Cipago Privacy Policy

Effective Date: 5th of April, 2025

Your privacy is fundamental to our service. This policy explains how we collect, use, and protect your information in compliance with GDPR, CCPA, and NDPR.

1. Policy Scope

This policy applies to all Cipago services including:

  • Multi-chain cryptocurrency wallet
  • 1inch decentralized exchange integration
  • Fiat conversion services (NGN/USDT/BTC)
  • Virtual Mastercard operations
  • Customer support interactions

2. Data We Collect

2.1 Personal Information

  • Full name and contact details
  • Government-issued ID (for KYC verification)
  • Biometric data (for advanced verification)

2.2 Financial Data

  • Bank account details (for fiat transactions)
  • Crypto wallet addresses and transaction history
  • Virtual card transaction records

2.3 Technical Data

  • IP addresses and device fingerprints
  • Browser/device characteristics
  • On-chain analytics data
  • Security audit logs

3. How We Use Data

  • Verify identity and prevent fraud
  • Process cryptocurrency/fiat transactions
  • Maintain regulatory compliance (AML/CTF)
  • Improve service functionality and security
  • Communicate service updates
  • Analyze usage patterns (anonymized data)

4. Data Sharing

We may share information with:

  • Regulatory authorities (CBN, SEC)
  • Banking partners for fiat processing
  • Mastercard for virtual card operations
  • Blockchain analytics providers (Chainalysis)
  • Cloud service providers (AWS encrypted storage)

We never sell user data to third parties. Sharing with decentralized protocols (1inch) occurs only with your explicit transaction approval.

5. Security Measures

  • AES-256 encryption for data at rest
  • SSL/TLS 1.3 for data in transit
  • Multi-sig cold wallet storage
  • Biometric access controls
  • Quarterly penetration testing
  • Employee background checks

6. Data Retention

  • KYC records: 7 years post-account closure
  • Transaction records: 10 years for tax compliance
  • Technical logs: 2 years minimum
  • Marketing data: Until consent withdrawal

Blockchain transaction data is immutable and cannot be deleted.

7. Your Rights

  • Access personal data (Subject Access Request)
  • Rectify inaccurate information
  • Request data portability (GDPR Article 20)
  • Withdraw marketing consent
  • Delete non-essential data (Right to Erasure)
  • Restrict processing under certain conditions

Exercise rights via Settings > Privacy Dashboard or email [email protected]

8. International Transfers

Data may be transferred to countries with adequacy decisions under:

  • EU Standard Contractual Clauses
  • Nigeria Data Protection Regulation
  • APEC Cross-Border Privacy Rules

9. Cookies & Tracking

We use:

  • Essential cookies (session management)
  • Analytics cookies (Google Analytics)
  • Security cookies (CSRF tokens)

Manage preferences via browser settings or our cookie consent banner.

10. Policy Updates

Material changes will be notified 30 days in advance via:

  • In-app notifications
  • Registered email
  • Website banner alerts

11. Contact Information

Data Protection Officer:
[email protected]
Cipago Financial Technologies Ltd.
[Insert Registered Office Address]