FeaturesUse casesSecurityAboutFAQs
Try MXE
FeaturesUse casesSecurityAboutFAQs
Try MXE

DATA PRIVACY POLICY

MXE Chat Data Consent & Privacy Notice

Effective Date: January 2025 | Version 1.0

Welcome to MXE Chat!

By registering for MXE Chat, you will provide us with personal information. We are committed to protecting your data in compliance with the Nigeria Data Protection Act (NDPA) 2023 and all applicable Central Bank of Nigeria (CBN) regulations.

Please read this notice carefully before proceeding with registration.

WHAT DATA WE COLLECT

During registration and while using MXE Chat services, we collect the following information:

Personal Information

  • Name: First name and last name
  • Gender: Male or Female
  • Date of Birth: For age verification and KYC compliance
  • Phone Number: Your WhatsApp-registered phone number

Address Information

  • Street Address: Your residential street address
  • City: City of residence
  • State: State within Nigeria

Financial & Security Information

  • BVN (Bank Verification Number): For identity verification and regulatory compliance
  • Transaction PIN: 4-6 digit PIN for securing transactions
  • Account Balance: Your MXE Chat wallet balance
  • Transaction History: Records of transfers, airtime, data purchases, and virtual card transactions

Identity Verification Data

  • Biometric Data: Facial recognition data processed by Smile Identity for BVN verification
  • Identity Documents: Government-issued ID for KYC verification
  • Verification Photos: Selfies for identity matching

Usage & Technical Data

  • Device Information: Device type, operating system
  • Location Data: State-level location for compliance
  • Transaction Metadata: Timestamps, transaction references, IP addresses
  • Chat Interactions: Messages sent to our AI assistant for service improvement

HOW WE USE YOUR DATA

Your information is processed for the following lawful purposes:

  • Account Management: Create and maintain your MXE Chat payment account
  • Transaction Processing: Execute money transfers, airtime purchases, data bundles, and virtual card operations
  • Identity Verification: Verify your identity through BVN matching and prevent fraud (KYC/AML compliance)
  • Regulatory Compliance: Meet Central Bank of Nigeria (CBN), Nigeria Inter Bank Settlement System (NIBSS), and NDPC requirements
  • Customer Service: Provide support, resolve disputes, and respond to inquiries
  • Security & Fraud Prevention: Monitor for suspicious activities and protect your account
  • Service Notifications: Send transaction confirmations, account updates, and security alerts via WhatsApp
  • Service Improvement: Analyze usage patterns to enhance user experience (anonymized data)
  • Legal Obligations: Comply with court orders, regulatory audits, and law enforcement requests

Legal Basis for Processing:

  • Consent: You explicitly consent to data collection during registration
  • Contract: Processing is necessary to provide financial services
  • Legal Obligation: Required by CBN, NIBSS, and anti-money laundering laws

WHO WE SHARE YOUR DATA WITH

We may share your personal data with the following third parties for legitimate business purposes:

Financial Services Partners

  • 9 Payment Service Bank (9PSB): Our core banking partner for wallet creation, fund transfers, and account management
  • Nigerian Inter-Bank Settlement System (NIBSS): For inter-bank transfers and BVN validation
  • Commercial Banks: Recipient banks for money transfers

Identity Verification Partners

  • Smile Identity: Third-party KYC provider for BVN verification and identity matching
  • Nigeria Identity Management Commission (NIMC): For BVN and NIN validation (via authorized channels)

Mobile & Card Services

  • Mobile Network Operators: MTN, Airtel, Glo, 9Mobile for airtime and data purchases
  • Miden: Virtual card issuance and management partner

Technology & Infrastructure

  • WhatsApp (Meta Platforms): Messaging infrastructure provider
  • OpenAI: AI-powered natural language processing (anonymized queries only)
  • Cloud Service Providers: Secure data storage and hosting

Regulatory & Legal Authorities

  • Central Bank of Nigeria (CBN): Regulatory reporting and compliance
  • Nigeria Data Protection Commission (NDPC): Data protection oversight
  • Economic and Financial Crimes Commission (EFCC): Anti-money laundering investigations (when legally required)
  • Law Enforcement Agencies: In response to valid legal requests

⚠️ Important: We DO NOT sell your personal information to third parties for marketing purposes. All third-party sharing is limited to service delivery, security, and legal compliance.

YOUR DATA PROTECTION RIGHTS

Under the Nigeria Data Protection Act (NDPA) 2023, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure (Right to be Forgotten): Request deletion of your data (subject to legal retention requirements)
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine readable format
  • Right to Object: Object to data processing for direct marketing or legitimate interests
  • Right to Withdraw Consent: Withdraw your consent at any time (may affect service availability)
  • Right to Lodge a Complaint: File a complaint with the Nigeria Data Protection Commission (NDPC)

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer:

Email: privacy@mxechat.com

Phone: +234-XXX-XXXX-XXX

Response Time: We will respond to your request within 30 days

⚠️ Limitations: Some rights may be limited by legal or regulatory obligations. For example, we must retain transaction records for 7 years as required by CBN regulations.

DATA SECURITY MEASURES

We implement industry-standard security measures to protect your data:

Technical Security

  • End-to-End Encryption: Sensitive data (BVN, PIN) is encrypted in transit and at rest using AES-256 encryption
  • Secure Socket Layer (SSL/TLS): All data transmissions use HTTPS protocol
  • PIN Hashing: Transaction PINs are hashed using bcrypt (irreversible)
  • Tokenization: Payment card data is tokenized to prevent unauthorized access
  • Multi-Factor Authentication: Transaction confirmation via WhatsApp Flow PIN verification

Organizational Security

  • Access Controls: Role-based access to data (least privilege principle)
  • Employee Training: Regular data protection and security awareness training
  • Background Checks: Screening of employees with access to sensitive data
  • Confidentiality Agreements: All employees and contractors sign NDAs

Monitoring & Auditing

  • 24/7 Security Monitoring: Automated threat detection and alerting
  • Regular Security Audits: Quarterly internal and annual external audits
  • Vulnerability Scanning: Continuous scanning for security vulnerabilities
  • Incident Response Plan: Documented procedures for data breach response

Compliance Certifications

  • ✓ NDPA 2023 Compliant
  • ✓ CBN Payment Service Bank Guidelines
  • ✓ ISO 27001 Information Security Management (in progress)

Data Breach Notification: In the unlikely event of a data breach affecting your personal information, we will notify you and the NDPC within 72 hours as required by law.

DATA RETENTION POLICY

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this notice:

Active Accounts

  • Personal Information: Retained for the duration of your account existence
  • Transaction Data: Stored indefinitely while account is active
  • Chat History: Last 30 days (for service quality and support)

Closed or Inactive Accounts

  • Financial Records: 7 years after account closure (CBN requirement)
  • KYC/AML Records: 7 years (regulatory compliance)
  • Transaction History: 7 years (audit trail)
  • Non-Financial Data: Deleted within 90 days after account closure (unless legally required)

Legal Hold

  • Litigation or Investigation: Data retained until legal matter is resolved
  • Regulatory Request: Extended retention as required by authorities

Note: After retention periods expire, data is securely deleted or anonymized in accordance with data protection best practices.

INTERNATIONAL DATA TRANSFERS

Some of our service providers (e.g., WhatsApp, OpenAI, cloud hosting) may process data outside Nigeria. When transferring data internationally, we ensure:

  • ✓ Adequate data protection safeguards (e.g., Standard Contractual Clauses)
  • ✓ Compliance with NDPA 2023 requirements for cross-border data transfers
  • ✓ Service providers are contractually bound to protect your data

Your BVN and financial data remain stored within Nigeria in compliance with CBN localization requirements.

AGE RESTRICTION

MXE Chat services are only available to individuals aged 18 years and above. By registering, you confirm that you meet this age requirement. We do not knowingly collect personal data from minors under 18. If we become aware that we have collected data from a minor, we will delete it immediately.

CONTACT INFORMATION

Data Protection Officer (DPO)

Name: <Redacted>

Email: Privacy@mymxe.com

Phone: +2349160006904

Address: No 1 spring garden estate, orchid road, Lagos Nigeria.

General Inquiries

Customer Support: team@mymxe.com

WhatsApp: +2349160006904

Website: www.mxechat.com

Regulatory Authority

Nigeria Data Protection Commission (NDPC)

Website: www.ndpc.gov.ng

Email: info@ndpc.gov.ng

Address: 1a Zambezi Crescent, Off Aguiyi Ironsi Street, Maitama, Abuja, Nigeria

CONSENT DECLARATION

By checking the consent box and proceeding with registration, you confirm that:

  • ✓ I am at least 18 years old and legally capable of entering into this agreement
  • ✓ I have read and understood this Data Consent & Privacy Notice
  • ✓ I consent to the collection, processing, storage, and sharing of my personal data as described above
  • ✓ I understand my rights under the NDPA 2023 and how to exercise them
  • ✓ I consent to BVN verification through Smile Identity for KYC compliance
  • ✓ I authorize MXE Chat and its authorized partners to process my data for the purposes stated in this notice
  • ✓ I agree to the Terms of Service and Privacy Policy available at www.mxechat.com/terms
  • ✓ I understand that I can withdraw my consent at any time by contacting privacy@mxechat.com

⚠️ Important: Withdrawing consent may result in the closure of your account and termination of services, as we require this data to provide financial services and meet regulatory obligations.

MXE Chat - Data Consent & Privacy Notice

Version 1.0 | Effective Date: January 2025

This document is issued in compliance with the Nigeria Data Protection Act (NDPA) 2023, Central Bank of Nigeria (CBN) regulations, and international data protection best practices.

© 2025 MXE Chat. All rights reserved. | Registered in Nigeria | RC Number: [Your RC Number]

For the most up-to-date version of this notice,

visit: www.mxechat.com/privacy

Contact Us

support@mxelab.co

Get more updates and info here

Copyright 2025 | © All rights reserved.