Last Updated: June 7, 2025
Qol Labs ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data when you use our services, including but not limited to our Remittance Platform, Crypto Exchange, Streaming Service, Crowdfunding Platform, Freelancing Platform, Layer-1 Blockchain, Airdrop and Launchpad Platform, Games, Artificial Intelligence (AI) services, and other related services (collectively, the "Services"). This Privacy Policy applies to all users globally and is designed to comply with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the United States, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, the Lei Geral de Proteção de Dados (LGPD) in Brazil, and other relevant regulations in jurisdictions where we operate.
This Privacy Policy applies to all personal data collected through our websites, mobile applications, APIs, and other digital or physical interfaces related to our Services. It covers users, customers, partners, service providers, and visitors interacting with our platforms. This policy does not apply to third-party websites, services, or applications that may be linked to or integrated with our Services, which are governed by their own privacy policies.
We collect various types of information to provide, improve, and secure our Services. The types of information we collect include:
Identity Data: Name, date of birth, gender, nationality, and government-issued identification (e.g., passport, driver’s license) for KYC/AML compliance.
Contact Data: Email address, phone number, mailing address, and social media handles.
Financial Data: Bank account details, cryptocurrency wallet addresses, payment card information, transaction history, and tax-related information.
User Profile Data: Username, password, profile picture, preferences, and settings.
KYC/AML Data: Documentation required for identity verification, such as proof of address, source of funds, and other compliance-related information.
Usage Data: IP address, device type, operating system, browser type, geolocation data, session duration, pages visited, and interactions with our Services.
Technical Data: Cookies, pixel tags, log files, and analytics data collected to monitor and improve platform performance.
Content Data: User-generated content, such as posts, comments, reviews, project descriptions, or media uploaded to our Crowdfunding, Freelancing, or Streaming Platforms.
Blockchain Data: Public blockchain addresses, transaction records, and smart contract interactions on our Layer-1 Blockchain or Airdrop/Launchpad Platform.
Biometric Data: If applicable (e.g., for advanced identity verification), we may collect biometric identifiers like facial recognition data or voiceprints.
Financial Preferences: Investment preferences, risk tolerance, or other financial behavior data for personalized services on our Crypto Exchange or Crowdfunding Platform.
Third-Party Integrations: Data from payment processors, social media platforms, or authentication services when you link accounts or use third-party logins.
Publicly Available Data: Information from public sources, such as social media profiles or blockchain ledgers, to enhance user profiles or comply with legal requirements.
We collect information through:
Direct Interactions: When you register for an account, complete KYC/AML verification, submit content, or contact customer support.
Automated Technologies: Cookies, web beacons, server logs, and analytics tools that track your interactions with our Services.
Third Parties: Partners, service providers, or public sources (e.g., blockchain explorers, credit agencies) that provide data for compliance, analytics, or service enhancement.
User Contributions: Content you voluntarily provide, such as project descriptions, media uploads, or game interactions.
We use your information to:
Provide Services: Facilitate remittances, cryptocurrency trading, content streaming, crowdfunding campaigns, freelancing contracts, blockchain transactions, airdrops, and gaming/AI functionalities.
Verify Identity: Conduct KYC/AML checks to comply with global regulations and prevent fraud, money laundering, or terrorist financing.
Personalize Experiences: Tailor content, recommendations, and advertisements based on your preferences and usage patterns.
Improve Services: Analyze usage data to enhance platform performance, security, and user experience.
Communicate: Send transactional notifications, service updates, promotional offers, or respond to inquiries.
Ensure Security: Detect and prevent unauthorized access, fraud, or abuse of our Services.
Comply with Legal Obligations: Meet regulatory requirements, including tax reporting, data retention, and law enforcement requests.
Research and Development: Develop new features, services, or AI models using anonymized or aggregated data.
For users in the European Union, we process personal data based on the following legal grounds:
Consent: Where you have explicitly consented to data processing (e.g., for marketing or personalized recommendations).
Contractual Necessity: To fulfill our obligations under contracts, such as providing access to our Services or processing transactions.
Legal Obligation: To comply with applicable laws, such as KYC/AML regulations or tax reporting.
Legitimate Interests: For purposes like improving our Services, ensuring security, or preventing fraud, provided your rights are not overridden.
Vital Interests: In rare cases, to protect your or others’ safety.
We may share your information with:
Service Providers: Third-party vendors providing hosting, payment processing, analytics, KYC/AML verification, or customer support services.
Blockchain Networks: Public blockchain data, such as wallet addresses or transaction records, is inherently visible on our Layer-1 Blockchain.
Partners: Business partners, such as crowdfunding project creators, freelancers, or game developers, to facilitate service delivery.
Legal Authorities: Government agencies, regulators, or law enforcement to comply with legal obligations or respond to lawful requests.
Corporate Transactions: In the event of a merger, acquisition, or sale, your data may be transferred to the acquiring entity.
With Your Consent: When you explicitly agree to data sharing, such as for third-party integrations or marketing partnerships.
We ensure that third parties receiving your data are bound by contractual obligations to protect it in accordance with applicable laws.
Qol Labs operates globally, and your data may be transferred to, stored, or processed in countries outside your jurisdiction, including the United States, European Union, or other regions. We implement safeguards such as:
Standard Contractual Clauses (SCCs): For transfers from the EU/EEA to countries without an adequacy decision.
Data Protection Agreements: With third-party processors to ensure compliance with GDPR, CCPA, and other regulations.
Encryption: To secure data during transfer and storage.
We implement industry-standard measures to protect your data, including:
Encryption (e.g., AES-256 for data at rest, TLS for data in transit).
Multi-factor authentication and access controls.
Regular security audits and vulnerability assessments.
Decentralized storage for blockchain-related data.
Anonymization or pseudonymization where feasible.
Despite these measures, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. For example:
KYC/AML Data: Retained for a minimum of 5–7 years, as required by global regulations.
Transaction Data: Kept for auditing and tax purposes, typically 7 years.
User Account Data: Retained while your account is active and for a reasonable period after account closure, unless deletion is requested.
Anonymized Data: May be retained indefinitely for analytics or research.
Depending on your jurisdiction, you may have the following rights:
Access: Request a copy of your personal data.
Rectification: Correct inaccurate or incomplete data.
Erasure: Request deletion of your data, subject to legal retention obligations.
Restriction: Limit how we process your data in certain circumstances.
Data Portability: Receive your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests or for direct marketing.
Withdraw Consent: Revoke consent at any time, where applicable.
Lodge a Complaint: Contact a data protection authority (e.g., in the EU, your local Supervisory Authority; in California, the Attorney General).
To exercise these rights, contact us at privacy@qollabs.org. We will respond within the timeframes required by law (e.g., 30 days under GDPR, 45 days under CCPA).
Our Services are not intended for individuals under 16 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware of such data, we will delete it unless required by law to retain it.
We use cookies, web beacons, and similar technologies to:
Authenticate users and maintain session integrity.
Analyze usage patterns and improve our Services.
Deliver personalized advertisements.
You can manage cookie preferences through your browser settings or our cookie consent tool. Essential cookies required for platform functionality cannot be disabled.
Our Services may contain links to third-party websites or integrations (e.g., payment gateways, social media platforms). We are not responsible for their privacy practices. Review their policies before providing personal data.
We may update this Privacy Policy to reflect changes in our Services, legal requirements, or operational practices. We will notify you of material changes via email, in-app notifications, or by posting an updated policy on our website. Your continued use of our Services after such changes constitutes acceptance of the updated policy.
This section provides additional information and rights specific to certain jurisdictions to ensure compliance with local data protection laws. These addendums supplement the main Privacy Policy and apply to residents of the respective jurisdictions when using our Services.
European Union (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR applies to the processing of your personal data. This addendum outlines your rights and our obligations under these regulations.
a. Legal Basis for Processing
As stated in Section 5 of the main Privacy Policy, we process your personal data based on the following legal grounds:
Consent: For optional processing, such as marketing communications or personalized recommendations (e.g., tailored content on the Streaming Service or investment suggestions on the Crypto Exchange). You may withdraw consent at any time by contacting us or using account settings.
Contractual Necessity: To provide Services, such as processing transactions on the Remittance Platform, executing smart contracts on the Layer-1 Blockchain, or facilitating agreements on the Freelancing Platform.
Legal Obligation: To comply with EU regulations, such as Anti-Money Laundering Directive (AMLD5) for KYC/AML verification on the Crypto Exchange or Airdrop Platform.
Legitimate Interests: For activities like fraud prevention, platform security, or improving user experience (e.g., analytics for the Streaming or Gaming Services), provided your rights and freedoms are not overridden.
Vital Interests: To protect your safety or that of others in emergencies.
b. Your GDPR Rights
In addition to the rights listed in Section 10, you have the following specific rights:
Right to Be Informed: You have the right to clear, transparent information about how we process your data, as provided in this Privacy Policy.
Right to Object to Automated Decision-Making: You may object to decisions based solely on automated processing, including profiling (e.g., AI-driven recommendations or risk assessments on the Crypto Exchange), that produce legal or significant effects. You can request human intervention by contacting us.
Right to Lodge a Complaint: You may file a complaint with your local Supervisory Authority (e.g., CNIL in France, ICO in the UK). Contact details are available at https://www.edpb.europa.eu / https://ico.org.uk
c. Data Transfers
For data transfers outside the EEA or UK, we rely on:
Adequacy Decisions: Where the European Commission or UK recognizes a country as providing adequate protection.
Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions (e.g., the United States), we use SCCs approved by the European Commission or UK Information Commissioner.
Binding Corporate Rules: For intra-group transfers, where applicable.
d. EU/UK Representative
For GDPR compliance, our designated EU representative is:
Name: Anderson A.U
For UK GDPR compliance, our UK representative is:
Name: Anderson A.U
e. Data Protection Impact Assessments (DPIAs)
We conduct DPIAs for high-risk processing activities, such as biometric verification, large-scale profiling for AI services, or blockchain transaction monitoring, to ensure compliance with GDPR.
California, United States (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information.
a. Categories of Personal Information Collected
We collect the following categories of personal information, as outlined in Section 2:
Identifiers (e.g., name, email, IP address).
Personal information under California law (e.g., financial data, KYC documents).
Protected classifications (e.g., age, nationality for KYC/AML).
Commercial information (e.g., transaction history, crowdfunding contributions).
Biometric information (if used for identity verification).
Internet or network activity (e.g., browsing history, usage data).
Geolocation data.
Audio, visual, or similar information (e.g., user-generated content on the Streaming or Crowdfunding Platforms).
Professional or employment-related information (e.g., freelancer profiles).
Inferences drawn from the above (e.g., AI-driven recommendations).
b. Categories of Information Sold or Shared
Sale of Personal Information: We may “sell” personal information (as defined by CCPA) to third parties for targeted advertising (e.g., sharing usage data with ad networks for personalized ads on the Streaming or Gaming Services). You can opt out of such sales via our “Do Not Sell My Personal Information” link on our website.
Sharing for Business Purposes: We share personal information with service providers (e.g., payment processors, KYC vendors) for purposes like transaction processing, analytics, or fraud prevention.
c. Your CCPA Rights
You have the following rights, subject to verification of your identity:
Right to Know: Request details about the personal information we collect, use, disclose, or sell, including categories and specific pieces of data.
Right to Delete: Request deletion of your personal information, subject to exceptions (e.g., legal retention requirements for KYC/AML data).
Right to Opt-Out of Sale: Opt out of the sale of your personal information to third parties.
Right to Non-Discrimination: We will not discriminate against you (e.g., by denying services or charging different prices) for exercising your CCPA rights.
Right to Correct: Request correction of inaccurate personal information.
Right to Limit Use of Sensitive Personal Information: Restrict the use of sensitive personal information (e.g., biometric data) to purposes necessary for providing the Services.
To exercise these rights, contact us at privacy@qollabs.org or use the “CCPA Request” form on our website. We will respond within 45 days, extendable by an additional 45 days if needed.
d. Authorized Agents
You may designate an authorized agent to submit CCPA requests on your behalf. We require proof of authorization and identity verification.
e. Shine the Light Law
Under California’s Shine the Light law, you may request information about our disclosure of personal information to third parties for direct marketing purposes. Contact us at privacy@qollabs.org.
Canada (PIPEDA)
If you are a resident of Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws (e.g., British Columbia’s PIPA) apply to your personal information.
a. Principles of PIPEDA Compliance
We adhere to PIPEDA’s fair information principles, including:
Accountability: We have appointed a Data Protection Officer to oversee compliance.
Identifying Purposes: We collect and use personal information only for the purposes outlined in Section 4 (e.g., providing Services, KYC/AML compliance, improving user experience).
Consent: We obtain meaningful consent for collecting, using, or disclosing personal information, except where required by law (e.g., for legal compliance).
Limiting Collection: We collect only the information necessary for the identified purposes.
Safeguarding: We implement security measures as described in Section 8.
b. Your PIPEDA Rights
You have the following rights:
Access: Request access to your personal information and details about how we use or disclose it.
Correction: Request correction of inaccurate or incomplete information.
Challenge Compliance: File a complaint with the Office of the Privacy Commissioner of Canada if you believe we have violated PIPEDA.
Safeguarding: We implement security measures as described in Section 8.
To exercise these rights, contact us at privacy@qollabs.org. We will respond within 30 days.
c. Data Transfers
Personal information may be transferred to service providers outside Canada (e.g., for cloud storage or KYC verification). We ensure these providers comply with PIPEDA-equivalent standards through contractual agreements.
Brazil (LGPD)
If you are a resident of Brazil, the Lei Geral de Proteção de Dados (LGPD) applies to the processing of your personal data.
a. Legal Basis for Processing
Under LGPD, we process personal data based on:
Consent: For optional processing, such as marketing or profiling for AI-driven recommendations.
Contract Fulfillment: To provide Services, such as processing remittances or crowdfunding contributions.
Legal Obligation: To comply with Brazilian regulations, such as anti-money laundering laws or tax reporting.
Legitimate Interests: For fraud prevention, platform security, or service improvement, provided your rights are not overridden.
b. Your LGPD Rights
You have the following rights:
Confirmation: Confirm whether we process your personal data.
Access: Request access to your personal data.
Correction: Correct incomplete, inaccurate, or outdated data.
Anonymization, Blocking, or Deletion: Request anonymization, blocking, or deletion of unnecessary or non-compliant data.
Portability: Receive your data in a structured format for transfer to another controller.
Information on Sharing: Request details about third parties with whom we share your data.
Revoke Consent: Withdraw consent at any time for processing based on consent.
Oppose Processing: Object to processing that violates LGPD.
Lodge a Complaint: File a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).
To exercise these rights, contact us at [privacy@qollabs.com (mailto:privacy@qollabs.com)]. We will respond within 15 days, as required by LGPD.
c. Data Protection Officer
Our Data Protection Officer for LGPD compliance is:
Name: Alexander Pym Ata Allison
Contact: privacy@qollabs.com
d. Data Transfers
For international data transfers, we use mechanisms like Standard Contractual Clauses or ensure compliance with LGPD’s requirements for adequate protection.
For questions, concerns, or to exercise your data protection rights, contact our Data Protection Officer at:
Email: privacy@qollabs.org
Mailing Address: Qol Labs, 5 Umu-Ake Street Off Obor Road, Omoku, Rivers State, 510103, Nigeria
Phone: +2347038077938
For EU residents, our EU representative can be contacted at anderson@qollabs.org. For UK residents, our UK representative can be contacted at anderson@qollabs.org. For California Residents, more information will be provided on our next privacy policy update
Qol Labs is working to advance financial inclusion and empowerment for 2 billion unbanked users worldwide by creating decentralized applications and solutions on the Pim Protocol. Founded in Nigeria in 2024, we deliver the Qol Super App (launched 2025) and are building future utilities, including Qolpay, QolMart, Qolance, QolEx, Revma, and other innovative solutions to break down global financial barriers, ensuring secure, scalable, and sustainable transactions.
©Copyright 2025 | All Rights Reserved
