Privacy Policy

When you use Danipa platforms and services, we may collect the following categories of information: • Identity information — full name, date of birth, nationality, and government-issued identification (e.g., Ghana Card, passport) for KYC verification. • Contact information — email address, phone number, and mailing address. • Financial information — mobile money account details, bank account numbers, and transaction history necessary to process remittances and payments. • Technical information — IP address, device type, browser, operating system, and usage data collected through analytics and logs. • Communications — messages you send us via the contact form, email, or support channels.

We use your personal data to: • Process remittance and payment transactions you initiate. • Verify your identity and comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. • Communicate with you about your account, transactions, and service updates. • Improve, maintain, and secure our platforms and infrastructure. • Detect and prevent fraud, unauthorized access, and other prohibited activities. • Comply with legal and regulatory obligations in all jurisdictions we operate in.

We process your personal data under one or more of the following legal bases: • Contractual necessity — to perform the services you have requested (e.g., sending a remittance). • Legal obligation — to comply with applicable laws such as KYC/AML regulations, the Ghana Data Protection Act 2012, and PIPEDA. • Legitimate interest — to improve our services, prevent fraud, and ensure platform security. • Consent — where required, such as for marketing communications, which you may withdraw at any time.

We do not sell your personal data. We may share information with: • Payment partners — MTN Mobile Money, banks, and payment processors necessary to complete your transactions. • Regulatory authorities — the Bank of Ghana, FINTRAC (Canada), and other regulators as required by law. • Service providers — cloud hosting (Azure), analytics, and customer support tools that process data on our behalf under strict contractual obligations. • Law enforcement — when required by valid legal process.

We protect your data using industry-standard security measures, including: • 256-bit TLS encryption for all data in transit. • AES-256 encryption for sensitive data at rest. • PCI DSS-compliant payment processing. • Role-based access controls and audit logging. • Regular security assessments and penetration testing.

We retain your personal data only as long as necessary to fulfil the purposes described in this policy, or as required by law. Transaction records are retained for a minimum of seven (7) years to comply with financial regulations. You may request deletion of your account data at any time, subject to our legal retention obligations.

Depending on your jurisdiction, you may have the right to: • Access the personal data we hold about you. • Correct inaccurate or incomplete data. • Request deletion of your data (subject to legal obligations). • Object to or restrict certain processing activities. • Data portability — receive your data in a structured, machine-readable format. To exercise any of these rights, contact us at privacy@danipa.com.

Danipa operates across Canada, the United States, the United Kingdom, and Ghana. Your data may be transferred between these jurisdictions to process transactions and provide services. We ensure appropriate safeguards are in place for all cross-border transfers in compliance with the Ghana Data Protection Act 2012 and PIPEDA.

We may update this privacy policy from time to time. Material changes will be communicated via email or a prominent notice on our website. Continued use of our services after changes are posted constitutes acceptance of the updated policy.

If you have questions about this privacy policy or our data practices, contact us at: Danipa Business Systems Inc. Email: privacy@danipa.com Location: Kitchener, Canada