Privacy Policy

Our Promise to You

Your trust is the most important thing we hold. This Privacy Policy explains clearly and honestly how Myrica Pay collects, uses, stores, shares, and protects your personal information when you use our platform, mobile application, and all related services.

We believe you have the right to know exactly what happens to your data - in plain language, not legal jargon. Our approach to privacy is built on our Principle of Digital Trust: we only collect what we need, we protect it like it is our own, and we never sell it.

This Policy has been designed to comply with the Bank of Sierra Leone's Financial Consumer Protection Guidelines, applicable data protection laws in each market where we operate, and international best practices including the principles of the General Data Protection Regulation (GDPR) and the ECOWAS Supplementary Act on Personal Data Protection.

By creating a Myrica Pay account or using any of our Services, you confirm that you have read and understood this Privacy Policy.

1. Who We Are

Myrica Pay, LLC. is the data controller responsible for your personal information.

Myrica Pay is currently licensed and operational in Sierra Leone under the oversight of the Bank of Sierra Leone, with regulatory applications pending in the Gambia, Liberia, and Guinea. Where you are registered in a country other than Sierra Leone, Myrica Pay processes your data in accordance with the applicable laws of your registered country as well.

2. Who This Policy Applies To

This Privacy Policy applies to:

• Individual customers who create a personal Myrica Pay account
• Merchants who register to accept Myrica Pay payments
• Agents who join the Myrica Pay agent network
• Visitors to our website at myricapay.com
• Anyone who contacts us through any of our communication channels

If you are under 18 years of age, you are not permitted to use Myrica Pay. We do not knowingly collect personal data from anyone under the age of 18. If we discover that we have collected data from a minor, we will delete it immediately.

3. The Information We Collect and Why

We only collect personal data that is genuinely necessary to provide our Services safely, legally, and effectively. Here is exactly what we collect and why:

4. How We Use Your Information

In addition to the specific purposes listed above, we use your personal data to:

• Operate, maintain, and improve the Myrica Pay platform and Services
• Verify your identity and manage your KYC verification status
• Process and complete your transactions
• Detect, investigate, and prevent fraud, money laundering, and other financial crimes
• Comply with all applicable legal and regulatory obligations in each operating market
• Respond to your support requests and complaints
• Send you important service notifications such as transaction receipts, security alerts, and policy updates - these are not marketing and cannot be opted out of while your account is active
• Conduct internal analytics to understand how the platform is used and where it can be improved
• Train and support our compliance and fraud detection systems
• Enforce our Terms of Service

We do not use your personal data to make automated decisions that have a significant legal or material effect on you without human review.

5. How We Protect Your Data

Protecting your information is built into the foundation of our platform. We apply the following security measures:

Despite our best efforts, no system is completely immune to risk. If you suspect your account has been compromised, contact us immediately at support@myricapay.app.

6. How We Share Your Information

We will never sell your personal data to any third party. We do not share your data for advertising or commercial profiling purposes.

We only share data in the following limited and necessary circumstances:

• Identity Verification Partners: We share your identity documents and biometric data with our KYC biometric partner, solely for the purpose of verifying your identity during account setup and ongoing verification checks.
• Banking and Payment Partners: We share transaction data with our licensed banking partners and global payment network providers, to the extent necessary to process and complete your transactions. These partners are contractually obligated to process your data only for the specific purpose for which it was shared.
• Mobile Money and Agent Network Partners: We share limited transaction data with mobile money operators and partner financial institutions to facilitate local and cross-border payment routing.
• Regulatory and Law Enforcement Authorities: We may be required by law to share information with the Bank of Sierra Leone, Financial Intelligence Units, law enforcement agencies, or other regulatory bodies. We will only do so when lawfully required and will not notify you of such disclosure where prohibited by law.
• Professional Advisors: We may share data with our legal advisors, auditors, and accountants where necessary, under strict confidentiality obligations.
• Business Transfers: If Myrica Pay is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

All third-party partners who process personal data on our behalf are subject to data processing agreements that require them to maintain at least the same standards of privacy and security that we apply ourselves.

7. Cross-Border Data Transfers

Myrica Pay operates across multiple countries and processes cross-border transactions. This means that your data may be processed or stored in a country different from where you are located, including countries outside your home jurisdiction.

Where we transfer data across borders, we ensure that appropriate safeguards are in place to protect your information in accordance with applicable law. These safeguards may include contractual protections with our partners, compliance with ECOWAS data protection frameworks, and adherence to equivalent international standards.

By using Myrica Pay, you acknowledge that your data may be transferred to and processed in countries where data protection laws may differ from those in your home country. We always apply our own standards regardless of where data is processed.

8. Cookies and Tracking Technologies

Myrica Pay uses cookies and similar tracking technologies on our website at myricapay.com.

What are cookies?

Cookies are small files placed on your device when you visit a website. They help the website remember your preferences and understand how you use it.

Types of cookies we use:

You can manage your cookie preferences through your browser settings at any time. Disabling essential cookies may affect your ability to use certain website features. Our Cookie Policy, available at myricapay.com/cookies, contains full details.

9. Your Rights Over Your Data

You have the following rights in relation to your personal data. To exercise any of these rights, contact us at privacy@myricapay.app. We will acknowledge your request within 5 business days and provide a full response within 30 calendar days.

10. Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected and to comply with our legal obligations.

The following retention guidelines apply:

• KYC and Identity Verification Records: Minimum 5 years from the date of account closure, as required by AML/CFT regulations in Sierra Leone and applicable markets.
• Transaction Records: Minimum 5 years from the date of each transaction, as required by applicable financial services law.
• Account Information: Retained for the duration of your account and for 5 years after closure.
• Support and Communications Records: Retained for 3 years from the date of the communication.
• Device and Technical Logs: Retained for up to 12 months for security and fraud analysis purposes.
• Marketing Preference Records: Retained for as long as your account is active and for 2 years after closure for compliance record-keeping.

After the applicable retention period, data is securely and permanently deleted or irreversibly anonymised. We do not retain data beyond what is legally required or operationally necessary.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Myrica Pay will:

• Notify the relevant regulatory authority in each affected market within 72 hours of becoming aware of the breach, where required by law
• Notify affected users directly as soon as reasonably practicable where the breach is likely to result in a high risk to your personal rights
• The notification will describe the nature of the breach, the data involved, the likely consequences, and the steps we are taking to address it
• Maintain a full internal record of all data breaches regardless of whether regulatory notification is required

We take all suspected data breaches seriously. If you believe your Myrica Pay account or personal data has been compromised, please contact us immediately at security@myricapay.app.

12. Children's Privacy

Myrica Pay is not designed for or directed at children under the age of 18. We do not knowingly collect, store, or process personal data relating to anyone under 18 years of age.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at privacy@myricapay.app and we will delete that information promptly.

13. Third-Party Links and Services

Our website and app may contain links to third-party websites, services, or products. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of any website or service we do not operate. We encourage you to review the privacy policies of any third-party service you visit or use.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, applicable law, or our data practices. When we make material changes, we will notify you by email, in-app notification, or prominent notice on our website at least 14 days before the changes take effect.

The updated version will always show the effective date at the top of this page. Your continued use of the Services after the effective date of an updated Policy constitutes your acknowledgement of the changes.

A record of previous versions of this Privacy Policy is available on request by contacting privacy@myricapay.app.

15. Accessibility

This Privacy Policy is always accessible from our website at myricapay.com/privacy, within the Myrica Pay app under Settings, and on our app store listings. We are committed to ensuring this document is available in plain language at all times.

If you need this Policy in a different format or language, please contact us and we will do our best to accommodate your request.