Information Security & Data Protection Policy For the website www.getfirekirin.com
MC Data Solutions LLC
(Covers the Get Fire Kirin and Easy Street gaming platforms)
Effective Date: October 25, 2025
Jurisdiction: Texas, United States
Version: 1.0 Web Compliance Edition
Contact: compliance@getfirekirin.com
Summary This policy explains how MC Data Solutions LLC protects your personal information, financial data, and gameplay activity. We use encryption, identity verification, and ongoing monitoring to keep your data secure. All systems — including Fire Kirin, Easy Street, and Simple 8 Wallet powered by MassPay — comply with national and state privacy and cybersecurity laws.
1. Purpose To protect customers, employees, and company data from unauthorized access, loss, or misuse through a secure, continuously monitored framework aligned with federal and state privacy and security laws.
2. Scope Applies to:
All platforms operated by MC Data Solutions LLC (Get Fire Kirin and Easy Street). All user accounts, gameplay data, transactions, and communications. Vendor integrations including:SEON (fraud/AML) Veriff (ID verification) Simple 8 Wallet / MassPay (payouts) All employees, contractors, and affiliates with data access privileges. 3. Legal & Regulatory Compliance Our data protection program complies with:
Bank Secrecy Act (BSA) – 31 U.S.C. §5311–5332 Gramm-Leach-Bliley Act (GLBA) – Financial Privacy & Safeguards Texas Data Privacy and Security Act (TDPSA) OFAC Sanctions and U.S. Treasury Regulations (31 C.F.R. §500 et seq.) ISO/IEC 27001 & 37301 Standards NIST SP 800-53 Rev.5 Security Framework Quarterly reviews and annual third-party audits confirm compliance.
4. Information Security Objectives Protect all user and transaction data from unauthorized access or disclosure. Maintain confidentiality, integrity, and availability of critical systems. Prevent fraud, money laundering, and unauthorized account access. Support AML, KYC, and Responsible Gaming policies with secure data handling. 5. Data Classification Classification Description Example Public Data Non-sensitive materials available on the website FAQs, legal policies Confidential Data Personally Identifiable Information (PII) protected by law Name, DOB, ID, address Restricted Data Financial and AML/KYC-related data with limited access Payment data, SAR files Internal Use Only Operational data for business purposes Employee and vendor logs
Each classification is handled according to its security level and storage requirements.
6. Data Collection and Use MC Data Solutions LLC collects only data necessary to operate the platform securely:
Identity information (name, age, address, ID) for verification. Device and IP information for fraud prevention (via SEON). Payment and payout details (via MassPay). Behavioral and session data for Responsible Gaming purposes. We do not sell or rent user data. All third-party data sharing is strictly for compliance or service fulfillment under written agreements.
7. Data Encryption and Security Controls Encryption at Rest: All data is encrypted using AES-256. Encryption in Transit: All network traffic is secured via TLS 1.3. Access Control: Role-based (RBAC) and multi-factor authentication (MFA). System Logging: Immutable logs maintained for AML and compliance tracking. Monitoring: Continuous intrusion detection and automated anomaly alerts. Data Segmentation: Customer data segregated by environment and platform. 8. Identity Verification & Authentication Veriff verifies user identity and age (21+). SEON analyzes behavioral, device, and geolocation data to detect anomalies. Accounts failing verification or showing fraud indicators are automatically suspended pending review. 9. Payment & Payout Security All payment and payout activities are managed through Simple 8 Wallet (MassPay).
PCI-DSS Level 1 compliant processors handle all transactions. Payouts are fully traceable and logged for AML compliance. Refunds and chargebacks follow the Refund & Dispute Policy (Policy #7). Crypto transactions undergo blockchain tracing for high-risk wallet screening. 10. Vendor & Third-Party Management All vendors undergo:
Due Diligence: Risk, security, and sanctions screening. Annual Security Certification: SOC 2 Type II or ISO 27001 audit evidence. Contractual Safeguards: Data protection and breach notification clauses. Ongoing Monitoring: Continuous review of service performance and compliance. 11. Data Retention & Disposal Data Type Retention Disposal KYC / AML / Risk Data 5 years Secure deletion or anonymization Transaction Logs / SARs 7 years Encrypted archival Support & Account Records 3 years Secure deletion Training & Audit Logs 5 years Archived
All data disposal follows NIST SP 800-88 secure media sanitization standards.
12. Privacy & User Rights Users have the right to:
Request access to their personal data. Request correction or deletion (where legally permissible). Withdraw consent for non-essential cookies or analytics. Contact privacy@getfirekirin.com for privacy inquiries. Requests are reviewed and addressed within 30 calendar days.
13. Incident Response & Breach Notification Incident is detected by system monitoring (SEON / internal IDS). Compliance and Security teams assess scope and severity within 24 hours. Impacted users and regulators are notified within legal timeframes (72 hours for major incidents). Root-cause analysis and mitigation plan are documented within 7 business days. 14. Employee Security Responsibilities Must complete annual Information Security & Data Protection training (passing ≥90%). Are required to use MFA and secure credentials. Must report suspected phishing or system anomalies immediately. Are bound by confidentiality and acceptable use agreements. 15. System Monitoring & Continuous Improvement Daily SEON and MassPay activity logs reviewed by Compliance. Vulnerability scans performed weekly; penetration testing quarterly. Security metrics (alerts, incident rates, audit results) included in the Annual Compliance Report. The Information Security Policy is reviewed every quarter alongside the Legal Memorandum. 16. Cross-Policy Integration This policy complements and supports:
Policy #1: AML / KYC & OFAC Compliance Policy #2: Responsible Gaming Policy #3: Transaction Monitoring & Reporting Policy #4: Customer Risk Rating & Due Diligence Policy #6: Privacy Policy Policy #7: Terms of Service Contact MC Data Solutions LLCcompliance@getfirekirin.com