Privacy Policy

Reevit ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment orchestration platform. We comply with applicable data protection laws including GDPR and applicable African data protection regulations.

We collect information that you provide directly to us: **Account Information** • Name and email address • Organization name and details • Billing information **Payment Provider Credentials** • API keys and secrets (encrypted at rest using AES-256-GCM) • Provider account identifiers **Transaction Data** • Payment amounts and currencies • Transaction status and metadata • Customer identifiers (as provided by you) **Usage Data** • API requests and responses • Dashboard activity logs • Feature usage patterns

We use the information we collect to: • Provide and maintain our payment orchestration services • Process and route payment transactions • Send transactional notifications and webhooks • Improve and optimize our platform • Provide customer support • Comply with legal obligations • Detect and prevent fraud or abuse We do not sell your personal information to third parties.

We may share your information with: **Payment Service Providers** We transmit transaction data to the PSPs you have connected (Paystack, Hubtel, Flutterwave, etc.) as necessary to process payments. **Service Providers** We use trusted third parties for infrastructure (cloud hosting, monitoring) who are bound by confidentiality agreements. **Legal Requirements** We may disclose information if required by law or to protect our rights and safety. We never share your PSP credentials with anyone—they are only decrypted in memory when processing your transactions.

We implement robust security measures including: • **Encryption at Rest**: All sensitive data encrypted using AES-256-GCM • **Encryption in Transit**: TLS 1.3 for all API communications • **Access Controls**: Role-based access with audit logging • **Key Management**: Credentials decrypted only in memory when needed • **Infrastructure**: SOC 2 compliant cloud infrastructure No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We retain your data for as long as your account is active or as needed to provide services. Specifically: • **Account Data**: Retained until account deletion • **Transaction Records**: Retained for 7 years for compliance • **Logs**: Retained for 90 days for debugging and security • **Credentials**: Deleted immediately upon connection removal You may request deletion of your data at any time, subject to legal retention requirements.

Under applicable data protection laws, you have the right to: • **Access**: Request a copy of your personal data • **Rectification**: Correct inaccurate or incomplete data • **Erasure**: Request deletion of your data • **Portability**: Receive your data in a structured format • **Objection**: Object to certain processing activities • **Restriction**: Request limitation of processing To exercise these rights, contact us at privacy@reevit.io.

We use cookies and similar technologies to: • Maintain your session and authentication • Remember your preferences • Analyze usage patterns • Improve our services You can control cookies through your browser settings. Disabling cookies may affect functionality.

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place, including: • Standard contractual clauses • Adequacy decisions where applicable • Additional security measures for sensitive data

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through our platform. The "Last updated" date at the top indicates when this policy was last revised.

For questions about this Privacy Policy or our data practices: **Email**: privacy@reevit.io **Data Protection Officer**: dpo@reevit.io Reevit Technologies Inc.