Privacy Policy

Effective Date: 15 June 2026  |  Last Updated: 15 June 2026  |  Version: 1.0

1. Introduction

KclautX Limited (RC 9012799) (“KclautX,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, store, and protect your personal data when you access or use our mobile application, website, and the services we provide (collectively, the “Services”).

This Privacy Policy is published in accordance with the Nigeria Data Protection Act 2023 (the “NDPA”) and other applicable Nigerian data protection law. It forms part of our Terms of Service and applies to all Users of the Services.

Please read this Privacy Policy carefully. By creating a KclautX account or using the Services, you confirm that you have read and understood this Privacy Policy. Where the law requires your consent to a specific processing activity, we will ask you for it separately and you may withdraw your consent at any time.

If you do not agree with this Privacy Policy, you must not register for or use the Services.

2. How to contact us about your personal data

If you have any question, request, or complaint about how we handle your personal data, contact us at:

We aim to respond to data protection enquiries within fifteen (15) business days.

3. Scope of this Privacy Policy

This Privacy Policy applies to personal data we collect through:

This Privacy Policy does not apply to the practices of third parties whose websites, applications, or services may be accessible from the Services. When you interact with a third-party service, that party's privacy practices apply. We encourage you to review those policies separately.

4. Personal data we collect

We may collect the personal data described below. The specific data we collect depends on the Services you use and the actions you take within the platform.

4.1 Identity and contact data

4.2 Identity verification (KYC) data

Biometric data and certain identity numbers are treated as sensitive personal data under the NDPA. We process this data only with the heightened protections described in Section 6.3.

4.3 Financial and transaction data

4.4 Cryptocurrency data

You should be aware that information published to public blockchain networks is, by nature, public. Once a transaction is broadcast to a blockchain, the transaction details (sender address, receiver address, amount, timestamp, and any associated metadata) are visible to anyone with access to the network and cannot be deleted by KclautX. This is an inherent characteristic of blockchain technology and not a feature of the Services.

4.5 Device and technical data

4.6 Usage and behavioural data

4.7 Communications data

4.8 Marketing and referral data

4.9 Compliance and risk data

4.10 How we collect this data

We collect personal data in the following ways:

5. How we use your personal data

We use your personal data for the purposes set out below. For each purpose, we identify the lawful basis on which we rely under the NDPA.

5.1 To provide the Services

To register your account, verify your identity, execute your transactions, process payments, deliver products purchased through the Services, and provide customer support.

5.2 To meet our legal and regulatory obligations

To comply with anti-money laundering, counter-terrorist financing, counter-proliferation financing, sanctions screening, tax, and other regulatory obligations. This includes Know Your Customer (KYC) checks, ongoing customer due diligence, transaction monitoring, suspicious transaction reporting, and record-keeping required by law.

5.3 To protect against fraud, financial crime, and security threats

To detect, investigate, and prevent fraud, scams, account takeover, sanctions evasion, money laundering, terrorism financing, and other unlawful or harmful activity. This includes screening transactions, monitoring login patterns, blocking suspicious activity, and cooperating with law enforcement..

5.4 To improve the Services

To understand how the Services are used, identify and fix bugs, measure performance, test new features, and improve the user experience.

5.5 To communicate with you

To send you service-related communications (such as transaction confirmations, security alerts, policy updates, and responses to your enquiries), and to provide customer support.

5.6 To send marketing and promotional content

To inform you about new features, products, promotions, and offers from KclautX. This may include emails, in-app notifications, and push notifications.

Marketing communications are separate from service-related communications. You will continue to receive transactional and service-related communications even if you opt out of marketing.

5.7 To enforce our Terms and protect our rights

To enforce our Terms of Service, apply restrictions and suspensions where required by our Account Restriction and Suspension Policy, resolve disputes, and protect our legal rights.

6. Sensitive personal data

Some of the personal data we collect is treated as sensitive personal data under the NDPA. We process sensitive personal data only where strictly necessary and with the additional protections described below.

6.1 What sensitive personal data we collect

6.2 Why we collect it

Biometric and identity-number data is collected to verify your identity and to comply with Nigerian anti-money laundering law. Verifying identity through biometric liveness checks reduces the risk of account takeover, identity theft, and synthetic identity fraud.

6.3 How we protect it

7. How we share your personal data

We share your personal data only as described in this section. We do not sell your personal data.

7.1 With our Partners

To provide the Services, we share certain personal data with our regulated third-party Partners. These Partners process your data on our behalf or in their own capacity to enable specific Services. The categories of Partner and the data shared with each are summarised below.

Each Partner is contractually required to handle your data in accordance with applicable data protection law, to use it only for the purposes we have specified, and to apply appropriate security measures.

7.2 With regulators, law enforcement, and other authorities

We may share personal data with regulators, law enforcement agencies, courts, the Nigerian Financial Intelligence Unit (NFIU), the Economic and Financial Crimes Commission (EFCC), the Central Bank of Nigeria, the Securities and Exchange Commission, the Federal Inland Revenue Service, the Nigeria Data Protection Commission, and any other competent authority where we are required by law to do so, or where disclosure is necessary to comply with a court order, regulatory directive, valid subpoena, or sanctions designation.

7.3 In connection with a business transfer

If KclautX is involved in a merger, acquisition, reorganisation, sale of assets, or insolvency, your personal data may be transferred as part of that transaction. We will notify you of any such transfer and any change in the data controller before the transfer takes effect.

7.4 With your consent or on your direction

We may share your personal data with other third parties where you have given us explicit consent to do so, or where you have directed us to (for example, where you instruct us to make a payment to a specific recipient).

7.5 We do not sell your data

KclautX does not sell, rent, or trade your personal data to third parties for their own marketing purposes.

8. How long we keep your personal data

We keep your personal data only for as long as we need it for the purposes described in this Privacy Policy, including to comply with our legal and regulatory obligations. The retention periods we apply are summarised below.

Where personal data is retained for compliance reasons after your account is closed, access is restricted and the data is used only for those compliance purposes. We do not use retained data for marketing or analytics after account closure.

Information published to public blockchain networks (such as cryptocurrency transaction records) cannot be deleted by KclautX. This is a permanent characteristic of blockchain technology.

9. Your rights as a data subject

Under the NDPA, you have a number of rights in relation to your personal data. These rights are set out below.

9.1 The rights

9.2 How to exercise your rights

To exercise any of the rights above, send a written request to [email protected]. To process your request, we may need to verify your identity. We will not respond to requests received from email addresses we cannot link to a verified account, except in limited circumstances.

We will respond to your request within thirty (30) days of receipt. Where a request is complex or where we receive a high volume of requests, we may extend this period by a further thirty (30) days and we will inform you of the extension within the initial thirty (30) day window.

There is no fee for making a request. We may charge a reasonable administrative fee, or decline the request, where a request is manifestly unfounded, excessive, or repetitive.

9.3 How to complain to the NDPC

If you are not satisfied with our response to a data protection request, or if you believe we have processed your data unlawfully, you may lodge a complaint with the Nigeria Data Protection Commission. Contact details for the NDPC are available at the NDPC's official website.

10. International data transfers

Some of our Partners and infrastructure providers are based outside the Federal Republic of Nigeria. This means that, in the course of providing the Services to you, your personal data may be transferred to, stored in, or processed in jurisdictions outside Nigeria, including the European Union, the United Kingdom, the United States, and other jurisdictions where our Partners maintain their infrastructure.

Where we transfer your personal data outside Nigeria, we do so only where one of the lawful transfer mechanisms under the NDPA applies, including:

Regardless of where your personal data is processed, we apply the protections described in this Privacy Policy and we contractually require our Partners to do the same.

11. Cookies and similar technologies

We use cookies and similar technologies (including mobile device identifiers, local storage, software development kits, and pixel tags) to operate the Services, remember your preferences, secure your account, analyse usage, and (where you consent) to support marketing.

Full details, including the categories of cookies we use, how to manage them, and your consent options, are set out in our Cookie Policy. The Cookie Policy forms part of this Privacy Policy and is incorporated by reference.

Where required by the NDPA, we will request your affirmative consent for non-essential cookies (such as analytics and marketing cookies) before activating them. You may withdraw your consent at any time through your in-app preferences.

12. How we protect your data

We apply administrative, technical, and physical safeguards designed to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These safeguards include:

No system is completely secure. While we work to protect your data, we cannot guarantee absolute security. You have an important role to play in protecting your own account. Use a strong, unique password, enable available security features (such as two-factor authentication and transaction PIN), and notify us immediately at [email protected] if you suspect any unauthorised access to your account.

12.1 Data breach notification

In the event of a personal data breach that is likely to result in a high risk to your rights, we will notify you and the Nigeria Data Protection Commission within the time limits required by the NDPA.

13. Automated decision-making and profiling

We use automated tools to support our anti-money laundering, fraud prevention, and risk management activities. These tools include automated transaction monitoring, sanctions and PEP screening, device and behavioural risk scoring, and identity verification.

Where these tools identify a transaction or account as high-risk, the case is escalated for human review by our compliance team before any significant decision (such as account restriction or transaction blocking) is finalised. Decisions that produce legal effects on you or significantly affect you are not made by automated processing alone.

If you believe an automated decision has unfairly affected you, you may request human review by writing to [email protected]. We will review the decision and respond within the time limits set out in Section 9.

14. Children's privacy

The Services are not directed at children. You must be 18 years of age or older to register for or use the Services. We do not knowingly collect personal data from any person under 18.

If we become aware that we have collected personal data from a person under 18, we will delete that data and close the associated account as soon as reasonably practicable. If you believe we may have collected data from a person under 18, contact us at [email protected] and we will investigate.

15. Third-party links

The Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of those third parties. When you click a link to a third-party service, that party's privacy policy applies. We encourage you to review the privacy policy of any third-party service before providing personal data to it.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, our Services, or our data practices. The current version will always be available within the Services and on our website, together with the effective date and version number.

Where a change materially affects how we process your personal data, we will provide at least seven (7) days' advance notice by email before the change takes effect, except where a shorter period is required by law. Continued use of the Services after the effective date of any update constitutes acceptance of the updated Privacy Policy. If you do not agree to an update, you should stop using the Services and may close your account.

17. Contact

If you have any question, request, or complaint about this Privacy Policy or our handling of your personal data, contact us at:

KclautX Limited

RC 9012799

Registered office: Ibadan, Oyo State, Nigeria

Website: kclautx.com

Version 1.0. Effective 15 June 2026.