Rollo - Privacy Policy

Last updated: January 2026

Table of Contents

ARTICLE 1 - DEFINITIONS, INTERPRETATIONS AND SCOPE

This Privacy Policy (hereinafter the 'Policy') aims to comprehensively define the rules applicable to the collection, processing, storage, sharing and protection of personal data by Rollo Technologies LLC (hereinafter 'Rollo', 'the Company', 'we', 'our' or 'us').

1.1 Definitions

For the purposes of this Policy, the following terms have the meaning given below:

Personal Data
any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier, a number, location data, an online identifier or to one or more factors specific to their identity.
User
any natural or legal person who accesses the website www.rollo.money, uses Rollo applications or benefits from any of the services offered by Rollo.
Processing
any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, extraction, consultation, use, communication, restriction, erasure or destruction.
Data Controller
Rollo Technologies LLC, which determines the purposes and means of processing personal data.
Processor
any entity processing personal data on behalf of Rollo, including technical providers, KYC service providers, banking partners or payment service providers.

1.2 Scope

This Policy applies to all processing of personal data carried out by Rollo in the context of:

  • the use of the website www.rollo.money;
  • registration and use of Rollo mobile applications;
  • the provision of digital financial services, including without limitation international payments, Mobile Money transfers and related services.

It applies regardless of the User's country of residence, subject to applicable local laws.

ARTICLE 2 - IDENTITY OF THE DATA CONTROLLER AND GENERAL FRAMEWORK

2.1 Identity of the Data Controller

The controller of personal data is:

Rollo Technologies LLC Website: www.rollo.money Official email: contact@rollo.money

Rollo is a technology company operating in the field of digital financial services, in partnership with financial institutions and licensed providers in their respective jurisdictions.

2.2 Data Protection Philosophy

Rollo considers the protection of personal data as a fundamental pillar of trust between the Company, its users, its banking partners and regulatory authorities. As such, Rollo is committed to:

  • collecting only strictly necessary data;
  • processing data fairly, lawfully and transparently;
  • guaranteeing a high level of security and confidentiality;
  • respecting the fundamental rights of data subjects.

ARTICLE 3 - REGULATORY FRAMEWORK AND INTERNATIONAL COMPLIANCE

3.1 Applicable Texts and Principles

The data processing operations carried out by Rollo are performed in accordance with principles arising notably from:

  • regulations relating to personal data protection applicable in Africa;
  • the General Data Protection Regulation (GDPR - EU 2016/679) where applicable;
  • compliance obligations related to financial services, particularly regarding KYC, AML and counter-terrorism financing;
  • requirements imposed by banking partners and payment service providers.

3.2 Fintech and Banking Compliance

As a fintech, Rollo is subject to enhanced requirements regarding compliance, traceability and data retention. Personal data may be processed to meet legal, regulatory or contractual obligations imposed by financial partners and competent authorities.

ARTICLE 4 - CONSENT, ACCEPTANCE AND CONTRACTUAL RELATIONSHIP

4.1 Acceptance of the Policy

Using Rollo services implies full and complete acceptance of this Policy. This acceptance is formalized notably during account creation, continued use of services or browsing the website.

4.2 Specific Consent

When data processing is based on the User's consent, it may be withdrawn at any time, subject to legal obligations requiring the retention of certain data.

4.3 Contractual Relationship

This Policy forms an integral part of the contractual relationship between Rollo and the User. It complements the general terms of use and any other applicable contractual document.

ARTICLE 5 - FUNDAMENTAL DATA PROTECTION PRINCIPLES

Rollo applies the following fundamental principles:

5.1 Lawfulness, Fairness and Transparency

Data is processed lawfully, fairly and transparently towards Users.

5.2 Purpose Limitation

Data is collected for specified, explicit and legitimate purposes and is not further processed in a manner incompatible with those purposes.

5.3 Data Minimization

Only data strictly necessary for the provision of services is collected.

5.4 Accuracy

Rollo takes reasonable measures to ensure that personal data is accurate and, if necessary, kept up to date.

5.5 Security and Confidentiality

Appropriate technical and organizational measures are implemented to protect personal data against any unauthorized access, loss, destruction or disclosure.

ARTICLE 6 - GENERAL TYPOLOGY OF COLLECTED DATA

In the context of its digital financial services activities, Rollo collects and processes different categories of personal data. This collection is strictly governed by the principles of necessity, proportionality and regulatory compliance.

  • personal identification data;
  • regulatory identification data (KYC/KYB);
  • financial and transactional data;
  • technical and operational data;
  • communication and support data.

The data collected varies according to the nature of services used by the User (account creation, international payments, Mobile Money transfers, etc.). They notably include:

Rollo prohibits any collection of data without a direct link to the provision of its services or its legal obligations.

ARTICLE 7 - IDENTIFICATION DATA AND KYC (KNOW YOUR CUSTOMER)

7.1 Purpose of KYC

In accordance with legal and regulatory obligations applicable to financial services, Rollo implements strict Know Your Customer (KYC) procedures. These procedures aim to prevent fraud, money laundering, terrorist financing and any illicit use of services.

7.2 Data Collected as Part of KYC

KYC data may include, without limitation:

  • surname and first names;
  • date and place of birth;
  • nationality;
  • valid official identity document;
  • photograph or biometric capture (verification selfie);
  • proof of address;
  • professional information when required.

This data is collected directly from the User or via specialized licensed providers.

7.3 KYB - Professional Clients

For companies and legal entities, Rollo applies Know Your Business (KYB) procedures, including the collection of information relating to the company, its directors, beneficial owners and legal representatives.

ARTICLE 8 - FINANCIAL, TRANSACTIONAL AND PAYMENT DATA

Rollo processes financial data strictly necessary for executing operations requested by the User. This data may include:

  • account balances;
  • transaction histories;
  • amounts, currencies and beneficiaries;
  • Mobile Money account information;
  • payment link details and statuses.

No sensitive data such as PIN codes or full account numbers are stored in clear text by Rollo.

ARTICLE 9 - TECHNICAL, OPERATIONAL AND BEHAVIORAL DATA

In the context of using the website and applications, Rollo collects certain technical data to ensure security, performance and continuous improvement of services, notably:

  • IP addresses;
  • login logs;
  • device type and operating system;
  • browsing and usage data.

This data may also be used for detecting suspicious or fraudulent activities.

ARTICLE 10 - ACCURACY, UPDATES AND DATA RESPONSIBILITY

Rollo places particular importance on the accuracy of processed personal data. The User undertakes to provide accurate, complete and up-to-date information.

Rollo reserves the right to suspend or restrict access to services in case of inaccurate, outdated or misleading data, in accordance with its regulatory obligations.

ARTICLE 11 - PAYMENT AND FINANCIAL OPERATIONS PROCESSING

Rollo processes personal data necessary for executing financial operations initiated by Users, notably international payments, payment link generation, Mobile Money transfers and associated operations.

These processings are essential for the performance of the contract between Rollo and the User and are carried out in accordance with international banking and payment standards. The processed data includes amounts, currencies, transaction identifiers, operation statuses and information relating to beneficiaries, strictly limited to what is required.

Rollo does not execute any operation without explicit instruction from the User or legal obligation, and implements validation, logging and traceability mechanisms to guarantee the integrity of operations.

ARTICLE 12 - TRANSACTION MONITORING AND RISK DETECTION

To ensure the security of the financial system and its Users, Rollo implements continuous transaction monitoring systems. These systems aim to detect unusual patterns, risky behaviors or operations likely to indicate fraudulent or illicit activity.

Monitoring may include automated controls, behavioral analyses and manual reviews when necessary. Certain operations may be subject to thorough examination, temporary hold, blocking or definitive refusal, in accordance with regulatory obligations and internal risk management policies.

ARTICLE 13 - COMBATING FRAUD, MONEY LAUNDERING AND TERRORISM FINANCING (AML/CFT)

Rollo is required to comply with strict obligations regarding Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT). To this end, personal data may be used to:

  • verify User identity;
  • analyze the origin and destination of funds;
  • detect and report suspicious activities;
  • respond to requests from competent authorities.

Rollo reserves the right to suspend, restrict or close an account when serious suspicions of fraud or illicit activity are identified, without prejudice to legal reporting obligations.

ARTICLE 14 - REGULATORY OBLIGATIONS AND COOPERATION WITH AUTHORITIES

In the course of its activities, Rollo may be legally required to disclose certain personal data to competent regulatory, judicial or administrative authorities.

These disclosures are strictly regulated, limited to required data, and carried out in compliance with applicable laws. Rollo cooperates in good faith with authorities while ensuring the protection of the legitimate rights and interests of its Users.

ARTICLE 15 - LEGAL RETENTION AND ARCHIVING OF FINANCIAL DATA

Financial and transactional data is retained for periods in line with applicable legal, regulatory and contractual requirements.

Upon expiration of these periods, data is either deleted or anonymized, unless otherwise required by law. Rollo's archiving policies aim to guarantee the availability, integrity and confidentiality of data throughout its lifecycle.

ARTICLE 16 - BANKING, FINANCIAL AND TECHNICAL PARTNERS

In the context of providing its digital financial services, Rollo relies on an ecosystem of duly selected banking, financial and technical partners. These partners notably include licensed banking institutions, Mobile Money operators, payment service providers, KYC/KYB solution providers, as well as hosting and security providers.

The sharing of personal data with these partners is strictly limited to what is necessary for service execution, compliance with regulatory obligations and securing operations. Each partner is bound by contractual commitments of confidentiality, security and compliance with applicable laws.

ARTICLE 17 - INTERNATIONAL DATA TRANSFERS

Due to the international nature of its activities and partnerships, certain personal data may be transferred, stored or processed outside the User's country of residence.

Rollo ensures that any international data transfer is carried out in accordance with applicable legal requirements and accompanied by appropriate safeguards, such as contractual clauses, enhanced security measures or recognized data protection mechanisms.

ARTICLE 18 - HOSTING, CLOUD AND SECURE INFRASTRUCTURES

Personal data processed by Rollo is hosted on secure infrastructures provided by recognized providers adhering to international security and availability standards.

Rollo implements strict access management, encryption, backup and business continuity policies to ensure the resilience of its systems and protection of data against risks of loss, alteration or unauthorized access.

ARTICLE 19 - PROCESSORS AND LIABILITIES

When Rollo uses processors for processing personal data, it ensures that they provide sufficient guarantees regarding security, confidentiality and regulatory compliance.

Processors are only authorized to process personal data under documented instruction from Rollo and strictly within the defined purposes. Rollo remains responsible for compliance with this Policy towards Users.

ARTICLE 20 - AUTHORITIES, LEGAL REQUESTS AND INTERNATIONAL COOPERATION

Rollo may be required to disclose certain personal data to competent national or international authorities when such disclosure is required by law, a court decision or a regulatory authority.

Any disclosure is carried out proportionately, limited to strictly necessary data, and in respect of Users' rights and applicable legal obligations.

ARTICLE 21 - DATA SECURITY AND CYBERSECURITY

Rollo implements a comprehensive security framework aimed at protecting personal data against any unauthorized access, disclosure, alteration or accidental or unlawful destruction. This framework relies on technical, organizational and human measures adapted to the sensitive nature of processed financial data.

Security measures notably include encryption of sensitive data, environment segmentation, strict access controls based on the principle of least privilege, regular security audits and continuous system monitoring.

Rollo also raises awareness among its employees and partners about cybersecurity best practices and imposes enhanced confidentiality obligations.

ARTICLE 22 - INCIDENT AND DATA BREACH MANAGEMENT

Despite implemented security measures, no system is completely risk-free. In case of a security incident or personal data breach, Rollo applies internal incident management procedures aimed at limiting impacts, restoring systems and preventing recurrence.

When required by law, Rollo notifies competent authorities and, where applicable, affected Users, within required timeframes, providing clear information about the nature of the incident and measures taken.

ARTICLE 23 - USER RIGHTS REGARDING THEIR PERSONAL DATA

In accordance with applicable data protection laws, Users have rights allowing them to retain control over their personal data, notably:

  • right of access;
  • right to rectification;
  • right to erasure, within legal limits;
  • right to restriction of processing;
  • right to data portability;
  • right to object, where applicable.

Any request regarding the exercise of these rights can be addressed to contact@rollo.money.

ARTICLE 24 - LIMITATIONS TO THE EXERCISE OF RIGHTS

The exercise of User rights may be limited when data processing is necessary for compliance with a legal obligation, performance of a contract, fraud prevention or protection of the legitimate interests of Rollo or third parties.

Rollo informs the User of the reasons justifying a refusal or limitation, in accordance with applicable legal requirements.

ARTICLE 25 - COMPLAINT AND CONTACT PROCEDURES

Users may address any questions, complaints or requests regarding the protection of their personal data to Rollo via the official email address contact@rollo.money.

Rollo undertakes to process requests within reasonable timeframes and provide a clear and reasoned response, in compliance with applicable laws.

ARTICLE 26 - INTERNAL DATA GOVERNANCE AND RESPONSIBILITIES

Rollo has established structured internal governance to ensure responsible, secure and compliant management of personal data. This governance relies on internal policies, documented procedures and clear allocation of roles and responsibilities.

Teams authorized to access personal data are limited to employees whose functions strictly require it. These employees are subject to contractual confidentiality obligations and receive regular training on data protection and regulatory compliance.

ARTICLE 27 - AUDIT, INTERNAL CONTROL AND TRACEABILITY

Rollo implements audit and internal control mechanisms to verify compliance of its personal data processing with this Policy, applicable laws and requirements of its financial partners.

Access to data, sensitive operations and security incidents are logged and traced, enabling a posteriori controls and internal or external audits when necessary.

ARTICLE 28 - PROTECTION OF MINORS

Rollo services are strictly reserved for persons aged eighteen (18) or over. Rollo does not knowingly collect personal data relating to minors.

Any attempt to register or use services by a minor may result in immediate deletion of the account and associated data, subject to legal retention obligations.

ARTICLE 29 - MODIFICATION, UPDATE AND ENFORCEABILITY OF THE POLICY

Rollo reserves the right to modify or update this Policy at any time to reflect legal, regulatory, technical or operational developments.

Any substantial modification is brought to Users' attention by publication on the website www.rollo.money or by appropriate notification. The version in force is the one published on the date of consultation.

ARTICLE 30 - APPLICABLE LAW, JURISDICTION AND FINAL PROVISIONS

This Policy is governed by applicable laws in the jurisdictions where Rollo operates, subject to mandatory data protection rules.

Any dispute relating to the interpretation or execution of this Policy falls, unless otherwise provided by law, under the jurisdiction of competent courts.

ARTICLE 31 - ADVANCED FINTECH PROVISIONS, API AND AUTOMATION

In the context of providing advanced services including APIs, automation features or intelligent assistance systems, Rollo may process additional data strictly necessary for the execution of these services.

These processings are subject to the same security, confidentiality and compliance requirements as all Rollo services, and are governed by specific policies when required.

ARTICLE 32 - SEVERABILITY AND PARTIAL VALIDITY

If a provision of this Policy should be declared null or unenforceable, the other provisions would remain fully in force.

ARTICLE 33 - EFFECTIVE DATE

This Privacy Policy comes into effect from its date of publication on the website www.rollo.money and remains applicable as long as Rollo services are offered.