Privacy Policy

BCT CORP SAS ("BCTPay," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and payment services (collectively, the "Services"). By accessing or using our Services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services. This Privacy Policy applies to all users of BCTPay Services, including customers, merchants, and visitors to our website.

2.1 Information You Provide We collect information you voluntarily provide when using our Services, including: - Personal Identification: Full name, date of birth, nationality, government-issued ID (passport, national ID card, driver's license) - Contact Information: Phone number, email address, residential address - Financial Information: Bank account details, mobile money numbers, payment card information - Business Information: For merchants - business name, registration documents, tax identification - Transaction Information: Payment details, transaction history, beneficiary information - Communication Data: Customer support inquiries, feedback, and correspondence 2.2 Information Collected Automatically When you use our Services, we automatically collect: - Device Information: Device type, operating system, unique device identifiers, mobile network information - Location Data: GPS location (with your permission), IP address-based location - Usage Data: App features used, time spent, navigation paths, error logs - Technical Data: Browser type, language preferences, time zone 2.3 Information from Third Parties We may receive information about you from: - Mobile money providers and banks when processing transactions - Identity verification services for KYC compliance - Credit bureaus and fraud prevention services - Social media platforms if you link your accounts

We use your information to: 3.1 Provide and Improve Services - Process transactions and transfers - Verify your identity and prevent fraud - Manage your account and provide customer support - Develop and improve our Services 3.2 Comply with Legal Requirements - Meet Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations - Report to regulatory authorities as required by law - Respond to legal requests and court orders 3.3 Communicate with You - Send transaction confirmations and receipts - Notify you of important account updates - Provide customer support and respond to inquiries - Send promotional communications (with your consent) 3.4 Security and Fraud Prevention - Monitor for suspicious or fraudulent activity - Protect against unauthorized access to your account - Investigate potential violations of our Terms 3.5 Analytics and Research - Analyze usage patterns to improve our Services - Conduct market research and user surveys - Generate aggregated, anonymized statistics

We may share your information with: 4.1 Service Providers Third-party companies that help us operate our Services, including: - Payment processors and mobile money providers - Cloud hosting and data storage providers - Customer support and communication platforms - Identity verification and fraud prevention services 4.2 Financial Partners Banks, mobile money operators, and other financial institutions necessary to process your transactions. 4.3 Regulatory Authorities Government agencies, central banks, and regulators as required by law, including: - Central Bank of the Republic of Guinea (BCRG) - Financial intelligence units for AML compliance - Tax authorities when legally required 4.4 Legal Requirements We may disclose your information to: - Comply with applicable laws, regulations, or legal processes - Respond to lawful requests from law enforcement - Protect our rights, privacy, safety, or property - Enforce our Terms and Conditions 4.5 Business Transfers In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. 4.6 With Your Consent We may share your information with other parties when you explicitly authorize us to do so.

We implement comprehensive security measures to protect your information: 5.1 Technical Safeguards - End-to-end encryption for data in transit (TLS 1.3) - AES-256 encryption for data at rest - Secure data centers with 24/7 monitoring - Regular security audits and penetration testing 5.2 Access Controls - Role-based access to sensitive data - Multi-factor authentication for system access - Regular access reviews and audits 5.3 Operational Security - Employee background checks and security training - Incident response procedures - Business continuity and disaster recovery plans 5.4 PCI DSS Compliance We adhere to Payment Card Industry Data Security Standards for handling card data. Despite our security measures, no system is completely secure. We cannot guarantee absolute security of your information but will notify you of any data breach as required by law.

We retain your information for as long as necessary to: - Provide our Services and maintain your account - Comply with legal and regulatory requirements - Resolve disputes and enforce our agreements - Support business operations and analytics 6.1 Retention Periods - Account information: Duration of account plus 7 years - Transaction records: 10 years (as required for AML compliance) - Communication records: 3 years - Marketing preferences: Until you withdraw consent 6.2 Data Deletion When retention periods expire, we securely delete or anonymize your information. You may request earlier deletion of certain data, subject to legal requirements.

Depending on your jurisdiction, you may have the following rights: 7.1 Access and Portability - Request a copy of your personal information - Receive your data in a structured, machine-readable format - Transfer your data to another service provider 7.2 Correction and Deletion - Correct inaccurate or incomplete information - Request deletion of your personal data (subject to legal requirements) - Object to certain processing of your data 7.3 Consent Withdrawal - Withdraw consent for optional data processing - Opt-out of marketing communications - Disable location tracking 7.4 Exercise Your Rights To exercise these rights, contact us at privacy@bctpay.com or through the app settings. We will respond within 30 days. Some rights may be limited by legal requirements, such as our obligation to retain transaction records for AML compliance.

8.1 Website Cookies Our website uses cookies and similar technologies to: - Remember your preferences and settings - Analyze website traffic and usage - Enable secure authentication - Deliver relevant content and advertisements 8.2 Types of Cookies - Essential Cookies: Required for website functionality - Analytics Cookies: Help us understand how visitors use our site - Marketing Cookies: Used to deliver targeted advertisements 8.3 Mobile App Tracking Our app may collect: - Device identifiers for push notifications - Analytics data to improve app performance - Crash reports for debugging 8.4 Managing Preferences You can control cookies through your browser settings. Disabling cookies may affect website functionality.

BCTPay operates across multiple countries in Africa. Your information may be transferred to and processed in countries where we or our service providers operate. 9.1 Transfer Safeguards When transferring data internationally, we ensure adequate protection through: - Standard contractual clauses - Data processing agreements with service providers - Compliance with applicable data protection laws 9.2 Data Localization Where required by local law, we store certain data within the country of origin. Financial transaction data for Guinea residents is stored in accordance with BCRG regulations.

BCTPay Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected information from a child, we will promptly delete it. If you believe we have collected information from a child, please contact us immediately at privacy@bctpay.com. Parents or guardians who believe their child has provided us with personal information should contact us to request deletion.

Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of third parties. We encourage you to read the privacy policies of any third-party services you access. When you use third-party payment providers through our platform, their privacy policies also apply to the information they collect.

We may update this Privacy Policy periodically. When we make material changes: - We will notify you through the app, email, or website - The updated policy will be posted with a new "Last Updated" date - Your continued use of our Services after changes indicates acceptance If you disagree with changes to this policy, you should stop using our Services and close your account. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

For questions, concerns, or requests regarding your privacy: Data Protection Officer BCT CORP SAS Residence la Perle Conakry, Guinea Email: privacy@bctpay.com General Support: support@bctpay.com Website: https://www.bctpay.app For privacy complaints that we cannot resolve, you may have the right to contact your local data protection authority.