Introduction and Scope

This Privacy Policy explains how SpotForce Connect ("we," "our," or "us") collects, uses, processes, and protects your personal information when you use our hashing and digital signature platform services. This policy applies to all users accessing our services through spotforceconnect.com and related platforms operating within Vietnam and internationally.

We are committed to protecting your privacy in accordance with Vietnam's Personal Data Protection laws, Decree 13/2023/ND-CP, and international best practices. By using our services, you acknowledge that you have read and understood this Privacy Policy.

Information We Collect

Personal Information

Technical Information

We automatically collect certain technical information when you interact with our platform, including IP addresses, browser type, device identifiers, operating system details, and access timestamps. This information helps us maintain security and improve our hashing algorithms.

Usage Data

We track how you use our digital signature services, including frequency of hashing operations, types of documents processed, and feature utilization patterns. This data helps us optimize our cryptographic services and identify potential security issues.

How We Use Your Information

Your information serves several critical purposes in our platform operations. We use personal data to authenticate users, process digital signature requests, and maintain the integrity of our cryptographic services. Account information helps us provide personalized experiences and technical support when needed.

Technical data enables us to detect fraudulent activities, prevent unauthorized access, and maintain optimal performance of our hashing algorithms. We analyze usage patterns to identify potential security vulnerabilities and improve our digital signature validation processes.

For business purposes, we may use aggregated and anonymized data to generate insights about platform usage trends, helping us develop new features and enhance existing cryptographic capabilities. Marketing communications are sent only with explicit consent and include options to unsubscribe.

Data Sharing and Disclosure

We maintain strict controls over data sharing and never sell personal information to third parties. Information may be shared with trusted service providers who assist in platform operations, including cloud hosting services, payment processors, and security monitoring tools. These partners are bound by confidentiality agreements and data protection requirements.

Legal compliance may require disclosure to Vietnamese authorities when mandated by court orders, regulatory investigations, or national security requirements. We notify users of such requests when legally permitted and challenge overly broad demands for information.

In cases of business restructuring, mergers, or acquisitions, user data may be transferred to successor entities with equivalent privacy protections. We provide advance notice of such transfers and offer options to delete accounts before completion.

Your Privacy Rights

To exercise these rights, contact our Data Protection Officer at privacy@spotforceconnect.com with your request and verification information. We respond to valid requests within 30 days and provide detailed explanations if requests cannot be fulfilled due to legal obligations.

Data Security Measures

Our security framework implements multiple layers of protection designed specifically for cryptographic service providers. All data transmissions use TLS 1.3 encryption, and stored information is protected with AES-256 encryption standards. Access controls ensure that only authorized personnel can view personal information on a need-to-know basis.

We conduct regular security audits, penetration testing, and vulnerability assessments to identify potential weaknesses. Our incident response team monitors systems continuously and maintains procedures for rapid containment of any security breaches. All security events are logged and analyzed for patterns indicating attempted unauthorized access.

Physical security measures protect our Vietnamese data centers, including biometric access controls, surveillance systems, and environmental monitoring. Backup systems ensure data availability while maintaining the same security standards as production environments.

Data Retention and Deletion

We retain personal information only as long as necessary for legitimate business purposes and legal compliance. Account information remains active while you use our services and for six months after account closure to accommodate potential reactivation requests.

Cryptographic audit logs, including hash verification records, are retained for seven years to comply with Vietnamese digital signature regulations and support legal proceedings. Payment transaction records follow banking law requirements and are kept for ten years from the transaction date.

Technical logs and security monitoring data are automatically purged after two years unless associated with ongoing investigations or legal proceedings. Upon account deletion, we remove personal identifiers while preserving anonymized operational data for system improvement purposes.

International Data Transfers

Our primary data processing occurs within Vietnam, but some services may involve transfers to international partners for technical support or advanced cryptographic processing. Such transfers comply with Vietnamese cross-border data transfer regulations and include appropriate safeguards.

When data leaves Vietnam, we ensure recipient countries provide adequate protection levels or implement contractual safeguards equivalent to Vietnamese privacy standards. Users can request details about specific international transfers and object to processing in particular jurisdictions.

Cookies and Tracking Technologies

Our platform uses essential cookies for authentication, session management, and security functions. These cannot be disabled without affecting core functionality. Optional cookies for analytics and user experience improvements require explicit consent and can be managed through your account preferences.

We do not use third-party advertising cookies or tracking pixels. Analytics cookies help us understand user behavior patterns and identify areas for platform improvement. You can review and modify cookie preferences at any time through your browser settings or account dashboard.

Children's Privacy

Our services are not intended for users under 18 years of age. We do not knowingly collect personal information from minors without parental consent. If we discover that a child has provided personal information, we immediately delete such data and terminate associated accounts.

Parents or guardians who believe their child has created an account should contact us immediately for account removal and data deletion. We cooperate fully with parents to ensure children's privacy protection and provide documentation of deletion actions taken.

Policy Updates and Changes

This Privacy Policy may be updated periodically to reflect changes in our services, legal requirements, or privacy practices. We notify users of significant changes through email announcements and prominent website notices at least 30 days before implementation.

Minor clarifications or administrative updates may be made without advance notice, but we always maintain the current version date at the top of this policy. Users who disagree with policy changes may close their accounts before the effective date to avoid being bound by new terms.