Privacy Policy

Effective Date: January 23, 2026
Last Updated: January 23, 2026

Introduction

At Preklo, we take your privacy seriously. This policy explains what information we collect, how we use it, and how we protect it when you use our mobile app and services.

Preklo is a mobile payment platform that lets you send money instantly using blockchain technology. We're operated by Rowell Holdings (Pty) Ltd, registered in South Africa.

If you have questions about this policy, reach out to us at privacy@preklo.com or visit https://preklo.com.

By using Preklo, you're agreeing to how we handle your information as described in this policy. If you don't agree, please don't use our services.

What Information We Collect

Information You Give Us

When you sign up and use Preklo, we collect:

Account Details:

Your full name
Your unique @username
Email address
Phone number (optional)
Password (we store it encrypted, never in plain text)
Profile picture (if you add one)
Date of birth (to verify you're 18+)

Financial Information:

Bank account details (for withdrawing money)
Mobile money account info
Your transaction history
Wallet balances (both crypto and regular money)
How you prefer to pay

Verification Documents (KYC/AML):

Government ID (passport, driver's license, etc.)
Proof of address
Photos for identity verification
Any other documents required by financial regulations

Information We Collect Automatically

Transaction Data:

How much you send/receive and in what currency
When transactions happen
Who you're sending to or receiving from
Transaction status
Blockchain transaction hashes (these are public)
Fees and payment methods used

Device Information:

What device you're using (phone model, operating system)
Your IP address and general location
Device IDs
Mobile network info
How you use the app
Crash reports and error logs

Location:

Approximate location from your IP address
Precise location (only if you give us permission for specific features)
Country/region for compliance

Biometrics (with your permission):

Fingerprint or Face ID data - this stays on your device only, we never see it or store it on our servers

Camera Access:

For scanning QR codes to send/receive payments (processed on your device)

Information from Third Parties

Blockchain Data:

Wallet addresses and public keys from the Aptos blockchain
Transaction records from the blockchain
Smart contract interactions

Payment Partners:

Transaction verification from Cashwyre
Card transaction data (if you use our virtual card)
Bank verification info

Compliance Services:

Identity verification results
Fraud detection scores
Sanctions screening results

How We Use Your Information

We use your information to:

Run Our Service:

Create and manage your account
Process payments (crypto and regular money)
Enable @username payments
Generate and scan QR codes
Manage your wallet and balances
Handle virtual cards
Process deposits and withdrawals

Keep Things Secure:

Verify your identity and prevent fraud
Detect money laundering
Monitor for suspicious activity
Protect against unauthorized access
Keep our platform and your account safe

Legal Requirements:

Comply with laws and regulations
Respond to court orders or government requests
Meet KYC and AML requirements
Keep transaction records as required by law
Report suspicious activity when needed

Communicate With You:

Send transaction confirmations
Provide customer support
Send important account updates
Answer your questions
Send security alerts

Improve Our Service:

Analyze how people use the app
Build new features
Test and fix bugs
Personalize your experience (with your permission)

Marketing (only with your consent):

Send promotional offers
Tell you about new features
Ask for feedback

You can always opt out of marketing emails in your account settings or by contacting us.

How We Share Your Information

We don't sell your personal information. We only share it in these situations:

Service Providers

We work with trusted partners to run our business:

Blockchain:

Aptos Network - Your transactions are recorded on the public Aptos blockchain. Once on the blockchain, they're permanent and anyone can view them.
Circle - Processes USDC stablecoin transactions
Nodit - Provides blockchain data access

Payments:

Cashwyre - Handles fiat on/off-ramps, bank transfers, mobile money, and virtual cards
Banking partners for deposits and withdrawals

Verification:

KYC/AML providers for identity checks
Compliance services for fraud and sanctions screening

Infrastructure:

Cloud hosting providers
Analytics services
Customer support tools

All our partners are contractually required to protect your information and only use it for the purposes we specify.

Legal Requirements

We may share your information when:

Required by law, court order, or government request
Needed to enforce our Terms of Service
Necessary to protect Preklo, our users, or the public
Required to prevent fraud or illegal activity
Requested by law enforcement or financial regulators

Business Changes

If Preklo is sold, merged, or goes through bankruptcy, your information may be transferred as part of that process. We'll let you know if this happens.

With Your Permission

We may share your information when you explicitly consent, like:

Making your @username public (which is part of how the service works)
Connecting with other users for transactions
Participating in promotions

Blockchain and Public Information

Important: The Aptos blockchain is public. This means:

Wallet addresses are visible (though not directly linked to your identity)
Transaction amounts and times are public
Smart contract interactions are visible
@username registrations are linked to wallet addresses on-chain

Once a transaction is confirmed on the blockchain, it can't be deleted or changed. Anyone can look it up using blockchain explorers.

What We Do to Protect Your Privacy:

We use custodial wallets so your identity isn't directly linked to your wallet address
We don't publish your personal info on the blockchain
We encrypt your private keys

How We Protect Your Information

We use industry-standard security measures:

Technical Security:

All sensitive data is encrypted in transit (TLS/SSL) and at rest (AES-256)
Your wallet private keys are encrypted and stored securely
Passwords are hashed with bcrypt - we never see your actual password
All API calls use HTTPS and authentication tokens
Our database (PostgreSQL) has access controls and encryption

Organizational Security:

Only authorized staff can access personal information
We do regular security audits and penetration testing
Staff are trained on data protection
We have procedures for handling data breaches
Admin accounts require two-factor authentication

Features You Can Use:

Biometric login (fingerprint, Face ID)
Device encryption
Transaction confirmations and alerts
Account activity monitoring
Ability to freeze your account if something looks suspicious

Important: No system is 100% secure. You're responsible for keeping your account credentials safe. Don't share your password with anyone.

Your Rights

Depending on where you live, you have certain rights:

Access Your Data:

Request a copy of the personal information we have about you
Get your data in a format you can use

Correct Your Data:

Update or fix inaccurate information in your account settings
Change your profile anytime

Delete Your Data:

Request deletion of your personal information (subject to legal requirements)
Close your account by contacting support

Limitations:

We have to keep some information for legal, tax, and regulatory reasons (usually 5-7 years for financial records)
Blockchain transactions can't be deleted once recorded
We may keep anonymized data for analytics

Marketing:

Unsubscribe from marketing emails (link in each email)
Manage push notifications in your device settings
Note: We'll still send essential service-related messages even if you opt out of marketing

Withdraw Consent:

You can withdraw consent for optional data processing anytime
This might limit some features

Exercise Your Rights: Contact us at privacy@preklo.com with the subject line "Privacy Request - [Your Request Type]". We'll respond within 30 days. We may need to verify your identity first.

International Data Transfers

Preklo operates globally, so your information may be transferred to countries outside where you live, including:

United States (for cloud infrastructure)
Europe (for compliance and payments)
Other countries as needed for our operations

When we transfer data internationally, we use:

Standard contractual clauses approved by regulators
Adequacy decisions from data protection authorities
Compliance with GDPR, POPIA, and other applicable laws
Encryption during transfer

EU/EEA Users: We comply with GDPR when processing your data.

South African Users: We comply with POPIA.

How Long We Keep Your Information

We keep your information as long as needed to provide our services and meet legal requirements:

Account Data:

Active accounts: While your account is active
Closed accounts: Up to 7 years after closure (for legal/compliance)

Transactions:

Financial transactions: 5-7 years (as required by financial regulations)
Blockchain records: Permanent (can't be deleted)

Communications:

Customer support: 3 years
Marketing: Until you opt out, then deleted within 30 days

Security Logs:

Access logs: 1-2 years
Security incidents: As required by law

After retention periods expire, we securely delete or anonymize your information.

Children's Privacy

Preklo is for people 18 and older. We don't knowingly collect information from anyone under 18.

If you're under 18, please don't:

Sign up for a Preklo account
Use our services
Give us any personal information

If we find out we've collected information from someone under 18, we'll delete it immediately.

If you're a parent or guardian and think your child gave us information, contact us at privacy@preklo.com.

Third-Party Links

Our app may have links to third-party websites or services (like blockchain explorers, partner sites, or social media).

Important: We're not responsible for how third parties handle your information. This Privacy Policy doesn't apply to third-party services. Check their privacy policies.

Third-Party Services We Use:

Aptos blockchain explorer
Petra Wallet (for external wallet connections)
Payment processors and banking partners
Social media platforms (for sharing features)

Cookies and Tracking

Mobile App

Our app doesn't use browser cookies, but we do use similar technologies:

Analytics SDKs (to understand app usage)
Crash reporting (to fix bugs)
Session tokens (to keep you logged in)
Device identifiers (for security and fraud prevention)

Website

If you visit preklo.com, we may use cookies:

Essential cookies (required for the site to work)
Analytics cookies (to understand usage, with your consent)
Marketing cookies (for ads, with your consent)

You can control cookies in your browser settings. Disabling them might affect website functionality.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

We'll update the "Last Updated" date at the top
For major changes, we'll notify you in the app or by email
We may ask you to review and accept the updated policy

If you keep using Preklo after changes take effect, you're agreeing to the updated policy. If you don't agree, you can close your account.

Version History:

Version 1.0 (January 23, 2026): Initial privacy policy

Regional Privacy Rights

European Union (GDPR)

If you're in the EU/EEA, you have additional rights:

Right to object to processing
Right to restrict processing
Right to complain to your local data protection authority
Right to not be subject to automated decision-making

Why We Process Your Data:

To provide our services (contract performance)
To comply with financial regulations (legal obligation)
For fraud prevention, security, and service improvement (legitimate interest)
For optional features and marketing (with your consent)

GDPR Inquiries: Contact privacy@preklo.com

California (CCPA/CPRA)

If you're a California resident, you have rights under CCPA:

Right to know what personal information we collect
Right to know if we sell or share your information
Right to opt out of sale of personal information
Right to deletion (with some exceptions)
Right to non-discrimination for exercising your rights

We don't sell your personal information.

South Africa (POPIA)

If you're in South Africa, we comply with POPIA:

We process information lawfully and transparently
We only collect what we need
We keep data accurate and secure
You have rights to access, correct, and delete your information

Information Officer: David Malope (privacy@preklo.com)

Contact Us

Questions about this Privacy Policy or how we handle your data? Get in touch:

Contact:

Email: privacy@preklo.com
Subject: "Privacy Inquiry"

Company Info:

Company: Rowell Holdings (Pty) Ltd
Service: Preklo
Website: https://preklo.com
Support: Available in the Preklo mobile app

We aim to respond to privacy inquiries within 30 days.

Regulatory Complaints:

If you're not happy with our response, you can complain to your local data protection authority:

South Africa: Information Regulator of South Africa (https://www.justice.gov.za/inforeg/)
EU/EEA: Your local Data Protection Authority
UK: Information Commissioner's Office (https://ico.org.uk/)

Additional Information

Custodial Wallets

Preklo uses custodial wallets, which means:

We hold and manage your cryptocurrency private keys
We're responsible for securing your funds
You can export your wallet anytime (contact support)
We process transactions on your behalf

Your Responsibilities:

Keep your account credentials secure
Enable two-factor authentication
Report suspicious activity right away

Financial Services Disclaimer

Preklo is a fintech company, not a bank. We partner with regulated entities for:

Banking services (deposits and withdrawals)
Payment processing
Compliance and KYC services

Your funds may be held by our payment partners according to their terms and regulations.

Blockchain Transparency

By using cryptocurrency services, you understand that:

Blockchain transactions are public and permanent
Your wallet address may be publicly visible
Transaction history can't be deleted from the blockchain
Blockchain explorers may show your transaction data

We recommend not sharing your wallet address publicly to protect your privacy.

Definitions

Personal Information: Information that identifies you or could identify you.

Processing: Any operation on personal information, including collecting, storing, using, sharing, and deleting.

Services: The Preklo mobile app and all related services, including wallet management, transactions, and payments.

Third-Party Service Providers: Companies we work with to provide services.

Custodial Wallet: A digital wallet where we hold and manage your private keys.

@username: Your unique Preklo username for receiving payments (e.g., @johndoe).

USDC: USD Coin, a stablecoin pegged to the US Dollar, issued by Circle.

Aptos: The blockchain network Preklo uses.

Acknowledgment

By creating a Preklo account and using our services, you acknowledge that:

You've read and understood this Privacy Policy
You consent to how we collect, use, and share your information as described
You understand that blockchain transactions are public and permanent
You're at least 18 years old
You agree to follow all applicable laws and regulations

Last Updated: January 23, 2026
Version: 1.0

For Terms of Service, visit: [Link to be added]
For Support and FAQs, visit: https://preklo.com/support