Compliance and User Data Security Policy
TrustBee Compliance and Data Security Policy
Effective Date: 10 th July, 2025
Last Updated: 06th July, 2025
1. Introduction
At TrustBee, we are committed to operating in full compliance with all applicable laws, regulations, and guidelines issued by relevant authorities, including the Bangladesh Bank, Bangladesh Financial Intelligence Unit (BFIU), ICT Act, and Digital Security Act, while also safeguarding the security and integrity of user data.
This document outlines the Compliance and Data Security Policy of TrustBee and applies to all users (buyers, sellers, service providers), partners, employees, and third-party vendors using or engaging with the platform.
2. Compliance Policy
2.1 Purpose
- The Compliance Policy ensures that:
- TrustBee operates within the legal framework of Bangladesh.
- All users engage in lawful, ethical, and responsible conduct.
- No illegal, harmful, or suspicious activities are conducted using TrustBee’s services.
- TrustBee enforces consequences for any form of non-compliance.
2.2 Prohibited Activities
Users must NOT use the platform for any of the following prohibited goods/services or unlawful activities:
a. Illegal Products or Services (as per Bangladesh Law)
- Narcotics, controlled substances, or related paraphernalia.
- Weapons, ammunition, explosives.
- Adult content, pornography, or sexually explicit material.
- Human trafficking or organ trade.
- Gambling, betting, and lottery platforms without government approval.
- Counterfeit goods, pirated content, or intellectual property theft.
- Unlicensed financial or investment services.
- Fake documents, academic certificates, or forged identities.
b. Fraudulent or Deceptive Practices
- Misrepresentation of identity or services.
- Charging for services not rendered.
- Money laundering or layering transactions.
c. Harmful Services
- Services involving psychological manipulation, blackmail, or social engineering.
- Disinformation, hate speech, and extremist propaganda.
2.3 User Responsibilities
All buyers, sellers, and service providers using TrustBee must:
- Register with genuine KYC information including national ID, phone, email, address, and business license (if applicable).
- Comply with all terms of use and local legal obligations.
- Immediately report any suspicious or prohibited behavior.
- Not engage in or support fraudulent activities or falsified records.
2.4 Verification and Monitoring
TrustBee will:
- Perform automated and manual KYC checks.
- Validate business authenticity through trade licenses, NIDs, and regulatory databases.
- Monitor transactions using fraud detection systems.
- Collaborate with banks and mobile financial services for real-time validation.
However, if a user deliberately provides false or masked data during registration, and TrustBee fails to detect the fraud despite all reasonable efforts, the entire legal and financial liability will fall upon the user, not TrustBee.
2.5 Penalties and Legal Consequences
Violations of this policy will result in one or more of the following:
| Violation Type | Penalty |
|---|---|
| Use of platform for illegal goods/services | Immediate suspension and legal action under Penal Code, Digital Security Act, and Anti-Terrorism Act. |
| False KYC data (identity/business info) | Account termination + report to law enforcement and BFIU. |
| Fraudulent or money laundering activity | Asset freeze, reporting to BFIU, possible arrest under Money Laundering Prevention Act 2012. |
| Repeated minor policy breaches | Warning, account limitation, or permanent ban depending on severity. |
TrustBee retains the right to cooperate with regulators and law enforcement for any violations.
3. Data Security Policy
3.1 Objective
- This policy outlines how TrustBee protects customer information and ensures secure operation in compliance with:
- Bangladesh Bank’s ICT Security Guidelines
- Digital Security Act 2018
- Personal Data Protection Draft Act (proposed by the Ministry of ICT)
- Global best practices (ISO/IEC 27001)
3.2 Information We Collect
- TrustBee collects the following user data during registration and operation:
- Personal Identification: Name, NID, phone number, email, photo
- Business Data: Trade license, tax certificate, business address
- Transaction Records: Payment logs, escrow details, settlements
- Behavioral Data: Login logs, device IDs, IP address, location
3.3 Data Storage and Protection
- We use the following security measures to protect user data:
- End-to-end encryption during data transmission (SSL/TLS protocols)
- Token-based authentication and role-based access control
- Encrypted databases stored in secured data centers in Bangladesh
- Periodic vulnerability scanning and penetration testing
- Audit trails for every activity to ensure traceability
- Only authorized TrustBee personnel are allowed to access user data under strict confidentiality agreements.
3.4 Data Retention
- KYC and transaction data are retained for a minimum of 5 years in line with Bangladesh Bank and BFIU guidelines.
- Users may request deletion of their data if no legal obligation or pending transaction exists.
3.5 User Responsibilities
Users must:
- Provide truthful and up-to-date information.
- Keep login credentials confidential.
- Inform TrustBee immediately of suspicious account activity.
- Not use proxy, fake IDs, or unverified numbers/emails.
3.6 Violations and Accountability
a. Providing False Personal or Business Data
- If any user submits fraudulent or misleading information:
- TrustBee will suspend their account and initiate verification.
- If verified as false, legal proceedings will be taken under Sections 23–24 of the Digital Security Act.
- Financial responsibility, chargebacks, or loss incurred due to this false information will be fully borne by the user.
- TrustBee will not be held liable if the fraud was executed using falsified information beyond reasonable detection.
b. Data Breach Due to User Negligence
- If a user’s account is compromised due to their own weak password, shared credentials, or phishing:
- TrustBee holds no responsibility for loss unless the breach is from the platform’s backend.
- TrustBee may assist with investigations but will not reimburse in cases of personal negligence.
4. Reporting and Grievances
Users may:
- Report policy violations or data security issues via support@trustbee.com.bd or the in-app complaint form.
- Escalate unresolved issues to the Bangladesh Telecommunication Regulatory Commission (BTRC) or Bangladesh Bank.
5. Internal Employee Compliance
All employees and vendors working with TrustBee:
- Must sign a Non-Disclosure Agreement (NDA).
- Must follow data minimization principles (access only what is needed).
- Are regularly trained on cybersecurity, ethical conduct, and regulatory compliance.
6. Regulatory Compliance
TrustBee operates under the guidelines of:
- Bangladesh Bank’s guidelines
- Money Laundering Prevention Act 2012
- Guidelines for Digital Payment Systems
- ICT Security Guideline for Banks and Financial Institutions
- National Cybersecurity Strategy of Bangladesh
- We maintain regular regulatory audits, KYC compliance, and STR (Suspicious Transaction Report) submissions to BFIU as required.
7. Enforcement and Review
- This policy is binding on all platform users and staff.
- TrustBee will periodically update this policy to reflect changes in law or platform features.
- Violations will be documented and responded to with proportional disciplinary or legal measures.
8. Final Disclaimer
TrustBee’s platform is built on principles of transparency, security, and trust. However, users are responsible for their own actions. TrustBee will not bear liability for any breach, dispute, or legal infraction resulting from:
- User-provided false data,
- Intentional misuse of the platform,
- Third-party fraud not facilitated by internal system failures.
- All users are advised to read this policy carefully and operate in full compliance.
COMING SOON