Privacy Policy

Transa.io ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, store, share, and protect your data when you use our services, website, mobile application, or interact with us. By using Transa.io, you consent to the practices described in this Privacy Policy. We comply with the Nigeria Data Protection Regulation (NDPR) 2019 and other applicable data protection laws.

We collect various types of information including: Personal Identification Information (full name, date of birth, email address, phone number, residential address, BVN, government-issued ID, photographs, and biometric data); Financial Information (bank account details, transaction history, wallet balances, payment card information, and source of funds); Transaction Data (send/receive details, amounts, dates, beneficiary information, and conversion rates); Device Information (IP address, device type, operating system, browser type, mobile device identifiers, and location data); Usage Data (login times, features used, pages viewed, app interactions, and preferences); Communications (customer support inquiries, feedback, and correspondence); and Third-Party Data (information from identity verification services, credit bureaus, fraud prevention services, and public databases).

We collect information through multiple channels: Directly from You when you register for an account, complete verification processes, conduct transactions, contact customer support, or participate in surveys; Automatically through our platform using cookies, pixels, web beacons, and analytics tools that track your interactions with our services; From Third Parties including banks, payment processors, identity verification services, fraud prevention providers, credit bureaus, and publicly available databases; and From Your Device including location data (with your permission), camera access for ID verification, and biometric authentication features.

Under Nigerian data protection law, we process your personal data based on the following legal grounds: Your Consent for marketing communications, biometric data collection, and location tracking; Contractual Necessity to provide our services, process transactions, and maintain your account; Legal Obligations including compliance with CBN regulations, anti-money laundering laws, counter-terrorism financing requirements, tax reporting, and court orders; Legitimate Interests for fraud prevention, security enhancement, service improvement, customer support, and business analytics, provided these interests do not override your fundamental rights; and Vital Interests to protect your life or that of another person in emergency situations.

We use your information for: Service Delivery including account creation and management, transaction processing, currency conversion, virtual card issuance, fund transfers, and customer authentication; Security and Fraud Prevention through identity verification, transaction monitoring, risk assessment, fraud detection, account security measures, and suspicious activity reporting; Regulatory Compliance including KYC/AML checks, sanctions screening, tax reporting, regulatory reporting, and responding to legal requests; Customer Support for responding to inquiries, resolving disputes, investigating complaints, and providing assistance; Communication to send transaction notifications, security alerts, service updates, account statements, and policy changes; Marketing (with consent) to inform you about new features, promotions, and relevant offers; Analytics and Improvement for understanding usage patterns, improving user experience, developing new features, and conducting research; and Business Operations including record-keeping, auditing, risk management, and business analysis.

We may share your personal information with: Service Providers including payment processors, banking partners, card network providers, identity verification services, cloud hosting providers, customer support platforms, SMS and email service providers, and analytics providers, all bound by confidentiality obligations; Regulatory and Government Authorities including the Central Bank of Nigeria (CBN), Nigerian Financial Intelligence Unit (NFIU), Special Control Unit Against Money Laundering (SCUML), tax authorities, law enforcement agencies, and courts when required by law or legal process; Financial Institutions including banks, money transfer operators, and correspondent banks to facilitate transactions; Business Partners for co-branded services or joint offerings, with your consent; Corporate Transactions in the event of a merger, acquisition, sale of assets, or bankruptcy, where your information may be transferred to successors; Fraud Prevention Networks to report and prevent fraudulent activity; and With Your Consent for any other purposes with your explicit permission.

We retain your personal information for different periods depending on the type of data and purpose: Active Account Data is retained for the duration of your account relationship with us; Transaction Records are retained for a minimum of 7 years after the transaction date to comply with financial regulations and tax laws; Identity Verification Documents are retained for 7 years after account closure as required by AML/CTF regulations; Communications and Support Records are retained for 3 years after resolution; Marketing Data is retained until you opt out or for a maximum of 3 years of inactivity; Security Logs and Fraud Data may be retained for up to 10 years for security and legal purposes; and Closed Account Data may be retained in anonymized or aggregated form indefinitely for analytics and reporting. When data is no longer required, we securely delete or anonymize it in accordance with our data retention schedule and legal requirements.

Transa.io employs comprehensive security measures including: Encryption using industry-standard SSL/TLS encryption for data in transit and AES-256 encryption for sensitive data at rest; Access Controls with role-based access, multi-factor authentication for employees, and principle of least privilege; Network Security including firewalls, intrusion detection systems, DDoS protection, and regular security audits; Secure Development Practices with code reviews, vulnerability testing, and security patches; Data Segregation to isolate customer data and implement database security controls; Physical Security for data centers with restricted access, surveillance, and environmental controls; Employee Training on data protection, security protocols, and confidentiality obligations; Incident Response with monitoring, detection, and response procedures for security incidents; and Third-Party Security requiring vendors to maintain equivalent security standards. However, no system is completely secure, and we cannot guarantee absolute security of your data.

Under the Nigeria Data Protection Regulation (NDPR), you have the following rights: Right to Access your personal data and obtain copies of information we hold about you; Right to Rectification to correct inaccurate or incomplete personal information; Right to Erasure ("right to be forgotten") to request deletion of your data, subject to legal retention requirements; Right to Restrict Processing in certain circumstances while maintaining data storage; Right to Data Portability to receive your data in a structured, commonly used format and transfer it to another service; Right to Object to processing based on legitimate interests or for direct marketing purposes; Right to Withdraw Consent at any time for processing based on your consent; Right to Lodge a Complaint with the Nigeria Data Protection Bureau (NDPB) if you believe your rights have been violated; and Right to Be Informed about how your data is being used. To exercise these rights, contact us at [email protected]. We will respond within 30 days. Some rights may be limited by legal or regulatory obligations.

Transa.io uses cookies, web beacons, pixels, and similar tracking technologies for: Essential Cookies required for basic functionality, security, and authentication; Performance Cookies to understand how users interact with our platform and identify technical issues; Functional Cookies to remember your preferences, settings, and login information; Analytics Cookies to collect aggregated statistics about usage patterns and user behavior using tools like Google Analytics; and Marketing Cookies (with consent) to deliver relevant advertisements and measure campaign effectiveness. You can control cookies through your browser settings, but disabling certain cookies may affect functionality. Mobile app tracking may be controlled through your device settings. We respect "Do Not Track" signals where technically feasible. For detailed information about cookies we use, see our Cookie Policy.

Transa.io primarily stores and processes data within Nigeria. However, some of our service providers, cloud infrastructure, and payment partners may be located outside Nigeria, including in the United States, Europe, or other jurisdictions. When we transfer personal data internationally, we ensure appropriate safeguards are in place including: Standard Contractual Clauses approved for international data transfers; Adequacy Decisions where the destination country has been deemed to provide adequate data protection; Binding Corporate Rules for transfers within multinational corporate groups; Explicit Consent for specific transfers where required; and Necessary Transfers for contract performance or legal compliance. We ensure all international data recipients maintain data protection standards comparable to Nigerian law.

Transa.io services are not directed to individuals under the age of 18. We do not knowingly collect, use, or disclose personal information from minors. Our Terms of Use require users to be at least 18 years old. If we become aware that we have inadvertently collected personal information from someone under 18, we will take immediate steps to delete that information from our systems. Parents or guardians who believe their child has provided personal information to us should contact us at [email protected] so we can remove the information.

With your explicit consent, Transa.io may collect and process biometric data including facial recognition scans and fingerprint data for: Identity Verification during account registration and enhanced verification processes; Authentication for secure login and transaction authorization; and Fraud Prevention to detect account takeover and identity theft. Biometric data is considered sensitive personal information and is subject to enhanced protection. We encrypt all biometric data, limit access to authorized personnel only, do not share biometric data with third parties except as required by law, retain biometric data only as long as necessary for verification purposes, and allow you to opt out of biometric authentication (though this may limit certain features). You can revoke consent for biometric data processing at any time through your account settings.

With your consent, we may send you marketing communications about: New Features and Services; Special Offers and Promotions; Educational Content about financial services; Product Updates and Enhancements; Surveys and Feedback Requests; and Referral Programs and Incentives. Marketing communications may be sent via email, SMS, push notifications, or in-app messages. You can opt out of marketing communications at any time by: Clicking "unsubscribe" links in emails; Replying "STOP" to SMS messages; Disabling push notifications in your device settings; Adjusting preferences in your account settings; or Contacting us at [email protected]. Opting out of marketing does not affect transactional or service-related communications, which are necessary for account operation.

Transa.io may contain links to third-party websites, applications, or services that are not operated by us. These may include: Banking Partners; Payment Gateways; Social Media Platforms; Educational Resources; and Partner Merchants. We are not responsible for the privacy practices, content, or security of these third-party services. Each third party has its own privacy policy, which we encourage you to review before providing any personal information. Our Privacy Policy applies only to information collected directly by Transa.io. Interactions with third-party services are governed by their respective terms and privacy policies.

Transa.io employs automated decision-making and profiling for: Fraud Detection to identify suspicious transactions and account activity; Risk Assessment for transaction limits and enhanced verification requirements; Credit Scoring for determining eligibility for certain services; and Personalization to tailor user experience and recommendations. These automated processes analyze transaction patterns, account behavior, device information, and other data points. Automated decisions may result in transaction declines, account restrictions, or additional verification requirements. You have the right to: Request human review of automated decisions; Contest decisions you believe are incorrect; Request an explanation of the logic used; and Opt out of profiling for marketing purposes. To request review or challenge an automated decision, contact [email protected].

In the event of a data breach that poses a risk to your rights and freedoms, Transa.io will: Investigate the breach immediately to determine the scope and impact; Contain the breach and implement remedial measures; Notify affected users within 72 hours of discovering the breach (unless law enforcement requests delayed notification); Notify the Nigeria Data Protection Bureau (NDPB) and other relevant authorities as required; Provide clear information about the nature of the breach, types of data affected, potential consequences, and measures being taken; Offer guidance on steps you can take to protect yourself; and Implement additional security measures to prevent recurrence. Notifications will be sent via email, SMS, in-app notification, or public announcement depending on the severity and scope. We maintain a comprehensive incident response plan and conduct regular breach simulation exercises.

Access to your personal information within Transa.io is strictly controlled. Only authorized employees and contractors who require access to perform their job functions may view your data. All personnel with data access: Sign comprehensive confidentiality and non-disclosure agreements; Undergo background checks and security clearance; Complete mandatory data protection and security training; Are subject to role-based access controls with the principle of least privilege; Have their access activities logged and regularly audited; Face disciplinary action including termination for unauthorized access or disclosure; and Are prohibited from using personal information for personal purposes. We regularly review and audit employee access to ensure compliance with our data protection policies.

Transa.io may create anonymized or aggregated data sets that cannot be used to identify individual users. This data may be used for: Business Analytics to understand platform usage trends and patterns; Product Development to identify improvement opportunities and new features; Market Research to understand financial behavior and preferences; Benchmarking to compare performance metrics; Industry Reports and white papers (without identifying individuals); and Academic Research in collaboration with institutions. Anonymized and aggregated data is not considered personal information and is not subject to the same restrictions. We employ industry-standard anonymization techniques to ensure re-identification is not reasonably possible. This data may be retained indefinitely and shared with third parties for research and business purposes.

You are responsible for maintaining accurate and current information in your account. You can update your personal information by: Accessing your profile settings in the mobile app; Contacting customer support for assistance with updates; Submitting verification documents for changes to sensitive information (name, BVN, etc.); and Requesting updates via email to [email protected]. Certain information changes may require reverification to comply with KYC requirements. We may require supporting documentation for significant changes to prevent fraud. Failure to maintain accurate information may result in service interruptions or account restrictions. We recommend reviewing and updating your information regularly, especially contact details to ensure you receive important notifications.

Transa.io may record or monitor communications with you for: Quality Assurance to evaluate and improve customer service; Training Purposes for staff development and best practices; Dispute Resolution to have accurate records for complaint investigation; Regulatory Compliance as required by financial services regulations; and Fraud Prevention to detect and prevent fraudulent activity. Recorded communications include phone calls, live chat sessions, email correspondence, and support tickets. We will inform you when recording is taking place. Recordings are securely stored, accessible only to authorized personnel, and retained according to our data retention policy. You may request copies of your recorded communications by contacting [email protected].

Certain categories of personal information are considered particularly sensitive and receive enhanced protection: Bank Verification Numbers (BVN) used only for identity verification and regulatory compliance; Biometric Data (facial recognition, fingerprints) collected only with explicit consent; Financial Account Details encrypted and access-restricted; Transaction History protected with additional security layers; Health Information (if provided) processed confidentially; and Government-Issued ID Numbers stored with strict access controls. For sensitive data, we implement: Enhanced encryption standards; Stricter access controls and audit logging; Additional consent requirements where applicable; Shorter retention periods where possible; and Prohibition on sharing except as legally required. We never use sensitive information for marketing purposes.

Transa.io may collect and use location information from your device for: Fraud Prevention to detect unusual transaction patterns or account access from unexpected locations; Regulatory Compliance to verify your Nigerian residency; Service Optimization to provide location-relevant features; and Security Enhancement to detect account takeover attempts. We collect location data through: GPS coordinates (with your permission); IP address geolocation; Mobile network information; and Wi-Fi access points. You can control location permissions through your device settings. Disabling location services may affect certain features but will not prevent you from using core Transa.io services. Precise location data is never shared with third parties for marketing purposes. We retain location data only as long as necessary for the purposes described above.

Transa.io may offer integration with social media platforms for: Account Creation using social login for convenience; Profile Information to pre-fill registration forms; Referral Programs to invite friends and earn rewards; and Content Sharing to share achievements or features. When you connect a social media account, we may access: Public profile information (name, profile picture, email); Friend lists (with permission) for referral programs; and Other information permitted by your social media privacy settings. We do not post to your social media accounts without your explicit permission. You can disconnect social media integrations at any time through your account settings. Each social media platform has its own privacy policy governing how they collect and use data, which we encourage you to review.

Transa.io has appointed a Data Protection Officer (DPO) responsible for: Overseeing data protection strategy and compliance; Ensuring compliance with NDPR and other data protection laws; Serving as contact point for data subjects and regulators; Conducting privacy impact assessments; Monitoring data processing activities and security measures; Providing training and guidance to employees; and Investigating privacy complaints and data breaches. You can contact our Data Protection Officer for: Questions about how your data is processed; Concerns about data protection practices; Requests to exercise your data protection rights; Privacy complaints or concerns; or Information about our privacy and security measures. Contact the DPO at: Email: [email protected] or Mail: Data Protection Officer, Transa.io, Lagos, Nigeria.

Transa.io reserves the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or business operations. When we make changes, we will: Update the "Last Updated" date at the bottom of this policy; Notify you via email to your registered email address for material changes; Display an in-app notification highlighting significant updates; Post the updated policy on our website and mobile app; and Provide a summary of key changes where appropriate. Material changes will become effective 30 days after notification, giving you time to review and, if you disagree, close your account. Non-material changes take effect immediately upon posting. Continued use of Transa.io after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the following channels: Email: [email protected] for privacy-related inquiries; General Support: [email protected] for account and service questions; Data Protection Officer: [email protected] for formal data protection matters; Postal Address: Transa.io Privacy Team, Lagos, Nigeria; In-App Support: Access customer support through the Transa.io mobile application; or Website: Visit www.transa.io/privacy for additional resources and FAQs. We aim to respond to all privacy inquiries within 30 days. For urgent security matters, please use the emergency contact feature in the app. If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Bureau (NDPB).