Privacy Policy

1. Introduction

CoinCircuit Limited, a company registered in Nigeria ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cryptocurrency payment gateway services, website, APIs, and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein. If you do not agree with our policies and practices, please do not use the Service.

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws in the jurisdictions where we operate.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you voluntarily provide to us when you:

  • Register for an account
  • Complete KYC (Know Your Customer) verification
  • Make a transaction or use our services
  • Contact customer support
  • Subscribe to newsletters or marketing communications
  • Participate in surveys or promotions

This information may include:

  • Full name, email address, phone number, and date of birth
  • Business name, registration number, and tax identification number
  • Physical address and country of residence
  • Government-issued identification documents (passport, driver's license, national ID)
  • Proof of address documents
  • Cryptocurrency wallet addresses
  • Bank account information for settlements
  • Payment and transaction information
  • Username and password

2.2 Information Automatically Collected

When you access or use the Service, we automatically collect certain information, including:

  • Device Information: IP address, browser type and version, operating system, device identifiers, and mobile network information
  • Usage Data: Pages viewed, features used, time spent on pages, links clicked, search queries, and referring/exit pages
  • Location Data: General geographic location based on IP address
  • Transaction Data: Details of cryptocurrency transactions, including amounts, timestamps, blockchain addresses, and network fees
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see our Cookie Policy)

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Identity verification services
  • Credit reporting agencies and fraud prevention services
  • Blockchain analytics providers
  • Payment processors and financial institutions
  • Marketing partners and analytics providers
  • Public databases and sanctions lists

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision and Operations

  • Create and manage your account
  • Process and facilitate cryptocurrency transactions
  • Provide customer support and respond to inquiries
  • Send transaction confirmations and account notifications
  • Operate, maintain, and improve the Service

3.2 Compliance and Security

  • Verify your identity and comply with KYC/AML requirements
  • Detect, prevent, and address fraud, security issues, and illegal activities
  • Comply with legal obligations and regulatory requirements
  • Enforce our Terms of Service and other policies
  • Respond to law enforcement requests and legal processes

3.3 Analytics and Improvement

  • Analyze usage patterns and trends
  • Conduct research and development
  • Test and improve features and functionality
  • Monitor and analyze the effectiveness of our Service

3.4 Marketing and Communications

  • Send promotional materials, newsletters, and updates (with your consent)
  • Provide personalized content and recommendations
  • Conduct surveys and gather feedback
  • Inform you about new features, products, and services

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific context:

  • Contract Performance: Processing is necessary to perform our contract with you (providing the Service)
  • Legal Obligation: Processing is necessary to comply with legal obligations (KYC/AML, tax reporting)
  • Legitimate Interests: Processing is necessary for our legitimate business interests (fraud prevention, analytics, service improvement)
  • Consent: You have given explicit consent for specific processing activities (marketing communications)

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Cloud hosting and infrastructure providers
  • Payment processors and banking partners
  • Identity verification and KYC service providers
  • Customer support and communication platforms
  • Analytics and monitoring services
  • Security and fraud prevention services

5.2 Legal Requirements

We may disclose your information when required by law or in response to:

  • Court orders, subpoenas, or legal processes
  • Law enforcement or regulatory authorities
  • Government requests for information
  • Compliance with applicable laws and regulations

5.3 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity.

5.4 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

5.5 Blockchain Transactions

Cryptocurrency transactions are recorded on public blockchains and are visible to anyone. This information cannot be deleted or modified once confirmed on the blockchain.

6. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit using TLS 1.3
  • Encryption of data at rest using AES-256
  • Multi-factor authentication (MFA)
  • Regular security audits and penetration testing
  • Access controls and role-based permissions
  • Secure data centers with physical security measures
  • Employee training on data protection and security
  • Incident response and breach notification procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You acknowledge that you provide information at your own risk.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account Information: Retained for the duration of your account plus 7 years after closure (for regulatory compliance)
  • KYC/AML Records: Retained for at least 7 years after account closure as required by law
  • Transaction Records: Retained for at least 7 years for tax and regulatory purposes
  • Marketing Data: Retained until you withdraw consent or we no longer have a legitimate need
  • Usage and Analytics Data: Typically retained for up to 24 months

After the retention period expires, we will securely delete or anonymize your personal information.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

8.1 General Rights

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request a copy of your information in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent for processing based on consent

8.2 GDPR Rights (EEA Residents)

If you are located in the EEA, you have additional rights under GDPR, including the right to lodge a complaint with a supervisory authority.

8.3 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@coincircuit.io. We will respond to your request within 30 days (or as required by applicable law).

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of the Service. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

You can control cookies through your browser settings and opt-out of certain tracking technologies. However, disabling cookies may affect the functionality of the Service.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your jurisdiction.

When we transfer personal information from the EEA to countries outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally approved transfer mechanisms

11. Children's Privacy

The Service is not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information. If you believe we have collected information from a child, please contact us at privacy@coincircuit.io.

12. Third-Party Websites and Services

The Service may contain links to third-party websites and services that are not owned or controlled by CoinCircuit. We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party websites or services before providing them with your personal information.

13. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. At this time, we do not respond to DNT signals or similar mechanisms.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website with a new "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on the Service

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

15. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

  • Company Name: CoinCircuit Limited
  • Registered Address: Nigeria
  • Email: privacy@coincircuit.io
  • Legal: legal@coincircuit.io
  • Support: support@coincircuit.io
  • Website: https://coincircuit.io

Data Protection Officer: If you have concerns about how we handle your personal data, you may contact our Data Protection Officer at dpo@coincircuit.io.

Last Updated: November 10, 2025

This Privacy Policy is effective as of the date listed above and applies to all users of CoinCircuit services.