Privacy Policy

This Privacy Policy ("Policy") applies to KoinKoin Ghana Ltd, a company incorporated in Ghana and licensed by the Securities and Exchange Commission of Ghana ("SEC Ghana"), and KoinKoin Global Network Ltd, a company incorporated in Nigeria and operating under applicable Nigerian financial regulations (collectively, "KoinKoin", "we", "us", or "our").

KoinKoin operates a digital asset and blockchain infrastructure platform providing stablecoin-powered cross-border payments, digital asset exchange, and related financial services across Ghana, Nigeria, and other African markets.

This Policy describes how we collect, use, store, share, and protect your personal information when you use our website (koinkoin.io), mobile applications, APIs, and related services (collectively, the "Platform"). By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Policy.

Effective Date: 19 March 2026  |  Last Updated: 19 March 2026

Depending on your country of residence and the services you use, the relevant data controller is:

Both entities may jointly process data where services involve cross-border transactions between Ghana and Nigeria. In such cases, both entities act as joint data controllers and have entered into a data-sharing agreement consistent with applicable law.

We collect the following categories of personal information:

We process your personal data on the following legal grounds:

• Contractual necessity: To provide the services you have requested, including account creation, transaction processing, and customer support.
• Legal obligation: To comply with KYC/AML requirements under the Anti-Money Laundering Act 2020 (Ghana), the Money Laundering (Prevention and Prohibition) Act 2022 (Nigeria), the Financial Intelligence Centre Act (Ghana), and applicable regulations of the Bank of Ghana, Central Bank of Nigeria, SEC Ghana, and SEC Nigeria.
• Legitimate interests: To detect and prevent fraud, secure our systems, improve our services, and conduct analytics — where these interests are not overridden by your rights.
• Consent: For marketing communications, optional analytics, and any processing not covered by the above grounds. You may withdraw consent at any time.
• Vital interests: In exceptional circumstances where processing is necessary to protect life.

As a licensed digital asset platform operating in Ghana and Nigeria, KoinKoin is subject to stringent Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations. These include:

• Mandatory identity verification before account activation and before processing transactions above regulatory thresholds
• Ongoing transaction monitoring for suspicious activity
• Reporting of suspicious transactions to the Financial Intelligence Centre (FIC) Ghana and the Nigerian Financial Intelligence Unit (NFIU)
• Sanctions screening against OFAC, UN, EU, and local sanctions lists
• Retention of KYC records for a minimum of 5 years after the end of the customer relationship, as required by law
• Retention of transaction records for a minimum of 5 years from the date of each transaction
• Cooperation with lawful requests from regulatory authorities, law enforcement, and financial intelligence units

We are legally required to collect and retain this information and cannot delete it upon request where retention is mandated by law. We will inform you of any such limitation when you exercise your data rights.

Blockchain transactions are inherently public and immutable. When you conduct transactions on public blockchain networks, certain data (including wallet addresses and transaction amounts) is permanently recorded on the blockchain and cannot be deleted by KoinKoin or any other party.

We collect and process blockchain-related data including:

• Public wallet addresses associated with your account
• On-chain transaction records for stablecoins and other digital assets
• Smart contract interaction data
• Blockchain analytics data used for compliance and fraud prevention

We do not store or process private keys on your behalf. You are solely responsible for the security of your private keys and non-custodial wallets.

We use your personal information to:

• Verify your identity and onboard you as a user
• Process digital asset transactions, cross-border payments, and stablecoin conversions
• Comply with KYC, AML, and counter-terrorism financing (CTF) obligations
• Detect, investigate, and prevent fraud, money laundering, and other financial crimes
• Provide customer support and resolve disputes
• Send transactional notifications (receipts, alerts, security notices)
• Send marketing communications where you have consented
• Improve our Platform through analytics and user research
• Comply with tax reporting obligations in Ghana and Nigeria
• Enforce our Terms of Service and other agreements
• Respond to lawful requests from regulators, courts, and law enforcement

We may share your personal information with:

We do not sell your personal data to third parties for their own marketing purposes.

KoinKoin operates across multiple jurisdictions. Your personal data may be transferred to, stored in, or processed in countries outside Ghana and Nigeria, including countries where our cloud infrastructure, service providers, or group companies are located.

Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses or equivalent data transfer mechanisms
• Transfers only to jurisdictions with adequate data protection laws or to recipients who have provided adequate safeguards
• Compliance with the Ghana Data Protection Act 2012 (Act 843) and Nigeria's Nigeria Data Protection Act 2023 (NDPA) requirements for international transfers

You may request information about the safeguards applicable to a specific transfer by contacting us at privacy@koinkoin.io.

We retain your personal data for as long as necessary to:

• Maintain your account and provide services
• Comply with legal and regulatory retention requirements (minimum 5 years for KYC and transaction records)
• Resolve disputes and enforce agreements
• Conduct fraud investigations

Upon account closure, we will delete or anonymise data that is no longer required, except where retention is mandated by law. Anonymised or aggregated data may be retained indefinitely for analytics and research purposes.

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Multi-factor authentication for account access
• Role-based access controls limiting staff access to personal data
• Regular security audits and penetration testing
• Incident response procedures and breach notification protocols

No system is completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by applicable law.

Subject to applicable law and regulatory limitations, you have the following rights regarding your personal data:

To exercise any of these rights, contact our Data Protection Officer at privacy@koinkoin.io. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are unsatisfied with our response, you have the right to lodge a complaint with:

• Ghana: Data Protection Commission (DPC Ghana) — dataprotection.org.gh
• Nigeria: Nigeria Data Protection Commission (NDPC) — ndpc.gov.ng

We use cookies and similar technologies to operate the Platform, remember your preferences, and analyse usage. Categories of cookies we use:

• Strictly necessary: Required for the Platform to function (authentication, security, session management). Cannot be disabled.
• Functional: Remember your preferences such as language and region.
• Analytics: Help us understand how users interact with the Platform (e.g., Google Analytics). Enabled only with your consent.
• Marketing: Used to deliver relevant advertisements. Enabled only with your consent.

You can manage cookie preferences through your browser settings or our cookie consent tool. Disabling certain cookies may affect Platform functionality.

Our Platform is not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at privacy@koinkoin.io and we will take steps to delete such data promptly.

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will notify you by email or by posting a prominent notice on the Platform at least 14 days before the changes take effect.

Your continued use of the Platform after the effective date of the updated Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically.

For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our Data Protection Officer: