Privacy Policy

MyroPay Technologies Ltd ("MyroPay", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

Please read this policy carefully. By using MyroPay, you agree to the collection and use of information in accordance with this policy.

1. Data Controller

The data controller responsible for your personal data is:

For EU/UK users, our EU representative is: MyroPay EU Ltd, Dublin, Ireland.

2. Information We Collect

Information you provide directly

• Account information: name, email address, phone number, date of birth, nationality
• Identity documents: passport, national ID, driver's licence (for KYC verification)
• Financial information: bank account details, transaction history, wallet balances
• Business information: company name, registration number, director details, business documents (for KYB)
• Communications: support tickets, emails, feedback you send us
• Profile information: Myrotag, avatar, preferences, security settings

Information collected automatically

• Device information: device type, operating system, browser type and version, device identifiers
• Usage data: pages visited, features used, time spent, click patterns
• Location data: IP address (used to detect country/currency; not precise geolocation)
• Transaction metadata: timestamps, amounts, counterparties, transaction references
• Log data: access logs, error logs, security event logs
• Cookies and tracking technologies (see Section 9)

Information from third parties

• Identity verification providers (e.g. document verification services)
• Payment processors and banking partners
• Fraud prevention and KYC/AML compliance services
• Credit reference agencies (where applicable)

3. How We Use Your Information

• Provide our services: process payments, maintain accounts, execute transfers
• Verify identity: KYC/KYB compliance, fraud prevention, AML screening
• Security and fraud prevention: detect, investigate, and prevent fraudulent activity
• Customer support: respond to enquiries, resolve disputes, provide technical support
• Legal compliance: comply with financial regulations, tax reporting, audit requirements
• Service improvement: analyse usage patterns, improve features, fix bugs
• Communications: transactional emails, security alerts, product updates (with consent where required)
• Personalisation: currency defaults, spending insights, relevant product recommendations
• Research and analytics: aggregate, anonymised data for market research

We never sell your personal data to third parties. We do not use your data for advertising purposes or share it with advertisers.

4. Legal Basis for Processing (GDPR)

For users in the EU and UK, we process your data under the following legal bases:

• Contract performance (Art. 6(1)(b)): processing necessary to provide our financial services and execute transactions you request
• Legal obligation (Art. 6(1)(c)): Anti-Money Laundering (AML) regulations, Know Your Customer (KYC) requirements, tax reporting, financial record-keeping
• Legitimate interests (Art. 6(1)(f)): fraud prevention, security monitoring, service improvement, business communications
• Consent (Art. 6(1)(a)): marketing communications, optional analytics cookies
• Vital interests (Art. 6(1)(d)): where processing is necessary to protect someone from serious harm

For special categories of data (e.g. biometric data for identity verification), we rely on explicit consent (Art. 9(2)(a)) and legal obligation (Art. 9(2)(b)).

5. How We Share Your Information

We share your information only where necessary:

• Banking and payment partners: to process transactions (e.g. Flutterwave, clearing banks)
• Identity verification services: to verify your identity for KYC/KYB compliance
• Fraud prevention providers: to screen for fraudulent activity and AML compliance
• Cloud infrastructure providers: for hosting and data storage (servers in Nigeria, UK, and EU)
• Customer support tools: your communications data used within support systems
• Regulatory authorities: financial regulators, law enforcement, courts — where legally required
• Professional advisers: lawyers, auditors, accountants under confidentiality obligations
• Business transfers: in connection with a merger, acquisition, or sale of assets (with advance notice to you)

All third-party processors are bound by data processing agreements that restrict their use of your data.

6. International Transfers

MyroPay operates globally. Your data may be transferred to countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.

For transfers from the EU/UK, we use appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreements (IDTAs)
• Adequacy decisions for countries recognised by the EU Commission

7. Data Retention

We retain your data for as long as your account is active and for periods required by law:

• Account data: duration of account + 7 years (financial regulation requirement)
• Transaction records: 7 years from transaction date (AML/regulatory requirement)
• KYC documents: 5 years after account closure
• Support communications: 3 years
• Marketing consent records: until consent is withdrawn + 3 years
• Analytics data: up to 26 months (aggregated/anonymised indefinitely)
• Security logs: 12 months

8. Your Rights

Depending on your location, you have the following rights:

To exercise any right, email privacy@myropay.com. We respond within 30 days. Identity verification may be required. Some rights may be limited by legal obligations (e.g. we cannot erase transaction records required by AML law).

EU/UK users may also lodge a complaint with your supervisory authority (e.g. the UK ICO at ico.org.uk, or your national DPA).

9. Cookies

We use cookies and similar technologies. See our full Cookie Policy for details. In summary:

• Essential cookies: required for the service to function (login sessions, security tokens)
• Analytics cookies: help us understand how users interact with our site (with your consent)
• Functional cookies: remember your preferences (language, currency, theme)
• Marketing cookies: we do not use marketing or advertising cookies

10. Children's Privacy

MyroPay is not directed at children under 18 (or 16 in the EU). We do not knowingly collect personal data from children. If we discover we have collected data from a child without parental consent, we will promptly delete it. If you believe a child has provided us with personal data, contact us at privacy@myropay.com.

11. Security

We implement industry-standard security measures including:

• 256-bit AES encryption for data at rest
• TLS 1.3 for all data in transit
• Bcrypt (cost factor 12) for password hashing
• Hardware security modules (HSMs) for key management
• PCI DSS Level 1 certification for payment data
• Regular penetration testing and security audits
• Employee access controls and security training

In the event of a data breach affecting your rights, we will notify you and relevant supervisory authorities within 72 hours as required by GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or a prominent notice on our platform at least 30 days before changes take effect. Continued use of our services after the effective date constitutes acceptance.

Previous versions of this policy are available on request.

13. Contact Us

For privacy-related queries, rights requests, or complaints:

• Email: privacy@myropay.com
• DPO: dpo@myropay.com
• Post: Data Protection Officer, MyroPay Technologies Ltd, 14 Broad Street, Marina, Lagos, Nigeria