Legal information

Privacy Policy

English

bitim

“BITIM” mobile app and platform privacy policy

How the platform collects, processes, stores, and protects users’ personal data.

Last updated: June 1, 2026

This Privacy Policy (the “Policy”) sets out the procedure for collecting, processing, systematizing, storing, and protecting the personal data of users of the “Bitim” mobile application and digital platform (the “Platform”).

The Platform Administration pays serious attention to the privacy and confidentiality of users’ personal data. This document is prepared in accordance with the Law of the Republic of Uzbekistan No. ORQ-547 of July 2, 2019 “On Personal Data” and other applicable regulatory requirements.

1. Categories of personal data collected

  • 1.1. Identification data obtained from the MyID system: the user’s full name; passport or ID card series and number; date of issue and issuing authority; personal identification number (PINFL); date and place of birth; registered address; and biometric data such as facial image or photograph processed through the MyID operator.
  • 1.2. Contact and account data: the user’s active mobile phone number, email address if provided, and special identifiers created for access to the system.
  • 1.3. Contractual and financial data: texts of loan or installment sale agreements being created, transaction amounts, terms, bank details, linked payment card numbers if provided by the user, and transaction history.
  • 1.4. Technical data: IP address, device type, operating system such as iOS or Android, unique device identifiers, app crash reports, and geolocation data where the user has granted permission.

2. Purposes of processing personal data

  • 2.1. To remotely identify the user and confirm legal capacity through the MyID system;
  • 2.2. To automatically generate electronic loan and installment sale agreements, give them legal force, and attach a lawful QR code;
  • 2.3. To notify users by SMS or push notifications about contract status, upcoming payment deadlines, debts, and system updates;
  • 2.4. To ensure platform security and prevent cyberattacks, fraud, theft, or attempts to conclude unlawful transactions in another person’s name;
  • 2.5. To allow the customer support service to properly process user applications, complaints, and technical requests.

3. Data retention and protection measures

  • 3.1. Retention period: personal data is securely stored on servers until the user stops using the Platform or for the contractual limitation periods established by law, at least three years.
  • 3.2. Technical protection: modern cryptographic encryption protocols such as SSL/TLS are used when transmitting data. All information is stored on secure cloud servers protected against external cyberattacks and with restricted access rights.
  • 3.3. Protection of biometric data: biometric facial images captured through MyID are processed directly on the servers of the state MyID operator. The “Bitim” platform does not store the user’s biometric matrix on its own servers and only receives digital confirmation that identification was completed successfully.

4. Cases where data may be disclosed to third parties

The Administration does not sell, lease, or otherwise transfer the user’s personal data to third parties for commercial purposes. Data may only be provided to third parties in the following strictly limited cases:

  • 4.1. To the MyID operator: for the technical completion of the identification and identity verification process;
  • 4.2. To the counterparty under an agreement: for inclusion in the text of the electronic agreement and to ensure the legal validity of the transaction, for example so a lender can see the borrower’s data in the contract;
  • 4.3. To state authorities on a legal basis: when official requests are submitted by courts, the prosecutor’s office, law enforcement authorities, or the Bureau of Mandatory Enforcement in the manner established by the laws of the Republic of Uzbekistan, including in the event of disputes or criminal proceedings.

5. User rights

In accordance with the Law of the Republic of Uzbekistan “On Personal Data,” the user has the following rights:

  • To know what information concerning them is stored by the Administration and to review that information;
  • To request correction and updating of outdated, inaccurate, or incomplete data;
  • To request deletion or withdrawal of their account and personal data stored in the system, provided that they do not have outstanding contractual obligations such as an unpaid loan or installment agreement.

6. Amendments to the policy

The Administration may amend this Privacy Policy at any time due to technological changes or legal requirements. The updated version of the Policy takes legal effect from the date it is published on the Platform. Users are advised to review this page from time to time.

7. Contact details and Administration information

If you have questions regarding the Privacy Policy or the processing of personal data, you may contact us using the following details:

  • Organization name: [Company name / LLC name]
  • Email: [Email address]
  • Official contact phone: [Phone number]
  • Registered legal address: [Company address]