Privacy Policy

Tramia Limited ("Tramia," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and services.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, phone number, organization name, and role when you create an account or request a demo.
• Identity Verification: Government-issued ID, proof of address, and other KYC documentation required for regulatory compliance.
• Transaction Information: Details of transactions you conduct through our platform.
• Communications: Information you provide when you contact us for support or other inquiries.

1.2 Information Collected Automatically

When you use our services, we automatically collect:

• Device Information: IP address, browser type, operating system, and device identifiers.
• Usage Information: Pages visited, features used, and actions taken on our platform.
• Log Data: Server logs including access times, error logs, and system activity.
• Cookies: We use cookies and similar technologies to enhance your experience and collect usage data.

1.3 Information from Third Parties

We may receive information about you from:

• Identity verification and KYC service providers
• Sanctions and PEP screening databases
• Blockchain analytics providers
• Our business partners and clients

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Verify your identity and comply with KYC/AML regulations
• Monitor transactions for suspicious activity
• Respond to your comments, questions, and support requests
• Send you technical notices, updates, and administrative messages
• Communicate about products, services, and events
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Comply with legal obligations and regulatory requirements

3. Information Sharing

We may share your information in the following circumstances:

3.1 With Your Consent

We may share information when you direct us to do so or provide consent.

3.2 With Service Providers

We share information with third-party service providers who perform services on our behalf, including KYC verification, cloud hosting, and analytics.

3.3 For Legal Compliance

We may disclose information to comply with applicable laws, regulations, legal processes, or government requests, including:

• Regulatory authorities (Central Bank of Kenya, Capital Markets Authority)
• Financial Reporting Centre for suspicious activity reports
• Law enforcement agencies when required by law

3.4 Travel Rule Compliance

For virtual asset transfers, we share originator and beneficiary information with counterparty VASPs as required by FATF Travel Rule regulations.

3.5 Business Transfers

In connection with any merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Multi-party computation (MPC) for private key security
• Access controls and authentication requirements
• Regular security assessments and penetration testing
• Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (minimum 7 years for financial records)
• Resolve disputes and enforce agreements
• Meet regulatory requirements for record-keeping

6. Your Rights

Depending on your location and applicable law, you may have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request transfer of your data in a machine-readable format
• Objection: Object to certain processing of your personal information

To exercise these rights, please contact us at privacy@tramia.io.

7. International Data Transfers

Your information may be transferred to and processed in countries other than Kenya. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

8. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

10. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Tramia Limited
Data Protection Officer
Email: privacy@tramia.io
Address: Westlands Business Park, Waiyaki Way, Nairobi, Kenya

11. Regulatory Information

Tramia Limited is registered in Kenya and operates in compliance with:

• Kenya Data Protection Act, 2019
• Proceeds of Crime and Anti-Money Laundering Act (POCAMLA)
• Central Bank of Kenya regulations
• Capital Markets Authority regulations