About Companies Values Get in Touch
Legal

Privacy Policy

We are committed to protecting your personal information and being transparent about how we collect and use it across the BOF Ecosystem.

Section 01

Who We Are

BOM ("BOF Operations & Management", "we", "us", or "our") is the unified financial intelligence ecosystem that connects the BOF family of companies — BOF Tech, BOF Investments, BOF Asset Management, BOF Bank, BOF Pay, and BOF Prime — under a single coordinated platform. We are registered and operate in accordance with applicable laws in the jurisdictions where we conduct business.

This Privacy Policy applies to all websites, applications, platforms, and services operated by BOM and its affiliated BOF entities (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read and understood this policy.

Data Controller: BOM — The BOF Ecosystem is the primary data controller responsible for the personal information processed through our platform. Each BOF entity may act as a data controller or data processor in respect of the services it individually provides.

Section 02

Information We Collect

We collect information to provide, improve, and personalise our Services. The types of information we collect include:

Information You Provide Directly

  • Identity data: Full name, date of birth, nationality, government-issued identification numbers.
  • Contact data: Email address, phone number, mailing address.
  • Financial data: Bank account details, payment card information, transaction history, investment preferences, and portfolio data.
  • Professional data: Employer, job title, income, source of funds (required for regulatory compliance).
  • Communications: Messages, enquiries, and feedback you send us through forms, email, or in-app messaging.

Information We Collect Automatically

  • Device & technical data: IP address, browser type and version, operating system, device identifiers.
  • Usage data: Pages visited, features used, time and duration of visits, clickstream data.
  • Location data: General geographic location inferred from your IP address.
  • Cookies & tracking technologies: See our Cookie Policy for full details.

Information from Third Parties

  • Identity verification and KYC/AML data from regulated third-party providers.
  • Credit reference and fraud prevention agencies.
  • Public registers and sanctions screening databases.
  • Partner BOF entities who share data within the ecosystem in accordance with inter-entity data sharing agreements.
Section 03

How We Use Your Information

We use the personal information we collect for the following purposes:

  • Service delivery: To open and manage your account, process transactions, and provide the financial products and services you have requested.
  • Regulatory compliance: To fulfil our legal obligations including KYC (Know Your Customer), AML (Anti-Money Laundering), tax reporting, and sanctions screening.
  • Security & fraud prevention: To detect, investigate, and prevent fraudulent activity, money laundering, and other financial crime.
  • AI-powered intelligence: To power BOM's financial intelligence features, including personalised insights, risk scoring, and portfolio analytics, in accordance with our data ethics framework.
  • Communications: To send you service-related notifications, updates, alerts, and — where you have consented — marketing communications.
  • Product improvement: To analyse usage patterns and improve the performance, features, and user experience of our Services.
  • Legal proceedings: To establish, exercise, or defend legal claims.
Section 04

Legal Basis for Processing

Where applicable privacy legislation requires us to identify a legal basis for processing personal data, we rely on the following:

  • Contract performance: Processing necessary to perform or enter into a contract with you.
  • Legal obligation: Processing required to comply with applicable law, including financial regulation.
  • Legitimate interests: Processing necessary for our legitimate business interests, such as fraud prevention, network security, and product development, where these interests are not overridden by your rights.
  • Consent: Where we have obtained your explicit consent, for example for marketing communications or certain AI-powered features. You may withdraw consent at any time.
  • Vital interests: In exceptional circumstances, to protect life.
Section 05

Sharing Your Information

We do not sell your personal information. We may share your information with:

  • BOF Ecosystem entities: Other companies within the BOF family where necessary to provide integrated services, subject to inter-entity data sharing agreements.
  • Service providers: Third-party vendors who process data on our behalf (cloud hosting, analytics, payment processing, identity verification), bound by contractual data protection obligations.
  • Regulatory authorities: Financial regulators, law enforcement, tax authorities, and other government bodies where required by law or court order.
  • Financial counterparties: Banks, clearing houses, exchanges, and settlement systems involved in processing your transactions.
  • Professional advisors: Lawyers, auditors, and insurers where necessary for legal or business purposes.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.
Section 06

Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy our legal, regulatory, accounting, and reporting obligations.

In determining the appropriate retention period, we consider the nature and sensitivity of the data, the purposes of processing, applicable legal requirements (including financial record-keeping obligations which may require retention for up to seven years or longer), and the potential risk of harm from unauthorised use or disclosure.

When your data is no longer required, we will securely delete or anonymise it in accordance with our data retention schedule.

Section 07

Your Rights

Depending on your jurisdiction, you may have the following rights in relation to your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data where there is no compelling reason for its continued processing.
  • Restriction: Request that we limit our processing of your data in certain circumstances.
  • Data portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing purposes.
  • Automated decision-making: Request human review of automated decisions that significantly affect you.
  • Withdraw consent: Withdraw consent at any time where processing is consent-based.

To exercise any of these rights, please contact us by contact form. We will respond within the timeframe required by applicable law. Please note that certain rights are subject to exemptions under financial services regulation.

Section 08

Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. Our security programme includes encryption in transit and at rest, multi-factor authentication, access controls, regular security assessments, and incident response procedures.

While we take reasonable steps to protect your information, no system can be completely secure. You are also responsible for maintaining the security of your account credentials and for reporting any suspected unauthorised access immediately.

Section 09

International Transfers

The BOF Ecosystem operates across multiple jurisdictions. Your personal information may be transferred to and processed in countries other than the country in which you reside. These countries may have different data protection laws than your own.

Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the relevant regulatory authority, adequacy decisions, or binding corporate rules, as applicable.

Section 10

Children's Privacy

Our Services are not directed at individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately and we will take steps to delete it.

Section 11

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website and, where appropriate, by sending you a direct notification.

The "Last updated" date at the top of this page indicates when the most recent changes were made. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised policy.

Section 12

Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our Data Protection team:

Subject line: Privacy Policy Enquiry
Postal address: BOM Data Protection Office, The BOF Ecosystem, [Registered Address]

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been infringed.