How Veloqua collects, uses, and protects your personal information

Effective DateJune 2026
VersionJune 2026
Published Atveloqua.co/privacy
Governing LawRepublic of Rwanda / State of Georgia, USA
Contactinfo@veloqua.co

1. WHO WE ARE

Veloqua Ltd (“Veloqua”, “we”, “us”, “our”) is a company incorporated in Rwanda under Registration Number REG-2026-566448, with its registered office at 1 KN 78 St, Nyarugenge, Kigali, Rwanda. Our parent company is Apex Global Payments LLC d/b/a Veloqua Holdings, a Georgia-registered company operating as the technology and services platform.

This Privacy Policy explains how we collect, use, store, share, and protect personal and organizational data when you visit veloqua.co, register on our platform, use our services, or communicate with us.

We comply with Rwanda Law No. 058/2021 on the Protection of Personal Data and Privacy, applicable US data protection principles, and GDPR-aligned standards for international data transfers.

2. WHAT DATA WE COLLECT

2.1 Data You Give Us Directly

  • Identity data: full name, title, nationality, date of birth, government-issued ID
  • Contact data: email address, phone number, physical address, country of operation
  • Organization data: cooperative name, registration number, membership details, export license, bank account details
  • Commercial data: purchase orders, contracts, invoices, shipment documentation, commodity and volume information
  • Communications: emails, messages, inquiries, and any correspondence you send us

2.2 Data We Collect Automatically

  • Platform activity data: login timestamps, actions taken on platform, documents uploaded, forms completed
  • Transaction data: advance requests, disbursement records, repayment records, settlement confirmations
  • Performance data: delivery schedules, shipment outcomes, repayment timeliness, contract fulfillment records
  • Device and technical data: IP address, browser type, operating system, referring URLs, used for security and fraud prevention only
  • Cookie data: as described in our Cookie Policy at veloqua.co/cookies

2.3 Data We Receive From Third Parties

  • KYC and identity verification data from regulatory-approved identity verification services
  • Credit and financial data from Rwanda Development Bank, BNR, or other authorized financial data sources
  • Sanctions and AML screening data from compliance data providers
  • Export and trade documentation from Rwanda Development Board, NAEB, RCA, and similar authorities

3. HOW WE USE YOUR DATA

3.1 To Provide Our Services

  • Process and evaluate applications for platform access
  • Conduct identity verification, KYC checks, and AML screening
  • Evaluate and process advance requests against verified commercial contracts
  • Facilitate disbursements and settlement to cooperatives through our banking partner in Rwanda
  • Maintain your account, credit profile, and transaction history on our platform

3.2 For Compliance and Regulatory Obligations

  • Comply with Rwanda National Bank (BNR) Regulatory Sandbox requirements and ongoing reporting
  • Comply with US Bank Secrecy Act, FinCEN MSB registration obligations, and AML program requirements
  • File required regulatory reports including Suspicious Activity Reports where legally required
  • Respond to lawful requests from regulatory authorities in Rwanda, the United States, and other applicable jurisdictions
  • Maintain audit trails and compliance records as required by applicable financial regulations

3.3 For Platform Analytics and Service Improvement

  • Analyze platform usage to improve user experience and service quality
  • Develop and improve our credit assessment models and risk management tools
  • Generate aggregated, anonymized performance reports for internal purposes

3.4 For Aggregated Data Services

Veloqua may use aggregated and anonymized transaction data, cooperative performance metrics, and agricultural supply chain data for platform analytics, risk modeling, compliance reporting, and data services provided to third parties. Individual cooperative and user data is never sold or shared in identifiable form. All aggregated datasets are de-identified and do not contain personally identifiable information. You may opt out of inclusion in aggregated datasets by contacting info@veloqua.co. This will not affect your access to platform services.

3.5 For Communications

  • Respond to your inquiries and requests
  • Send platform updates, service notifications, and regulatory communications
  • Send marketing communications where you have given explicit consent. You may withdraw consent at any time

4. LEGAL BASIS FOR PROCESSING

We process your data under the following legal bases:

  • Contract performance: processing necessary to provide our platform services and fulfill contractual obligations
  • Legal obligation: processing required to comply with applicable financial regulation, AML law, and regulatory reporting
  • Legitimate interests: fraud prevention, platform security, service improvement, and risk management, where these do not override your rights
  • Consent: marketing communications and optional data services, withdrawable at any time

5. HOW WE SHARE YOUR DATA

We do not sell your personal data. We share data only in the following limited circumstances:

  • Settlement and disbursement: with our banking partner in Rwanda for settlement and disbursement to cooperatives, bound by confidentiality and data processing agreements
  • Identity verification: with KYC and AML screening providers, for verification purposes only
  • Regulatory reporting: with BNR, FinCEN, Rwanda Revenue Authority, and other regulators as legally required
  • Professional advisors: with attorneys, accountants, and auditors under strict confidentiality obligations
  • Platform operations: with enterprise cloud infrastructure providers, governed by data processing agreements with GDPR-aligned protections
  • Business transfers: in the event of a merger, acquisition, or sale of assets, with advance notice to affected users

We never share your individually identifiable data with commodity traders, data brokers, investors, or marketing companies.

6. DATA RETENTION

  • KYC and identity verification records: 7 years from end of business relationship, as required by AML regulations
  • Transaction and financial records: 7 years, as required by BNR, FinCEN, and RRA
  • Platform activity logs: 3 years
  • Communications and correspondence: 3 years
  • Website contact inquiries: 24 months
  • Aggregated and anonymized data: indefinitely, no personal data retained in this form

7. YOUR RIGHTS

You have the following rights under Rwanda Law No. 058/2021 and applicable data protection law:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate or incomplete data
  • Erasure: request deletion of your data where we no longer have a legal basis to process it
  • Restriction: request that we limit how we use your data in certain circumstances
  • Objection: object to processing based on legitimate interests
  • Portability: receive your data in a structured, machine-readable format
  • Withdraw consent: withdraw consent for marketing or optional data services at any time

To exercise any of these rights contact info@veloqua.co. We will respond within 30 days. Some rights are subject to regulatory retention obligations that we cannot override.

8. DATA SECURITY

Veloqua implements technical and organizational security measures proportionate to the risk of data processing. Our infrastructure is built to NIST Cybersecurity Framework standards. All data is encrypted in transit and at rest. Access to personal data is restricted to authorized personnel only. We conduct regular security reviews and maintain an Incident Response Plan for data breach scenarios.

In the event of a personal data breach that poses a risk to your rights, we will notify you and the relevant regulatory authority within 72 hours of becoming aware of the breach.

9. INTERNATIONAL DATA TRANSFERS

Veloqua operates across Rwanda and the United States. Your data may be processed in both jurisdictions. International transfers are conducted under appropriate safeguards including standard contractual clauses and data processing agreements with GDPR-aligned protections. Our cloud infrastructure providers maintain data residency options and cross-border transfer protections.

10. COOKIES

Our use of cookies is described in our Cookie Policy at veloqua.co/cookies.

11. CHILDREN

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child please contact info@veloqua.co immediately.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email and update the version date at the top of this page. Continued use of our platform after changes constitutes acceptance of the updated Policy.

13. CONTACT US

For any privacy-related questions, requests, or concerns: info@veloqua.co | Veloqua Ltd, 1 KN 78 St, Nyarugenge, Kigali, Rwanda