Our Privacy Policy

We are a company that focuses exclusively on delivering software quality solutions, having spent more than a decade refining our processes and staying up to date with new industry trends.

1) Who We Are

Smart Testing, SRL (“Smart Testing”, “we”, “us”) is the data controller for personal data processed through our websites and the Krilin platform (when live). We operate primarily in Latin America & the Caribbean.

2) What We Do (No Custody / No On-Chain)

We provide software and integrations. We do not custody or transmit funds. Krilin is under development and currently does not perform on-chain activity. Identity verification for our customers or their users is performed via Sumsub.

3) Personal Data We Process

Depending on your interactions, we may process:

• Identity & Contact Data: name, email, phone, company, role, address.
• Verification/KYC Data (via Sumsub): ID document data, liveness checks, photos/videos, results of sanctions/PEP/adverse media screening, UBO data for entities.
• Business & Usage Data: organization details, service configuration, logs/telemetry (e.g., IP address, device/browser, timestamps, error logs).
• Support & Communications: tickets, emails, feedback.

We do not intentionally collect data from children; the Services are for users 18+.

4) How We Use Personal Data (Purposes & Legal Bases)

• Provide and secure the Services (performance of a contract / legitimate interests).
• Identity verification & AML screening via Sumsub where required (legal obligation / legitimate interests / contract).
• Communications & support (contract / legitimate interests).
• Security, fraud prevention, and compliance (legal obligation / legitimate interests).
• Product analytics & improvement with aggregated or de-identified data (legitimate interests).

Where consent is required by law (e.g., certain cookies/marketing), we will seek it.

5) Third Parties & International Transfers

We use trusted processors, including:

• Sumsub (KYC/KYB, sanctions/PEP/adverse media screening).
• Oracle Cloud (hosting and infrastructure).
• Utila (planned; wallet orchestration not live).

We put in place DPAs and appropriate safeguards for cross-border transfers (e.g., contractual clauses) where required by law. Data storage/processing regions may vary according to our processors’ locations.

6) Retention

We keep personal data no longer than necessary for the purposes described. For AML/KYC evidence and audit trails, we retain at least 5 years from the end of the relationship or longer if required by applicable law.

7) Security

We implement technical and organizational measures appropriate to risk: encryption in transit/at rest, access controls (least privilege, MFA), logging, backups, and incident response.

8) Your Rights

Subject to applicable law, you may request access, correction, deletion, restriction, portability, or object to processing. You may also withdraw consent where processing is based on consent. We will respond within the timelines required by law.

9) Cookies & Similar Technologies

We may use essential and (where legally permitted) optional cookies/SDKs for performance and analytics. Where required, we will provide a consent banner and preferences.

10) Sharing

We may share personal data with: (a) our processors listed above; (b) professional advisors (legal, audit); (c) authorities where legally required; (d) in connection with corporate transactions (with protections).

11) No Sale of Personal Data

We do not sell personal data.

12) Children

The Services are not directed to children under 18. If we learn we have collected data from minors, we will delete it.

13) Changes

We may update this Policy. Material changes will be communicated by reasonable means. Continued use after changes indicates acknowledgment.