TechnestTechnest
← All legal documents

Privacy Policy

Last reviewed: May 2026Effective: May 2026

Privacy Policy

Introduction

Technest Limited ("Technest", "we", "us", or "our") is a Nigerian financial technology company licensed by the Central Bank of Nigeria as an International Money Transfer Operator (IMTO). We operate Swappr, a business-to-business disbursement platform, and Pouch, a consumer application, alongside related websites and services (collectively, the "Services").

This Privacy Policy explains how we collect, use, share, and protect personal data when you visit our websites, register for an account, use our Services, or otherwise interact with us. It applies to all individuals whose personal data we process, including customers, prospective customers, beneficiaries of transactions sent through our Services, visitors to our websites, and representatives of our business clients.

We are committed to protecting your personal data in line with the Nigeria Data Protection Act 2023 (NDPA 2023), the Nigeria Data Protection Regulation 2019 (NDPR) and its implementation framework, and other applicable laws. Technest is a data controller for the purposes of this Privacy Policy.

Our registered office is at 8 Providence Street, Lekki Phase 1, Lagos State, Nigeria. If you have questions about this Privacy Policy or how we handle your personal data, please contact us at compliance@the-technest.com.

Personal data we collect

We collect personal data that you provide directly to us, that we generate through your use of the Services, and, where appropriate, that we obtain from third parties such as regulated identity-verification providers and our banking partners.

The categories of personal data we typically collect include:

Account and identity information. Your full name, date of birth, gender, residential and business addresses, nationality, contact details (email address and phone number), and where you register a business account, information about the entity and its directors, shareholders, and beneficial owners.

Know-Your-Customer (KYC) and regulatory data. Government-issued identification documents (such as national identity card, international passport, or driver's licence), Bank Verification Number (BVN), Tax Identification Number (TIN) where applicable, photographs or selfies used for liveness checks, proof of address, source-of-funds documentation, and similar information required under Nigerian "know-your-customer" rules and anti-money-laundering laws. Transaction data. Information about the transactions you initiate, receive, or attempt through the Services, including amounts, currencies, sender and beneficiary details (names, account numbers, bank or wallet information), transaction references, narrations, timestamps, and the status of each transaction.

Financial account information. Bank account numbers, virtual account details we provision for you, payment card information (where applicable, handled by our regulated payment processors and not retained on our systems in full), and balances within wallets we maintain for you.

Device and usage data. IP address, device identifiers, operating system and browser type, language settings, time zone, the pages you visit on our websites and in-app screens, features you use, the dates and times of access, referring URLs, and similar technical information collected through cookies and similar technologies (see our Cookie Notice).

Communications data. The content of messages, support tickets, emails, call recordings (where lawfully recorded with notice), and other communications you exchange with us, including feedback and survey responses.

Marketing preferences. Your choices about receiving marketing emails, newsletters, and product updates from us.

We may also collect personal data about you from third parties, including regulated identity-verification and KYC providers, sanctions and fraud-screening databases, credit reference agencies (where permitted by law), our banking and payment partners, publicly available sources, and from the people who send money to you through the Services.

Lawful basis for processing under the NDPA 2023 and NDPR

Nigerian data protection law requires us to identify a lawful basis for each processing activity. We typically rely on the following bases:

Performance of a contract. We process personal data to open and operate your account, to execute the transactions you instruct, to deliver the Services, to provide customer support, and to enforce our Terms of Use. Without this processing we cannot provide the Services to you.

Compliance with a legal obligation. As a CBN-licensed International Money Transfer Operator, we are required by law to verify customer identities, screen against sanctions lists, monitor transactions for suspicious activity, retain certain records, and report to regulators including the Central Bank of Nigeria (CBN), the Nigerian Financial Intelligence Unit (NFIU), and other competent authorities. We also process personal data to meet our obligations under the NDPA 2023 and NDPR.

Legitimate interests. We process certain personal data to pursue our legitimate interests in operating, protecting, and improving the Services, including fraud prevention, information security, network and platform integrity, business analytics, internal record-keeping, and the management of legal claims. Where we rely on this basis, we balance our interests against your rights and freedoms, and you may object as described under "Your rights" below.

Consent. Where required by law or where no other basis applies, we ask for your consent — for example, before sending you certain marketing communications or before placing non-essential cookies. You can withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Vital interests and public interest. In rare circumstances, we may process personal data to protect the vital interests of an individual (for example, in cases of suspected fraud causing imminent harm) or to perform tasks carried out in the public interest, such as cooperation with law enforcement. ## How we use your personal data

We use the personal data we collect for the following purposes:

Operating the Services. Creating and maintaining your account, processing transactions, provisioning virtual accounts and wallets, executing payouts, managing beneficiaries, calculating fees and exchange rates, providing receipts and statements, and performing related operational functions.

Regulatory compliance. Verifying your identity in line with CBN tiered "know-your-customer" rules, screening against domestic and international sanctions and politically-exposed-person lists, monitoring transactions for patterns indicative of money laundering, terrorism financing, fraud, or other illicit activity, reporting suspicious activity to the NFIU and other competent authorities where required, retaining records for the periods mandated by law, and responding to lawful regulatory and law-enforcement requests.

Fraud prevention and security. Detecting and preventing unauthorised access, account takeover, transaction fraud, abuse of the Services, and threats to our information systems; investigating actual or suspected misconduct; and protecting our customers, partners, and the integrity of the Services.

Customer communications. Sending you transactional notifications (such as transaction confirmations, status updates, OTP codes, security alerts, and statements), responding to your enquiries, and providing customer support.

Product improvement and analytics. Understanding how the Services are used, diagnosing technical issues, measuring performance, conducting research and statistical analysis, and developing new or improved features.

Marketing (where you have not opted out). Sending you newsletters, product announcements, and other commercial communications you have agreed to receive, and personalising those communications based on your use of the Services. You can opt out at any time.

Corporate governance and risk management. Managing our business, including financial reporting, audit, internal controls, professional advice, insurance, and the handling of complaints, claims, and disputes.

Cross-border transfers of personal data

Technest is a Nigerian company and our primary processing takes place in Nigeria. However, in delivering the Services we may transfer personal data outside Nigeria — for example, where our regulated cloud-hosting, identity-verification, fraud-screening, or banking partners process data in other jurisdictions, or where you instruct a transaction to a beneficiary located abroad.

When personal data is transferred outside Nigeria, we take steps required by the NDPA 2023 and NDPR to ensure an adequate level of protection. Depending on the recipient and destination, these steps may include relying on a determination that the destination country provides adequate protection, entering into contractual safeguards with the recipient (including data-processing agreements that mirror Nigerian standards), obtaining your explicit consent where required, or relying on another lawful transfer mechanism recognised under Nigerian law. ## Who we share your personal data with

We share personal data only where necessary to deliver the Services, comply with law, or pursue legitimate interests. The categories of recipients include:

Regulators and competent authorities. The Central Bank of Nigeria, the Nigerian Financial Intelligence Unit, the Economic and Financial Crimes Commission, the Nigeria Data Protection Commission, tax authorities, courts, and other authorities — where we are required by law to share information, or where sharing is necessary to comply with a lawful request, regulatory return, or court order.

Banking and payment partners. Our regulated banking partners, settlement banks, payment processors, card networks, and similar financial institutions that help us move funds, provision virtual accounts, and complete transactions.

KYC, identity-verification, and fraud-screening providers. Regulated third parties that help us verify your identity, screen against sanctions and politically-exposed-person lists, and detect fraud or other illicit activity. These providers act on our behalf or as independent controllers depending on the service.

Technology and operational service providers. Cloud-hosting providers, communications providers (email, SMS, in-app messaging), customer-support tooling, analytics providers, security tooling, and similar vendors that help us operate the Services. These providers are bound by contractual obligations to protect personal data and to process it only on our instructions.

Professional advisers. Lawyers, auditors, accountants, tax advisers, insurers, and other professional advisers, where necessary for the management of our business or the protection of our legal rights.

Counterparties in a transaction. Where you send funds to a beneficiary, we share the information necessary to complete the transaction (such as the beneficiary's name, account number, and amount) with the receiving institution. Conversely, where a sender pays into your account, we receive equivalent information about them.

Affiliates and group companies. Members of the Technest group, for the purposes described in this Privacy Policy and subject to the same protections.

Successors and acquirers. In the event of a merger, acquisition, restructuring, sale of assets, financing, or similar corporate transaction, personal data may be shared with the counterparty and their professional advisers as part of due diligence and, on completion, with the successor entity. We will ensure that any such recipient is bound to protect personal data on terms consistent with this Privacy Policy.

We do not sell your personal data.

Data retention

We retain personal data only for as long as necessary to provide the Services and to meet our legal obligations.

For records subject to anti-money-laundering (AML) and counter-financing-of-terrorism (CFT) obligations — including KYC documentation, transaction records, and identity verification data — we retain data for 5 years or longer as required by the law in the respective jurisdictions in which we operate.

For other categories of personal data, retention is determined by purpose: account data is retained while the account is active and for a reasonable period afterwards; marketing data is retained until you withdraw consent; cookies are retained for the period stated in our Cookie Notice.

Where data is no longer needed for any lawful purpose, we either delete it or fully anonymize it.

Your rights under the NDPA 2023 and NDPR

You have rights in relation to your personal data, which you can exercise by contacting us at compliance@the-technest.com. These include:

  • the right to be informed about how we process your personal data (which this Privacy Policy is designed to satisfy);
  • the right to access the personal data we hold about you and to receive a copy;
  • the right to rectification of inaccurate or incomplete personal data;
  • the right to deletion (also known as the "right to be forgotten") in the circumstances permitted by law — noting that we may need to retain some personal data to comply with our legal obligations as an IMTO;
  • the right to restrict processing in certain circumstances;
  • the right to data portability, where applicable, allowing you to receive your personal data in a structured, commonly used, machine-readable format;
  • the right to object to processing based on legitimate interests or for direct marketing;
  • the right to withdraw consent at any time, where we rely on consent as our lawful basis;
  • the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects, where applicable;
  • the right to lodge a complaint with the Nigeria Data Protection Commission. We would, however, appreciate the chance to address your concerns first — please contact us at compliance@the-technest.com.

We will respond to requests within the time frames required by law. We may need to verify your identity before acting on a request to protect against unauthorised disclosure.

How we protect your personal data

We use a combination of organisational and technical measures to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures include:

  • encryption of personal data in transit between your device and our systems, and at rest within our infrastructure;
  • access controls so that only authorised personnel can access personal data, on a need-to-know basis;
  • multi-factor authentication for staff with access to sensitive systems;
  • network and application security monitoring, vulnerability management, and regular review of our security controls;
  • contractual obligations on our service providers to maintain appropriate security measures;
  • staff training on data protection and information security;
  • incident-response procedures so that we can identify, contain, and respond to security incidents, and notify regulators and affected individuals where required by law.

No system is completely secure, and we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at compliance@the-technest.com.

Cookies and similar technologies

Our websites and applications use cookies and similar technologies to operate, secure, and improve the Services. Please see our Cookie Notice for a fuller description of the cookies we use and your choices about them.

Children's privacy

The Services are not directed at children under the age of 18, and we do not knowingly collect personal data from anyone under 18. If you believe that a child has provided personal data to us, please contact compliance@the-technest.com and we will take appropriate steps to remove that data.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, in the Services, or in applicable law. When we make material changes, we will notify you through the Services or by other reasonable means before the changes take effect. The "lastReviewed" and "effective" dates at the top of this document indicate when it was last updated.

How to contact us

If you have questions, comments, or requests about this Privacy Policy or our handling of your personal data, please contact us at:

Technest Limited 8 Providence Street, Lekki Phase 1 Lagos State, Nigeria Email: compliance@the-technest.com

You can also contact the Nigeria Data Protection Commission if you have a complaint about how we handle your personal data.