Skip to content
COWRI

Privacy Policy

Last updated: 29 June 2026

1. Introduction

COWRI ("we", "us", "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our platform. We operate in compliance with the Ghana Data Protection Act 2012 (Act 843), the South African Protection of Personal Information Act 2013 (POPIA), and applicable international data protection standards.

2. Information We Collect

Account Information: Name, email address, phone number, country of residence.

Identity Verification: Government-issued ID (national ID, passport, driver's licence), selfie photographs, and proof documents as required for KYC compliance.

Transaction Data: Order history, amounts, wallet addresses, payment references, IP addresses.

Device Information: Browser type, device identifiers, session data for security purposes.

Communications: Support chat logs, emails, and enquiries.

3. Legal Basis for Processing

We process your personal information on the following bases:

  • Contract: To provide our services and process your transactions.
  • Legal obligation: To comply with AML/CFT laws, FICA requirements, and tax reporting obligations.
  • Legitimate interest: To prevent fraud, maintain platform security, and improve our services.
  • Consent: For marketing communications and non-essential cookies.

4. How We Use Your Information

  • Process cryptocurrency buy/sell orders and remittance transactions
  • Verify your identity as required by law (KYC/AML)
  • Screen against sanctions lists and PEP databases
  • Monitor transactions for suspicious activity
  • Communicate order status, security alerts, and service updates
  • Comply with regulatory reporting obligations

5. Data Sharing

We may share your information with:

  • Regulatory authorities: Financial Intelligence Centre (SA), Financial Intelligence Authority (GH), as required by law.
  • Identity verification providers: For biometric and document verification.
  • Payment providers: To process fiat transactions (banks, mobile money operators).
  • Custody providers: For virtual asset settlement and custody services.

We do not sell your personal information to third parties.

6. Data Retention

We retain your data for the following periods:

  • KYC documents: 5 years from the date of account closure (FICA requirement).
  • Transaction records: 5 years from the transaction date.
  • Account data: Duration of account plus 5 years.
  • Audit logs: 7 years (regulatory requirement).

7. Your Rights

Under POPIA and the Ghana Data Protection Act, you have the right to:

  • Access your personal information held by us
  • Request correction of inaccurate information
  • Request deletion of your data (subject to legal retention requirements)
  • Object to processing based on legitimate interest
  • Data portability (receive your data in a structured format)
  • Lodge a complaint with the Information Regulator (SA) or Data Protection Commission (GH)

To exercise these rights, contact our Information Officer at privacy@getcowri.com.

8. Security

We employ industry-standard security measures including encryption in transit (TLS), access controls, audit logging, and regular security assessments to protect your data. Identity documents are stored with restricted access and retrieved only via time-limited secure links.

9. Information Officer

Our designated Information Officer can be contacted at:
Email: privacy@getcowri.com
This officer is responsible for ensuring compliance with POPIA and the Ghana Data Protection Act.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification. Continued use of the platform after changes constitutes acceptance of the updated policy.