Privacy Notice

Updated Mar 3, 2026

1. Introduction

At Shore ("Shore", "we", "our", or "us"), protecting your privacy and personal data is fundamental to how we provide our services.

Shore is a merchant-first crypto exchange and settlement infrastructure platform that enables approved businesses ("Merchants") to power their own branded digital asset offerings. Our services are delivered through our website, dashboard/portal, APIs/SDKs, and other supported channels (the "Platform").

In the course of providing our services, we collect and process personal data relating to Merchants (including authorised personnel) and, where applicable, end-users accessing Merchant-branded services powered by Shore's infrastructure. We are committed to handling this data responsibly, transparently, and in accordance with applicable data protection laws, including the Nigeria Data Protection Act, 2023 (NDPA) and the General Application and Implementation Directive (GAID).

You may still have questions. So, please feel free to reach out to us via info@shore.so, and we will respond very quickly, within 24–72 hours.

2. How We Collect Personal Data

We collect personal data in different ways, depending on how you interact with our Platform:

2.1. Merchants and Authorised Personnel

We collect personal data when:

  • A Merchant completes onboarding and verification (including KYB) and submits information about relevant individuals (e.g., directors, beneficial owners, authorised signatories, administrators);
  • Authorised personnel access and use the dashboard/portal and/or use API keys and other access credentials;
  • A Merchant integrates Shore's infrastructure using our APIs/SDKs and related tooling;
  • A merchant communicates with Shore (e.g., for support, onboarding, compliance queries, or operational issues) through supported channels.

2.2. End-Users of Merchants (where applicable)

We may process personal data relating to end-users when:

  • Identity verification or compliance checks are required as part of the Merchant's flow or applicable legal/regulatory requirements.

2.3. Prospective Merchants

We may collect personal data when:

  • You contact us to enquire about Shore or request a demo/onboarding;
  • You start but do not complete onboarding or KYB.

2.4. Site Visitors

  • You visit or interact with our website;
  • You submit information through website forms, contact pages, or other online interfaces.

2.5. Partners and Vendors

We collect personal data when:

  • You are a third-party service provider, partner, or vendor supporting Shore's service delivery (including where services are delivered through licensed third-party partners);
  • You are onboarded for platform access, credential verification, or contractual engagement;
  • You communicate with us in the course of providing services to or on behalf of Shore.

2.6. Recruitment / Employment

  • You participate in our recruitment or selection process, whether successfully or otherwise; for employees, you are advised to refer to our employee privacy policy.
  • You are a former staff member of Shore.

3. Your Rights

You can exercise the following rights with respect to your personal data with Shore:

  1. 3.1. Request and access your personal data collected and stored by Shore;
  2. 3.2. Withdraw consent at any time, where processing is based on consent;
  3. 3.3. Request rectification and modification of Personal Data kept by Shore;
  4. 3.4. Request deletion/erasure of your personal data, where legally permissible;
  5. 3.5. Request restriction of processing of your personal data in certain circumstances (for example, while a request or objection is being reviewed);
  6. 3.6. Be informed of and entitled to provide consent prior to the processing of Personal Data for purposes other than that for which the Personal Data were collected;
  7. 3.7. Object to automated decision-making, where applicable;
  8. 3.8. Request data portability (receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller), where applicable;
  9. 3.9. Request for information regarding any specific processing of your personal data;
  10. 3.10. Standard Notice to Address Grievance (SNAG): You have the right to issue a SNAG against us if you believe that we have violated your right to privacy. You or your representative may personally serve a SNAG. It may be delivered to us by telephone message, e-mail, at our office at Techub Spaces, Lateef Jakande street, Agidingbi, Ikeja, Lagos (or such other Shore address listed in this Notice), or by any other means of correspondence of your choice. When you issue a SNAG, we will communicate our decision to you and to the NDPC through the NDPC's designated portal. Please note that the SNAG is not a condition precedent for you to file a complaint with the NDPC.

You may exercise any of these rights by sending an email to info@shore.so, where your requests will be treated promptly. You may also reach out to the regulator through info@ndpc.gov.ng

4. The Information we Collect

Information We CollectHow We Use ItLawful Basis for ProcessingWho We Share the Data WithRetention
Identification and contact information (full name, email address, phone number, residential address, date of birth)Onboarding/account administration; service delivery; communications; compliance where required
  • Contract;
  • Legal Obligation
Service providers supporting onboarding/service delivery; regulators/law enforcement where requiredFor the duration of the relationship and at least 5 years after the last relevant activity/transaction where required
Government-issued identification and verification data (passports, national ID cards, driver's licenses, and related verification data)Identity verification; fraud prevention; compliance checks
  • Contract;
  • Legal Obligations
Verification/identity service providers; Regulators/law enforcement where requiredAt least 5 years after the last relevant activity/transaction
Business-related information (for merchants and representatives), including ownership/control information, and authorised personnel detailsKYB/onboarding; due diligence; ongoing compliance/risk reviews
  • Legal Obligations
  • Contract;
  • Legitimate interest
regulators/law enforcement where requiredFor the duration of the Merchant relationship and at least 5 years after termination/last relevant activity
Financial information (bank account details, payment information, wallet addresses, transaction records)To provide the Services (payments/on-/off-ramp flows where applicable)
processing/settlement
Reconciliation
compliance monitoring
  • Consent
  • Contract
  • Legal obligation
regulators/law enforcement where requiredAt least 5 years
Technical and usage data (IP addresses, device information, logs, platform activity data)Operate, secure, and improve the Platform; prevent abuse; troubleshooting and monitoring
  • Legitimate Interest
nilRetained only as long as necessary for security, operations, investigations, and compliance, and then deleted/anonymized, consistent with storage limitations.

Note: The specific information collected may vary depending on user type, jurisdiction, services used, and applicable regulatory requirements

5. We only use your data for the purposes we specify. No hidden agenda.

We collect and process your personal data only for the specific and legitimate purposes that we inform you of at the time of collection. Where we need to reuse your data for anything else, we will inform you beforehand, or rely on any other strict legal options available to us

6. We only collect and/or store what is necessary

We only collect and use the personal data that is relevant and necessary for your engagement with us. We constantly monitor our activities to ensure they align with this promise.

What we may also do is anonymise your personal data completely for purposes that are outside the scope of why we collected it.

7. Shore Role and Limitations

Whenever we ask for your consent to process your personal data, you may choose to give us that consent at that initial stage and take it back later, at any time. At any time you intend to take back your consent, please send us an email at info@shore.so.

Please note that withdrawing your consent will not affect the lawfulness of any processing carried out before the withdrawal. However, withdrawal of consent may affect our ability to provide certain services or communications to you.

8. Minor

Our Services are not intended for or directed at children under 18 years of age, and we do not knowingly collect personal information from children under the age of 18. If you learn that your child has provided us with Personal Information without your consent, then you may alert us at info@shore.so. If we learn that we have collected any personal information from children under 18, then we will promptly take steps to delete such information and terminate the child's account.

9. Cookies

Based on Shore's current implementation, we do not use cookies on our website or Platform at this time.

If we introduce cookies or similar tracking technologies to enhance functionality, security, or analytics, we will update this Privacy Notice and provide the required cookie information and choices.

10. Employee Confidentiality Obligations

All Shore employees, contractors, and consultants who handle personal data are subject to confidentiality obligations and are required to process it only in accordance with this Notice and our internal policies.

Access to personal data is restricted to individuals who need it to perform their job responsibilities. Any unauthorised processing or disclosure of personal data is treated as a disciplinary matter that may result in appropriate sanctions.

If you receive any communication requesting sensitive information from anyone claiming to represent Shore, please report the incident to us immediately at info@shore.so.

11. Transfer of Personal Data

We may transfer personal data to third-party service providers located outside Nigeria, including providers that store or process data in jurisdictions such as the United States or other countries where our technology and cloud service providers operate.

Where personal data is transferred outside Nigeria, we ensure that such transfers are carried out in accordance with applicable data protection laws and are subject to appropriate safeguards. These safeguards may include:

  1. 11.1. transfer to countries recognised as providing an adequate level of data protection;
  2. 11.2. the use of approved contractual safeguards or data processing agreements; or
  3. 11.3. reliance on your consent, where required by law.

We also use practical technical and organisational steps to keep personal data safe during these transfers, like controlling who can access it, using encryption, and making sure that those who receive the data are required to protect it and respect your rights.

12. Third-Party Links

Our website may contain links to third-party websites or platforms that are not operated or controlled by Shore. We encourage you to review the privacy policies of such third parties before providing any personal data. Shore is not responsible for the privacy practices or content of third-party websites.

In addition, Shore relies on vetted third-party service providers to support platform functionality, communication, and security. These service providers process personal data only on Shore's instructions and are subject to appropriate contractual, confidentiality, and data protection obligations.

13. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the duration of our relationship with you.

We may also retain personal data for longer periods where required to comply with applicable legal, regulatory, accounting, or reporting obligations. When personal data is no longer required, it is securely deleted or anonymised.

14. How We Protect Your Personal Data

We implement appropriate technical, organisational, and administrative security measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. Our safeguards include, but are not limited to:

  1. 14.1. access controls and role-based permissions;
  2. 14.2. secure cloud infrastructure;
  3. 14.3. encryption and firewall protections;
  4. 14.4. physical and administrative security controls.
  5. 14.5. audit trails and logging of access to sensitive data;
  6. 14.6. regular security assessments and internal reviews; and
  7. 14.7. staff training on data protection and confidentiality obligations.

Only authorised personnel are permitted to access personal data, and any processing carried out outside an individual's authorised role is considered unauthorised.

15. Updates to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, technology, or legal obligations. We will update the effective date on our website when we make significant changes.

We encourage you to review this Privacy Notice periodically. Continued use of our website or services after updates take effect constitutes acceptance of the revised Privacy Notice.

16. Complaints and Contact

If you need any clarification, concerns, or complaints regarding this Privacy Notice or how we process your personal data, or if you wish to exercise your data protection rights, please contact us at:

Email: info@shore.so
Business Address: Techub Spaces, Lateef Jakande street, Agidingbi, Ikeja, Lagos

If you are not satisfied with our response, you are entitled to lodge a complaint with the Nigeria Data Protection Commission (NDPC) via info@ndpc.gov.ng.