Privacy Policy

[Korea]

This Privacy Policy explains how ZENITH MERCHANT SOLUTIONS INC. (the “Company”) collects, uses, shares (including outsourcing), stores, and protects personal information in connection with the Trona service (the “Service”).

The Company takes reasonable measures to comply with the Philippines Data Privacy Act of 2012 (RA 10173), as well as other applicable data protection laws in regions where the Service may be offered.

Effective Date: 2026-01-01 Last Updated: 2026-01-01 Applicable Law: Philippines RA 10173, etc.

Service Structure Notice
Trona does not issue electronic money and does not provide a “stored-value wallet/deposit” service where user funds are held or operated by the Company. Amounts shown during processing are handled only to the extent necessary to complete a user-requested transaction. Payments are made via bank transfer.

1. Scope

This Policy applies to personal information processed when you use our web, mobile web, and app services. However, for services independently operated by third parties (such as third-party payment/e-wallet/remittance providers or merchant/partner platforms), the privacy policy of the relevant third party may apply.

2. Personal Information Collected and How We Collect It

2.1 Categories of Information

Registration / Account Management (Required): Email, mobile number, name, date of birth, CI
Identity Verification (If Needed): Verification results and authentication logs
Transaction Processing (Bank Transfer Based): Payer name, bank name, transferred amount, transfer time, transaction reference information (if included), order/request identifiers and processing status
Customer Support: Inquiry contents, support history, and any materials you submit
Automatically Collected: Device identifier, OS/app version, IP address, access logs, error/crash logs, security event logs

Information We Do Not Collect as a Principle
The Company does not access or store balances of third-party electronic wallet accounts. The Company does not use card payments and therefore does not collect card numbers or similar card information.

2.2 How We Collect

Information you provide directly when registering, verifying identity, requesting transactions, or contacting support
Logs and device/network information automatically generated during use of the Service
Processing through outsourced providers for identity verification / account verification and receiving the results

3. Purposes of Use

User registration, identity verification, account management, prevention of fraudulent use
Processing user-requested transactions (including bank transfer matching and status notices)
Customer support (responses, dispute/claim handling)
Security, fraud prevention, and service stabilization (log analysis, access control, monitoring)
Mandatory notices (security alerts, policy changes, transaction status)
Marketing / event communications (based on prior consent)

4. Sharing and Outsourcing (Service Providers)

The Company does not sell personal information.

4.1 Outsourcing (Service Providers)

The Company may outsource certain personal information processing to third parties to provide the Service. Service providers process personal information only within the scope necessary to perform outsourced tasks.

Service Provider	Outsourced Task	Storage / Retention
Korea Mobile Certification Co., Ltd.	SMS verification for confirming mobile ownership and identity verification	As a principle, processed temporarily for verification and not stored separately after completion (records necessary for system/server/communication error handling may be processed within the scope required; retention period, if any, is subject to applicable laws and the provider’s obligations).
RaonSecure Co., Ltd.	CI-based real-name/identity verification and mobile ownership verification	As a principle, verification results are delivered to the Company and not stored separately after completion (records necessary for error handling may be processed within the scope required; retention period, if any, is subject to applicable laws and the provider’s obligations).
Kiwoong Information & Communication (DATAHUB)	Bank account ownership verification and withdrawal account verification	As a principle, processed for verification and only results are delivered to the Company, not stored separately after completion (error-handling records may be processed within the scope required; retention period, if any, is subject to applicable laws and the provider’s obligations).
Amazon Web Services (AWS)	Cloud infrastructure (hosting, storage, backup, monitoring, etc.)	Provides storage infrastructure; the Company’s service data is stored for operation.

※ For the above verification providers (identity/account verification), personal information is processed temporarily within the scope required for verification, and, as a principle, is not stored or retained separately after completion. However, exceptions may apply if retention is required by law or legal obligations.

4.2 Disclosure Required by Law

The Company may provide personal information only to the extent necessary when required by law or upon a valid and lawful request from competent authorities such as investigative agencies or courts.

5. Storage Location (AWS) and International Transfer

The Company uses AWS cloud infrastructure to operate the Service. Depending on AWS region selection and system configuration, personal information may be processed or stored on servers located in specific countries/regions.

When an international transfer occurs, the Company applies reasonable safeguards such as contractual protections, access controls, and encryption to protect personal information.

5.1 Operating Region

Primary Operating Region: [ap-southeast-1]

5.2 Details of International Transfer

Recipient: Amazon Web Services, Inc.
Country/Region: Singapore (ap-southeast-1)
Purpose: Cloud hosting and data storage for Service operation
Items Transferred: Information collected under Section 2, to the extent necessary for Service operation
Retention Period: As described in Section 6 of this Policy

6. Retention Period

The Company retains and uses personal information only for the period necessary to achieve the purposes of processing. However, the Company may retain information for a certain period for dispute handling, security, fraud prevention, and legal compliance.

6.1 Retention Criteria

Account information, transaction logs, and security logs: Until you request deletion/withdraw consent. However, if there are records of fraudulent use, suspicious activities, or bad-faith use under the Company’s terms/policies, the Company may retain such records for up to five (5) years from collection for fraud prevention and dispute handling.
Fraudulent use: Transactions that violate laws, the Company’s terms, public order/morals, or infringe rights/interests of others.

Once retention ends, the Company securely destroys the information in accordance with applicable laws and internal standards.

7. Security Measures

Access control and least-privilege principles
Encryption in transit and encryption for sensitive data at rest where applicable
Security monitoring, log review, and incident response procedures
Internal policies and employee security training

Please note that no method of transmission or storage can guarantee absolute security. Users should also protect their account credentials.

8. Your Rights

Subject to applicable laws, you may request access to, correction of, deletion of, restriction of processing of, or withdrawal of consent regarding your personal information. Please contact us using the details in Section 10.

9. Cookies / Similar Technologies

On the web, cookies or similar technologies may be used for service provision, security, and analytics. You may refuse cookies through browser settings, but some features may not work properly. In the app, similar technologies (SDKs, device identifiers, etc.) may be used for analytics and security purposes.

10. Contact

Company: ZENITH MERCHANT SOLUTIONS INC.

Address: Unit 201, Kortech Bldg., Angeles City, Pampanga, Philippines

Data Protection Officer (DPO): Karen Lou L Suba

Email: support@tronasys.com

11. Account Deletion (Request Outside the App)

You may request account deletion (membership withdrawal) at any time. You can delete your account in the app, and you may also request deletion outside the app using the method below.

To request account deletion outside the app, please email us:

Email: support@tronasys.com
Subject: Account Deletion Request
Required Details: The email address and mobile number you registered with

The Company will proceed with the account deletion process after verifying the identity of the requester. If any information must be retained under applicable laws or Section 6, it may be stored separately for the required period, and other personal information will be deleted without undue delay.

If there is any remaining balance at the time of your deletion request, the Company will return the amount to your previously verified bank account before completing account deletion. If transfer to the verified account is not possible, we will contact you and proceed with a refund to a re-verified account after additional identity verification.

Once deletion is completed, we will notify you of the result via email.

12. Changes to This Policy

The Company may amend this Policy due to changes in laws or service policies. If there are material changes, we will notify users through the Service or the website.