Privacy policy
Last updated: 1 April 2026
What we collect
Brokerage legal records (NTN, license, registration documents, director CNICs), user CNICs, contact details, transaction artifacts (listings, requests, connections, chats, receipts), and audit events generated by your activity on the platform.
Why we collect it
To verify identity, route deals, generate co-signed receipts, issue commission invoices, and maintain a tamper-evident audit trail visible to brokerage admins and (when relevant) ops.
Where it lives
Customer data is stored in PostgreSQL hosted in Asia. Files (CNIC photos, registration docs, listing media) live in object storage with private ACLs and signed-URL access.
Who can see it
Brokerage admins see all activity at their brokerage. Ops admins see KYB, CNICs, and (for open disputes) connection-level audit trails. Counterparties see limited data per the platform spec — never CNICs, never personal phone or email.
Retention
CNIC images are retained for 7 years post-account-close for compliance. Audit logs are retained indefinitely. Closed accounts may request a personal-data export within 30 days of close.
Your rights
You may request a copy of, correction of, or deletion of personal data not subject to legal retention. Email privacy@remmic.com.
Children
REMMIC is a B2B platform. We don't knowingly collect data from anyone under 18.
Changes
Material changes to this policy are notified 30 days in advance via in-app notification and email.