Privacy Policy

1. Who we are

Dream Trade Ltd ("Dream Trade", "we", "us", or "our") operates a cryptocurrency exchange platform available at dreamtrade.app and through our iOS and Android mobile applications.

We are registered in Nigeria and operate as a licensed Virtual Digital Asset (VDA) Service Provider under the Nigeria Securities and Exchange Commission (SEC) framework.

For privacy inquiries, contact our Data Protection Officer at privacy@dreamtrade.app.

2. Information we collect

Information you provide directly:

• Account registration details (full name, email address, phone number, password)
• Identity verification documents (BVN, government-issued ID, selfie/biometric data) via Smile Identity
• Bank account details for NGN withdrawals and deposit verification via Paystack
• Tax identification numbers where required by Nigerian law
• Communications with our support team via chat, email, or WhatsApp

Information collected automatically:

• Device identifiers, IP address, mobile OS, browser type, and app version
• Usage data: pages viewed, trades executed, session duration, and features used
• Transaction history: deposit amounts, trade orders, withdrawal records
• Log data, timestamps, error reports, and crash diagnostics
• Location data (city/region level, derived from IP address)

3. How we use your information

We use the information we collect to:

• Provide, operate, and continuously improve our trading platform and mobile apps
• Process cryptocurrency trades and NGN bank transfers on your behalf
• Verify your identity and comply with KYC/AML obligations under Nigerian law
• Monitor for and prevent fraud, money laundering, and unauthorized account access
• Send transaction confirmations, security alerts, and service notifications
• Comply with SEC reporting requirements and legal processes
• Provide customer support via live chat, email, and WhatsApp
• Analyze usage patterns to improve our platform features and UX
• Send marketing communications where you have consented

4. Legal basis for processing

• Contract performance — processing necessary to deliver our trading and payment services to you
• Legal obligation — KYC, AML, tax reporting, and SEC compliance requirements
• Legitimate interests — fraud detection, platform security, and service improvement
• Consent — marketing communications and optional analytics; you may withdraw at any time

5. Sharing your information

We do not sell your personal data. We share information only in the following circumstances:

• Smile Identity — for BVN verification, ID document checks, and biometric selfie matching
• Paystack — for NGN deposits, bank account verification, and withdrawals via the Paystack Transfer API
• Cloud infrastructure providers — for hosting, database management, and Redis caching (Railway, Supabase, Upstash)
• Nigeria SEC and regulatory authorities — when legally required for compliance reporting
• NFIU and law enforcement — when required to comply with AML obligations or lawful requests
• Professional advisors — lawyers and auditors, under strict confidentiality agreements
• Successor entities — in the event of a merger, acquisition, or sale of assets

6. Data retention

We retain your personal data for as long as your account is active and as required by Nigerian financial regulations. Under the Money Laundering (Prevention and Prohibition) Act 2022, KYC records and transaction data must be kept for a minimum of 5 years after the end of a business relationship.

You may request deletion of certain data elements, subject to our regulatory obligations. We will inform you clearly of any data we are legally required to retain before processing your request.

7. Mobile app data & permissions

Our iOS and Android apps may request the following device permissions:

• Camera — for selfie/biometric KYC verification via Smile Identity
• Photo library — to upload ID documents during verification
• Notifications — for trade confirmations, price alerts, and security alerts
• Biometrics (Face ID / Fingerprint) — for secure app login (data stays on device only)

You can revoke any of these permissions in your device settings at any time. Revoking camera or photo access will disable KYC functionality.

8. Cookies and tracking

Our web platform uses cookies and similar technologies for authentication (JWT sessions), user preference storage, and analytics. You can control cookies through your browser settings, though disabling them may affect login and platform functionality.

Our mobile apps do not use browser cookies. We use anonymized analytics (crash reports, feature usage) to improve the app experience. We do not track you across third-party apps or services.

9. Data security

We implement multiple layers of security to protect your data and funds:

• TLS encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• JWT-based authentication with refresh token rotation and Redis-based blacklisting
• Two-factor authentication (TOTP) available for all accounts
• Biometric KYC via Smile Identity for identity assurance
• Cold wallet custody for crypto holdings above float threshold
• AML transaction monitoring middleware on all withdrawal operations
• Regular security audits and penetration testing

Despite these measures, no system is completely secure. In the event of a data breach affecting your personal information, we will notify you within 72 hours as required by Nigerian law.

10. International transfers

Some of our service providers (including Smile Identity and cloud infrastructure partners) may process your data outside Nigeria. Where this occurs, we ensure appropriate contractual safeguards are in place to protect your data to at least the same standard required by Nigerian data protection law (NDPR 2019).

11. Your rights

Under the Nigeria Data Protection Regulation (NDPR) 2019, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data in your account
• Request deletion of your data (subject to legal retention requirements)
• Object to or restrict certain types of processing
• Data portability — receive your transaction history in a structured format
• Withdraw consent at any time for consent-based processing (e.g. marketing emails)
• Lodge a complaint with the Nigeria Data Protection Commission (NDPC)

To exercise any right, email privacy@dreamtrade.app. We will respond within 30 days.

12. Children's privacy

Our platform is strictly for individuals aged 18 and above. We do not knowingly collect personal data from minors. If you believe a minor has created an account or provided us with data, please contact us immediately at privacy@dreamtrade.app and we will delete it promptly.

13. Changes to this policy

We may update this Privacy Policy to reflect changes in our services, technology, or applicable law. We will notify you of material changes by email and/or by displaying a prominent notice in the app at least 30 days before the changes take effect.

Your continued use of Dream Trade after the effective date constitutes your acceptance of the updated policy. You can always find the current version of this policy at dreamtrade.app/privacy.

14. Contact us

For privacy questions, data requests, or to exercise your rights, contact our Data Protection Officer:

• Email: privacy@dreamtrade.app
• Support: support@dreamtrade.app
• Address: Dream Trade Ltd, Lagos, Nigeria

We aim to respond to all privacy requests within 5 business days and to resolve them within 30 days.