Legal & Compliance

Privacy Policy

Effective Date: April 3, 2026
Last Updated: April 3, 2026

KoriePay Liquidity Systems ("KoriePay", "we", "our", or "us") is committed to protecting your privacy and ensuring that your personal and financial data is handled in compliance with the Nigeria Data Protection Act (NDPA) and WAEMU regional data privacy frameworks.

1. Information We Collect

To operate the KoriePay Liquidity Grid and comply with Central Bank of Nigeria (CBN) and BCEAO regulations, we collect the following categories of information:

  • Identification Data (KYC): Full name, date of birth, biometric data (facial scans), Bank Verification Number (BVN), National Identity Number (NIN), and copies of government-issued IDs.
  • Financial Data: Bank account numbers, mobile money wallet details, transaction history, and settlement records.
  • Corporate Data: For Agents and Aggregators, we collect Corporate Affairs Commission (CAC) certificates, RCCM documents, and Director profiles.
  • Telemetry & Device Data: IP addresses, MAC addresses, GPS locations during high-value transactions, and device fingerprints for fraud prevention.

2. How We Use Your Information

We process your data strictly to provide and secure our financial services:

  • To execute real-time cross-border settlements between NGN and XOF.
  • To comply with Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) laws.
  • To mitigate fraud using AI-driven transaction monitoring.
  • To calculate risk for Shariah-compliant financing and Adashi pool limits.

3. Information Sharing & Disclosure

KoriePay does not sell your data. We only share information with third parties under strict conditions:

  • Regulatory Authorities: We are legally mandated to share suspicious transaction reports (STRs) with the NFIU (Nigeria) and CENTIF (Niger).
  • Banking Partners: For the purpose of holding fiat currency reserves and clearing settlements.
  • Master Aggregators: Tier-1 agents share limited transaction metadata with their managing Aggregators for commission calculations.

4. Data Security & Retention

We implement enterprise-grade security, including AES-256 encryption for data at rest and TLS 1.3 for data in transit. In accordance with AML directives from the CBN and BCEAO, KoriePay is required by law to retain your KYC and transaction data for a minimum of five (5) years even after your account is closed.

5. Cross-Border Data Transfers

As a cross-border liquidity provider, your data may be processed in secure data centers located in Nigeria, Niger, or AWS EU regions. We ensure all cross-border transfers utilize standard contractual clauses and comply with the respective data protection commissions.

Contact the Data Protection Officer (DPO)

If you have questions regarding your data rights or wish to exercise your right to access or correct your data, please contact our privacy team:

privacy@koriepay.com