1. Introduction

Resolva Solutions Limited (RC 9031012) ("Resolva", "we", "us", or "our") is a company incorporated under the laws of the Federal Republic of Nigeria. We operate a digital asset off-ramp and related financial technology services that enable users to convert supported digital assets into fiat and make fiat payouts to designated bank accounts or third-party beneficiaries.

This Privacy Notice explains how we collect, use, disclose, store, and protect Personal Information when you access or use our website, applications, APIs, payment platforms, and related services (collectively, the "Services"). It should be read together with Resolva's Terms of Service (the "Terms"), which govern your contractual relationship with Resolva. Where this Privacy Notice refers to defined concepts used in the Terms (including account status, reversals, clawbacks, suspensions, or transaction instructions), such terms have the meanings assigned to them in the Terms unless otherwise stated.

Resolva is the data controller responsible for processing Personal Information described in this Privacy Notice.

2. Interpretation and Definitions

2.1. "Personal Information" means any information relating to an identified or identifiable natural person. This includes, without limitation, identification data, contact details, financial and transactional data, technical identifiers, and any other information that can reasonably be linked to an individual.

2.2. "Processing" means any operation performed on Personal Information, whether automated or not, including collection, recording, storage, use, disclosure, transfer, or deletion.

2.3. "Services" means all products, platforms, applications, APIs, and related services offered by Resolva.

3. Our Data Protection Principles

Resolva processes Personal Information in accordance with the following principles:

• Lawfulness, fairness, and transparency in how data is collected and used;
• Purpose limitation, ensuring data is collected for specified, legitimate purposes;
• Data minimisation, collecting only what is necessary for our Services and legal obligations;
• Accuracy and data quality;
• Storage limitation, retaining data only for as long as required;
• Integrity and confidentiality through appropriate security safeguards; and
• Accountability in complying with applicable data protection laws.

4. Personal Information We Collect

We collect Personal Information directly from you and automatically through your use of the Services.

4.1 Identity and Compliance Information

During the use of our Services, we may request the following information to comply with AML/CFT obligations, and meet regulatory and banking partner requirements:

• Full legal name (individual or entity);
• Date of birth (for individuals);
• Nationality;
• Bank Verification Number (BVN)
• Government-issued identification details (such as NIN, passport, or driver's licence);
• Identity document images and document metadata;
• Residential or business address and proof of address;
• Biometric or liveness verification data where required;
• Occupation, business activity, or source-of-funds information;
• Politically Exposed Person (PEP) status;
• Sanctions, watchlist, and adverse media screening results.

4.2 Account and Profile Information

• Email address and account identifiers;
• Phone number and contact details;
• Account status and lifecycle records;
• Authentication credentials (stored in hashed or encrypted form);
• User preferences and settings;
• Customer support and communications records.

4.3 Transaction and Financial Information

• Digital asset wallet addresses used with the Services;
• Blockchain transaction hashes, timestamps, and amounts;
• Digital asset type and network;
• Fiat currency amounts, exchange rates, and fees;
• Bank account details for settlement;
• Third-party beneficiary details for payouts;
• Transaction confirmations, reversals, clawbacks, and exception handling records.

4.4 Technical and Usage Information

• IP address;
• Device identifiers and device type;
• Browser type and operating system;
• Access timestamps, session logs, and login activity;
• API usage logs;
• Cookies and similar technologies.

4.5 Communications and Dispute Information

• Customer support communications;
• Dispute and complaint records;
• ADB-related correspondence;
• Records of consents, acknowledgements, and acceptance of legal terms.

5. How We Collect Personal Information

We collect Personal Information when you:

• Register for a Resolva account;
• Complete onboarding and compliance checks;
• Initiate or receive transactions;
• Communicate with our customer support teams;
• Interact with our website, applications, or APIs.

6. Legal Basis for Processing

We process Personal Information on the following lawful bases, consistent with our contractual and regulatory obligations under the Terms:

• (a) Contractual necessity: where processing is required to establish, manage, or terminate your account, execute transaction instructions, apply reversals or clawbacks, or otherwise perform our obligations under the Terms;
• (b) Legal obligation: where processing is required to comply with AML/CFT laws, sanctions regimes, regulatory reporting obligations, or respond to lawful requests from competent authorities;
• (c) Legitimate interests: including fraud prevention, transaction integrity, platform security, risk management, dispute resolution, enforcement of the Terms, and protection of Resolva, our users, and third parties, provided such interests are not overridden by your fundamental rights.
• (d) Consent: where required by law or expressly relied upon under the Terms, including for marketing communications and optional analytics. Where consent is withdrawn, this will not affect processing carried out on other lawful bases.

7. How We Use Personal Information

We use Personal Information in a manner consistent with, and to enforce, the Terms, including to:

• Provide and maintain the Services, including account creation and management;
• Process digital asset conversions, fiat settlements, payouts to third-party beneficiaries, and related transaction instructions;
• Perform KYC, conduct sanctions screening, and perform transaction monitoring, including applying reversals, suspensions, clawbacks, or holds as required under the Terms;
• Prevent, detect and investigate fraud, financial crime, misuse of the Services, or violations of the Terms;
• Respond to customer support requests, transactions, notices, enforcement actions, and support requests;
• Resolve disputes, manage claims, and administer chargebacks or transaction reversals;
• Improve our platform, services, and user experience;
• Comply with legal and regulatory obligations;
• Establish, exercise, or defend legal rights arising under the Terms or applicable law.

8. Data Security

We implement administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, loss, misuse, alteration, or disclosure. These measures include access controls, encryption, secure infrastructure, and role-based access restrictions.

While we take reasonable steps to protect Personal Information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Data Retention

We retain Personal Information for as long as necessary to fulfil the purposes described in this Privacy Notice and to comply with applicable legal obligations. Specific minimum retention periods are aligned with our Terms and include:

• (a) Account and transactional records retained for the duration of the contractual relationship and thereafter as required by applicable law;
• (b) AML/CFT, KYC, sanctions screening, and transaction monitoring records retained in accordance with applicable financial regulations, typically a minimum of five years;
• (c) Records relating to disputes, reversals, clawbacks, claims, enforcement actions, or legal proceedings retained for as long as necessary to establish, exercise, or defend legal rights.

Where data is retained beyond account closure, access is restricted and data is used solely for compliance, audit, risk management, and legal purposes.

10. Disclosure of Personal Information

We do not sell Personal Information. We may disclose Personal Information, consistent with our Terms, to:

• Service providers and processors supporting the Services, including KYC and identity verification vendors, banks, payment processors, cloud hosting and infrastructure providers, and professional advisors;
• Regulators, law enforcement agencies, courts, or competent authorities where disclosure is required or permitted by law;
• Affiliates or group entities processing for operational, compliance, or risk management purposes;
• Counterparties, financial institutions, or third parties involved in transaction execution, settlement, reversals, or clawbacks;
• Third parties in connection with mergers, acquisitions, restructuring, or asset transfers;
• Other parties with your valid consent;
• Recipients of aggregated or de-identified information that does not identify you.

11. International Data Transfers

Personal Information may be transferred outside Nigeria where necessary for the provision of the Services or compliance purposes. Such transfers are carried out in accordance with the NDPA and subject to appropriate safeguards, including contractual and technical protections.

12. Your Rights

Subject to applicable law and the Terms, you have the right to:

• Request access to your Personal Information;
• Request correction or update of inaccurate data;
• Request deletion of Personal Information, subject to legal, regulatory, and contractual retention obligations;
• Object to or request restriction of processing in certain circumstances;
• Request data portability where technically feasible;
• Withdraw consent where processing is based on consent;
• Request information about automated decision-making used for compliance or risk purposes.

These rights may be limited where processing is required to comply with legal obligations, prevent financial crime, enforce the Terms, or protect the rights of Resolva or third parties.

13. Cookies and Analytics

We use cookies and similar technologies to operate and improve our Services. Where analytics tools are used, they help us understand usage patterns and improve platform performance. You may manage cookie preferences through your browser settings.

14. Children

Our Services are intended for users aged 18 and above. We do not knowingly collect Personal Information from children. If such information is identified, we will delete it in accordance with applicable law.

15. Updates to this Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our Services or legal obligations. Material changes will be communicated through appropriate channels. Continued use of the Services constitutes acceptance of the updated Privacy Notice where permitted by law.