Draft — pending legal review. This page describes how QuataTrade works and marks (in mint) every detail the operator and a Cameroon-qualified lawyer must confirm. It is not yet legally binding and must not ship to production until reviewed and localized (EN + FR).

Privacy Policy

Last updated: 2 July 2026 · Version 0.1 (draft)

How we collect, use, protect, and retain your personal data, aligned with Cameroon Law No. 2024/017 on personal data protection.

1. Data controller

QuataTrade is operated by legal company name (RCCM number, NIU / taxpayer number), registered at registered address, Cameroon (the “Operator”, “we”, “us”).

To supply: Data-protection contact / DPO name and email, and any registration or notification made under Law 2024/017.

2. What we collect

  • Account data: email, phone, name, country, password/PIN (stored only as strong hashes — argon2id).
  • Verification (KYC) data: identity-document images and a selfie, and any details extracted from them.
  • Transaction data: trades, deposits, withdrawals, ledger entries, chat messages and payment proofs.
  • Technical data: IP address, device fingerprint, session and audit logs.

3. Why we use it (purpose & lawful basis)

  • To operate your account and process trades (performance of contract).
  • To verify identity and prevent fraud, money laundering and sanctions breaches (legal obligation / legitimate interest).
  • To provide support and resolve disputes.
  • To meet record-keeping and reporting duties.

We do NOT use your KYC documents to train AI systems. There is no automated decision that approves KYC — every verification is reviewed by a person.

4. How long we keep it (retention)

We keep verification documents encrypted and only for the legal retention period, then purge them automatically. Current default retention is confirm retention period — the platform is configured for 5 years / 1825 days; the lawyer must confirm the correct period.

To supply: Confirmed retention schedule per data category, and the legal basis for each period.

5. Who we share it with

  • The identity-verification provider (Smile ID or chosen provider), only to verify you.
  • Payment counterparties see limited details needed to complete a trade (e.g. the name/reference you submit).
  • Authorities where required by law or valid legal process.
To supply: Full list of processors/sub-processors and any cross-border transfer, with safeguards under Law 2024/017.

6. Security

Passwords and PINs are hashed with argon2id; verification files are encrypted at rest with per-file keys; access is audit-logged; the platform holds no user spending keys online. See the Security page.

7. Your rights

Subject to Law 2024/017 and the limits of our legal obligations, you may request access to, correction of, or deletion of your personal data, and object to certain processing.

To supply: Exact rights, how to exercise them, response timeframe, and the supervisory authority users may complain to.

8. Cookies

We use only the cookies needed to keep you logged in and remember your language/theme. See the Cookie Policy.

Questions about this policy? Contact us via the support page.