1. Introduction
AfriVest Holdings Ltd. ("AfriVest," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, mobile applications, and related services (collectively, the "Platform").
This Policy applies to all users of the Platform, including individuals, cooperative members, institutional partners, and visitors. By using the Platform, you consent to the data practices described in this Policy.
2. Information We Collect
2.1 Identity Verification Data
Through our Self-Sovereign Identity protocol, we process the following data during verification: biometric data (facial geometry for liveness detection), government-issued identity document images, full legal name, date of birth, nationality, residential address, and national identification numbers. This data is processed for verification purposes and stored in accordance with our self-sovereign identity architecture — meaning verified credentials are held in your non-custodial wallet, not on our servers.
2.2 Transaction Data
We record transaction metadata including: wallet addresses, transaction amounts, timestamps, currency pairs, geographic corridors, and counterparty information. This data is necessary for compliance with anti-money laundering regulations and is retained for the periods mandated by applicable law.
2.3 Device & Usage Data
We automatically collect: IP addresses, device identifiers, browser type and version, operating system, access times, pages viewed, and referring URLs. This data is used for security monitoring, fraud prevention, and Platform improvement.
2.4 Communication Data
When you contact us, we retain the content of your communications, including emails, support tickets, and chat messages, along with associated metadata.
3. How We Use Your Information
We use collected information for the following purposes:
- Identity Verification: To comply with KYC/AML regulations and verify your eligibility to use the Platform
- Transaction Processing: To facilitate, monitor, and settle transactions on the Platform
- Compliance & Reporting: To meet regulatory obligations including suspicious transaction reporting, Travel Rule compliance, and audit requirements
- Security: To detect and prevent fraud, unauthorized access, and other malicious activity
- Platform Improvement: To analyze usage patterns and improve Platform functionality
- Communication: To send service-related notifications, security alerts, and regulatory updates
4. Self-Sovereign Identity & Data Minimization
AfriVest's Self-Sovereign Identity protocol incorporates a privacy-by-design architecture that fundamentally differs from traditional data collection models. Under our self-sovereign identity framework:
- You own your data. Verified credentials are stored in your non-custodial wallet, not on AfriVest servers
- Zero-knowledge proofs enable you to prove compliance-relevant attributes without revealing underlying data
- Selective disclosure means only the minimum data required for a specific purpose is shared
- Cryptographic verification replaces data storage — we verify claims without retaining the evidence
AfriVest retains only cryptographic proofs and verification timestamps on its infrastructure. Full identity data remains under your exclusive control.
5. Data Sharing & Disclosure
We may share your information with:
- Regulatory Authorities: When required by law, court order, or regulatory directive (e.g., STR filings, Travel Rule compliance)
- Service Providers: Third-party vendors who assist in identity verification, transaction monitoring, and infrastructure management, bound by confidentiality agreements
- Financial Partners: Banking partners, custodians, and trustees involved in tokenized instrument administration
- Counterparty VASPs: Originator/beneficiary information as required by the FATF Travel Rule
- Law Enforcement: In response to valid legal process or to protect against imminent harm
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
6. Data Retention
We retain personal data for the minimum period required by applicable law. Transaction records and identity verification logs are retained for a minimum of five (5) years following the termination of the business relationship, as required by FATF Recommendation 11. Device and usage data is retained for twelve (12) months unless required for ongoing investigations.
7. Data Security
We implement industry-standard security measures including: end-to-end encryption for data in transit (TLS 1.3); encryption at rest for all sensitive data (AES-256); hardware security modules (HSMs) for cryptographic key management; multi-factor authentication for administrative access; regular penetration testing and vulnerability assessments; and 24/7 security operations monitoring.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate personal data
- Erasure: Request deletion of your personal data, subject to legal retention requirements
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Request limitation of processing in certain circumstances
- Objection: Object to processing based on legitimate interests
- Withdrawal of Consent: Withdraw consent where processing is consent-based
Note that certain rights may be limited where we are required to retain data for regulatory compliance purposes. To exercise your rights, contact privacy@afrivest.org.
9. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence. Where such transfers occur, we ensure appropriate safeguards are in place, including: standard contractual clauses approved by relevant data protection authorities; adequacy decisions where applicable; and binding corporate rules for intra-group transfers.
10. Children's Privacy
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.
11. Cookies & Tracking Technologies
We use cookies and similar technologies for Platform functionality, security, and analytics. For detailed information about our use of cookies, please refer to our Cookie Policy.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes through the Platform or via email at least 30 days before the changes take effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated Policy.
13. Contact Us
For privacy-related inquiries or to exercise your data rights:
- Data Protection Officer: privacy@afrivest.org
- General Inquiries: info@afrivest.org
- Website: www.afrivest.org




