Privacy Policy

1. Who We Are

This Privacy Policy applies to Payscribe Limited, a private limited company incorporated in England and Wales under company number 17196544, with its registered office at 12 Beverley Road, Hull, HU5 1LU, United Kingdom ("Payscribe", "we", "us", or "our").

Payscribe Limited is registered with the UK Information Commissioner's Office (ICO) under registration number C1940873.

Where services are provided to users in Nigeria and other African markets, those services are operated by our affiliated entity, Pscribe Digital Services Limited (RC1946239), 95 Oreta Road, Igbogbo, Ikorodu, Lagos, Nigeria ("Payscribe Nigeria"). References to "we" or "our" in this policy cover both entities where context requires.

We are the data controller responsible for your personal data collected through our website at www.payscribe.co, our web application at app.payscribe.ng, and any related mobile applications (collectively, the "Platform").

2. The Law That Applies

For users in the United Kingdom, this policy is governed by:

• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018
• The Privacy and Electronic Communications Regulations 2003 (PECR)

For users in Nigeria and other African jurisdictions, this policy is also governed by:

• The Nigeria Data Protection Act 2023 (NDPA)
• The Nigeria Data Protection Regulation 2019 (NDPR)

Where both sets of laws apply, we apply the higher standard of protection.

3. What Personal Data We Collect

We collect the following categories of personal data depending on how you interact with our Platform:

3.1 Identity and Contact Data

• Full name
• Date of birth
• Email address
• Phone number
• Residential address
• Nationality
• Government-issued identification (National ID, passport, driver's licence)

3.2 Financial Data

• Bank account details
• Payment card information (tokenised — we do not store raw card numbers)
• Transaction history
• Wallet balances and stablecoin addresses
• Source of funds information

3.3 Business Data (for business accounts)

• Business name and registration number
• Director and beneficial owner details
• Business address
• KYB (Know Your Business) documentation

3.4 Technical and Usage Data

• IP address
• Browser type and version
• Device type and unique identifiers
• Operating system
• Pages visited, time and date of visits
• Referring and exit pages
• Clickstream data

3.5 Communications Data

• Messages sent to our support team
• Records of calls or chats with us
• Survey responses and feedback

3.6 Compliance and Verification Data

• KYC verification results
• Sanctions screening records
• Politically Exposed Persons (PEP) screening results
• Risk assessment information

4. How We Collect Your Personal Data

We collect personal data through the following means:

• Directly from you — when you register, complete identity verification, make transactions, or contact us
• Automatically — through cookies and similar technologies when you use the Platform (see our Cookie Policy)
• Third parties — identity verification providers, credit reference agencies, fraud prevention services, sanctions screening databases, and our banking and payment partners
• Publicly available sources — Companies House, regulatory registers, and publicly accessible databases

5. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis to process your personal data. The table below sets out our lawful basis for each purpose:

Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms. You have the right to object to processing based on legitimate interests at any time.

6. How We Use Your Personal Data

We use your personal data for the following purposes:

• To register you and maintain your account
• To process payments, transfers, and transactions you initiate
• To verify your identity and comply with anti-money laundering (AML) obligations
• To screen against sanctions and PEP lists as required by law
• To detect, investigate, and prevent fraud and financial crime
• To communicate with you about your account and transactions
• To provide customer support
• To improve and personalise our Platform
• To comply with legal and regulatory obligations
• To send you marketing communications (only where you have consented)
• To enforce our Terms and Conditions

7. Who We Share Your Data With

We may share your personal data with the following categories of recipients:

• Identity verification providers — to verify your identity and documents
• Payment processors and banking partners — to execute transactions
• Fraud prevention and risk services — to screen for financial crime
• Sanctions screening providers — as required by law
• Cloud hosting and infrastructure providers — to operate the Platform
• Analytics providers — to improve Platform performance
• Legal and professional advisers — when required
• Regulatory bodies — HMRC, FCA, the ICO, and equivalent bodies in Nigeria and other jurisdictions, where required by law
• Law enforcement agencies — where we are legally obliged to disclose data
• Affiliated entities — including Pscribe Digital Services Limited, where necessary to deliver services
• Prospective buyers — in the event of a merger, acquisition, or sale of assets, subject to confidentiality obligations

We do not sell your personal data to third parties.

8. International Transfers of Personal Data

Payscribe operates across multiple jurisdictions. Your personal data may be transferred to and processed in countries outside the United Kingdom, including Nigeria, Kenya, Uganda, and other jurisdictions where our service providers or banking partners operate.

Where we transfer personal data outside the UK to countries not covered by an adequacy decision, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the UK ICO
• Transfer Risk Assessments where required
• Contractual protections with our service providers

9. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, and in accordance with our legal obligations.

Where we are required to retain data by law (e.g. AML regulations), we will retain it for the legally required period regardless of any deletion request.

10. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

1. Right of Access — to request a copy of the personal data we hold about you (Subject Access Request)
2. Right to Rectification — to request correction of inaccurate or incomplete data
3. Right to Erasure — to request deletion of your data in certain circumstances ("right to be forgotten")
4. Right to Restriction — to request that we restrict processing of your data in certain circumstances
5. Right to Data Portability — to receive your data in a structured, machine-readable format
6. Right to Object — to object to processing based on legitimate interests or for direct marketing
7. Rights related to automated decision-making — to request human review of automated decisions that significantly affect you
8. Right to Withdraw Consent — to withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@payscribe.co. We will respond within one calendar month of receiving your request.

11. Automated Decision-Making

We may use automated systems to assess fraud risk and screen transactions. Where an automated decision has a significant legal or similar effect on you, you have the right to request human review of that decision. Contact us at privacy@payscribe.co to exercise this right.

12. Cookies

We use cookies and similar tracking technologies on our Platform. For full details of the cookies we use, your choices, and how to manage your preferences, please read our Cookie Policy.

13. Security of Your Personal Data

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

• Encryption of data in transit (TLS) and at rest
• Access controls and authentication requirements
• Regular security assessments
• Staff training on data protection

No method of transmission or storage is completely secure. In the event of a data breach that is likely to affect your rights, we will notify you and the ICO in accordance with our legal obligations.

14. Children's Privacy

Our Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us at privacy@payscribe.co and we will delete it promptly.

15. Links to Third-Party Websites

Our Platform may contain links to third-party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal data.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our website and, where appropriate, by email. Your continued use of the Platform after any update constitutes acceptance of the revised policy.

17. How to Complain

If you have concerns about how we handle your personal data, please contact us first and we will do our best to resolve your concern.

If you remain dissatisfied, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: www.ico.org.uk
• Telephone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

For users in Nigeria, you may also raise a complaint with the Nigeria Data Protection Commission (NDPC) at www.ndpc.gov.ng.

18. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, contact our Data Protection Lead:

Email: privacy@payscribe.co
Post: Data Protection Lead, Payscribe Limited, 12 Beverley Road, Hull, HU5 1LU, United Kingdom

Date of last revision: 23 May 2026 — Version 2.0