorities.

6.2. Affiliated Entities and Partner Organizations

To ensure uninterrupted operation and service quality, personal data may be transferred to:

  • subsidiaries, parent companies, and other entities under common control of the Public Foundation “Development of Artificial Intelligence and Digital Economy”;
  • partners ensuring technological compatibility;
  • external service providers for software and operational support, subject to data minimization principles.

6.3. Ancillary Service Providers

Data processing and transfer may be required for interaction with third parties providing:

  • technical and hosting solutions (cloud storage, CDN, analytics platforms);
  • legal support (litigation, claims, sanctions consulting);
  • payment infrastructure and money transfer operators, when Users initiate relevant transactions;
  • auditors, consultants, and compliance providers.

All such third parties are required to maintain confidentiality and use data solely within delegated functions.

6.4. Cross-Border Transfer of Personal Data

In certain cases related to technical support, storage, backup, or ancillary services, personal data may be transferred to recipients outside the Kyrgyz Republic, including jurisdictions where:

  • partner servers or data centers are located;
  • contractors providing cloud, hosting, legal, or analytical services are registered;
  • affiliated entities operate.

Such transfers are carried out only if one or more of the following conditions are met:

  • the recipient country ensures an adequate level of data protection;
  • standard contractual clauses or equivalent safeguards are in place;
  • the User has given explicit consent where required by law;
  • the transfer is necessary for contract performance or at the User’s request;
  • the transfer is required by an authorized authority under applicable law or international agreement.

The Platform ensures that cross-border transfers provide a level of protection not lower than that required by Kyrgyz law.

7. User Rights

Users whose personal data is processed have all rights provided by the legislation of the Kyrgyz Republic, including:

7.1. Right to Information

The User may request information on:

  • whether their data is being processed;
  • categories of data processed;
  • purposes and legal grounds;
  • retention periods;
  • data sources;
  • third parties to whom data was transferred;
  • applied data protection measures;
  • consequences of refusal to provide mandatory data.

7.2. Right to Rectification

The User may request correction, updating, or completion of inaccurate or outdated data.

7.3. Right to Blocking or Deletion

The User may request blocking or deletion of data if it is inaccurate, unlawfully obtained, no longer necessary, or consent has been withdrawn (where no other legal grounds exist).

Note: deletion or blocking will make further use of the Platform impossible.

7.4. Right to Withdraw Consent

The User may withdraw consent at any time by notifying the Platform. Withdrawal does not affect the lawfulness of prior processing.

7.5. Right to Lodge Complaints

The User may file complaints with the authorized data protection authority or seek judicial remedies.

7.6. Procedure for Exercising Rights

Requests may be submitted via Platform support (account or email) and are considered within 10 business days, unless otherwise required by law.

8. Cookies and Similar Technologies

The Platform uses cookies and similar technologies to improve efficiency, user experience, and security.

8.1. Purposes

These technologies allow authentication, analytics, personalization, and security monitoring.

8.2. Types of Cookies

  • Essential
  • Functional
  • Analytical
  • Security
  • Marketing (if applicable)

8.3. Cookie Management

Users may manage cookies via browser settings. Disabling cookies may limit functionality.

8.4. Storage and Security

Cookie data is treated as personal data and protected accordingly.

9. Amendments to the Privacy Policy

9.1. Right to Amend

The Platform may amend this Policy unilaterally at any time.

9.2. Publication and Entry into Force

The updated Policy enters into force upon publication in the mini-application. The latest version is always available with the last update date.

9.3. Implied Consent

Continued use of the Platform after amendments constitutes acceptance. In case of disagreement, the User may discontinue use, delete the account, or withdraw consent within legal limits.

Contacts

Public Foundation “Development of Artificial Intelligence and Digital Economy”

Legal address: Non-residential premises, 102 Isanova Street, Pervomaisky District, Bishkek, Kyrgyz Republic

Email: info@biteconomy.kg

Phone: +996 503 767 788