This Privacy Policy (“Policy”) explains the information collection, use, and sharing practices of CRIFS INVESTMENT LIMITED (“we,” “us,” and “our”).

Unless otherwise stated, this Policy describes and governs the information collection, use, and sharing practices of CRIFS INVESTMENT LIMITED with respect to your use of our website and the services (“Services”) we provide and/or host on our servers.

Before you use or submit any information through or in connection with the Services, please carefully review this Privacy Policy. By using any part of the Services, you understand that your information will be collected, used, and disclosed as outlined in this Privacy Policy.

If you do not agree to this privacy policy, please do not use our Services.

Company Information

Crifs Investment, located at (..............), is committed to safeguarding your privacy and ensuring the security of your personal data. We collect personal information necessary for the provision of our services. This includes your full name, email address, phone number, Bank Verification Number (BVN), fiat and crypto wallet details, government-issued identification for KYC compliance, IP address, and usage data obtained through cookies and tracking technologies.

Compliance with Anti-Money Laundering (AML) and Regulatory Laws

We comply with the Money Laundering (Prohibition) Act 2011 and the Central Bank of Nigeria (CBN) Anti-Money Laundering/Counter-Terrorism Financing (AML/CTF) Regulations, The Nigeria Data Protection Act, (NDPA) 2023 and the principles established in the Nigeria Data Protection Regulation (NDPR) 2019.

We conduct Know Your Customer (KYC) verification and may request additional documentation.

Data Collection and Use

Your data is collected through our website and mobile app forms, API integration with payment gateways and KYC providers, and cookies that enhance security and analytics. Sensitive data, such as BVN and wallet details, is collected strictly for identity verification and secure transaction purposes. The data is processed primarily to verify your identity, process crypto and fiat investment transactions, provide customer support, resolve disputes, and comply with legal obligations. It is also utilized for fraud prevention and risk assessment, where automated decision-making may be applied to maintain platform integrity.

Data Retention

We retain your data for as long as legally required to meet compliance obligations, prevent fraud, and satisfy audit requirements. You may request the deletion of your data, but such requests are subject to regulatory constraints. In specific scenarios, automated systems may analyze your data for fraud detection and risk management, reinforcing the security of the platform.

Data Sharing and Third Parties

We may share your personal data with trusted third parties to ensure seamless service delivery. These include payment processors, KYC and identity verification providers, cloud storage services, and analytics providers. Certain third parties may operate outside Nigeria, but we ensure that international data transfers comply with The Nigeria Data Protection Act, (NDPA) 2023 and the principles established in the Nigeria Data Protection Regulation (NDPR) 2019 standards. Cookies and tracking technologies, such as Google Analytics, are employed to optimize site performance, while security monitoring tools detect and prevent fraudulent activities.

How We Use Your Information

We may use the information we collect from and about you to:

• Fulfil the purposes for which you provided it.

• Provide and improve the Services, including to develop new features or services, take steps to secure the Services, and for technical and customer support.

• Send you information about your interaction or transactions with us, account alerts, or other communications, such as newsletters to which you have subscribed.

• Process and respond to your inquiries or to request your feedback.

• Conduct analytics, research, and reporting, including to synthesize and derive insights from your use of our Services.

• Comply with the law and protect the safety, rights, property, or security of CRIFS INVESTMENT LIMITED, the Services, our users, and the general public.

• Enforce our Terms of Use, including to investigate potential violations thereof.

When We Disclose Your Information

We may disclose and/or share your information under the following circumstances:

• Service Providers.

We may disclose your information with third parties who perform services on our behalf, including without limitation, event management, marketing, customer support, data storage, data analysis and processing, and legal services.

• Legal Compliance and Protection of Creative Commons and Others.

We may disclose your information if required to do so by law or on a good faith belief that such disclosure is permitted by this Privacy Policy or reasonably necessary or appropriate for any of the following reasons: (a) to comply with legal process; (b) to enforce or apply our Terms of Use and this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) enforce our Charter including the Code of Conduct and policies contained and incorporated therein, (d) to respond to your requests for customer service; and/or (e) to protect the rights, property, or personal safety of CRIFS INVESTMENT LIMITED, our agents and affiliates, our users, and the public. This includes exchanging information with other companies and organizations for fraud protection, and spam/malware prevention, and similar purposes.

• Business Transfers.

As we continue to develop our business, we may engage in certain business transactions, such as the transfer or sale of our assets. In such transactions, (including in contemplation of such transactions, e.g., due diligence) your information may be disclosed. If any of our assets are sold or transferred to a third party, customer information (including your email address) would likely be one of the transferred business assets.

• Affiliated Companies.

We may disclose your information with current or future affiliated companies.

• Consent.

We may disclose your information to any third parties based on your consent to do so.

• Aggregate/De-identified Information.

We may disclose de-identified and/or aggregated data for any purpose to third parties, including advertisers, promotional partners, and/or others.

Security Measures

We implement robust security measures to protect your personal data. End-to-end encryption secures all transactions, and two-factor authentication (2FA) adds an extra layer of security for user accounts. Data is stored on secure cloud platforms with strict access controls, and regular security audits are conducted to identify and mitigate vulnerabilities.

User Rights

In accordance with the NDPR, you have the right to access, correct, or delete your personal data. You also have the option to opt out of marketing communications at any time. Requests concerning your data can be directed to our Data Protection Officer at ([email protected]).

Contact Information 

For any inquiries, concerns, or complaints regarding this Privacy Policy or your personal data, please contact us at ([email protected]).

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy to reflect changes in our practices or legal obligations. Any significant changes will be communicated by updating the policy on our website and revising the “Effective Date” accordingly.

By continuing to use our services, you agree to the terms outlined in this Privacy Policy.