# Privacy Policy

**Product:** Swaply
**Company:** Trouve Tech Limited
**Last Updated:** [15 February 2026]
**Effective Date:** [15 February 2026]

---

## Table of Contents

1. [Introduction](#1-introduction)
2. [Who We Are](#2-who-we-are)
3. [Scope of This Policy](#3-scope-of-this-policy)
4. [Information We Collect](#4-information-we-collect)
5. [How We Use Your Information](#5-how-we-use-your-information)
6. [Legal Bases for Processing](#6-legal-bases-for-processing)
7. [How We Share Your Information](#7-how-we-share-your-information)
8. [Data Retention](#8-data-retention)
9. [Data Security](#9-data-security)
10. [International Data Transfers](#10-international-data-transfers)
11. [Your Rights and Choices](#11-your-rights-and-choices)
12. [Children's Privacy](#12-childrens-privacy)
13. [Biometric Data](#13-biometric-data)
14. [Cookies and Tracking Technologies](#14-cookies-and-tracking-technologies)
15. [Third-Party Services and Links](#15-third-party-services-and-links)
16. [Data Breach Notification](#16-data-breach-notification)
17. [Geographic Scope and Regulatory Compliance](#17-geographic-scope-and-regulatory-compliance)
18. [Changes to This Policy](#18-changes-to-this-policy)
19. [Contact Us](#19-contact-us)

---

## 1. Introduction

Welcome to Swaply. We take your privacy seriously.

This Privacy Policy describes how **Trouve Tech Limited** ("**Trouve Tech**," "**we**," "**us**," or "**our**") collects, uses, stores, discloses, and protects your personal information when you access or use the Swaply mobile application, website, and any related services (collectively, the "**Service**").

Please read this policy carefully. By creating an account or using our Service, you acknowledge that you have read, understood, and agree to the practices described herein. **If you do not agree with this Privacy Policy, you must not use the Service.**

This policy should be read alongside our [Terms of Service], which govern your use of Swaply.

---

## 2. Who We Are

| | |
|---|---|
| **Legal Entity** | Trouve Tech Limited |
| **Product** | Swaply |
| **Primary Contact Email** | contact@swaply.africa |
| **Data Protection Inquiries** | akujuobi.praise@swaply.africa |

Trouve Tech Limited is the **data controller** responsible for personal information collected through the Swaply platform.

---

## 3. Scope of This Policy

This policy applies to:

- All users who download, register for, or use the Swaply mobile application.
- All visitors to any Swaply-operated website or interface.
- All individuals whose information we process in connection with providing the Service (for example, recipients of transfers).

This policy does **not** apply to third-party services that may be accessible through our platform (such as your bank or mobile money provider). Their privacy practices are governed by their own policies.

---

## 4. Information We Collect

We collect information in three primary ways: information you provide to us directly, information collected automatically when you use the Service, and information obtained from third parties.

### 4.1 Information You Provide Directly

#### Account Registration

When you create a Swaply account, we collect:

- Full legal name
- Email address
- Phone number
- Date of birth
- Residential address
- Profile photo (optional)
- Password (stored in encrypted form)

#### Identity Verification (KYC)

To comply with applicable financial regulations and anti-money laundering (AML) requirements, we are required to verify your identity before you can conduct transactions. Depending on your country of residence, this may include:

**Nigerian Users:**
- Bank Verification Number (BVN)
- National Identification Number (NIN) *(where applicable)*
- Additional documents as required by regulators

**Benin Republic Users:**
- Certificat d'Identification Personnelle (CIP)
- Additional documents as required by regulators

> **Important:** KYC documents are collected and processed to fulfil our legal and regulatory obligations. We retain this information for as long as required by law, removed from our system after account closure.

#### Financial Information

To facilitate transfers and payments, we collect:

- Bank account details (account number, bank name)
- Mobile money wallet information (provider, phone number)
- Payment method details
- Source of funds declarations (where required by regulation)

#### Customer Support and Communications

When you contact our support team or communicate with us, we collect:

- The content of your messages, emails, or in-app support tickets
- Any attachments or documents you choose to share
- Records of our correspondence with you

### 4.2 Information Collected Automatically

When you access or use Swaply, certain information is collected automatically:

#### Device and Technical Information

- Device model, brand, and operating system version
- Unique device identifiers (e.g., device ID, advertising ID)
- App version and build number
- Mobile network operator and connection type (Wi-Fi, 4G, etc.)
- IP address
- Time zone and language settings
- Crash reports and diagnostic logs

#### Usage Data

- Features accessed and actions taken within the app
- Transaction initiation, completion, and failure events
- Session start and end times
- Navigation paths and search queries within the app
- Button taps and interaction logs

### 4.3 Information From Third Parties

We may receive information about you from:

- **Identity Verification Providers:** Third-party KYC and AML services that help us verify your identity against government databases.
- **Payment Partners:** Banks, card networks, and mobile money operators that confirm account ownership or flag suspicious activity.
- **Fraud Prevention Services:** Providers that share signals or risk scores to help us detect and prevent fraudulent transactions.
- **Regulatory Authorities:** Where required or permitted by law.

### 4.4 Contacts Access

With your explicit permission, Swaply may access your device contacts to make it easier to find and send money to people you know. Please note:

- Contacts are **not** automatically uploaded to our servers.
- Any contacts you save within the Swaply app are stored only to facilitate your future transactions.
- You can revoke contacts permission at any time through your device settings.
- You can delete saved Swaply contacts from within the app.

---

## 5. How We Use Your Information

We use the personal information we collect for the following purposes:

### 5.1 Providing and Operating the Service

- Creating, managing, and securing your Swaply account
- Processing money transfers, payments, and other financial transactions
- Verifying your identity and eligibility to use the Service
- Facilitating transfers to and from your linked bank accounts and mobile money wallets
- Sending transaction confirmations, receipts, and status notifications
- Maintaining transaction records on your behalf

### 5.2 Safety, Security, and Fraud Prevention

- Detecting, investigating, and preventing fraudulent, unauthorised, or illegal activity
- Monitoring transactions for suspicious patterns and compliance with AML/CFT regulations
- Verifying the identity of users attempting to access accounts
- Protecting the security and integrity of our platform and systems
- Responding to security incidents and investigating potential policy violations

### 5.3 Legal and Regulatory Compliance

- Complying with applicable laws and regulations, including financial regulations, tax reporting obligations, and anti-money laundering (AML) and counter-terrorism financing (CTF) requirements in Nigeria and Benin Republic
- Responding to lawful requests, court orders, or legal processes from regulatory or law enforcement authorities
- Fulfilling our reporting obligations to financial regulators (e.g., CBN in Nigeria, BCEAO in the WAEMU zone)
- Retaining records as required by applicable law

### 5.4 Customer Support

- Responding to your questions, complaints, and support requests
- Investigating and resolving disputes related to transactions
- Communicating relevant service updates or changes that affect your account

### 5.5 Service Improvement and Analytics

- Analysing usage patterns and platform performance to identify and resolve bugs
- Improving the design, functionality, and user experience of the app
- Conducting internal research to develop new features and services
- Monitoring system health and preventing outages

### 5.6 Marketing and Communications

- Sending you promotional content, product updates, and offers — but **only where you have given us your express consent** to do so
- Personalising in-app content and recommendations based on your usage history
- Conducting surveys or requesting feedback to improve the Service

> You may opt out of marketing communications at any time by using the unsubscribe link in any email we send, or by adjusting your notification preferences in the Swaply app.

---

## 6. Legal Bases for Processing

Where the General Data Protection Regulation (GDPR), the Nigeria Data Protection Act 2023 (NDPA), or other applicable data protection laws apply, we process your personal information on the following legal bases:

| Purpose | Legal Basis |
|---|---|
| Account creation and management | **Contract performance** — processing is necessary to perform our agreement with you |
| Processing transactions | **Contract performance** |
| Identity verification (KYC) | **Legal obligation** — required under financial regulation and AML/CFT laws |
| AML/CFT monitoring and reporting | **Legal obligation** |
| Fraud detection and prevention | **Legitimate interests** — to protect users and the integrity of the platform |
| Security monitoring | **Legitimate interests** |
| Service analytics and improvement | **Legitimate interests** |
| Marketing communications | **Consent** — you may withdraw consent at any time |
| Complying with legal orders | **Legal obligation** |

Where we rely on **legitimate interests**, we have assessed that our interests are not overridden by your rights and freedoms. You have the right to object to processing carried out on this basis (see Section 11).

---

## 7. How We Share Your Information

**We do not sell your personal information to third parties. We do not share your information for third-party advertising purposes.**

We may share your information only in the following limited circumstances:

### 7.1 Service Providers and Partners

We share information with trusted third parties who perform services on our behalf and are contractually bound to handle your data securely and only for the purposes we specify:

- **Payment processors** (e.g., Paystack and similar providers) — to facilitate card payments and transfers
- **Mobile money operators** (e.g., MTN MoMo, MOOV Money, Celtiis, and their integration partners) — to facilitate mobile money transactions
- **Cloud infrastructure and hosting providers** — to store and process data securely
- **Identity verification and KYC providers** — to verify your identity against regulatory databases
- **Customer support platforms** — to manage and respond to support requests
- **Fraud detection and risk management providers** — to protect against unauthorised activity
- **Analytics providers** — to understand and improve service usage

### 7.2 Regulatory and Legal Disclosure

We may disclose your information when we are required or permitted to do so by law:

- In response to a court order, subpoena, or other valid legal process
- To comply with reporting obligations to financial regulators, tax authorities, or law enforcement
- To investigate or report actual or suspected fraud, money laundering, or other criminal activity
- To protect the rights, property, or safety of Trouve Tech, our users, or the public

Where legally permissible, we will notify you before disclosing your information in response to a legal request.

### 7.3 Business Transfers

If Trouve Tech Limited is involved in a merger, acquisition, asset sale, financing, or insolvency proceeding, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent in-app notice before your information is transferred to a new entity and becomes subject to a different privacy policy.

### 7.4 With Your Consent

We may share your information with other parties when you have given us explicit consent to do so — for example, if you choose to link a third-party financial application.

---

## 8. Data Retention

We retain your personal information for as long as is necessary to fulfil the purposes described in this policy, or as required by applicable law. The key retention periods are as follows:

| Category | Retention Period | Reason |
|---|---|---|
| Transaction records | Minimum 5–7 years after the transaction | Regulatory requirements (AML/CFT and tax obligations) |
| KYC / Identity documents | Minimum 5 years after account closure | Regulatory requirements |
| Account information | Duration of account, plus minimum 5 years after closure | Legal and regulatory obligations |
| Customer support records | 2 years from resolution of the relevant query | Dispute resolution |
| Device and usage logs | 12 months from collection | Security and fraud investigation |
| Marketing consent records | Until consent is withdrawn, plus 12 months | Legal accountability |

When your information is no longer required, we will securely delete or anonymise it. Where anonymisation is not possible (for example, because data is stored in backup archives), we will securely isolate and protect it from further use.

---

## 9. Data Security

We implement technical, organisational, and procedural safeguards designed to protect your personal information against unauthorised access, disclosure, alteration, and destruction. These measures include:

- **Encryption in transit:** All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
- **Encryption at rest:** Sensitive data stored in our databases is encrypted using industry-standard encryption algorithms.
- **Access controls:** Access to personal data is restricted on a strict need-to-know basis. Employees are granted the minimum level of access necessary to perform their role.
- **Multi-factor authentication:** Internal systems that access personal data require multi-factor authentication.
- **Security monitoring:** We continuously monitor our systems for anomalous activity, potential intrusions, and vulnerabilities.
- **Penetration testing:** We periodically engage independent security professionals to test our systems and infrastructure.
- **Employee training:** All staff who handle personal data are trained on data protection obligations and security best practices.
- **Vendor due diligence:** We assess the security practices of third-party service providers before engaging them.

> No method of electronic transmission or storage is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security. In the event of a security breach, we will act promptly in accordance with Section 16.

---

## 10. International Data Transfers

Swaply operates primarily in Nigeria and Benin Republic. However, some of our infrastructure providers and service partners are located in other countries, including countries within the European Union, the United Kingdom, and the United States. As a result, your personal information may be transferred to and processed in countries outside your country of residence.

Where we transfer personal data internationally, we ensure that appropriate safeguards are in place, which may include:

- Standard Contractual Clauses (SCCs) approved by applicable data protection authorities
- Transfers to countries recognised as providing an adequate level of data protection
- Other legally recognised transfer mechanisms as required by applicable law

By using Swaply, you acknowledge that your information may be transferred internationally as described in this section.

---

## 11. Your Rights and Choices

Subject to applicable law, you have the following rights regarding your personal information:

| Right | Description |
|---|---|
| **Right of Access** | You may request a copy of the personal information we hold about you. |
| **Right to Rectification** | You may request that we correct inaccurate or incomplete information. |
| **Right to Erasure** | You may request deletion of your personal information, subject to our legal retention obligations. |
| **Right to Restriction** | You may ask us to restrict processing of your data in certain circumstances. |
| **Right to Data Portability** | You may request that we provide your data in a structured, machine-readable format. |
| **Right to Object** | You may object to processing based on legitimate interests, including profiling. |
| **Right to Withdraw Consent** | Where processing is based on consent, you may withdraw it at any time without affecting prior processing. |
| **Right to Opt Out of Marketing** | You may opt out of marketing communications at any time. |

### How to Exercise Your Rights

To exercise any of the above rights, please contact us at **info@swaply.africa** with the subject line "Privacy Request." We will respond within **30 days** of receiving a verifiable request. We may need to verify your identity before processing your request.

Please note that some rights are subject to limitations under applicable law. For example, we may be unable to delete transaction records where we are required to retain them under financial regulations.

### Complaints

If you believe we have handled your personal information in a way that does not comply with applicable law, you have the right to lodge a complaint with the relevant supervisory authority:

- **Nigeria:** Nigeria Data Protection Commission (NDPC) — [ndpc.gov.ng](https://ndpc.gov.ng)
- **Benin Republic:** Autorité de Protection des Données Personnelles (APDP)
- **EU/EEA residents:** The data protection authority of your member state

---

## 12. Children's Privacy

Swaply is a financial services platform intended **exclusively for users aged 18 years and above.**

We do not knowingly collect, solicit, or process personal information from individuals under the age of 18. If you are under 18, you must not use or attempt to use the Service.

If we become aware that we have inadvertently collected personal information from a minor, we will take immediate steps to delete that information and close the associated account. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at **contact@swaply.africa**.

---

## 13. Biometric Data

Swaply may utilise your device's built-in biometric authentication features (such as Face ID or fingerprint recognition) to provide a faster, more secure login experience.

**Important:** Biometric authentication on Swaply is processed entirely by your device's operating system (iOS or Android) and its secure enclave. **Trouve Tech Limited does not collect, access, store, or process your raw biometric data** (fingerprint templates, facial geometry maps, or similar data) on our servers.

The biometric data remains on your device at all times and is subject to the privacy controls of your device's operating system. You may disable biometric login for Swaply at any time in the app settings or through your device settings.

---

## 14. Cookies and Tracking Technologies

The Swaply mobile application uses limited tracking technologies to support core functionality, security, and analytics. These may include:

- **Session tokens:** Used to keep you securely logged in during an active session.
- **Analytics SDKs:** Used to understand how users navigate the app and identify areas for improvement.
- **Crash reporting tools:** Used to detect and diagnose technical errors.
- **Security fingerprinting:** Used to detect suspicious or anomalous device behaviour.

We do **not** use advertising cookies or cross-site tracking technologies. We do not permit third-party advertisers to place tracking technologies on the Swaply platform.

You may limit certain forms of data collection by adjusting the privacy settings on your device (e.g., resetting your advertising ID or limiting ad tracking). Note that disabling certain tracking may affect app functionality or security features.

---

## 15. Third-Party Services and Links

Swaply may integrate with or link to third-party services, including:

- Banks and financial institutions
- Mobile money operators (MTN, MOOV, Celtiis, and others)
- Payment processors (e.g., Paystack)
- Identity and KYC verification providers

When you interact with these third parties, their collection and use of your information is governed by their own privacy policies, not this one. We encourage you to review the privacy policies of any third-party services you use in connection with Swaply.

**Trouve Tech Limited is not responsible for the privacy practices of third-party providers** and does not make any representations about their data handling.

---

## 16. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

1. Notify the relevant data protection authority within the timeframe required by applicable law (typically 72 hours of becoming aware of the breach under GDPR-aligned frameworks).
2. Notify affected users directly — by email, in-app notification, or other appropriate means — without undue delay, where the breach is likely to result in a high risk to your rights and freedoms.

Notification will include, to the extent known: a description of the nature of the breach, the categories and approximate number of individuals affected, the likely consequences of the breach, and the measures we have taken or propose to take to address it.

---

## 17. Geographic Scope and Regulatory Compliance

Swaply currently operates in the following jurisdictions:

| Country | Key Applicable Regulations |
|---|---|
| **Nigeria** | Nigeria Data Protection Act 2023 (NDPA); Central Bank of Nigeria (CBN) regulations; Money Laundering (Prevention and Prohibition)|
| **Benin Republic** | ECOWAS Supplementary Act on Personal Data; BCEAO regulations; WAEMU AML/CFT framework |

We are committed to complying with all applicable data protection and financial laws in the markets where we operate. As we expand to new regions, this policy will be updated to reflect applicable local requirements.

Where users in the European Economic Area (EEA) or United Kingdom access our services, we additionally comply with the General Data Protection Regulation (GDPR) and UK GDPR respectively.

---

## 18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes, we will:

- Update the "Last Updated" date at the top of this policy.
- Notify you via email or a prominent in-app notification **at least 14 days before** changes take effect, where practicable.
- For significant changes that materially affect how we process your personal data, we may request your renewed consent where required by law.

We encourage you to review this policy periodically. The most current version will always be accessible within the Swaply app and on our website.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.

---

## 19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

**Trouve Tech Limited**
Email: **contact@swaply.africa**
Subject line: *Privacy Inquiry* or *Data Request*

We aim to respond to all privacy-related inquiries within **5 business days** and to resolve formal data subject requests within **30 days**.

---

*© Trouve Tech Limited. All rights reserved.*

*This Privacy Policy was last updated on [15 February 2026] and is effective as of [15 February 2026].*