TopCharge

This Privacy Policy ("Policy") describes how TopCharge ("we," "us," or "our") collects, uses, processes, discloses, retains, and protects your personal information when you access or use the TopCharge mobile application, our website at topcharge.com, and any related products, features, and services we provide (together, the "Services").

TopCharge is a digital wallet that allows you to hold funds, send and receive payments, purchase digital goods and services, top up or fund accounts with participating merchants and online platforms, settle bills, and carry out related financial transactions. Because the Services involve sensitive financial and identity information, we are committed to handling your personal information lawfully, fairly, transparently, and securely.

This Policy applies to all individuals and entities whose personal information we process, including account holders, prospective customers, merchants, agents, partners, suppliers, and visitors to our websites and digital channels. It should be read together with any additional notices, consents, or terms that may apply to specific products or features.

By creating an account, downloading the application, or otherwise accessing or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree with the practices described here, please do not access or use the Services.

"Personal information" (or "personal data") means any information that identifies, relates to, or can reasonably be linked to an identified or identifiable individual.

"Processing" means any operation performed on personal information, including collection, recording, storage, use, disclosure, transfer, and deletion.

"KYC" means know-your-customer procedures used to verify the identity of customers as part of our legal and regulatory obligations.

"Service providers" means third parties that process personal information on our behalf and under our instructions.

"You" means the individual or entity accessing or using the Services.

We collect personal information in three principal ways: information you provide to us directly, information generated automatically through your use of the Services, and information we receive from third parties. The categories below describe the information we may collect.

We use personal information for the following purposes:

• To register, establish, operate, and manage your account and to provide the Services.
• To process, authorize, monitor, and settle transactions, including payments, transfers, top-ups, deposits, and withdrawals.
• To verify your identity and to comply with applicable KYC, anti-money-laundering (AML), counter-terrorist-financing, sanctions, tax, and other legal and regulatory obligations.
• To detect, investigate, prevent, and address fraud, security incidents, unauthorized access, and other unlawful or prohibited activity.
• To provide customer support and to respond to your inquiries, requests, and complaints.
• To operate, maintain, secure, personalize, analyze, and improve the Services, and to develop new products and features.
• To communicate with you regarding transactions, security, account status, and other service-related matters.
• To send you promotional communications, offers, and information about our products, subject to your choices and applicable law.
• To establish, exercise, or defend legal claims, enforce our terms, and protect our rights, property, and the safety of our users and others.

Where applicable law requires a legal basis for processing your personal information, we rely on one or more of the following, depending on the purpose:

Performance of a contract: to provide the Services you have requested and to fulfil our obligations to you.

Compliance with legal obligations: to meet our regulatory, KYC, AML, tax, and reporting requirements.

Legitimate interests: to operate, secure, and improve the Services and to prevent fraud, provided these interests are not overridden by your rights and freedoms.

Consent: where we rely on your consent, which you may withdraw at any time without affecting the lawfulness of prior processing.

We do not sell your personal information. We share it only in the following circumstances:

Service providers: trusted third parties that perform functions on our behalf, such as cloud hosting, payment processing, identity verification, fraud screening, analytics, communications, and customer support, under contractual confidentiality and data-protection obligations.

Financial and payment partners: banks, card networks, processors, and merchants, as necessary to authorize, process, and settle your transactions.

Merchants and platforms: when you transact with a merchant or online platform, we share the information needed to authorize, complete, and confirm that transaction.

Regulatory, legal, and law-enforcement authorities: where required or permitted by applicable law, regulation, legal process, or governmental request, or to comply with our regulatory obligations.

Protection of rights and safety: where reasonably necessary to enforce our terms, prevent or investigate fraud or wrongdoing, or protect the rights, property, or safety of TopCharge, our users, or others.

Corporate transactions: in connection with a merger, acquisition, financing, reorganization, insolvency, or sale of all or part of our business or assets, subject to this Policy.

With your consent or at your direction: in any other case where you have authorized the disclosure.

We and our partners use cookies, SDKs, pixels, and similar technologies to operate, secure, analyze, and improve the Services. The categories we may use include:

Strictly necessary: required to operate the Services, enable core functionality, and maintain security. These cannot be disabled through our systems.

Performance and analytics: help us understand how the Services are used so we can measure and improve performance.

Functionality: remember your preferences and settings to provide a more personalized experience.

Marketing: help us deliver relevant communications and measure the effectiveness of campaigns, where permitted.

You can manage many tracking technologies through your device or browser settings, including limiting or disabling certain cookies. Please note that disabling some technologies may affect the availability or functionality of parts of the Services, and certain personalized features may not be available as a result.

We retain your personal information for as long as your account is active and for as long as reasonably necessary to fulfil the purposes for which it was collected, including satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain certain information for a longer period where required to resolve disputes, prevent fraud, enforce our agreements, or where we reasonably believe there is a prospect of litigation.

In determining the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process it and whether those purposes can be achieved by other means; and applicable legal, regulatory, and contractual requirements. When personal information is no longer required, we securely delete, destroy, or anonymize it.

We implement appropriate technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, loss, or destruction. These measures include encryption of sensitive data, access controls and authentication, network and application security, continuous monitoring, and regular reviews of our security practices.

Our personnel are bound by confidentiality obligations and are trained to handle personal information securely and responsibly; failure to do so may result in disciplinary action. Despite our efforts, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your login credentials, PIN, and registered device secure, for not sharing them with others, and for notifying us promptly of any actual or suspected unauthorized use of your account.

Subject to applicable law, you may have the right to:

• Access the personal information we hold about you and obtain information about how we process it.
• Request correction of inaccurate or incomplete personal information.
• Request deletion of your personal information, subject to our legal and regulatory retention obligations.
• Object to, or request restriction of, certain processing.
• Request a copy of certain personal information in a structured, portable format.
• Withdraw consent where processing is based on consent.
• Opt out of marketing communications at any time.
• Lodge a complaint with a competent data protection or supervisory authority.

To exercise any of these rights, please contact us using the details in Section 19. We may need to verify your identity before responding, and we will respond within the timeframe required by applicable law. Certain rights may be limited where we are legally required or permitted to retain or process the information.