Privacy Policy — KhadExchange

Last updated: March 2026

1. Who We Are

KhadExchange Limited ("KhadExchange", "we", "our", or "us") is a Central Bank of Nigeria (CBN)-licensed International Money Transfer Operator (IMTO). We are incorporated in Nigeria and operate in compliance with the CBN's regulatory framework for cross-border remittances and corporate FX services.

Our registered business address and compliance contact can be reached via compliance@khadexchange.com.

2. Information We Collect

We collect information necessary to provide our licensed services and meet our legal obligations under Nigerian law and CBN regulations. This includes:

Business identification data: Organisation name, CAC registration number, address, and sector.
Director and beneficial owner data: Names, government-issued ID numbers, and contact details for all persons with significant control, as required by our KYB and AML obligations.
Transaction data: Currency pairs, transaction volumes, settlement instructions, and counterparty information.
Communication data: Emails, web enquiry form submissions, and WhatsApp messages sent to our team.
Website usage data: IP addresses, browser type, and page interaction data collected through standard web analytics.

We do not collect personal data beyond what is strictly necessary for our regulated services or required by law.

3. Legal Basis for Processing

We process personal and business data on the following legal grounds:

Contractual necessity: To onboard clients, execute transactions, and provide our core services.
Legal obligation: To comply with CBN directives, AML/CFT obligations, EFCC reporting requirements, and the Nigeria Data Protection Regulation (NDPR).
Legitimate interests: To prevent fraud, protect the integrity of our operations, and improve our services.
Consent: Where you have explicitly provided consent for specific communications or processing activities.

4. How We Use Your Information

We use the data we collect exclusively for purposes aligned with our licensed IMTO operations:

Client onboarding and Know Your Business (KYB) verification
Processing and settling international money transfers and FX transactions
Regulatory reporting to the CBN, NFIU, and other competent authorities
Communicating transaction confirmations, compliance notices, and rate updates
Preventing and detecting financial crime, fraud, and money laundering
Maintaining records as required by applicable financial services regulations

We do not sell, rent, or share personal data with third parties for marketing or commercial purposes.

5. Data Sharing

We may share your data in the following limited circumstances:

Regulatory authorities: The CBN, NFIU, EFCC, or other competent bodies as required by law or regulatory request.
Correspondent banking partners: To facilitate cross-border settlements, your transaction data may be shared with our banking counterparts under appropriate data sharing agreements.
Compliance service providers: Third-party KYB/AML screening tools used under strict data processing agreements.
Professional advisers: Legal counsel and auditors, subject to professional confidentiality obligations.

Any third party receiving your data is contractually obligated to protect it and may only use it for the specified purpose.

6. Data Retention

We retain client records for a minimum of 7 years following the conclusion of a business relationship, in alignment with CBN AML/CFT record-keeping requirements. Transaction records may be retained for longer periods where required by law or active regulatory investigation.

Website usage data is retained for a maximum of 12 months.

7. Your Rights Under the NDPR

Under the Nigeria Data Protection Regulation, you have the following rights in relation to your personal data:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete data.
Right to erasure: Request deletion of your data where it is no longer necessary for the purpose it was collected, subject to our legal retention obligations.
Right to object: Object to the processing of your data in certain circumstances.
Right to data portability: Receive your data in a structured, commonly used format.

To exercise any of these rights, contact our Data Protection Officer at compliance@khadexchange.com. We will respond within 30 days of receiving a verifiable request.

Please note that certain rights may be limited where we are required to process data to comply with a legal obligation or to protect our legitimate interests in preventing financial crime.

8. Data Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. This includes access controls, encrypted communications, and regular security reviews commensurate with the sensitivity of financial data.

In the event of a data breach that carries a risk to data subjects, we will notify the National Information Technology Development Agency (NITDA) within 72 hours as required by the NDPR.

9. Cookies and Website Tracking

Our website uses minimal analytics tracking to understand how visitors interact with our pages. This may include session duration and page view data. We do not use cross-site tracking cookies or third-party advertising networks.

You may disable cookies via your browser settings without affecting your ability to access our public website content.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our operations, legal obligations, or regulatory requirements. The "Last updated" date at the top of this page will reflect the most recent revision. Continued use of our services after a change constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related enquiries, data subject rights requests, or to reach our Data Protection Officer:

KhadExchange Limited
Email: compliance@khadexchange.com
General: info@khadexchange.com