Privacy Policy

Privacy Policy Information

Effective Date: December 2025

1. INTRODUCTION

Dafriqué Solutions (“Company,” “we,” “us,” or “our”) is committed to protecting privacy and ensuring transparency about how we collect, use, disclose, and safeguard information. This Privacy Policy explains our practices regarding data collection and use for our software-as-a-service (SaaS) platform accessible at https://dafriquesolutions.com (the “Platform”).

We are a B2B fintech software provider offering technology solutions for remittance and insurance platforms. This policy applies to our business customers, their users (through our Platform), and our own corporate operations.

2. SCOPE & BUSINESS MODEL CLARIFICATION

Important: Dafriqué Solutions is a software platform provider, not a financial services provider. We provide technology infrastructure for:

  • Remittance platform operators (money transfer service providers)
  • Insurance platform operators (insurance companies or brokers)
  • Other fintech partners requiring remittance or insurance technology

Our clients (“Partners”) use our Platform to deliver their own remittance and insurance services to their end users. End users of our Partners’ services should refer to their Partner’s privacy policy for information on how their personal data is processed.

This Privacy Policy covers: (a) information we collect from our business customers and authorized users, and (b) how we process data transmitted through our Platform on behalf of our Partners (as a Data Processor).

3. INFORMATION WE COLLECT

3.1 Business Customer Information

From our business customers and their authorized users, we collect:

  • Account Information: Company name, business registration details, contact persons, email, phone, address
  • User Information: Names, job titles, email addresses of employees/representatives authorized to use the Platform
  • Business Details: Company type, industry, size, regulatory licenses, compliance certifications
  • Technical Setup: API credentials, authentication tokens, configuration data
  • Billing Information: Payment method, invoice history, subscription details

3.2 Platform Usage Data

We collect technical and operational data:

  • API Logs: Request metadata, response codes, timestamps, endpoint usage
  • Transaction Metadata: Transaction types, amounts, currencies, corridors (not end-user PII)
  • System Performance: Latency, error rates, uptime metrics
  • Access Logs: IP addresses, timestamps, user actions (who did what, when)
  • Device Information: Device types, browser/app versions, operating systems

3.3 End-User Data Processed on Behalf of Partners

As a Data Processor, we may process personal data of our Partners’ end users (senders, recipients, insurance applicants). This includes names, contact information, transaction details, and required KYC/AML documentation. However, our Partners (the Data Controllers) are responsible for obtaining appropriate consent from end users. End users should consult their Partner’s privacy policy.

3.4 Information Collected Automatically

When you access our Platform or website, we automatically collect:

  • Web Analytics: Pages visited, time on site, navigation patterns, referral sources
  • Connection Information: IP address, browser type, operating system, ISP
  • Location Data: General geographic location (country, region) derived from IP address
  • Cookies & Tags: Session cookies, authentication tokens, web beacons

3.5 Third-Party Information

We may receive information from: business databases and industry directories, credit/compliance verification services, payment processors, and publicly available sources.

4. HOW WE USE YOUR INFORMATION

4.1 Business Customer Data

We use business customer information for:

  • Service Delivery: Platform provisioning, API management, technical support
  • Account Management: Authentication, access control, account administration
  • Billing & Contracts: Invoice generation, subscription management, payment processing
  • Communication: Service updates, security alerts, support tickets, contract notifications
  • Compliance: Regulatory reporting, AML/KYC verification of Partners, audit trails
  • Security & Fraud Prevention: Detecting unauthorized access, preventing misuse of Platform
  • Product Improvement: Analytics on feature usage, identifying optimization opportunities

4.2 End-User Data (Data Processing on Behalf of Partners)

We process end-user personal data only as a Data Processor on behalf of our Partners. Our use is limited to: (a) executing transactions and services our Partner has authorized, (b) storing and maintaining data for service continuity, (c) complying with legal/regulatory requirements, and (d) improving platform infrastructure (in anonymized form). Partners control how end-user data is used and are responsible for obtaining appropriate consent.

5. HOW WE SHARE YOUR INFORMATION

5.1 Service Providers

We share information with vendors who support our operations: payment processors, email/communication service providers, customer support tools, and security service providers. All service providers are bound by data processing agreements.

5.2 Partners & Integrations

We share data with: financial network partners (payment settlement networks), third-party API providers you explicitly authorize, and integration platforms needed for your services.

5.3 Legal & Regulatory Compliance

We disclose information when required by law, court order, or government request; to comply with AML/KYC/CFT regulations; to prevent fraud or security violations; and to enforce our agreements.

5.4 Business Transfers

If we merge, acquire, sell assets, or undergo bankruptcy, information may be transferred as part of that transaction. We will notify affected parties as required by law.

5.5 No Data Sale

We do NOT sell, rent, or share business customer data or end-user data with third parties for marketing, advertising, or commercial purposes without explicit written consent.

6. DATA SECURITY & TECHNICAL SAFEGUARDS

We implement industry-leading security measures:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Authentication: Multi-factor authentication (MFA), API key management, OAuth 2.0
  • Infrastructure: Secure cloud hosting (with SOC 2 Type II compliance), redundant systems, automatic backups
  • Access Controls: Role-based access control (RBAC), principle of least privilege, audit logging
  • Monitoring: Real-time threat detection, intrusion prevention, anomaly detection
  • Testing: Regular penetration testing, security audits, vulnerability assessments
  • Incident Response: 24/7 monitoring, incident response procedures, breach notification protocols

No system is completely secure. We are not liable for unauthorized access caused by factors beyond our reasonable control. Customers are responsible for protecting their API credentials and passwords.

7. DATA PROCESSOR TERMS

For end-user data transmitted through our Platform:

  • We act as a Data Processor; our Partners are the Data Controllers
  • Partners are responsible for obtaining all necessary consents from end users
  • We process data only as directed by Partners in writing (via API calls, platform settings, etc.)
  • Data Processing Agreements (DPA) are available and must be executed before processing regulated data
  • We support end-user rights requests (access, deletion, portability) forwarded by Partners
  • Partners remain liable for compliance with GDPR, CCPA, and other data protection laws

8. DATA RETENTION

Data Retention Periods:

  • Business customer data: For duration of subscription + 30 days after termination (with option to export)
  • Transaction logs: 7 years (per financial regulatory requirements)
  • End-user data: As directed by Partner; we support data deletion upon Partner request
  • Audit logs: Retained for 90 days for security purposes
  • Backups: Historical backups may be retained per our backup retention policy for disaster recovery

9. COOKIES & TRACKING TECHNOLOGIES

Our Platform and website use:

  • Essential Cookies: Session tokens, authentication, CSRF protection
  • Analytics: Google Analytics (anonymized), Mixpanel for feature usage
  • Performance: CDN cookies, load balancer tracking
  • Marketing: Limited retargeting pixels (can be disabled)

10. YOUR PRIVACY RIGHTS

As a business customer or authorized user, you have the following rights:

  • Access: Request a copy of your business data we hold
  • Correction: Update inaccurate account or business information
  • Deletion: Request deletion of your account and associated data (subject to legal holds)
  • Data Export: Download your data in machine-readable format
  • Marketing Opt-Out: Unsubscribe from marketing communications

To exercise these rights, contact privacy@dafriquesolutions.com. We will respond within 30 business days. For GDPR compliance, Partners remain responsible for honoring end-user rights requests.

11. CHILDREN & MINORS

Our Platform is intended only for businesses and adults. We do not knowingly collect personal information from individuals under 18. If we become aware that a minor has provided information, we will promptly delete it.

12. THIRD-PARTY LINKS & INTEGRATIONS

Our Platform may integrate with third-party services or contain links to external websites. We are not responsible for their privacy practices. Partners and users should review third-party privacy policies before integrating or providing data to external services.

13. INTERNATIONAL DATA TRANSFERS

Our Platform operates globally and may process data across multiple countries. Where data is transferred across borders, we:

  • Execute Standard Contractual Clauses (SCCs) for GDPR compliance
  • Implement Data Processing Agreements
  • Apply consistent security safeguards globally

14. CONTACT US

For privacy questions, data subject requests, or to report a security issue:

Dafriqué Solutions

Data Protection Officer / Privacy Team

Email: privacy@dafriquesolutions.com

Website: https://dafriquesolutions.com/

Expected Response Time: 30 business days

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent notice on our Platform. Continued use after changes constitutes acceptance of the updated policy. The Effective Date indicates the last revision.

16. REGULATORY COMPLIANCE FRAMEWORK

Our privacy and data protection practices comply with:

  • GDPR (General Data Protection Regulation) – EU/EEA data subjects
  • CCPA (California Consumer Privacy Act) – California residents
  • SOC 2 Type II – Security and availability controls
  • PCI-DSS (where applicable to payment processing)
  • AML/KYC regulatory frameworks
  • Local fintech and data protection laws in jurisdictions we operate

17. IMPORTANT DISCLAIMERS

17.1 Partner Responsibility

As a Data Processor, we are not liable for Partners’ use of our Platform. Partners are responsible for: (a) obtaining appropriate consent from end users, (b) maintaining their own privacy policies, (c) complying with applicable laws, and (d) properly configuring our Platform.

17.2 Data Breach Notice

In the event of a data breach affecting our systems, we will notify affected Partners within 72 hours (where legally required). Partners are responsible for notifying their end users as required by law.

17.3 Liability Limitation

Our liability for privacy-related claims is limited to the extent permitted by law and is subject to the terms of our Service Agreement with Partners.

ACKNOWLEDGMENT

By using Dafriqué Solutions or entering into a Business Agreement with us, you acknowledge that you have read, understood, and agree to this Privacy Policy.

© 2026 Dafriqué Solutions. All rights reserved.