Legal

Privacy Policy

Effective Date: January 1, 2018 · Last Updated: June 2025

Prestige Diamond takes your privacy seriously. We collect only what is necessary to operate our platform, we never sell your personal data to third parties, and we protect everything you share with us using industry-standard security measures.

This Privacy Policy explains how Prestige Diamond ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our investment platform. By using our services, you agree to the practices described in this policy.

1. Information We Collect

We collect the following categories of personal information:

Account information: Full name, email address, and mobile number provided at registration.
Financial information: Investment amounts, withdrawal requests, payout method and account details you provide when processing withdrawals.
Proof of payment: Images you upload to verify investment transactions. These are stored securely via Cloudinary.
Communication data: Messages sent through our in-platform support chat and any correspondence with our team.
Usage data: Pages visited, actions taken within the platform, and login timestamps. This is used for security monitoring and service improvement only.
Referral data: Referral codes and earnings associated with your account.

2. How We Use Your Information

We use your personal information solely for the following purposes:

To create and manage your account;
To process investment applications, approvals, and withdrawals;
To send transactional notifications (investment status updates, withdrawal confirmations, platform announcements);
To verify your identity and prevent fraudulent activity;
To calculate and credit referral bonuses;
To provide customer support through our chat system;
To maintain audit logs for compliance and security purposes;
To improve the security and performance of our platform.

We do not use your data for advertising, profiling, or any purpose unrelated to the above.

3. Data Sharing

Prestige Diamond does not sell, rent, or trade your personal information to any third party. We share your data only in the following limited circumstances:

Service providers: We use Cloudinary (image storage) and Resend (transactional email delivery) to operate the platform. These providers process data on our behalf under strict confidentiality obligations and do not use your data for their own purposes.
Legal compliance: We may disclose your information if required to do so by law, court order, or lawful request from a government authority.
Platform security: In the event of a suspected security breach or fraud investigation, relevant data may be reviewed by authorized personnel.

4. Data Storage & Security

Your data is stored on MongoDB Atlas, a cloud database platform with enterprise-grade security. We implement the following protective measures:

All passwords are hashed using bcrypt before storage — we never store plain-text passwords;
All data is transmitted over HTTPS (TLS encryption);
API access is protected by JWT-based authentication with 24-hour token expiry and automatic token rotation;
Input validation and MongoDB sanitization are applied on all data entry points to prevent injection attacks;
Rate limiting is applied to all authentication and API endpoints to prevent brute-force attacks;
Account lockout is enforced after repeated failed login attempts.

5. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide our services. If you request account deletion, we will remove your personally identifiable information within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention and financial record-keeping.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you;
Correction: Request correction of inaccurate or incomplete data;
Deletion: Request deletion of your personal data, subject to legal retention requirements;
Portability: Request your data in a machine-readable format;
Objection: Object to certain processing activities.

To exercise any of these rights, contact us through our Contact page. We will respond to verified requests within 30 days.

7. Cookies

Prestige Diamond does not use tracking or advertising cookies. We may use essential session-related browser storage (such as localStorage) solely to maintain your authenticated session and platform preferences. No third-party analytics or advertising cookies are set on this platform.

8. Children's Privacy

Our platform is intended for users aged 18 and above. We do not knowingly collect personal information from anyone under 18. If you believe a minor has registered, please contact us immediately and we will remove the account.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via a platform announcement or email. Continued use of the platform after the updated policy is posted constitutes your acceptance of the changes.

10. Contact Us

For any privacy-related questions, data requests, or concerns, please contact us through our Contact page. We are committed to resolving any privacy concerns promptly and transparently.