Privacy Policy

Updated on November 18th 2025

1. Introduction

Paycrest Inc. ("Paycrest", "we", "our", or "us") is the operator of the Paycrest Protocol and the owner of Noblocks ("Noblocks"), a consumer-facing application built on the Paycrest infrastructure. This Privacy Policy ("Policy") describes the manner in which Paycrest collects, uses, processes, stores, transfers, and discloses Personal Data in connection with: the use of Noblocks by individual and business users; Liquidity Providers participating in the Paycrest ecosystem; and businesses integrating or interfacing with the Paycrest Protocol. By accessing or using any Paycrest service, you acknowledge that you have read, understood, and agree to the data practices described in this Policy.

2. Scope and Applicability

2.1. This Policy applies to:

Noblocks users (individual and business);
Liquidity Providers onboarding directly with Paycrest;
Businesses integrating with the Paycrest Protocol;
Any person or entity whose information is processed by Paycrest.

2.2. Noblocks is not a standalone entity. All data collected through Noblocks is collected on behalf of, controlled by, and accessible to Paycrest.

3. Definitions

"Personal Data" means any information relating to an identified or identifiable natural or legal person. "Processing" means any operation performed on Personal Data. "Third-Party Provider" means an external entity engaged by Paycrest to perform services. "Beneficial Owner" means any natural person exercising significant control or ownership over a legal entity.

4. Categories of Personal Data We Process

4.1 Wallet, Transaction and Technical Data (All Users)

We collect and store:

Blockchain wallet addresses;
Transaction information;
Recipient information;
Device identifiers and logs;
Security and behavioural analytics data.

4.2 Noblocks KYC/KYB Data

a. Tiers 1 & 2 (Third-Party KYC): We receive verification status, reference identifiers, wallet address, and compliance metadata.
b. Tier 3 (In-House): We collect identity data, biometric confirmation (where applicable), contact data, address verification, compliance documentation, sanctions screening results, device and transaction data.
c. Tier 4 (Business KYB): We collect corporate documents, business addresses, beneficial owner information, identity documentation, ownership structure, sanctions screening results, and technical data.

4.3 Paycrest Liquidity Providers and B2B Clients

We collect corporate documents, business identifiers, representative information, beneficial owner information, compliance documentation, and ownership structure details.

5. Legal Bases for Processing

5.1. We process Personal Data only where a lawful basis exists under applicable data protection laws, including the Nigeria Data Protection Act (NDPA), the GDPR (to the extent applicable), and comparable international frameworks. These Bases include:

a. Where such processing is necessary for the performance of a contract to which the data subject is a party, including the provision of access to Noblocks, the execution of transactions, the onboarding of Liquidity Providers, and the enablement of integrations with the Paycrest Protocol.
b. Where such processing is required for compliance with legal and regulatory obligations, including obligations arising under anti-money-laundering (AML), counter-terrorist-financing (CFT), sanctions, financial-crime, record-keeping, and reporting laws. This legal basis applies particularly to the collection and verification of identity information, beneficial ownership information, and other compliance documentation.
c. Where such processing is necessary for the purposes of Paycrest's legitimate interests, provided that such interests are not overridden by the rights or freedoms of the data subject. These legitimate interests include ensuring the security and integrity of Paycrest's systems, detecting and preventing fraud or misuse of services, monitoring transactions for illicit activity, improving the performance and functionality of Paycrest's products, and conducting internal analytics and risk assessments.

5.2. We may rely on consent as a lawful basis where consent is expressly required under applicable law. Where processing is based on consent, the data subject retains the right to withdraw such consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

6. How We Use Personal Data

6.1. We use Personal Data for purposes that are lawful, proportionate, and consistent with the operation of the Paycrest ecosystem, including Noblocks and all related services. These purposes include:

a. To provide, operate, and maintain our services,
b. To comply with binding legal, regulatory, and supervisory obligations,
c. To preserve the security, integrity, and lawful use of our systems, including detecting suspicious behaviour, preventing unauthorized access, mitigating cybersecurity threats, investigating fraudulent or illegal activity, and enforcing our contractual terms and internal policies.
d. To analyze usage patterns and user interactions, allowing us to continuously improve our service, optimize performance, and introduce new features that meet your evolving needs.

6.2. Where required, we may process Personal Data to communicate with users, respond to inquiries, provide compliance notifications, deliver service-related updates, or inform users about material modifications to contractual documents or regulatory disclosures.

6.3. All processing activities are conducted in accordance with this Policy and applicable data protection laws, and We ensure that Personal Data is used solely for the purposes for which it was collected or for compatible purposes permitted by law.

7. Sharing and Disclosure of Personal Data

7.1. All Noblocks data is accessible to Paycrest.

7.2. We may share your information in the following circumstances to ensure the smooth operation of our service and to comply with legal and regulatory requirements:

a. With Third-Party Service Providers: We partner with trusted third-party service providers to perform essential functions on our behalf. These functions include processing payments, exchanging digital assets into the recipient's preferred form of value, conducting Know Your Customer (KYC) checks, and providing other services required to operate our platform.
b. For Legal and Compliance Reasons: We may disclose your information when required to comply with applicable laws, regulations, or legal processes. This includes responding to subpoenas, court orders, or government requests. Additionally, we may share your information if we believe it is necessary to protect our legal rights, property, and safety, as well as the rights, property, and safety of our users or the public; enforce our terms of service, agreements, and policies; or investigate, prevent, or take action regarding suspected illegal activities, fraud, or security threats.
c. With Your Consent: In situations where your explicit consent is required, we will ask for your permission before sharing your information with third parties for purposes not covered by this Privacy Policy.
d. In Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and ensure that the new entity continues to protect your information in accordance with this Privacy Policy.

8. Security of Your Information

8.1. We are committed to ensuring the security of your interactions with our Service. While we employ industry-standard encryption and secure servers to safeguard any information processed through our Service, no system can guarantee absolute security.

8.2. Your Responsibilities

a. Wallet Security: You are responsible for securing your cryptocurrency wallet and any associated credentials. Ensure that your wallet information is kept confidential and use strong security practices to protect it.
b. Device Security: Protect your personal devices and any access points to your cryptocurrency wallet from unauthorized use. This includes keeping your software and systems up-to-date and using secure, unique passwords.

8.3. By using our Service, you acknowledge that while we strive to implement robust security measures, you are ultimately responsible for your wallet's security and for any transactions made through it.

9. Your Rights

9.1 You have the following rights concerning any information processed through our Service:

a. Access: You may request information about any personal data collected or processed by us or our third-party providers in relation to your use of the Service. We will assist in facilitating such requests with the relevant third parties.
b. Correction: If you believe that any personal information held by us or our third-party providers is inaccurate or incomplete, you can request that it be corrected or updated. We will guide you on how to make this request directly where there are third parties involved.
c. Deletion: You have the right to request the deletion of your personal information. For information that we do not store directly, any request for deletion will be directed to the relevant third-party service managing your data. We will assist in this process as needed.
d. Restriction: You may request that the processing of your personal data be restricted under certain conditions. For data being handled by third parties, this request should be directed to the third-party service handling your data, and we will help facilitate this request where possible.
e. Data Portability: If applicable, you have the right to obtain a copy of your personal data in a structured, commonly used, and machine-readable format. You can also request to transfer this data to another organization. For data being handled by third parties, this request should be made to the third-party service responsible for managing your data, and we will support you in initiating this process.
f. Where third party KYC/KYB providers are involved, please note that our role is to facilitate communication with the third-party services responsible for handling personal data. For specific details on how to exercise these rights, please refer to the privacy policies and contact procedures of the relevant third-party providers.
g. To exercise any of these rights or for any questions related to your personal information, please contact us at [email protected]

10. International Data Transfers

10.1 As a global service, we may facilitate transactions and processes involving data that could be transferred to countries outside of your jurisdiction, including the United States, where our company is based.

10.2 When your data is transferred internationally, we implement appropriate measures to ensure that your information is protected in accordance with applicable data protection laws and in alignment with this Privacy Policy. We adhere to stringent security standards and data protection requirements.

11. Retention of Your Information

We retain Personal Data for compliance, operational, and legal requirements and this information is kept only for as long as necessary to fulfill the operational purposes outlined in this Privacy Policy, including compliance with legal obligations and the resolution of disputes. Once the data is no longer required for these purposes, we will securely delete or anonymize it, in line with applicable laws and industry standards.

12. Third-Party Applications and Services

12.1 Our service may involve the use of third-party applications or services that may request personal information from you and use cookies or similar technologies. While these third-party providers are independent entities with their own privacy practices, we partner only with entities that comply with relevant data protection laws. However, we do not control the data collection practices of these third parties and are not responsible for their privacy policies or practices. We encourage you to review their privacy policies to understand how your information is handled.

12.2 Information Collection by Third Parties

When you interact with third-party applications through our service, they may request personal information such as your name, email address, or payment details. This information is collected and processed by the third party, not by us. We recommend reviewing the privacy policies of any third-party services you use to understand how your information will be handled.

12.3 Cookies and Tracking Technologies

Third-party applications may use cookies, web beacons, or other tracking technologies to collect information about your online activity. These technologies help third parties analyze usage patterns, deliver personalized content, and improve their services. You have the option to manage your cookie preferences through your browser settings or the third-party's privacy settings.

12.4 Data Sharing with Third Parties

We may share limited data, such as wallet addresses or transaction details, with third-party providers to facilitate the services offered through our platform. However, any personal information collected by these third parties is governed by their privacy policies, not ours.

12.5 Your Responsibility

It is your responsibility to review and understand the privacy practices of any third-party applications or services you engage with through our platform. We encourage you to contact the third parties directly if you have any concerns about how your information is being handled.

13. Children's Privacy

13.1 Our services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are under 18, please do not use our services or submit any personal information through our platform.

13.2 We encourage parents and guardians to review the policies of our third party KYC providers to understand how their child's data might be handled.

13.3 If we become aware that we have inadvertently received personal information from a child without parental consent, we will take steps to delete such information from our records. If you believe that a child under 18 has provided us with personal information, please contact us at [email protected]

14. Automated Decision-Making and Profiling

14.1 We do not engage in automated decision-making processes or profiling that produce legal effects or significantly affect you as an individual. Our service is designed to facilitate cryptocurrency transactions with human oversight, ensuring that while automation aids in processing, key decisions and any complex issues are reviewed and monitored by our team to provide a fair and secure experience.

14.2 Any decisions regarding the use of your information or the outcome of transactions are subject to human review and are not solely based on automated processing. If third-party services integrated with our platform perform any automated decision-making, they do so under their own privacy policies, and we recommend reviewing those policies for further information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any significant changes by posting the updated policy on our website and indicating the effective date. Please review this Privacy Notice regularly to ensure that you are aware of its terms. Your continued use of our service after the effective date constitutes your acceptance of the updated policy.

16. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected]