Our Privacy Policy

LAST UPDATED: 11/03/2026

1. Introduction

1.1. Bitstac and its affiliated entities (collectively referred to as “Bitstac”, “we”, “us”, or “our”) are committed to protecting the privacy and security of personal data entrusted to us. This Privacy Notice explains how Bitstac collects, uses, processes, stores, and discloses personal data when individuals interact with our websites, applications, platforms, and services.

1.2. Bitstac operates a cross-border financial technology platform that supports global remittance, digital asset–enabled payments, trade facilitation, and credit support for businesses.

1.3. Bitstac is incorporated in Nigeria and Canada, and its Canadian entity is registered as a Money Services Business (MSB). As a result, our services operate across multiple jurisdictions and are subject to financial regulatory and data protection requirements.

1.4. This Privacy Notice applies to personal data processed through the Bitstac ecosystem, including our website, digital platforms, and any related applications used to access Bitstac services.

1.5. Where you use Bitstac services as a registered customer, this Privacy Notice should be read together with our Terms of Use, contractual agreements, and Cookie Notice. When you are simply visiting our website, this Privacy Notice applies together with our Cookie Notice.

2. Our Relationship with You

2.1. Personal data processed through Bitstac services is controlled by:

  • 2.1.1. Bitstac Tech Limited, incorporated in the Federal Republic of Nigeria.
  • 2.1.2. Bitstac, incorporated in Canada and registered as a Money Services Business (MSB).

2.2. These entities operate and may act as joint data controllers depending on the service provided.

2.3. Bitstac determines the purposes and means by which personal data is processed across its platform and operational infrastructure.

3. Personal Data We Collect

Personal data refers to information that relates to an identifiable individual. Depending on how you interact with Bitstac, we may collect personal data that you provide to us, information collected automatically when you use our services, and information obtained from third parties.

3.1. Information You Provide to Us

To access certain services or establish a relationship with Bitstac, you may be asked to provide information about yourself or your organisation. Some information is required by law, particularly for identity verification and compliance with financial regulations. This may include:

  • 3.1.1. Personal identification information such as full name, date of birth, nationality, address, email address, telephone number, and signature.
  • 3.1.2. Government-issued identification details including passport, national identification card, or driver’s licence information.
  • 3.1.3. Corporate or institutional information such as company name, registration details, business address, tax identification number, and information relating to directors, beneficial owners, and authorised representatives.
  • 3.1.4. Financial information including bank account details, payment information, and source-of-funds or source-of-wealth information where required for due diligence.
  • 3.1.5. Transaction information relating to remittances, payments, digital asset transactions, and trade activities conducted through the platform.
  • 3.1.6. Professional or employment information where relevant for due diligence or regulatory compliance.
  • 3.1.7. Communications with Bitstac, including customer support requests, feedback, surveys, and other correspondence.

3.2. Information Collected Automatically

When you access or use our website or digital platforms, certain information may be collected automatically to maintain system performance and improve services. This may include IP address, device identifiers, browser type, operating system, platform usage logs, and interactions with website features.

3.3. Information from Third Parties

We may obtain personal data from third parties where permitted by law, including identity verification providers, financial institutions, payment networks, regulatory databases, sanctions lists, and publicly available sources.

In connection with digital asset transactions, we may also obtain public blockchain data, including wallet addresses, transaction identifiers, timestamps, and transaction amounts recorded on distributed ledger networks.

4. Why We Process Personal Data

Bitstac processes personal data to operate its services securely and in compliance with applicable financial and data protection laws. We process personal data for the following purposes:

  • 4.1. Providing and Operating Services: To establish accounts, process remittances and payments, facilitate digital asset transactions, conduct trade-related services, verify suppliers and counterparties, and provide related financial services.
  • 4.2. Legal and Regulatory Compliance: To comply with applicable laws and regulations, including obligations relating to AML, CTF, sanctions screening, fraud prevention, and financial reporting.
  • 4.3. Customer Support and Communications: To communicate with users regarding their accounts, transactions, security alerts, service updates, and support requests.
  • 4.4. Platform Security and Fraud Prevention: To detect suspicious activity, monitor transactions, protect against fraud or abuse, verify user identities, and maintain the security and integrity of the Bitstac platform.
  • 4.5. Risk Management and Credit Assessment: Where applicable, to assess creditworthiness, manage financial risk exposure, and support responsible provision of credit or financing services.
  • 4.6. Service Improvement and Research: To analyse service performance, understand how users interact with our platform, and improve the functionality and reliability of our services.
  • 4.7. Marketing and Communications: Where permitted by law or based on user consent, we may send information about Bitstac services, updates, promotions, or events. Individuals may opt out of marketing communications at any time.

5. Legal Basis for Processing

Depending on the circumstances, Bitstac processes personal data based on:

  • 5.1. Performance of a contract with the user.
  • 5.2. Compliance with legal and regulatory obligations applicable to financial institutions and Money Services Businesses.
  • 5.3. Legitimate interests in operating, securing, and improving our services.
  • 5.4. Consent, where required by law, particularly in relation to marketing communications or certain cookies.

6. Cookies and Tracking Technologies

Bitstac uses cookies and similar technologies to ensure that our website functions properly, maintains secure sessions, analyzes site usage, and improves the overall user experience. Cookies may also be used to remember preferences, measure website performance, and support analytics and marketing activities. Further details are available in our Cookie Notice.

7. Sharing of Personal Data

We may share personal data with trusted third parties where necessary to:

  • 7.1. Affiliated Bitstac entities and group companies.
  • 7.2. Service providers that support our operations, including cloud hosting providers, identity verification services, payment processors, and analytics providers.
  • 7.3. Financial institutions, payment networks, digital asset service providers, and other counterparties involved in executing transactions.
  • 7.4. Regulatory authorities, law enforcement agencies, or government bodies where disclosure is required by law.
  • 7.5. Professional advisors such as auditors, legal advisors, and compliance consultants.

7.6. All third parties receiving personal data are expected to maintain appropriate confidentiality and data protection safeguards.

8. International Transfers of Personal Data

Because Bitstac operates internationally, personal data may be transferred to or processed in jurisdictions outside the country in which it was collected. Where such transfers occur, Bitstac implements appropriate safeguards to ensure that personal data is protected in accordance with applicable data protection laws, including the Nigeria Data Protection Act (NDPA) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

9. Public Blockchain Transparency

Certain Bitstac services may involve transactions recorded on public blockchain networks. Blockchain networks operate as decentralised public ledgers, meaning that certain transaction information, such as wallet addresses, transaction hashes, timestamps, and transaction amounts, may be publicly visible and accessible to third parties. Bitstac does not control the operation of blockchain networks and cannot alter or delete information recorded on a blockchain.

10. Security of Personal Data

Bitstac implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures include encryption, secure system architecture, access controls, monitoring systems, and periodic security assessments. Access to personal data is limited to personnel and service providers who require such access for legitimate business purposes.

11. Automated Decision-Making

Certain processes within the Bitstac platform, including fraud detection, transaction monitoring, and compliance screening, may involve automated systems designed to identify suspicious or high-risk activity. Where automated tools are used, appropriate safeguards and human oversight are applied to ensure fair and responsible decision-making.

12. Children

Bitstac services are intended for use by adults and authorised representatives of businesses. We do not knowingly collect personal data from individuals below the age permitted to use financial services under applicable law. If we become aware that personal data from a minor has been collected without appropriate authorisation, we will take steps to delete such information.

13. Your Privacy Rights

Subject to applicable law, individuals may have the right to access, correct, update, or delete their personal data. Individuals may also have the right to restrict or object to certain processing activities, request data portability, or withdraw consent where processing is based on consent. Individuals also have the right to lodge a complaint with a relevant data protection authority if they believe their personal data has been processed unlawfully.

14. Data Retention

Bitstac retains personal data only for as long as necessary to fulfil the purposes described in this Privacy Notice and to comply with legal and regulatory obligations. When personal data is no longer required, it is securely deleted, anonymised, or otherwise disposed of in accordance with applicable regulations and internal retention policies.

15. Third-Party Websites

Our website or services may contain links to third-party websites or platforms. These websites operate independently and maintain their own privacy policies. Bitstac is not responsible for the privacy practices or content of third-party websites.

16. Contact Information

If you have questions about this Privacy Notice or wish to exercise your privacy rights, you may contact us at:

Email: compliance@bitstac.io

Address: Suite 213, Jinifa Plaza, Abuja, FCT, Nigeria.

Where required by applicable law, Bitstac has designated a Data Protection Officer (DPO) responsible for overseeing data privacy compliance.

17. Updates to This Privacy Notice

Bitstac may update this Privacy Notice periodically to reflect changes in legal requirements, business operations, or technology. The updated version will be published on this page with the revised “Last Updated” date.