Privacy Policy

Riwe Technologies Limited — Abuja, Nigeria

Effective: • Remains in effect until replaced

This Privacy Policy explains how Riwe Technologies Limited (“Riwe,” “we,” “us,” “our”) collects, uses, discloses, and safeguards information when you use our website, mobile or web applications, USSD, messaging channels, APIs, and related services (collectively, the “Platform”). Your use of the Platform is also governed by our Terms of Service.

1) Scope, Roles & Lawful Basis

In short: Riwe is the data controller for most processing on the Platform. We rely on contract, legal obligations, legitimate interests, and consent where required.

Riwe acts as a data controller for user accounts, verification, wallet operations, support, analytics, and regulatory reporting. Where we process data on behalf of enterprise clients, we may act as a processor according to separate agreements.

  • Lawful Bases: contract performance; legal obligations (e.g., AML/CFT, tax, sector rules); legitimate interests (security, service improvement, fraud prevention); and consent (e.g., certain biometrics or marketing).

2) Data We Collect

In short: We collect identity, contact, financial, geolocation, farm/earth-observation, device/usage, communications, and—where lawful—biometric data.

2.1 Identity & Contact

Name, phone number, email, address, nationality, date of birth, gender, government-issued identifiers, and photographs (where required).

2.2 Phone & Messaging Channels

Phone numbers used for SMS or voice, USSD interactions, and messaging channel identifiers necessary to deliver service notifications and support.

2.3 Geolocation

GPS or approximate location, including farm coordinates and device-based location where you permit it, to enable localized services, assessments, and compliance.

2.4 Financial & Transaction

Wallet balances, funding/withdrawal records, transaction metadata, exchange/FX details, charges, and applicable administrative fees and related costs.

2.5 Farm, Satellite & Earth-Observation

Farm boundaries, size, crop type; environmental and agronomic datasets (e.g., vegetation and moisture indices, weather and soil data) for risk scoring, insights, and parametric triggers.

2.6 Device, Usage & Diagnostics

Device identifiers, IP address, OS/browser details, session logs, clickstream, crash/error reports, and security telemetry.

2.7 Communications & Support

Emails, in-app messages, USSD and messaging interactions, call summaries, tickets, and survey responses.

2.8 Biometric & Verification (where lawful)

Face/voice templates or liveness checks solely for identity verification or fraud prevention, processed with safeguards and subject to consent or another legal basis.

3) How We Collect Data

In short: From you, your devices and sessions, and lawful third-party sources.
  • Direct: registration, KYC, claims, wallet actions, support.
  • Automatic: cookies, SDKs, analytics, logs, and security systems.
  • Third-party: verification providers, mapped farm data, environmental datasets, sanctions screening, and address validation where permitted.

4) How We Use Data

In short: To run and improve the Platform, meet legal duties, power risk/parametric features, communicate with you, and protect against fraud and abuse.
  • Provide, maintain, and improve the Platform and services you request.
  • Verify identity; meet AML/CFT and sector obligations; prevent fraud and misuse.
  • Process transactions; operate wallets and settlement; administer fees where applicable.
  • Generate risk insights from AI/ML models and earth-observation; determine eligibility; enable parametric triggers.
  • Send service notices via email, SMS, USSD, or messaging channels; provide support.
  • Conduct analytics, research, testing, audits, and security monitoring.
  • Comply with legal/regulatory duties; enforce our Terms; defend legal claims.
  • With consent: marketing, surveys, and personalization.

5) Sharing, Sub-processors & International Transfers

In short: We don’t sell personal data. We share limited data with service providers, regulators, and corporate affiliates, with safeguards for cross-border transfers.
  • Service providers/sub-processors: hosting, analytics, verification, communications, and support—bound by confidentiality and data-protection terms.
  • Regulators/law enforcement: where required by law or to protect rights, safety, or integrity.
  • Affiliates/successors: for corporate transactions (e.g., merger, restructuring).
  • Cross-border transfers: we implement appropriate safeguards (e.g., standard contractual protections) consistent with applicable law.

6) Retention & Deletion

In short: We keep data while your account is active and thereafter only as required for legal, audit, security, or operational needs.
  • Core account/transaction data: while active and up to 7 years after closure.
  • KYC/verification data: typically 5 years post-closure or as required by law.
  • Support/diagnostics: as needed for operations, security, and compliance.

When no longer needed, we securely delete or anonymize data, subject to legal holds.

7) Security & Breach Notice

In short: Encryption, access controls, monitoring, and incident response help protect your data. We notify you and regulators of qualifying breaches.
  • Encryption in transit and at rest where appropriate.
  • Least-privilege access, monitoring, and periodic security reviews.
  • Secure development practices and vulnerability management.

If a personal-data breach likely risks your rights and freedoms, we will notify you and the competent authority within legally required timelines.

8) Your Rights & Choices

In short: You can access, correct, and—in some cases—delete or port your data, object to processing, or withdraw consent.
  • Access, correction, update, and deletion (subject to legal limits).
  • Portability in a commonly used format.
  • Object to or restrict processing in certain circumstances.
  • Withdraw consent for optional uses without affecting lawful processing prior to withdrawal.

To exercise rights, contact privacy@riwe.io or support@riwe.io. We may require proof of identity.

9) Automated Decisions & Profiling

In short: We use automated tools for verification, fraud detection, risk scoring, eligibility, and parametric triggers. You may request human review where required by law.

Automated processing may significantly affect service availability or payouts (e.g., when predefined thresholds are met). We apply safeguards and allow requests for human review in accordance with applicable law.

10) Cookies & Tracking

In short: Cookies and similar technologies support authentication, security, analytics, and features; you can control them in your browser.

Where the law requires consent, we will present options to manage non-essential cookies.

11) Children’s Data

In short: The Platform is for adults; we do not knowingly collect data from users under 18.

If we learn that we have collected such data, we will delete it promptly.

12) Contact & Regulator

In short: Reach us for privacy requests or complaints; you may also contact the competent supervisory authority.
Riwe Technologies Limited
Abuja, Nigeria
Privacy: privacy@riwe.io
Support: support@riwe.io

You may lodge a complaint with the data protection authority in your jurisdiction.

13) Changes to This Policy

In short: We may update this Policy; material changes will be communicated and are effective on the stated date.

We will provide notice of material updates via the Platform or your registered channels. Continued use after the effective date constitutes acceptance.

© Riwe Technologies Limited. All rights reserved.