Security and Data Protection Policy for SFX
Last updated
Last updated
Sora Financial Technologies Inc. United States 1111B S Governors Ave STE 26538 Dover, DE 19904 Reg:20244413314
Turkiye Turkiye, Samsun, YENIMAHALLE MAH. 3142 SK. SHT. ASB. ÖMER HALISDEMIR APT. NO: 3 IÇ KAPI Tax ID: 4651507062
Security and Data Protection Policy
Last Updated: 10 February, 2025
Introduction
At SFX, ensuring the security of your financial transactions is paramount. This guide empowers you to use our services confidently, knowing that your funds and sensitive information are safeguarded. Our security approach aligns with Turkish laws, emphasizing user authentication, fraud prevention, regulatory compliance, and data protection.
Authentic Versions, Always
1.1. Official Sources: Obtain all copies and versions of our apps exclusively from official sources such as the SFX website (https://Sfxchange.co,https://Sfxchange.app) or authorized app stores like Google PlayStore and Apple iOS Store.
1.2. Password, PINs, and Smile ID Verification: User accounts are password-protected with strong encryption using a 256-bit hash key. Security also includes Biometric-security (FaceID and or Pin). User Identity Verification includes live facial recognition through our partnership with Smile ID.
1.3. User Verification: During onboarding, users must submit government-issued identity documents, verified against government and industry databases with user consent.
1.4. Data Protection: All metadata collected follows industry best practices for security, including transaction history, passwords, and personal data. SFX adheres to data retention regulations outlined in our Privacy Policy.
Fraud Prevention
2.1. Urgency: SFX does not pressure users into urgent transactions. Verify the authenticity of all requests.
2.2. Panic: We do not create fictitious scenarios to induce panic. Suspicious activities prompt direct contact from our Customer Support Team.
2.3. Links and Attachments: SFX sends authorized emails only. Certificates used for email signing are publicly verifiable. Exercise caution with unsolicited links and attachments.
2.4. Credential Requests: SFX never requests OTPs, PINs, or passwords via email. Report any such requests to our Customer Support Team.
2.5.🛡️ Biometric Authentication (Face ID / TrueDepth API) We offer biometric authentication (such as Face ID) as a convenient and secure method for users to access the app after they have logged in at least once.
When enabled, Apple’s TrueDepth API is used solely for the purpose of verifying the user's identity through Face ID. This biometric authentication replaces the need to manually enter a PIN when re-opening the app.
We do not:
Collect, store, or transmit any data captured by the TrueDepth camera.
Share biometric data with any third parties.
Use biometric data for marketing, analytics, or any other purposes.
All Face ID processing is handled securely by the device's operating system and remains entirely on the user's device. Our app does not have access to raw facial mapping data.
This use of Face ID complies with Apple’s guidelines and prioritizes user privacy and security at all times.
Regulatory Compliance
3.1. Registered Financial Service Provider: SFX is a Blockchain payment technology startup, offering blockchain products in partnership with licensed legal entities across Africa and Turkiye.
Data Collection, Usage, Processing, and Retention
5.1. Collected Data Points: SFX collects necessary data through APIs and webhooks, including personally identifiable information and behavioral data, to offer tailored services.
5.2. Consent Mechanisms: User consent is obtained during registration, app downloads, and voluntary surveys.
5.3. Data Usage: Collected data is used to provide services, enhance security, improve user experience, and for marketing, in compliance with regulations.
For questions or concerns, contact our support team at moneyapp@sfxchange.co.
4.2. User Data Compromise: If you suspect data compromise, contact us immediately at or reach our Head of Operations, Martins Chiwenyte Chidume.
