Privacy Policy

Pesa Token (“we”, “our”, or “us”) operates the Pesa Token wallet platform accessible at pesatoken.org. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

By using Pesa Token, you consent to the data practices described in this policy. If you do not agree, please discontinue use of our services.

2.1 Information you provide

• Google account information (name, email address, profile picture) when you sign in via Google OAuth
• Identity verification documents submitted for KYC compliance (name, date of birth, nationality, government-issued ID)
• Transaction details including recipient addresses and amounts

2.2 Information collected automatically

• IP address and approximate geographic location
• Device type, browser, and operating system
• Usage data including pages visited and features used
• On-chain transaction data (publicly available on the blockchain)

• To create and manage your wallet account
• To process cryptocurrency transactions on your behalf
• To verify your identity and comply with AML/CTF regulations
• To detect and prevent fraud, money laundering, and other illegal activities
• To communicate service updates, security alerts, and support messages
• To improve our platform and develop new features
• To comply with applicable laws and regulatory requirements

For users in the European Economic Area, we process your data under the following legal bases:

• Contract performance — to provide the wallet and transaction services you requested
• Legal obligation — to comply with AML, CTF, and financial regulations
• Legitimate interests — to prevent fraud and improve our services
• Consent — for optional communications and analytics

We do not sell your personal data. We may share your information with:

• Smile ID — our KYC verification provider, for identity verification
• Google — for authentication via Google OAuth 2.0
• AWS — our cloud infrastructure provider (data stored in us-east-1)
• Law enforcement — when required by applicable law, court order, or regulatory authority
• Blockchain networks — transaction data is inherently public on-chain

We retain your personal data for as long as your account is active and for a minimum of 7 years after account closure to comply with financial regulations. KYC documents are retained for the period required by applicable AML laws in your jurisdiction.

We implement industry-standard security measures including:

• AES-256-GCM encryption for private key storage
• TLS 1.3 for all data in transit
• Hierarchical Deterministic (HD) wallet architecture — your keys are never stored in plaintext
• AWS Secrets Manager for all sensitive configuration
• Regular security audits and penetration testing

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Object to or restrict processing of your data
• Data portability
• Withdraw consent at any time

To exercise these rights, contact us at privacy@pesatoken.org.

We use essential cookies and localStorage to maintain your session and preferences (such as language selection). We do not use third-party advertising cookies. You can clear cookies through your browser settings, but this will log you out.

Your data is processed and stored on AWS infrastructure in the United States (us-east-1). By using our services, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers.

Pesa Token is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. Continued use of our services after changes constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your rights: