Privacy Policy

How Fiato Digital Solutions collects, uses, and protects your information

Effective Date: 7th November 2025
Last Updated: 7th November 2025


This Privacy Policy describes how Fiato Digital Solutions (“Fiato”, “we”, “our”, or “us”) collects, uses, and protects personal information in connection with the use of our website, merchant dashboard, APIs, and related services (collectively, the “Platform”).

Fiato is a non-custodial payment infrastructure that enables verified merchants to receive payments and settle locally in their bank accounts or designated wallets. We do not hold, store, or manage customer or merchant funds at any point.


1. Who We Are

Fiato Digital Solutions is a technology company based in Lagos, Nigeria, providing compliant payment infrastructure for digital asset settlements and voucher payments.

We operate under the framework of the Central Bank of Nigeria (CBN), the Nigerian Financial Intelligence Unit (NFIU), and the Nigeria Data Protection Regulation (NDPR).


Non-Custodial Model
  • (a) Fiato is not a bank, exchange, or wallet custodian.
  • (b) We do not hold or store user assets.
  • (c) All settlements occur directly between the merchant’s connected channels (crypto wallets or local bank accounts).

2. Scope of this Policy

This Privacy Policy applies to:

  • (a) Merchants registered on the Fiato platform
  • (b) Authorized representatives of registered businesses
  • (c) API integrators and partner institutions
  • (d) Visitors interacting with our website or platform interfaces

By using Fiato, you agree to this Policy and the handling of your data in accordance with applicable Nigerian and international data protection standards.


3. Information We Collect

3.1 Information You Provide
  • (a) Personal details: Full name, email, phone number, address.
  • (b) Business details: Business name, registration number, TIN, and contact information.
  • (c) Settlement details: Local bank account or wallet address for payouts.
  • (d) Compliance data: Identification (e.g., NIN, passport), proof of address, CAC documents.
  • (e) Communication data: Messages, inquiries, and support tickets.

3.2 Automatically Collected Data
  • (a) IP address, browser type, and OS
  • (b) Login timestamps and usage logs
  • (c) API and dashboard activity analytics

3.3 Third-Party Information

We may receive limited verification data from payment service providers, KYC/AML verification partners, and regulatory or law enforcement agencies when required.


4. How We Use Your Information
  • (a) Register and verify merchants under NDPR and AML guidelines.
  • (b) Enable settlement routing between merchants and channels.
  • (c) Ensure compliance with AML/CFT and regulatory requirements.
  • (d) Provide customer support and technical maintenance.
  • (e) Communicate updates and service improvements.

We do not use your data for advertising or sell it to third parties.


5. Legal Basis for Processing
  • (a) Contractual necessity: To fulfill agreements with merchants.
  • (b) Legal obligation: To comply with financial and AML laws.
  • (c) Legitimate interest: To prevent misuse and enhance platform security.
  • (d) Consent: For optional communications (withdrawable anytime).

6. Non-Custodial Operations

Fiato does not store, hold, or control user funds. All payments pass directly through external gateways or on-chain networks. Fiato acts purely as a settlement enabler — never a custodian.


7. Data Sharing and Disclosure
  • (a) With CBN, NFIU, or regulators for compliance.
  • (b) With third-party processors or partners for settlement verification.
  • (c) When legally required by court order or applicable law.

We never sell or rent your personal data.


8. Data Security
  • (a) End-to-end encryption (AES-256)
  • (b) HTTPS/TLS secured communication
  • (c) Firewalls, intrusion detection, and role-based access
  • (d) Regular third-party security audits

9. Data Retention

Personal data is retained only as long as necessary to meet legal, compliance, or business obligations. Afterward, data is securely anonymized or deleted.


10. Your Data Rights

Under the NDPR, you have the right to:

  • (a) Access and receive a copy of your personal data.
  • (b) Request correction or deletion of inaccurate data.
  • (c) Withdraw consent where applicable.
  • (d) Object to processing in specific cases.
  • (e) Request data portability where feasible.

To exercise your rights, contact us at privacy@fiato.io.


v
11. Cookies and Tracking

We use cookies to maintain secure sessions, monitor performance, and improve user experience. You may manage cookie preferences via your browser.


12. Data Transfers

If data is processed outside Nigeria, Fiato ensures NDPR compliance, adequate safeguards, and confidentiality agreements.


13. Children’s Privacy

Our platform is intended for users aged 18 and above. We do not knowingly collect information from minors.


14. Updates to This Policy

We may update this Policy periodically. Updates will be reflected with a new “Last Updated” date, and continued use constitutes acceptance of the new terms.