image
Login

Privacy Policy

Privacy Policy

Last Updated: May 2026  |  Effective Date: January 2024

KachiPlug Ltd ("KachiPlug," "we," "us," or "our") is committed to protecting the privacy of our users ("you" or "User"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at kachiplug.com and our currency exchange and Pay4Me checkout services.

By creating an account or using our services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our platform.

1. Information We Collect

1.1 Personal Information

When you register and use KachiPlug, we collect:

  • Identity Information — Full name, date of birth, government-issued ID (for KYC verification)
  • Contact Information — Email address, phone number, residential address
  • Financial Information — Bank account details (account number, bank name), e-wallet account identifiers (PayPal email, Skrill ID, Payoneer account, and other supported payment-method identifiers)
  • Transaction Information — Exchange history, order amounts, currencies traded, timestamps
  • Identity Photos — A selfie photo and a photo of your government-issued ID, captured through the KachiPlug mobile app during KYC verification (see Section 7 for full details)

1.2 Automatically Collected Information

When you visit our website, we automatically collect:

  • Device Information — Browser type, operating system, device type
  • Usage Data — Pages visited, time spent on pages, referral source
  • IP Address — For security monitoring and fraud prevention
  • Session Data — Login timestamps and session duration

2. How We Use Your Information

We use your personal information strictly for the following purposes:

Purpose Details
Order Processing To execute your exchange orders, verify payments, and deliver naira or e-wallet credit to your accounts
Identity Verification (KYC) To comply with Nigerian financial regulations and prevent fraud
Account Security To protect your account from unauthorized access and suspicious activity
Communication To send transaction confirmations, security alerts, and important service updates
Legal Compliance To meet anti-money laundering (AML) requirements and respond to lawful government requests

We will never sell, trade, or rent your personal information to third parties for marketing purposes.

3. Data Sharing and Third Parties

KachiPlug does not share your personal information except in the following limited circumstances:

  • Legal Requirements — When ordered by a court of competent jurisdiction, law enforcement, or regulatory authority
  • Payment Processing — With banks and licensed payment processors solely to complete your transactions (they receive only the minimum data needed for the rail they operate)
  • Fraud Prevention — With fraud detection services to verify transactions and protect against criminal activity
  • With Your Consent — When you explicitly authorize us to share specific information

We do not share your transaction history, contact details, or identifying information with any third party unless ordered by a court or arbitration body of acceptable jurisdiction. Your selfie and ID images are not sent to our card or bank-transfer processors; see Section 7.3 for details.

4. Cookies and Tracking

KachiPlug uses the following types of cookies:

Cookie Type Purpose Required?
Session Cookies Keeps you logged in during your visit ✅ Essential
Security Cookies CSRF protection and fraud prevention ✅ Essential
Analytics Helps us understand how users interact with our site Optional
Live Chat (Tawk.to) Enables our customer support chat widget Optional

You can manage cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of our platform.

5. Data Security

We take the security of your data seriously and implement the following measures:

  • 🔒 SSL/TLS Encryption — All data transmitted between your browser or mobile app and our servers is encrypted
  • 🛡️ Access Controls — Only authorized personnel can access user data, on a need-to-know basis
  • 🔐 Password Hashing — Your password is never stored in plain text
  • 📊 Activity Monitoring — We monitor for suspicious login attempts and unauthorized access
  • 💾 Secure Storage — Personal data is stored on access-controlled servers

While we use industry-standard security practices, no method of electronic transmission or storage is 100% secure. We encourage you to use strong, unique passwords and enable two-factor authentication (2FA) on your account.

6. Your Rights

As a KachiPlug user, you have the right to:

  • Access Your Data — Request a copy of the personal information we hold about you
  • Correct Your Data — Update inaccurate or incomplete personal information via your profile settings
  • Delete Your Account — Request permanent deletion of your account and associated data (subject to legal retention requirements)
  • Withdraw Consent — Opt out of non-essential communications at any time
  • Data Portability — Request your transaction history in a machine-readable format

To exercise any of these rights, contact us at [email protected] or via WhatsApp.

7. Biometric and Face Data

KachiPlug collects face images during identity verification (KYC). This is required to comply with Nigerian Central Bank AML/CFT regulations and to prevent account takeover fraud.

7.1 What We Collect Today

When you complete the KYC steps in the KachiPlug mobile app, we collect:

  • Selfie Photo — A still image captured via your device camera during the "Selfie Verification" step
  • Government-Issued ID Photo — A still image captured via camera or selected from your photo library during the "ID Card Upload" step (passport, driver's licence, national ID card, or NIN slip)

We do not currently record video or perform any automated facial recognition on the device. The Selfie Verification step is optional in the current app, but skipping it limits how much of the platform you can use.

7.2 How We Use It

  • Our compliance team manually reviews these images to confirm you are the person who owns the government ID
  • To detect impersonation, presentation attacks, and account takeover
  • To meet our regulatory record-keeping obligations under Nigerian AML/CFT law

7.3 How It Is Stored and Shared

  • Images are transmitted from your device to our servers over TLS 1.2+
  • Stored in our secured database, accessible only to KachiPlug compliance personnel through our internal admin interface
  • Not sent to our card or bank-transfer processors. Those processors receive only the text fields of your KYC submission (name, date of birth, BVN number) that fall within their regulated scope. Your face and ID images stay with us.
  • Never used for advertising, marketing, AI or model training, and never sold or rented to any third party under any circumstances

7.4 Retention

Face images and ID images are retained for a minimum of five years from your last transaction or account closure, whichever is later, in line with Section 7.7 of the Central Bank of Nigeria AML/CFT (Administrative Sanctions) Regulations 2018.

7.5 Coming in a Future Release

A future version of KachiPlug will add an automated liveness check (a short on-device video or frame sequence) and an automated face-match score that compares your selfie against the photo on your government ID. This will be processed by a licensed identity-verification provider under a strict data-processing agreement. We will update this policy and request fresh consent before that change ships.

7.6 Your Controls

You may request deletion of your face images and ID images at any time by emailing [email protected]. Note that deletion may require us to close your account if the regulator still requires us to retain the record under Nigerian AML/CFT law.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. After account closure:

  • Transaction records — Retained for 7 years (as required by Nigerian financial regulations)
  • KYC documents — Retained for 5 years after account closure
  • Biometric and face images — Retained for 5 years from your last transaction or account closure, whichever is later (see Section 7.4)
  • Account data — Deleted within 90 days of closure, unless retention is required by law

9. Links to Third-Party Sites

KachiPlug may contain links to external websites. We are not responsible for the privacy practices, content, or accuracy of information on third-party sites. We encourage you to review their privacy policies before providing any personal information.

10. Children's Privacy

KachiPlug services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we discover that a minor has created an account, we will immediately terminate the account and delete their information.

11. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. When we make changes:

  • The "Last Updated" date at the top of this page will be revised
  • Material changes will be communicated via email or an on-site notification
  • Continued use of our services after changes constitutes acceptance of the updated policy

12. Contact Us

For privacy-related questions, data requests, or concerns:

© 2026 KachiPlug Ltd. All rights reserved.