1.1. This Privacy Policy describes how Sova Money (“Sova”, “we”, “us”, “our”) processes personal data when you use our mobile applications, websites and related services (the “Service”).
1.2. By using the Service, you acknowledge this Policy and, where required, give consent to the processing described herein. If you do not agree, please do not use the Service.
Data controller: [libdex]
Privacy contact: privacy@sovamoney.com
Support: support@sovamoney.com
3.1. Identification & profile data: name, username/handle, phone number, email, date of birth, nationality, address, profile photo, wallet ID.
3.2. KYC/AML data: government ID details and images, selfies/biometric templates (for liveness/face match), proof of address, sanctions/PEP screening results, risk flags—only where permitted by law.
3.3. Financial & transaction data: top-ups, transfers, withdrawals, card or account tokens, amounts, currency, timestamps, fees, chargebacks and disputes.
3.4. Device & technical data: device identifiers, OS/app version, IP address, language, time zone, crash and performance logs, in-app events.
3.5. Location data (optional): coarse or precise location if you grant permission (e.g., risk control or nearby services).
3.6. Contacts data (optional): address book entries only when you choose to find recipients via your contacts.
3.7. Communications: support tickets, call recordings (if applicable), feedback, and marketing preferences.
Directly from you during registration, verification and use of the Service.
Automatically through cookies, SDKs and similar technologies.
From third parties: identity verification providers, payment and banking partners, anti-fraud vendors, analytics and notification providers, and public databases as allowed by law.
We process personal data for the following purposes and legal bases:
Provision of the Service (account creation, payments, ledgering, customer support) — performance of contract.
KYC/AML compliance, fraud prevention and security — legal obligation and legitimate interests.
Service communications (alerts, receipts, policy changes) — contract/legitimate interests.
Product improvement and analytics — legitimate interests; consent where required.
Marketing (in-app, email, push) — consent where required; you may withdraw at any time.
Dispute handling and legal claims — legitimate interests/legal obligation.
Sova does not sell personal data.
We use cookies and mobile SDKs for authentication, session management, security, analytics, crash reporting, and notifications. You may control cookies via your browser/device settings; some features may not function without them.
We disclose data on a need-to-know basis under appropriate contracts:
Payment networks, banks and mobile money partners to execute transactions.
KYC/AML and identity vendors for verification and sanctions screening.
Cloud hosting, analytics, crash/diagnostics, messaging and security providers acting as processors.
Professional advisers and auditors under confidentiality obligations.
Public authorities and regulators where required by law.
Corporate events (merger, reorganisation, acquisition) with safeguards.
Personal data may be processed outside your country. Where required, we implement Standard Contractual Clauses or equivalent safeguards and perform transfer impact assessments.
We keep data only as long as necessary for the purposes above or as required by law:
KYC/AML and transaction records: typically up to 7 years after account closure (subject to local law).
Support logs and communications: typically 3 years.
Analytics and diagnostics: typically 90 days.
When retention ends, we delete or irreversibly anonymise the data.
We apply administrative, technical and organisational measures: encryption in transit/at rest, segregated environments, least-privilege access, MFA, continuous monitoring, vulnerability management and incident response. No method is 100% secure; please keep your device and PIN/biometrics safe and report suspected misuse immediately.
Depending on your jurisdiction, you may have rights to:
Access and obtain a copy of your data;
Rectify inaccurate data;
Delete your account/data (subject to statutory retention);
Restrict or object to processing;
Data portability;
Withdraw consent (where processing relies on consent).
Requests: send an email from your registered address to privacy@sovamoney.com. We may ask for proof of identity and will respond within the timeframe required by law.
California residents may request access, deletion, and opt-out of “selling/sharing” of personal information. Sova does not sell personal information.
The Service is not intended for persons under 16. We do not knowingly collect data from children. If you believe a child used the Service, contact us to remove the data.
The Service may link to third-party websites or services. Their privacy practices are governed by their own policies; we are not responsible for them.
Camera/Microphone: identity checks, QR scanning, in-app calls/support (if initiated by you).
Contacts: to help you choose recipients (only with your permission).
Photos/Files/Storage: to save or share receipts and PDFs you request.
Location: optional risk controls and location-based features.
Notifications: to deliver security alerts and transaction updates.
Permissions can be changed at any time in device settings.
You can delete your account via Menu → Delete Account in the app or by contacting privacy@sovamoney.com. Processing timelines and what remains for legal retention are explained in our Account Deletion Policy (/policy/account-deletion).
We may update this Policy from time to time. Material changes will be notified in-app or by email and posted with a new “Effective date”.
Questions or requests regarding this Policy can be sent to privacy@sovamoney.com or by mail to our registered address above.