1. Introduction

This Privacy Notice (“Notice”) explains how Muva Networks Limited (“Muva,” “we,” “us,” or “our”) collects, uses, discloses, stores, and protects Personal Data when you access our website, interact with any form or feature covered under our General Terms of Use, or use the Services governed by our Business Terms of Service.

It applies to:

1. Website visitors who browse, submit enquiries, request information, or interact with any publicly available features of the site;

2. Businesses and authorised users who apply for, access, or use Muva’s Services; and

3. Any individual whose data is provided to us during onboarding, KYB/KYC checks, operational communications, or settlement activities.

This Notice forms part of the contractual framework created by the General Terms of Use and Business Terms of Service. Where you apply for or use the Services, this Notice applies alongside those agreements.

We process Personal Data in line with the Personal Information Protection and Electronic Documents Act (PIPEDA), applicable Canadian provincial legislation, the Nigeria Data Protection Act (NDPA) 2023, and other relevant international standards. Our goal is to handle data responsibly, transparently, and in a way that respects the rights of every individual whose information we process.

BY ACCESSING THE WEBSITE OR USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY NOTICE.

2. Definitions

For the purposes of this Privacy Notice, the following terms have the meanings set out below:

“Account” means the profile or record created for a Business or individual once onboarding is completed, including authorised contacts and information submitted through designated channels.

“Applicable Data Protection Laws” includes the Personal Information Protection and Electronic Documents Act (PIPEDA), relevant Canadian provincial privacy laws, the Nigeria Data Protection Act (NDPA) 2023, and any other legislation governing the processing of Personal Data in jurisdictions where Muva operates.

“Business” or “Client” means any incorporated entity, partnership, sole proprietorship, or organisation that applies for or uses Muva’s Services.

“Data Subject” means any identifiable individual whose Personal Data is collected or processed by Muva. This includes website visitors, representatives of Business clients, authorised users, and individuals whose information is supplied during onboarding or compliance checks.

“Designated Channels” means the communication channels agreed between Muva and a Business client for onboarding, operational updates, reporting, and other communications. These may include approved email addresses or other secure communication tools.

“Personal Data” or “Personal Information” means any information relating to an identified or identifiable individual. This may include names, contact information, identification documents, device data, communication records, financial information, and any other information collected through the website or during onboarding and service delivery.

“Platform” means Muva’s website, dashboards, portals, application interfaces, and any other online tools or channels operated or authorised by Muva.

“Services” means the business-facing services Muva provides to approved clients, including the workflows, support mechanisms, communication processes, and any related features that enable clients to use Muva’s offerings. 

“Special Categories of Personal Data” means sensitive information such as health data, biometric identifiers, ethnicity, religion, political opinions, or any other category classified as sensitive under Applicable Data Protection Laws.

“User,” “you,” or “your” means any individual or entity accessing the Platform, submitting information through the website, or interacting with Muva under the General Terms of Use or as part of Business onboarding.

3. Personal Data We Collect

We collect Personal Data only to the extent necessary to operate the website, respond to enquiries, complete onboarding, and deliver our Services. The categories include:

3.1 Website & General Terms of Use Interactions

1. Identity & Contact Data: Name, email, phone number, organisation, and any information submitted through website forms.

2. Technical Data: IP address, device type, browser details, log data, cookies, usage analytics, and interaction records.

3. Communications: Messages, enquiries, and any information you voluntarily provide.

   
   

3.2 Business Clients & Authorised Users

1. Onboarding & Verification Data: Identification documents, company registration records, beneficial ownership details, signatures, and compliance documentation.

2. Operational Data: Information exchanged through Designated Channels, including instructions, confirmations, update requests, and communication logs.

3. Account Data: Authorised user lists, audit trails, financial information and system access metadata.

   
   

3.3 Automatically Collected Data

1. Cookies and tracking technologies

2. Security logs, access timestamps, authentication data

3. Aggregated or anonymised analytics (which do not identify individuals)

   
   

3.4 Sensitive Data

We do not intentionally collect Special Categories of Personal Data unless required for legal compliance or provided voluntarily with explicit consent.

4. How We Collect Your Personal Data

We collect Personal Data directly from you when you interact with us. This includes information you provide when you submit forms on the website, send enquiries, request access to our Services, communicate with us through email or other Designated Channels, complete onboarding or verification steps, or update your Account information. Any details you supply during these interactions are collected for the purposes described in this Notice.

We also collect data automatically whenever you access the website or use any part of the Platform. This includes information generated through cookies, log files, device identifiers, and analytics tools. These technologies record technical details such as IP address, device type, browser information, usage patterns, interaction behaviour, and security logs. Such data helps us maintain functionality, security, performance, and accurate system records.

In addition, we obtain Personal Data from third parties where necessary for lawful and operational purposes. These sources may include verification and compliance service providers, public registries, hosting and technology partners, financial institutions involved in processing related activities, and businesses or individuals that list you as an authorised representative. Where third-party data is provided about you, we expect the party supplying it to have the appropriate authority or legal basis to do so.

5. How We Use Your Personal Data and Legal Bases

We use Personal Data only for purposes that are lawful, necessary, and directly connected to operating the website, completing onboarding, maintaining our relationship with Business clients, and ensuring compliance with applicable laws.

We use the data you provide through the website to respond to enquiries, supply information about our offerings, manage communication, and maintain the security and functionality of the Platform. Technical data collected automatically is used to analyse performance, detect issues, prevent misuse, and support user experience improvements.

For Business clients and authorised users, we process Personal Data to assess applications, complete identity and organisational verification, establish and maintain Accounts, manage authorised user permissions, record communications through Designated Channels, and support the operational processes required to deliver our Services. This includes maintaining accurate records, generating system logs, and facilitating authorised interactions.

We also process Personal Data to comply with legal and regulatory obligations, including identity verification, risk assessments, record-keeping duties, reporting requirements, and responding to lawful requests from authorities. Where we rely on consent—such as for optional marketing communications—you may withdraw it at any time without affecting the lawfulness of prior processing.

Across all use cases, we may process data based on contractual necessity, compliance obligations, legitimate interests (such as ensuring platform security and service integrity), or your expressed consent where required.

6. Data Sharing and Disclosures

We disclose Personal Data only when necessary, lawful, and consistent with this Privacy Notice. Data may be shared with service providers who support our operations, including hosting and cloud providers, identity and compliance partners, communication tools, security platforms, and other vendors engaged to process information on our behalf. These parties are bound by contractual obligations to protect the data and use it only for authorised purposes.

We may share Personal Data with banks, technology partners, or other institutions involved in facilitating authorised activities connected to onboarding, account management, or operational processes. Information may also be shared with third parties where a Business client designates or authorises those parties to receive it.

Personal Data may be disclosed to regulators, supervisory authorities, law enforcement, courts, or other governmental bodies where required by law, to comply with a legal request, or to protect our rights, systems, users, or the integrity of our Services. If Muva is involved in a reorganisation, merger, acquisition, or similar corporate event, Personal Data may be transferred to the relevant participants, subject to appropriate safeguards.

We do not sell Personal Data. Any sharing we undertake is limited to what is strictly necessary, proportionate, and governed by appropriate legal or contractual protections.

7. International Data Transfers

Because our operations involve clients, partners, and service providers located in multiple jurisdictions, Personal Data may be transferred outside your country of residence. These transfers may occur when onboarding is completed, when we communicate with you or your authorised users, or when our service providers, banks, or technology partners process information to support the delivery of our Services.

When Personal Data is transferred internationally, we apply safeguards consistent with Applicable Data Protection Laws. These may include standard contractual clauses, data-processing agreements, contractual protections, secure transfer mechanisms, and technical measures designed to maintain confidentiality and integrity. Where required, we will obtain your explicit consent before transferring data to a jurisdiction that does not offer an equivalent level of protection.

International transfers are limited to what is necessary for legitimate operational, compliance, or support purposes. Regardless of location, all recipients of Personal Data are required to protect it to a standard that is consistent with this Privacy Notice.

8. Data Security

We maintain administrative, technical, and organisational measures designed to protect Personal Data against loss, misuse, unauthorised access, alteration, and disclosure. These safeguards include encryption, secure servers, access controls, network monitoring, and strict role-based permissions that limit access to individuals who require the information to perform their duties.

We use reputable hosting and infrastructure providers with established security standards and conduct periodic reviews, audits, and system checks to identify vulnerabilities. Communications through our Platform and Designated Channels are monitored for integrity and security, and we apply measures to reduce the risk of unauthorised instructions or improper access.

Although we take reasonable steps to protect Personal Data, no system is entirely risk-free. The security of any information also depends on the measures you take to protect your credentials, devices, and authorised user accounts. Where we believe a breach affecting your data has occurred, we will take appropriate steps, including notifying you and regulators where required by law.

9. Data Retention

We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, or as required under applicable law. This includes maintaining records needed to manage our relationship with Business clients, support operational activities carried out through Designated Channels, and meet legal, audit, and compliance obligations.

Information provided during onboarding, identity verification, and account administration is retained for the duration of the business relationship and for a period afterward to meet statutory record-keeping requirements. Communications, logs, and documentation created through the Platform or other authorised channels may be retained to ensure accurate record-keeping, resolve enquiries, and address operational or legal issues.

Where Personal Data is no longer required, we take steps to delete it securely or anonymise it so it can no longer be linked to an identifiable individual. Retention periods may vary depending on the type of data, applicable laws, and the context in which the data was collected.

10. Your Rights as a Data Subject

Depending on your location and the laws that apply to you, you may have certain rights over the Personal Data we hold. These rights may include the ability to request access to the Personal Data we process about you, ask us to correct incomplete or inaccurate information, or request deletion where the data is no longer needed or where the law permits.

You may also have the right to object to or restrict certain types of processing, including processing carried out on the basis of legitimate interests. Where processing is based on consent—such as optional communications—you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

In some cases, you may request a copy of your Personal Data in a structured, commonly used format or ask that we transfer it to another controller where technically feasible. These rights may be limited where we must retain data to comply with legal, regulatory, or record-keeping obligations.

You can exercise your rights by contacting us using the details provided at the end of this Privacy Notice. We will respond within the timelines required by Applicable Data Protection Laws. If you are dissatisfied with our response, you may lodge a complaint with the appropriate supervisory authority.

11. Your Choices

You may choose how certain types of Personal Data are used. If you receive optional updates or promotional messages from us, you can opt out at any time using the unsubscribe link or by contacting us directly. Your preference will be applied promptly without affecting essential service communications.

You may also manage cookies and similar technologies through your browser settings. Disabling certain cookies may affect website functionality, but you remain free to adjust these settings at any time.

Your choices do not affect our ability to process Personal Data where such processing is required for security, compliance, or other lawful purposes.

12. Children’s Privacy

Our website and Services are intended for adults and are not directed at individuals under the age of 18. We do not knowingly collect Personal Data from minors. If we become aware that a minor’s information has been provided to us without the appropriate authorisation, we will delete it as soon as reasonably possible.

If you believe a minor has submitted Personal Data to us, please contact us using the details provided at the end of this Privacy Notice.

13. Third-Party Links

Our website or Platform may contain links to third-party websites, tools, or services. These external sites operate independently from Muva and have their own privacy practices. We do not control, endorse, or assume responsibility for the content, security, or data-handling practices of third-party websites.

If you choose to follow a link to an external site, any Personal Data you provide will be governed by that site’s own policies. We encourage you to review their privacy notices before engaging with them.

14. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect legal requirements, operational changes, or improvements to the way we handle Personal Data. When updates are made, we will post the revised version on our website with an updated “Last Updated” date. If a change materially affects your rights or the way we process Personal Data, we will provide additional notice through the website, email, or other appropriate means.

Your continued use of the website or Services after a revised version becomes effective means you acknowledge and accept the updated Privacy Notice.

15. Contact Details, DPO & Fraud Reporting

If you have questions about this Privacy Notice, wish to exercise your data protection rights, or need clarification on how your Personal Data is handled, you may contact us using any of the details below.

For DPO / Privacy Concerns

Email: dpo@muvanetworks.com

For General Support / Access Requests

Email: support@muvanetworks.com

For Fraud Reports

Email: fraudalert@muvanetworks.com

Mailing Address

Address: 48 Rookie Crescent, Ottawa, Ontario, K2V 0R9 , Canada

If you believe your rights have not been respected, you may lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) or, for Nigerian residents, the Nigeria Data Protection Commission (NDPC).