Legal

Privacy Policy

Data Protection & Privacy Notice

Effective Date
20th May 2026
Company
Revoloop Digital Services
Trading Name
Scaza
Governing Law
Laws of Lagos, Nigeria

1.Introduction

Revoloop Digital Services, trading as Scaza ("we", "us", or "our"), is committed to protecting the privacy and security of the personal and business data of all users of our cross-border B2B payment platform ("Platform"). Our Platform enables businesses to send and receive payments between Africa, Asia, and other supported regions.

This Privacy Policy explains how we collect, use, store, share, and protect your information when you access or use the Platform, in accordance with applicable data protection laws, including Nigerian data protection regulations and other relevant international frameworks.

By accessing or using our Platform, you consent to the practices described in this Privacy Policy. If you do not agree, please stop using the Platform immediately.

2.Who This Policy Applies To

This Privacy Policy applies to:

  • Registered businesses and their authorised representatives using the Scaza Platform
  • Directors, officers, and beneficial owners whose information is collected as part of our KYC/AML compliance obligations
  • Any other individual whose personal data we process in connection with our services

We do not offer consumer banking or personal financial services. Our services are strictly B2B in nature.

3.Information We Collect

We collect the following categories of information:

Business & Identity Information

  • Business name, registration number, and incorporation documents
  • Registered business address and contact details
  • Identity documents of directors, owners, and authorised representatives (e.g. passports, national IDs)
  • Proof of funds or documentation relating to transaction purpose
  • Beneficial ownership information

Account & Access Information

  • Login credentials (username and encrypted password)
  • Account activity and access logs
  • IP addresses and device information
  • Two-factor authentication data (where applicable)

Transaction & Financial Information

  • Payment amounts, currencies, and transaction history
  • Sender and recipient details for cross-border transfers
  • Currency conversion records and exchange rates applied
  • Bank account details and payment references

Compliance Information

  • KYC verification records and screening results
  • AML monitoring data and risk assessments
  • Sanctions screening outcomes
  • Correspondence related to compliance investigations

Technical & Usage Data

  • Browser type, operating system, and device identifiers
  • Platform usage patterns and session data
  • API integration logs (where applicable)
  • Error reports and diagnostic information

4.How We Collect Information

We collect information in the following ways:

  • Directly from you during account registration and onboarding
  • Through your use of the Platform and its features
  • From documents submitted as part of KYC/AML verification
  • Via API integrations and third-party technical connections
  • From our banking partners, payment processors, and compliance providers
  • From publicly available sources and regulatory databases for verification purposes

5.How We Use Your Information

We process your data for the following purposes:

Service Delivery

  • Processing and executing cross-border B2B payment transactions
  • Providing currency conversion and settlement services
  • Generating payment tracking reports and transaction records
  • Maintaining and operating your account

Regulatory Compliance

  • Conducting KYC (Know Your Customer) and AML (Anti-Money Laundering) checks
  • Screening against sanctions lists and prohibited entity databases
  • Fulfilling reporting obligations to regulatory authorities
  • Investigating suspicious or potentially fraudulent transactions

Security & Risk Management

  • Detecting, preventing, and responding to fraud and unauthorised access
  • Assessing transaction risk and exposure
  • Protecting the integrity of the Platform

Business Operations

  • Communicating with you about your account, transactions, and service updates
  • Providing customer support
  • Improving Platform performance and functionality
  • Complying with legal obligations and enforcing our Terms and Conditions

6.How We Share Your Information

We may share your data with the following categories of recipients:

Banking & Payment Partners

We share transaction data and relevant identity information with correspondent banks, payment processors, and financial institutions required to execute your transactions. These partners are bound by their own regulatory obligations and data protection requirements.

Compliance & Verification Providers

We share data with third-party compliance service providers for KYC verification, AML screening, and sanctions monitoring. These providers process data on our behalf under strict contractual obligations.

Regulators & Law Enforcement

We may disclose information to Nigerian regulatory authorities, financial intelligence units, law enforcement agencies, and other competent bodies where required by law, court order, or regulatory direction.

Technology & Infrastructure Providers

Certain technical service providers (such as cloud infrastructure, IT support, and security providers) may process data on our behalf. We require all such providers to implement appropriate data protection measures.

We do not sell, rent, or trade your personal or business data to third parties for marketing or commercial purposes.

7.International Data Transfers

Given the cross-border nature of our services — spanning Africa, Asia, and other regions — your data may be transferred to and processed in countries outside Nigeria. Where such transfers occur, we take reasonable steps to ensure that appropriate safeguards are in place, consistent with applicable data protection laws.

By using our Platform for cross-border transactions, you acknowledge and consent to the transfer of relevant data across borders as necessary to execute those transactions.

8.Data Retention

We retain your data for as long as necessary to fulfil the purposes for which it was collected, including:

  • For the duration of your account and business relationship with us
  • For a minimum of five (5) years following account closure, to meet AML/KYC regulatory record-keeping requirements
  • For such longer periods as may be required by applicable law, regulatory obligation, or legal proceedings

Where data is no longer required, we will securely delete or anonymise it in accordance with our data retention procedures.

9.Data Security

We implement reasonable technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. These include encryption, access controls, secure data transmission protocols, and regular security assessments.

However, no method of electronic transmission or storage is completely secure. While we take our obligations seriously and work diligently to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will take prompt action and notify affected parties as required by law.

10.Your Rights

Subject to applicable law, you or your business may have the following rights regarding your data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of data where it is no longer necessary (subject to our regulatory retention obligations)
  • Right to restriction — to request that we limit the processing of your data in certain circumstances
  • Right to object — to object to processing based on legitimate interests
  • Right to data portability — to receive your data in a structured, machine-readable format where applicable

Please note that some of these rights may be limited or overridden by our legal and regulatory obligations, particularly those related to AML, KYC, and financial crime prevention.

To exercise any of these rights, please contact us using the details in Section 15.

11.Cookies and Tracking Technologies

Our Platform may use cookies and similar tracking technologies to improve your experience, analyse usage, and support platform security and performance. These may include session cookies, authentication tokens, and analytics tools.

You may be able to control the use of cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Platform. We will provide more detailed cookie information within the Platform interface where applicable.

12.Third-Party Services

Our Platform relies on third-party providers such as banks, payment processors, and compliance services. These parties operate under their own privacy policies and data protection obligations. We are not responsible for their privacy practices, performance, delays, or failures.

We encourage you to review the privacy policies of any third-party services you interact with in connection with our Platform.

13.Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform functionality. We will endeavour to notify users of material changes. Continued use of the Platform after any update constitutes your acceptance of the revised Policy.

The effective date at the top of this document indicates when the Policy was last updated.

14.Governing Law

This Privacy Policy is governed by the laws of Lagos, Nigeria. Any disputes relating to data protection or privacy matters will be subject to the jurisdiction of the courts or arbitration system of Lagos, Nigeria, consistent with our Terms and Conditions.

15.Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your data, please contact us:

General Enquiries
hello@scaza.org
Registered Address
23 Freetown Street, Old Township, Port Harcourt City, Rivers State, Nigeria