Privacy Policy

How we collect, use, and protect your data

​1. Thank you for downloading the App

Welcome to Masamasa ("we," "our," or "us"). We are committed to protecting the privacy and security of our users ("you" or "User") in compliance with the Nigeria Data Protection Act (NDPA) 2023, the Nigeria Data Protection Regulation (NDPR), and applicable guidelines from the Central Bank of Nigeria (CBN).

​This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (the "Platform") to convert cryptocurrency to Naira (off-ramping services).

​2. Consent and Legal Basis

​By downloading, registering, or using Masamasa, you consent to the processing of your personal data as described in this policy. Our legal basis for processing your data includes:

  • ​Contractual Necessity: To execute your buy/sell orders and process payouts.
  • Legal Obligation: To comply with Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) laws mandated by the CBN and EFCC.
  • Legitimate Interest: To improve our services and prevent fraud.
  • Consent: For marketing communications (which you can withdraw at any time).
3. Information We Collect

To provide compliant crypto-to-fiat services, we must collect specific data points.

​3.1. Personal Information (KYC)

​In strict adherence to CBN Tier-1, Tier-2, and Tier-3 KYC requirements, we collect:

  • ​Identity Data: Full legal name, Date of Birth, Gender.
  • ​Contact Data: Residential address, Email address, Phone number.
  • ​Government ID: Bank Verification Number (BVN), National Identity Number (NIN), International Passport, or Voter’s Card.
  • ​Biometric Data: Facial recognition (selfie) for liveness checks and identity verification.
​3.2. Financial & Transaction Data
  • ​Wallet Addresses: Public keys and wallet addresses you use to deposit crypto.
  • ​Bank Account Details: NUBAN account numbers and bank names for Naira payouts.
  • ​Transaction History: Details of amounts, timestamps, counterparties, and transaction hashes.
​3.3. Technical Data
  • ​Device ID, IP address, operating system, and geolocation data (required for fraud detection).
How We Use Your Information

​We use your data to:

  • Process Transactions: Convert your crypto assets and credit your Nigerian bank account.
  • ​Verify Identity: Confirm you are the owner of the bank account linked to the app (Name Matching).
  • ​Compliance: Screen against sanctions lists (OFAC, UN) and monitor for suspicious transaction patterns as required by the Nigerian Financial Intelligence Unit (NFIU).
  • ​Customer Support: Resolve disputes regarding stuck funds or failed transfers.
​5. Disclosure of Your Information

We do not sell your personal data. However, we may share your data with:

  • Financial Partners: Banks and Payment Service Providers (PSPs) to facilitate Naira transfers.
  • ​Identity Verification Partners: Third-party KYC providers to authenticate your documents.
  • ​Liquidity Providers: Third-party exchanges or market makers to execute the crypto-to-fiat conversion.
  • Law Enforcement & Regulators: We are legally obligated to report suspicious transactions to the Economic and Financial Crimes Commission (EFCC) and the NFIU without prior notification to the user, if required by law.
. Data Security

We implement robust security measures, including:

  • ​Encryption: Data is encrypted in transit (SSL/TLS) and at rest.
  • ​Access Control: Strict internal access controls—only authorized personnel can view sensitive KYC data.
  • ​2FA: Mandatory Two-Factor Authentication for sensitive account actions.

Despite these measures, no transmission over the internet is 100% secure. You acknowledge the inherent risk of trading digital assets online.

​7. Data Retention

​In compliance with the Money Laundering (Prevention and Prohibition) Act, we are required to retain your transaction records and KYC data for a minimum of five (5) years after the termination of your business relationship with us.

8. Your Rights (NDPA 2023)

​As a user in Nigeria, you have the right to:

  • ​Access: Request a copy of the personal data we hold about you.
  • ​Rectification: Request correction of inaccurate data.
  • ​Erasure: Request deletion of data (subject to our 5-year legal retention requirement).
  • ​Lodge a Complaint: You may file a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your rights have been violated.
​9. Important Disclaimers & Risk Warning
  • ​Not a Bank: Masamasa is a financial technology company, not a bank. Naira funds are processed through CBN-licensed partners. Your crypto assets held on the platform are not insured by the Nigeria Deposit Insurance Corporation (NDIC).
  • ​Volatility: Cryptocurrency prices are highly volatile. The exchange rate is locked only at the moment of transaction confirmation. We are not liable for value lost due to market fluctuations.
  • Irreversibility: Cryptocurrency transactions are irreversible. Ensure you are sending the correct asset to the correct network.
10. Contact Us

If you have questions about this policy or wish to exercise your data rights, please contact our  Data Protection Officer (DPO):

​Masamasa Data Protection Officer Email: seyifunmi@masamasa.com Office Address: 6, Victoria crest 4 estate. Lekki-Ikate. Lagos State