Legal

Privacy policy.

Effective date: 1 January 2026. This policy explains how Dev54 collects, uses, and protects personal information.

1. Who we are

Dev54 ("we", "us") provides AML compliance infrastructure to licensed financial institutions across Africa. For data submitted through our platform by a customer institution, that institution is the data controller and Dev54 acts as the data processor.

2. What we collect

  • Account data — name, work email, phone number of dashboard users.
  • Customer data — KYC profiles, transactions, screening hits, and case actions submitted by our institutional customers about their own end users.
  • Usage data — log records, IP address, browser, device, and timestamps for security and audit.

3. How we use it

  • Run the AML monitoring, screening, and SAR workflows our customers contract us for.
  • Detect abuse, debug issues, and protect against unauthorized access.
  • Comply with legal obligations and respond to regulator requests.

We do not sell personal data. We do not use customer data to train third-party AI models.

4. Where it lives

Production data is hosted in EU (Frankfurt) and South Africa (Cape Town) regions. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

5. Your rights

Depending on your jurisdiction (NDPR Nigeria, DPA 2019 Kenya, POPIA South Africa, GDPR EU), you may have rights to access, correct, delete, or port your personal data. Direct end-user requests should go to the institution that holds your account; for data held on dashboard users, email privacy@dev54.dev.

6. Retention

Customer data is retained for the period required by AML law in the relevant jurisdiction (typically 5–7 years) and then deleted. Dashboard account data is retained while the account is active and for 12 months after deletion.

7. Changes

We will post material changes here and notify dashboard users by email. Continued use after a change constitutes acceptance.