Privacy Policy

Welcome to Amani and SatFlux ("we," "us," or "our"). We provide a "Trust-as-a-Service" platform (Amani), a high-frequency payment interface (SatFlux), and other digital transaction services including verification, analytics, and dispute resolution. This Privacy Policy describes how Alpha Sight Ltd. collects, uses, stores, shares, and protects your personal information in compliance with the Nigeria Data Protection Act (NDPA) 2023. It applies to our website, API, and all related services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this policy. Our Services rely on third-party institutions to process payments, verify identity, and provide infrastructure. You also consent to the privacy policies of these third-party institutions.

Under the NDPA 2023, we only process your data when we have a valid legal reason. Our primary reasons are: Performance of a Contract: To create your account, process payments, provide verification, analytics, and dispute resolution. Legal Obligation: To comply with our Anti-Money Laundering (AML) Policy, conduct Know Your Customer (KYC) checks, prevent fraud, and report to financial regulators. Legitimate Interest: To process technical data to secure our platform, prevent spam, and protect our users. This includes our security protocols for all services. Consent: For specific features, like marketing or processing sensitive biometric data for liveness checks, we will ask for your explicit consent.

We practice data minimisation and collect data based on the service you use. 3.1. Tier 0: Low-Value Users (SatFlux Protocol) This is the minimum data required to use our high-frequency payment interface via Authorized Digital Channels (e.g., messaging apps). Mobile Authenticator Hash: A cryptographically hashed version of your mobile number. We use this to verify you as a unique user without storing your raw phone number. Digital Channel Identifier: A unique, anonymous ID or hash associated with your account on the messaging app you use to access our service. Technical Data: IP address, device type, and operating system for security and analytics. Transaction Data: A log of your transaction amounts and counterparties (also hashed) within our ecosystem. 3.2. Tier 1: Verified Users (Amani Protocol) To access higher limits, fiat withdrawals, and our platform services, you must provide all Tier 0 data, plus: Identity Data: Your full legal name, email address, phone number, physical address, and government ID numbers. Financial Data: Bank account numbers (for payouts) or card details (handled securely via third-party institutions). Sensitive Biometric Data: A facial scan (selfie or video) for liveness detection, processed only with your explicit consent. Transaction Data: Details of projects, milestones, agreed amounts, and communication timestamps. Deliverable Data: Files, documents, or links uploaded by Freelancers for verification. 3.3. Information from Third Parties We may receive data about you from our partners, such as: Third-party institutions: Confirmation of deposits, payment failures, or fraud flags. Verification Services: Results of KYC/AML checks.

Amani and SatFlux operate on strict verification and assurance models. For payment, verification, analytics, and dispute resolution, we confirm that user data and funds are processed securely by third-party institutions before any service is rendered or completed. Funds and data are only released or processed after explicit user approval or resolution of any disputes.

We use your data for the following specific purposes: To Provide Platform Services: Verifying deposits, holding funds, releasing payouts, processing payments, providing verification, analytics, and dispute resolution. To Comply with AML/KYC Law: (Using Tier 1 Data) To verify your identity, screen you against global sanctions, and file reports with regulators. To Prevent Fraud & Secure Platform: (Using Tier 0 Data) We use your Mobile Hash and Digital Channel ID under our legitimate interest to run security protocols. This prevents spam, blocks duplicate accounts, and ensures you are interacting with real, registered users. For Dispute Resolution: To review Transaction and Deliverable Data if a transaction or service is disputed.

We do not sell your data. We share it only as necessary to operate our service: 6.1. Third-Party Institutions To facilitate payments, verification, analytics, and other services, we may share your Identity and Financial Data with regulated third-party institutions. By using Amani, you explicitly consent to your data being processed by these institutions in accordance with their privacy policies. 6.2. Verification, Security & Legal Authorities KYC Partners: We securely transmit your Tier 1 ID and Biometric data to our trusted KYC/AML partners. Security Vendors: 'Deliverable Data' (files) may be shared with vendors for safety scanning. Legal & Regulatory Authorities: We will disclose data if required by Nigerian law (e.g., a court order) or to regulators to prevent financial crime.

Security: We implement robust technical measures to protect your data, including encryption of data at rest and in transit and secure SQL databases. Retention: We keep your personal information only as long as your account is active. AML/CFT Retention Requirement: After you close your account, we are legally required by Anti-Money Laundering laws to retain your KYC and Transaction Data for a minimum period (typically 5-7 years). This legal obligation will supersede any "Right to Erasure" requests for this specific dataset.

Your data may be transferred to and processed in countries other than your own. We ensure these transfers comply with the NDPA by using partners who adhere to global data security standards.

As a data subject, you have the right to: Access the data we hold about you. Correct inaccurate data. Withdraw consent for marketing (this does not affect transactional messages). Request Erasure ("Right to be Forgotten"): You may request the deletion of your data. We will honor this, except for the data we are legally required to retain for AML purposes (see Section 7).

If you have questions about this policy or how your data is handled, please contact our Data Protection Officer (DPO) at: Email: info@amani.reptalia.com