Skip to content

Privacy Policy

Last updated: June 4, 2026

1. Introduction

BMATRORTechnologies ("BMATROR," "we," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and services.

2. Information We Collect

Account Information

  • Full name, email address, phone number
  • Password (stored as bcrypt hash — never in plain text)
  • Role (customer, agent, reseller, etc.)
  • Referral code and referral relationships

Transaction Data

  • Wallet balance and funding history
  • Purchase records (data, airtime, utilities, checkers)
  • Payment method type (via Paystack — we do not store card numbers)
  • Transaction references and delivery status

Technical Data

  • IP address, browser type, device information
  • Login history and session data
  • API usage logs and rate limit metrics
  • Cookies and similar tracking technologies (see Cookie Policy)

3. How We Use Your Information

  • Provide, maintain, and improve our Services
  • Process transactions and deliver digital services
  • Send transaction confirmations, receipts, and account notifications
  • Verify identity for OTP, 2FA, and password reset flows
  • Detect and prevent fraud, abuse, and security incidents
  • Calculate and distribute referral and agent commissions
  • Respond to support tickets and inquiries
  • Comply with legal obligations and regulatory requirements

4. Information Sharing

We do not sell your personal information. We may share data with:

  • Payment processors (Paystack) — to process wallet funding
  • Network providers (MTN, Telecel, AirtelTigo) — phone numbers required for service delivery
  • Utility providers (ECG, Ghana Water) — account numbers for bill validation and payment
  • SMS/email providers — for OTP delivery and notifications
  • Cloud infrastructure (Vercel, MongoDB Atlas) — hosting and data storage
  • Law enforcement — when required by valid legal process

5. Data Security

We implement industry-standard security measures including:

  • 256-bit SSL/TLS encryption for all data in transit
  • Bcrypt password hashing with salt
  • Double-entry ledger accounting with immutable audit logs
  • PCI-DSS compliant payment processing via Paystack
  • Two-factor authentication (TOTP) support
  • Role-based access control for internal staff
  • Regular security audits and vulnerability assessments

6. Data Retention

We retain account and transaction data for as long as your account is active and for 7 years thereafter for regulatory and audit purposes. You may request account deletion, subject to legal retention requirements for financial records.

7. Your Rights

Under applicable Ghanaian data protection laws, you have the right to:

  • Access your personal data held by BMATROR
  • Correct inaccurate information in your account
  • Request deletion of your account (subject to retention requirements)
  • Export your transaction history
  • Opt out of marketing communications
  • Withdraw consent for non-essential data processing

To exercise these rights, contact bisatro2016@gmail.com.

8. Children's Privacy

Our Services are not intended for individuals under 18. We do not knowingly collect data from minors. If we discover such collection, we will delete the information promptly.

9. International Transfers

Your data may be processed on servers located outside Ghana (e.g., MongoDB Atlas, Vercel). We ensure appropriate safeguards are in place for cross-border data transfers.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or platform announcement. The "Last updated" date at the top reflects the most recent revision.

11. Contact Us

For privacy-related inquiries, contact our Data Protection Officer at bisatro2016@gmail.com.