Privacy Policy

1 Overview

By accessing or using our Platform, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our services immediately.

HyperX is a financial technology platform operating across Africa, facilitating cryptocurrency-to-fiat conversions, e-commerce payments, and decentralised finance integrations. Due to the financial nature of our services, we are required to collect certain personal data to comply with applicable laws including Anti-Money Laundering (AML) regulations and Know Your Customer (KYC) requirements.

2 Information We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

• Identity Information: Full legal name, date of birth, nationality, government-issued ID (passport, national ID, driver's licence)
• Contact Information: Email address, phone number, physical address
• Financial Information: Bank account details, mobile money wallet numbers, transaction history
• Account Credentials: Username, password (stored in encrypted form), security PIN
• Verification Documents: Selfies, proof of address, source of funds documentation submitted during KYC

2.2 Information Collected Automatically

• Device Information: Device model, operating system, unique device identifiers, browser type and version
• Usage Data: Pages visited, features used, time spent, click patterns, search queries
• Transaction Data: Cryptocurrency amounts, wallet addresses, conversion rates, timestamps, transaction IDs
• Location Data: IP address-derived location; precise GPS location only with your explicit consent
• Log Data: Server logs, error reports, crash data

2.3 Information from Third Parties

• Identity verification providers (e.g. Smile Identity, Youverify) during KYC checks
• Blockchain analytics providers for transaction monitoring
• Payment processors and banking partners for fiat settlement
• Social login providers if you choose to sign in via Google or Apple

3 How We Use Your Data

We use the information we collect for the following purposes:

3.1 Service Delivery

• Create, verify, and manage your HyperX account
• Process cryptocurrency conversions and fiat payouts
• Facilitate in-browser e-commerce payments via your HyperX balance
• Enable DApp wallet connections and token swaps
• Execute P2P transactions on behalf of liquidity providers

3.2 Compliance & Legal Obligations

• Conduct identity verification (KYC) as required by financial regulators
• Screen transactions against AML and sanctions watchlists
• Report suspicious activity to relevant authorities where legally required
• Maintain transaction records as mandated by law

3.3 Security & Fraud Prevention

• Detect, investigate, and prevent fraudulent transactions and unauthorised access
• Monitor for account takeover attempts and phishing
• Enforce our Terms of Service

3.4 Communication

• Send transaction confirmations, receipts, and alerts
• Notify you of product updates, new features, and scheduled maintenance
• Respond to your support requests and enquiries
• Send marketing communications (only with your consent; you may opt out at any time)

3.5 Product Improvement

• Analyse usage patterns to improve the Platform
• Conduct internal research and analytics
• Test new features and bug fixes

4 Legal Basis for Processing

Where applicable data protection law requires a legal basis for processing personal data, we rely on the following:

• Contract Performance: Processing necessary to provide you with the services you requested
• Legal Obligation: Processing required to comply with AML, KYC, tax reporting, and other regulatory requirements
• Legitimate Interests: Fraud prevention, security monitoring, and service improvement — where these interests are not overridden by your rights
• Consent: Marketing communications, optional location tracking, and analytics cookies — which you may withdraw at any time

5 Sharing Your Data

We do not sell your personal data. We may share it only in the following circumstances:

5.1 Service Providers

We share data with trusted third-party vendors who help us operate the Platform under strict data processing agreements:

• KYC/identity verification providers
• Banking and mobile money partners for fiat settlement
• Cloud infrastructure providers (e.g. AWS, Google Cloud)
• Customer support platforms (e.g. Tawk.to)
• Analytics and monitoring tools
• Blockchain analytics for compliance screening

5.2 Legal & Regulatory Disclosure

We may disclose your information to government authorities, law enforcement, or regulators when:

• Required by law, court order, or regulatory directive
• Necessary to investigate suspected fraud or illegal activity
• Required to protect the rights, property, or safety of HyperX, our users, or the public

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our Platform before your data is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share data with third parties in any other manner with your explicit prior consent.

6 Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, or as required by law:

When data is no longer required, we securely delete or anonymise it in accordance with our data destruction procedures.

7 Security

We implement industry-standard security measures to protect your data against unauthorised access, disclosure, alteration, or destruction:

• Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2 or higher
• Encryption at rest: Sensitive data including KYC documents and financial information is encrypted at rest using AES-256
• Access controls: Strict role-based access controls limit employee access to personal data on a need-to-know basis
• Two-Factor Authentication (2FA): Available and strongly recommended for all user accounts
• Penetration testing: Regular third-party security audits and vulnerability assessments
• Incident response: A documented breach response plan with notification procedures

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. You are also responsible for keeping your account credentials confidential.

If you suspect your account has been compromised, contact us immediately at contact@hyperx.llc.

8 Cookies & Tracking Technologies

We use cookies and similar tracking technologies on our website and app:

8.1 Types of Cookies We Use

8.2 Managing Cookies

You can control and delete cookies through your browser settings. Disabling essential cookies may affect the functionality of the Platform. For analytics and marketing cookies, you may opt out at any time through our cookie preference centre or by contacting us.

9 Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data where we no longer have a legal basis to retain it
• Right to Restriction: Request that we restrict processing of your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

10 Children's Privacy

HyperX services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@hyperx.llc and we will promptly delete such information.

By using our Platform, you confirm that you are at least 18 years of age or the legal age of majority in your jurisdiction.

11 International Data Transfers

HyperX operates primarily across Africa but may process or store data on servers located in other regions, including the European Union and the United States, to support our infrastructure and service providers.

Where data is transferred outside your home country, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by relevant data protection authorities
• Transfers only to countries with adequate data protection laws
• Data processing agreements with all third-party processors

12 Third-Party Links & Services

Our Platform may contain links to third-party websites, e-commerce stores accessed via the HyperX Browser, and decentralised applications. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any external platforms you interact with through HyperX.

When you use the HyperX Browser to access e-commerce sites, those sites operate independently and are governed by their own privacy practices. HyperX only processes the payment data necessary to complete your transaction.

When you connect a third-party wallet (e.g. MetaMask) to the HyperX DApp, your wallet interactions with external DEX protocols are governed by those protocols' own terms and privacy policies.

13 AML & KYC Obligations

As a financial services provider facilitating cryptocurrency and fiat transactions, HyperX is subject to Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) laws in applicable jurisdictions.

To comply with these obligations, we are required to:

• Verify the identity of all users before permitting transactions above regulatory thresholds
• Collect and retain KYC documentation including government-issued ID and proof of address
• Screen all users and transactions against international sanctions lists (OFAC, UN, EU)
• Monitor transactions for unusual or suspicious patterns
• File Suspicious Activity Reports (SARs) with relevant financial intelligence units where required
• Maintain complete transaction records for a minimum of 7 years

Failure to complete KYC verification will result in restricted access to our services. We take these obligations seriously and cooperate fully with regulatory authorities.

14 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Send a notification to your registered email address
• Display a prominent notice on the Platform for at least 30 days

Your continued use of the Platform after the effective date of the updated policy constitutes your acceptance of the changes. If you disagree with the updated policy, you should stop using the Platform and may request account closure.

15 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:

We are committed to resolving privacy-related complaints promptly. If you are not satisfied with our response, you have the right to escalate your complaint to your local data protection authority.