A new way to transact is here! 

 Days 

00

 : 

00 

till launch, Watch this space!

Learn More

Privacy policy

Updated September 25, 2025
Nigeria
Kenya
Introduction
Types of personal data and other information collected
How we collect your data
Use/Processing of Personal Data
Transfer of Data
Your rights over your data
How to exercise your rights
Complaints
How Long Do We Keep Your Personal Data
Security of personal data
Disclosure of Personal Data
Data Processing Principles
Service providers
External sites
Children's policy
Changes to privacy policy
Client's liability
Contact us

Introduction

At Busha, we take your privacy seriously regardless of the capacity in which you are engaging with us. We collect and process different types of personal data depending on the nature of our relationship with you which may fall into any of the following categories;
  • merchants using Busha Commerce to accept crypto asset payments from customers;
  • individuals using our website, platform, wallet and yield products; or
  • potential employees and job applicants using our recruitment portal, we ensure that we manage your personal data in a manner that is compliant with applicable laws and regulations.

Busha Digital Limited is the data controller and is responsible for your Personal Data (collectively referred to as “Busha”, "we", "us" or "our" in this privacy policy).

This privacy notice sets out how we collect your data, the types of data we collect, why we collect your data, your rights as a data subject and other important information relating to your personal data.

At certain intervals, we may make some changes to these notices to meet changing circumstances, law or any other triggering factor. Where any significant changes are made, we will notify you of such changes. Otherwise, you may track the changes we make from the headers of the notices which discloses the version of the notice and the recent updates.

If you have any questions or concerns about the privacy notice or how we collect, process or manage your personal data at Busha, you may contact us at compliance@busha.co.
We collect different types of Personal Data and other Information from the visitors to our website voluntarily. The collection of Personal Data and other Information is to provide and improve our Service to you, and such Personal Data and other Information includes but is not limited to:
  1. Personal Identification Data: While using our Service, we may ask you to provide us with certain personally identifiable information that we can use to contact or identify you. These include but is not limited to the full name, date of birth, nationality, cellphone or mobile number, email address, place of residence (and/or proof of residence), employment status, the industry of employment and/or national identification number (“Personal Identification Data”).
  2. Usage Data: We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
  3. Tracking & Cookies Data: We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with a small amount of data including a unique anonymous identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and improve and analyse our Service. You can instruct your browser to accept or refuse all cookies or indicate when a cookie is being sent. However, if you do not accept cookies, you may not experience and use some portions of our Service. Examples of Cookies we use:
  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.
  • Necessary Cookies.
For more details on how we use cookies on our platform and the types of cookies we use, please see our Cookie Notice.
  1. Information for purposes of biometric identification, such as the selfie you provide to us when creating your Busha account;
  2. National identity documentation such as a copy of your national identity card, drivers’ license or passport and/or any other information deemed necessary to comply with our legal obligations under financial or anti-money laundering laws;
  3. Transaction information such as your transaction data on your Busha account and information on the recipient of any transaction(s);
  4. Correspondence such as information provided to us when engaging with our customer support and/or responses to our surveys;
  5. Device and location information such as, geolocation information, browser name and version information, IP address information, device fingerprint data, authentication data and/or clickstream data.
We collect your Personal Data and other Information from public and non-public sources through;
  • your direct disclosures to us when you onboard on our platform, use our Services or access our platform;
  • your communication to us through our customers support channels, email, chat, telephone, or any other means;
  • your reading of our emails or notices, online research on social media and websites which may not be publicly available;
  • investigations on publicly available databases in furtherance of our compliance obligations;
  • your participation in surveys which we make available to you, competitions and promotions;
  • your usage of the Busha platform (we collect Information on your transactions and usage of your Busha account); and
  • third parties such as identity verification services, credit reference agencies, regulatory and enforcement agencies, and public sources.
The Personal Data and other Information collected is internally reviewed, used to improve the content of our website, notify our visitors of updates, and respond to visitor inquiries. Once your Personal Data and other Information is reviewed, it is discarded or stored in our files for the period it is reasonably needed.

If we make material changes in collecting Personal Data or other Information highlighted above, we will inform you by placing a notice on our website or application. Personal Data received from any visitor will be used only for internal purposes and will not be sold or provided to third parties (except necessary under an Agreement between Busha and a Service Provider).
We will only process your Personal Data to carry out our lawful business activities. In doing so, we rely on one or more of the following lawful grounds for processing your Personal Data:
The lawful grounds under which we may process your personal data include:
  1. Contractual necessity: We may process your Personal Data where it is necessary for us to provide our products and services to you or to otherwise comply with our obligations under Busha’s Terms of use.
  2. Consent: In some cases, we will only process your personal data where you provide us with your express consent for such processing.
  3. Legal obligation: In some cases, we may need to process your Personal Data to comply with an obligation imposed by law.

More specifically, we may process your personal data for one or more of the following purposes.

  1. to verify your identity, following Know Your Customer (KYC), Anti-Money Laundering, Combating the Financing of-Terrorism (AML/CFT/CPF) requirements;
  2. to manage and maintain your account with us;
  3. to detect and prevent fraudulent or unauthorised use of our products and services;
  4. to better manage our business and your relationship with us, including for purposes of quality control and staff training to make sure we continue to provide you with accurate information, products and services;
  5. to improve our products and services, and to develop new products and services;
  6. to notify you about benefits and changes to the features of our products and services;
  7. to provide you with personalised advertising and marketing;
  8. to respond to your enquiries and to resolve disputes; and
  9. concerning legal claims, compliance, audit, risk management, law enforcement processes and regulatory functions; in connection with the acquisition, merger or sale of a business.
Your Information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.

Your consent to this Privacy Notice and your submission of such Information represents your agreement to that transfer. BDL will take all steps reasonably necessary to ensure that your Information is treated securely and in accordance with this Privacy Notice. Any Personal Data you provide to us, including and similar to your name, address, telephone number and e-mail address, will not be released, sold, or rented to any entities or individuals except in accordance with this Privacy Notice, our privacy policy and applicable law.
You have certain rights/control over the Personal Data or other Information you submit to us and those that we collect from third-party sources. This includes the right:
  1. to access and confirm your Personal Data held by Busha;
  2. to withdraw consent from or object to the processing of your Personal Data (this does not affect already processed Information);
  3. to rectify or update any inaccurate or outdated Personal Data;
  4. to know the purpose for processing your Personal Data;
  5. to restrict the processing of your Personal Data;
  6. to request for erasure of any Personal Data Busha holds about you, if any, subject to the provisions of applicable law;
  7. to request a copy of the Personal Data Busha keeps about you;
  8. to object/refuse access to your Personal Data for direct marketing; and
  9. to contest the accuracy of your Personal Data or other Information. Where this is done, Busha shall have the right to a specified period to verify the accuracy of the Personal Data or other Information.
At your request, Busha will provide your Personal Data or other Information, in a structured manner, commonly used and machine-readable format to you. To carry out this request, please refer to our Data Subject Access Request page or send the request via email to compliance@busha.co.

We will not hinder you from transmitting your Personal Data or other Information in our database to another company where the processing is based on consent, on a contract, and processing is carried out by automated means in compliance with applicable laws.

We will execute your requests on the transmission of your Personal Data or other Information to another company, where technically feasible.
When you make a request to exercise any of the above rights, we will provide you with your Personal Data and other necessary Information you request. However, we reserve the right to charge you or refuse your request where we notice that the request is repetitive or excessive. For the purpose of this notice, four consecutive requests would be deemed repetitive and excessive.

Your right to the erasure of your Personal Data does not apply to legal necessaries like invoices, audit logs, subscription information, and the Personal Data archived on Busha’s backup systems which we shall securely isolate and protect from any further processing to the extent required by applicable law.

Where any of your rights as provided for under this Privacy Notice is breached, resolution shall be in accordance with the provision of our Terms of Service, provided that you can only apply for a remedy within a period of 2 years within which the breach occurred.
You have the right to make a complaint at any time to the Nigerian Data Protection Commission (NDPC). We would, however, appreciate the chance to deal with your concerns before you approach the NDPC so please contact us in the first instance.
We keep your Personal Data only so long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements This is also the case for anyone that we share your Personal Data with and who carries out services on our behalf.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your Personal Data: see How to exercise your rights? above for further information.In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
When we no longer need to use your information and there is no need for us to keep it to comply with our legal or regulatory obligations, we either remove it from our systems or depersonalize it so that we cannot identify you.
We take the security of the Personal Data we collect very seriously. We take reasonable security measures to protect your Personal Data and reduce the risk of accidental destruction, loss, or unauthorised access to such Personal Data However, please note that no system involving the transmission of Information via electronic storage systems or the internet is entirely secure.
We may share your personal data with:
  • Any person that works for Busha;
  • Financial and other institutions we partner with to provide our products and services;
  • Companies and organisations that provide third-party services to us, including technical infrastructure, marketing and analytics, and web and app development;
  • Companies and organisations that assist us with identity verification, background screening and due diligence.
  • Our professional advisers, consultants and other similar services.
We will otherwise treat your personal data as private and confidential and will not share it with other parties except:
  • Where you have permitted us to do so;
  • Where we believe it is reasonably necessary to comply with any law, regulation, legal process or governmental request, to enforce our Terms of use or other agreements, or to protect the rights, property, or safety of us, our customers or others;
  • Where we may transfer rights and obligations according to our agreement with you.
We adhere to the following data privacy principles required by law:
  • Fairness and Transparency: We collect and use your Personal Data in a lawful, transparent, and fair manner.
  • Purpose Limitation: We only collect Personal Data for specific, clearly defined, and legitimate purposes. We won't use it for anything beyond those purposes without your consent.
  • Data Minimization: We only collect the minimum amount of Personal Data necessary to achieve our stated purposes.
  • Storage Limitation: We will not retain your Personal Data for longer than necessary to fulfill the purposes for which it was collected.
  • Accuracy: We strive to maintain accurate and up-to-date information. You have the right to request corrections if needed.
  • Security: We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, damage, or misuse.
  • Accountability: We are accountable for your data and demonstrate compliance with these principles.
We may employ third-party companies and individuals to facilitate our Service ("Service Providers"), provide service on our behalf, perform Service-related services, or assist us in analysing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Our Service may contain links to other sites not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Service does not address anyone under 18 ("Children"). We do not knowingly collect Personal Data from anyone under 18. If you are a parent or guardian and know that your child has provided us with Personal Data, please contact us via Compliance@busha.co. If we become aware that we have collected Personal Data from children without verification of parental consent, we remove that information from our servers.
We may update our Privacy Notice from time to time. We will notify you of any changes by posting the new Privacy Notice on this page. We will notify you via email and/or by a notice on our Service before the change becomes effective and update the "effective date" at the top of this Privacy Notice. You are advised to review this Privacy Notice periodically for any changes. Changes to this Privacy Notice are effective when posted on this page.
The security of your data is important to us. But remember that no method of transmission over the internet or method of electronic storage is 100% secure.

While we do our best to protect your personal information, we cannot guarantee the security of any information that you transmit to us. You are solely responsible for maintaining the secrecy of any passwords or other account information, and we will not be liable if such information is leaked or disclosed by reason of your negligence. By using the Service, you agree to the collection and use of information in accordance with this notice.
If you have any questions about this Privacy Notice, please contact our Data Protection Officer via compliance@busha.co
Introduction
Types of personal data and other information collected
How we collect your data
Use/Processing of Personal Data
Transfer of Data
Your rights over your data
How to exercise your rights
Complaints
How Long Do We Keep Your Personal Data
Security of personal data
Disclosure of Personal Data
Data Processing Principles
Service providers
External sites
Children's policy
Changes to privacy policy
Client's liability
Contact us

Introduction

At Busha, we prioritize your privacy, irrespective of how you engage with us. We are committed to protecting your personal data and ensuring that it is handled in accordance with Kenya's Data Protection Act, 2019 and applicable regulations.
We collect and process various categories of personal data based on our relationship with you, which may include:
Busha Digital Limited, registered and operating in accordance with Kenyan law, is the designated data controller responsible for your personal data (collectively referred to in this policy as “Busha”, “we”, “us” or “our”).Busha Digital Limited is the data controller and responsible for your Personal Data (collectively referred to as “Busha”, "we", "us" or "our" in this privacy policy).

This Privacy Policy outlines how we collect, use, disclose, and protect your personal data, the types of data we collect, the legal bases for processing, your rights under Kenyan law, and the safeguards in place to protect your information.The hyperlinked privacy notices sets out how we collect your data, the types of data we collect, why we collect your data, your rights as a data subject and other important information relating to your personal data.

We may update this policy from time to time to reflect legal or operational changes. Significant changes will be communicated through appropriate channels, while version history is maintained for transparency.

Should you have any inquiries or require clarification regarding this Privacy Policy or how we manage your personal data, please contact our Data Protection Officer at: compliance@busha.co.
We collect various categories of personal data and related information from users who interact with our services, either voluntarily or as necessary for the fulfillment of our legal and contractual obligations. This information helps us deliver, improve, and personalize our services. Data collected includes, but is not limited to:
  1. Personal Identification Data: This includes your full name, date of birth, nationality, gender, mobile number, email address, physical address (including proof of residence), employment status and sector, and national identification number, passport number or similar identifiers, in accordance with Section 31 of the Data Protection Act.
  2. Usage Data: Information on how you access and use our platform, such as your device’s Internet Protocol (IP) address, browser type and version, pages visited, date and time of visit, time spent on pages, and diagnostic data used to analyze service functionality.
  3. Tracking & Cookies Data: We use cookies and similar tracking technologies (e.g., beacons, tags, scripts) to enhance user experience and collect analytics. These include:
  • Session Cookies - to operate the service;
  • Preference Cookies - to store preferences;
  • Security Cookies – to ensure platform integrity;
  • Necessary Cookies – to support essential service functionality.
You may manage cookie settings through your browser, though some features may be limited. Please refer to our Cookie Notice for more details.
  1. Biometric Information: Collected during identity verification processes, such as selfies or facial scans, strictly for authentication and compliance purposes.
  2. Official Identification Documents: Copies of your national ID, passport, or driver's license, as required for compliance with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations under the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA).
  3. Transaction Data: Information on your Busha account transactions, including transaction IDs, amounts, recipient details, and related metadata.
  4. Correspondence Data: Any information voluntarily submitted via support channels, surveys, feedback forms, or complaint records.
  5. Device and Location Data: Includes geolocation, IP address, device fingerprinting, browser metadata, and clickstream data to optimize performance, security, and compliance.

We collect your personal data and related information from both public and non-public sources, using lawful and transparent means in accordance with Section 25 and 29 of the Data Protection Act, 2019. The primary sources include:
  • Direct disclosures from you during onboarding, registration, profile updates, or any other interaction where you voluntarily submit information via our platform or services.
  • Communications with our support teams, whether through email, live chat, telephone, social media, or other customer service channels.
  • Engagement with our emails, website notices, or marketing materials, including data gathered through user activity monitoring and email tracking tools.
  • Publicly available online sources, including social media platforms, corporate websites, and digital footprints, particularly when needed to comply with regulatory requirements.
  • Searches in publicly accessible databases or registries for purposes of due diligence, verification, and compliance (e.g., sanctions lists, company registries).
  • Participation in user surveys, promotional campaigns, or contests, where you submit data voluntarily for feedback or engagement purposes.
  • Your interactions on the Busha platform, including transaction details, navigation history, feature usage, and account activity.
  • Third-party providers, including:
  • Identity verification services
  • Credit reference bureaus
  • Financial institutions and payment service providers
  • Regulatory and law enforcement authorities
The collected data is used internally to enhance service delivery, respond to inquiries, develop new features, and ensure compliance with legal obligations. It may also be reviewed to maintain platform security and integrity.

All personal data is retained only for as long as necessary to fulfill its intended purpose or to comply with legal and regulatory obligations. Any retained data is handled with confidentiality and safeguarded against unauthorized access.

If material changes are made to our data collection methods, we will notify you via a prominent notice on our platform. Except as legally required or contractually agreed, we do not sell, lease, or distribute personal data to third parties.
We process your personal data lawfully, fairly, and transparently, solely for purposes necessary for our business operations and in accordance with the legal bases established under Sections 30 and 31 of the Data Protection Act, 2019.
The lawful grounds under which we may process your personal data include:
  1. Contractual Necessity: When processing is essential to fulfill our contractual obligations to you under Busha’s Terms of Use.
  2. Consent: Where you have expressly given us consent to process your personal data for specified purposes. You may withdraw your consent at any time.
  3. Legal Obligation: Where processing is required for us to comply with a legal obligation, such as financial, tax, regulatory, or anti-money laundering laws.
  4. Legitimate Interests: Where we have a legitimate business interest that does not override your rights and freedoms, such as fraud prevention or service enhancement.
  5. Public Interest: Where processing is necessary for reasons of substantial public interest under the law.
  1. To verify your identity in compliance with Know Your Customer (KYC), Anti-Money Laundering (AML), Combating the Financing of Terrorism (CFT), and Counter Proliferation Financing (CPF) regulations, as required by the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) and applicable Central Bank of Kenya guidelines.
  2. To create, manage, and maintain your Busha account, including service access and user authentication.
  3. To detect, investigate, and prevent fraudulent or unauthorized access or use of our platform.
  4. To manage our business and your relationship with us more effectively, including staff training, internal audits, quality control, and service monitoring.
  5. To continuously improve our products and services and innovate new features to meet user needs.
  6. To inform you of enhancements, new features, or changes to our services that may benefit you.
  7. To provide marketing and promotional messages that are relevant to your interests—subject to your marketing preferences and rights to object.
  8. To respond to your queries, support requests, complaints, or feedback.
  9. To comply with legal and regulatory requirements, participate in legal proceedings, or assist law enforcement agencies where required.
  10. To support business continuity activities, including audits, risk management, acquisition, restructuring, or sale of business assets.

Your personal data may be transferred to and maintained on servers or systems located in jurisdictions outside of Kenya. These jurisdictions may not have data protection laws equivalent to those in Kenya.

By agreeing to this Privacy Policy and providing us with your personal data, you expressly consent to such transfers, in accordance with Sections 48–50 of the Data Protection Act, 2019. We will only transfer your personal data outside Kenya under one or more of the following conditions:
  1. The recipient country has been legally recognized by the Office of the Data Protection Commissioner (ODPC) as having adequate data protection standards;
  2. Appropriate safeguards have been implemented, such as binding corporate rules, standard contractual clauses, or legally binding agreements between the entities;
  3. The data subject has explicitly consented to the proposed transfer after being informed of any potential risks;
  4. The transfer is necessary for the performance of a contract or the implementation of pre-contractual measures;
  5. The transfer is required for public interest reasons, legal claims, or to protect the vital interests of the data subject.


Busha Digital Limited will ensure that any such transfer complies with applicable laws and that adequate security measures are in place to protect your data. We do not sell, lease, or rent your personal data to third parties. All transfers will be strictly controlled and only carried out with entities that are subject to strict data protection obligations.

Under Kenya's Data Protection Act, 2019, you are entitled to exercise certain rights over the personal data we hold about you. These rights allow you to maintain control and oversight over your information. They include the right to:
  1. Access your personal data and request confirmation that we are processing it;
  2. Correct or update any inaccurate or outdated personal data;
  3. Withdraw consent or object to processing, where processing is based on your consent or our legitimate interest (this does not affect the lawfulness of processing based on consent before its withdrawal);
  4. Know the purpose for which your personal data is being processed;
  5. Restrict processing, especially if the accuracy of the data is contested or processing is unlawful;
  6. Request erasure of your personal data under certain conditions (also known as the "right to be forgotten");
  7. Receive a copy of your data in a structured, commonly used, and machine-readable format (data portability);
  8. Refuse or object to the use of your personal data for direct marketing;
  9. Contest the accuracy of your data, after which we have a right to a reasonable period to verify and rectify the disputed information.

To exercise any of these rights, please contact us at compliance@busha.co. You may also submit a formal request via our Data Subject Access Request portal (where applicable).

If the processing is based on your consent or a contract and is carried out by automated means, you have the right to request the transmission of your personal data to another controller, where technically feasible.

Please note: In cases where legal or regulatory obligations require us to retain certain data (e.g., for compliance, audit, or security purposes), full erasure or restriction may not be possible until the expiration of the mandatory retention period.
To exercise any of the data rights outlined above, you may submit a request by contacting our Data Protection Officer at compliance@busha.co. Upon verification of your identity, we will provide the relevant personal data and respond to your request in accordance with Section 26 and 39 of the Data Protection Act, 2019.


Please note the following conditions:
  1. We may charge a reasonable fee or decline to act on a request that is manifestly unfounded, excessive, or repetitive. For the purpose of this policy, more than four similar requests within a 60-day period may be considered excessive.
  2. We aim to respond within reasonable timeframes, not exceeding 30 days as stipulated under the Act, unless an extension is warranted.
  3. Your right to erasure does not extend to data that we are required to retain by law, such as:
  1. Tax records
  2. Audit logs
  3. Transaction and subscription data
  4. Information retained in secure backup systems, which is isolated and protected from further processing


All requests will be processed in good faith, and where technically feasible, we will comply with your instructions regarding data transfer or deletion.


If you believe your rights under this Privacy Policy have been violated, you may seek redress in accordance with our Terms of Service. Please note that any claim must be lodged within two years from the date of the alleged breach.

If you believe that we have violated your data protection rights or failed to comply with any provision of the Data Protection Act, 2019, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC), the statutory authority responsible for data protection in Kenya.

Before approaching the ODPC, we encourage you to contact us directly so we can attempt to resolve your concerns promptly and amicably. You can reach our Data Protection Officer via compliance@busha.co.
We retain your personal data only for as long as is reasonably necessary to fulfill the purposes for which it was collected, including the satisfaction of any legal, regulatory, accounting, compliance, or reporting requirements under Kenyan law.

To determine the appropriate retention period, we consider several factors:
  • The volume, nature, and sensitivity of the data;
  • The potential risk of harm from unauthorized use or disclosure;
  • The purposes for which the data was collected and whether those purposes can be fulfilled by other means;
  • Legal and regulatory requirements as prescribed under Kenyan law, including statutes related to anti-money laundering, tax, and financial recordkeeping.

In line with the Storage Limitation principle under the Data Protection Act, 2019:
  • You may request deletion of your data when it is no longer necessary for the purpose for which it was collected (see “How to Exercise Your Rights”).
  • In cases where complete deletion is not legally permissible (e.g., for audit or compliance purposes), we will securely isolate and protect the data from further processing.
  • In some cases, we may anonymize your data so that it can no longer be associated with you. Anonymized data may be retained indefinitely for research, analytical, or statistical purposes.
Once data retention is no longer justified, we take appropriate steps to securely delete or depersonalize the data from our systems and from the systems of any third parties processing data on our behalf.
We take the protection of your personal data seriously and implement robust technical and organizational measures to secure it from unauthorized access, alteration, disclosure, or destruction.

In compliance with Part VII (Section 41–44) of Kenya’s Data Protection Act, 2019, our security practices include:
  • Encryption and pseudonymization of sensitive personal data;
  • Role-based access controls and multi-factor authentication for internal systems;
  • Secure transmission protocols for online data transfers;
  • Regular internal and external security audits and vulnerability assessments;
  • Staff training on data privacy and cybersecurity awareness;
  • Incident response plans for handling data breaches.
While we strive to implement industry-standard security measures, no method of electronic storage or transmission over the internet can be guaranteed to be completely secure. Therefore, we cannot assure absolute security, but we continually assess and improve our safeguards.
We treat your personal data as confidential and will not share it with third parties except as outlined in this Privacy Policy or as permitted by law. Your data may be shared with:
Busha employees and authorized personnel, solely for operational purposes;
Financial institutions, payment service providers, and partners involved in delivering our services;
Third-party vendors providing infrastructure, analytics, customer support, and marketing services;
Verification and compliance firms conducting KYC, AML, and background screening;
Professional advisers including legal, regulatory, tax, audit, and risk consultants.
We will disclose your personal data to third parties only:
Where you have explicitly authorized or requested such disclosure;
Where we are required to do so by law, court order, or government regulation, including obligations under the Data Protection Act, 2019 or other applicable statutes (e.g., POCAMLA);
To enforce our contractual rights or protect our legal interests, including defending against claims or protecting the rights, safety, and property of Busha, our users, or others;
In connection with a merger, acquisition, corporate restructuring, or transfer of business, in which case appropriate safeguards and data transfer agreements will be applied.
All third-party recipients are subject to strict data protection and confidentiality obligations and may only use your personal data for the purpose specified by Busha.
In all data processing activities, we strictly adhere to the principles set out in Section 25 of Kenya’s Data Protection Act, 2019. These principles ensure that your personal data is processed in a lawful, transparent, and responsible manner:
Lawfulness, Fairness, and Transparency: We process personal data legally, fairly, and in a transparent way, always informing you of your rights and how your data will be used.
Purpose Limitation: Your data is collected for clearly defined, legitimate purposes. We do not use it for any other purpose unless you provide explicit consent or the law permits it.
Data Minimization: We collect only the data that is necessary for the specific purpose. We do not gather excessive or irrelevant information.
Accuracy: We ensure that personal data is accurate, complete, and up-to-date. You have the right to request corrections at any time.
Storage Limitation: We retain your personal data only as long as necessary to fulfill the purpose of collection or as required by law or regulation.
Integrity and Confidentiality (Security): We apply appropriate organizational and technical safeguards to ensure the confidentiality, integrity, and availability of your data, preventing unauthorized access or accidental loss.
Accountability: As a data controller, Busha is responsible for demonstrating compliance with these principles and is committed to maintaining internal controls and oversight mechanisms.
These principles guide every aspect of how we handle personal data—from collection to deletion—and reinforce our commitment to protecting your privacy rights.
We engage third-party companies and individuals (“Service Providers”) to support various aspects of our services, including platform development, analytics, customer support, compliance, and infrastructure.


These Service Providers are granted access to your personal data only to the extent necessary to perform their functions on our behalf. All such providers are bound by contractual obligations to:
Maintain the confidentiality and security of your personal data;
Process the data only for the authorized purpose and not for their own benefit;
Comply with applicable data protection regulations, including the Data Protection Act, 2019.
Our platform may contain links to external websites or resources that are not controlled by Busha. When you follow a third-party link, you will be subject to that party’s privacy practices.
We strongly encourage you to read the privacy policies of any third-party site you visit. Busha assumes no responsibility for the content, privacy practices, or data handling procedures of external websites or services.
While we implement robust security measures, no system is completely secure. You are responsible for safeguarding your login credentials and any access information related to your Busha account.
Busha shall not be liable for any data breaches or unauthorized access resulting from your negligence or failure to secure your personal account information. By using our services, you agree to assume responsibility for maintaining your account confidentiality.
We may update this Privacy Policy periodically to reflect changes in legal, regulatory, or operational requirements. Significant changes will be communicated through:
  • Email notifications;
  • Notices on our website or platform;
  • Updated "effective date" at the top of this document.

We recommend that you review this policy periodically to stay informed about how we protect your personal data. Changes will take effect once posted on this page, unless otherwise stated.
While we implement robust security measures, no system is completely secure. You are responsible for safeguarding your login credentials and any access information related to your Busha account.

Busha shall not be liable for any data breaches or unauthorized access resulting from your negligence or failure to secure your personal account information. By using our services, you agree to assume responsibility for maintaining your account confidentiality.
If you have any questions about this Privacy Notice, please contact our Data Protection Officer via compliance@busha.co

Join the Busha Tribe

Stay in touch with the latest news and releases
Busha is Nigeria's pioneering SEC-licensed digital assets provider, fully compliant with NDPR for secure data protection.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© 2025 Busha. All rights reserved.
Busha is Nigeria's No.1 Regulated Crypto Exchange.

By using this website, you consent to our Privacy Policy and Cookie Policy, which outlines how we collect, use, and safeguard your data.

Please read our full Risk Warning to understand the potential risks involved in investing and do your research before making any decisions.
Please refer to our Terms of Use for the terms that govern your use of our services.

Busha Digital Limited (Nigeria) is incorporated under the Companies and Allied Matters Act 2020 with registration number (1495049) and provides its services under a licence by the Securities and Exchange Commission, (SEC) Nigeria.