Legal

Privacy Policy

Last Updated: March 29, 2026

At Norocio Ltd. (“Norocio,” “we,” “us,” or “our”), we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use:

  • The Norocio website (www.norocio.com)
  • The Norocio mobile application
  • Direct or indirect Norocio APIs

Together, these are referred to as “our Site and Services.”

By using the Norocio Site and Services, you consent to the data and information policies set out in this Privacy Policy. You also acknowledge that you have read and agreed to Norocio’s General Terms of Use and other applicable policies, which form part of our contractual relationship with you.

1. Information We Collect

1a) Information You Provide Directly

We collect information you provide when you register for and use the Services, including but not limited to:

  • Full name, email address, phone number, date of birth, and residential address
  • Identification documents and government-issued numbers (such as NIN, BVN, passport, driver’s license, or tax ID)
  • Financial details, including bank account numbers or card details, where you link a payment method
  • Biographic information and, where required by law, additional documentation for KYC/AML compliance

1b) Information Collected Automatically

When you use our Services, we automatically collect:

  • Transactions: Details of your trades, amounts, counterparties, wallet addresses, and timestamps
  • Device Data: Operating system, language, device identifiers, IP address, browser type, and activity logs
  • Location Data: Precise or approximate geolocation (with your permission)
  • Cookies & Tracking Technologies: Session and persistent cookies to recognize you, improve performance, and personalize your experience

1c) Information from Third Parties

We may collect information from third-party identity verification providers, fraud-prevention partners, credit reference agencies, and public databases as part of our compliance obligations.

2. Lawful Basis for Processing

We process your personal data only when permitted by law. The lawful bases include:

  • Consent: When you give clear permission (e.g., for marketing communications)
  • Contract: When processing is necessary to perform our agreement with you
  • Legal Obligation: To meet regulatory or statutory requirements (e.g., AML/CTF laws)
  • Legitimate Interests: For purposes such as fraud prevention, improving our services, and business analytics, provided your rights are not overridden

3. Use of Information

We use your personal data to:

  • Deliver and improve our Services
  • Verify your identity and fulfill KYC/AML obligations
  • Detect and prevent fraud, money laundering, terrorism financing, or illegal activity
  • Provide customer support and respond to inquiries
  • Send you important updates, including security alerts and policy changes
  • Carry out audits, troubleshooting, and analytics
  • Comply with applicable laws and regulatory requirements
  • Conduct marketing and promotional communications (where permitted by law and subject to your consent)

4. Sharing of Information

We may share your personal information only in the following circumstances:

  • With third-party service providers (e.g., fraud prevention, KYC/AML, payment processors, auditors, IT providers) under strict confidentiality agreements
  • With affiliates, subsidiaries, or other entities controlled by Norocio
  • With regulators, law enforcement agencies, or courts when legally required (e.g., court order, subpoena, regulatory directive)
  • In connection with a merger, acquisition, or sale of assets, subject to this Policy
  • With your consent or at your direction

We do not sell or rent your personal data to third parties.

5. International Data Transfers

Your information may be transferred to and stored in jurisdictions outside your country of residence, including countries that may not provide the same level of data protection. Where we transfer personal data internationally, we implement appropriate safeguards in line with applicable data protection laws (e.g., Standard Contractual Clauses, NDPR provisions).

6. Data Retention and Deletion

We retain personal data only as long as necessary for the purposes set out in this Policy, including compliance with AML/CTF obligations and other legal requirements. Retention periods vary depending on the type of data and applicable laws.

If you request account closure, we will delete your personal information unless retention is required for:

  • Ongoing investigations or disputes
  • Compliance with legal or regulatory obligations
  • Fraud prevention

7. Your Rights as a Data Subject

Depending on your jurisdiction, you may have the following rights:

  • Right to access the personal data we hold about you
  • Right to correct inaccurate or incomplete data
  • Right to request deletion (erasure), subject to legal/regulatory retention obligations
  • Right to object to certain processing (including direct marketing)
  • Right to restrict processing in certain circumstances
  • Right to data portability
  • Right to withdraw consent (where processing is based on consent)
  • Right to lodge a complaint with a supervisory authority or regulator

8. Children’s Privacy

You must be at least 18 years old to use Norocio Services. We do not knowingly collect data from individuals under 18. If we discover such data, it will be deleted immediately.

9. Security Measures

We use administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, loss, misuse, or disclosure. These measures include encryption, restricted access, firewalls, and monitoring systems.

10. Updates to This Privacy Policy

We may update this Policy from time to time. When we make material changes, we will notify you by email or through the Norocio Site. The updated version will always carry the “Last Updated” date at the top.

11. Jurisdiction and Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Federal Republic of Nigeria.

For users located in the European Union (EU), United Kingdom (UK), or other jurisdictions with specific data protection laws, Norocio will apply the relevant provisions of the General Data Protection Regulation (GDPR), the UK Data Protection Act, or other applicable laws in addition to Nigeria’s Data Protection Regulation (NDPR).

References in this Policy to “foreign law enforcement agencies” include law enforcement or regulatory bodies outside Nigeria acting under applicable law.

12. Indemnity & Limitation of Liability

By using our Services, you agree to hold Norocio, its officers, directors, employees, and affiliates harmless from any claims, liabilities, or expenses arising from your breach of this Policy or misuse of the Services.

Norocio will not be liable for indirect, consequential, or punitive damages, except as required by law.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact our support team at:

Email

support@norocio.com