Privacy Policy

1. Who We Are

Roze Int (Pvt) Ltd trading as Roze Remit is the controller of your personal data when you use our website or mobile apps. Contact: [email protected], +44 2039947333, 14 High Street, Barkingside, Ilford, IG6 2DF, United Kingdom. We provide online money remittance services to residents of our Supported Sending Countries. Country-specific privacy rights and contacts, where required by law, are set out in the relevant Jurisdiction Annex.

2. What This Policy Covers

This Policy explains what personal data we collect, how and why we use it, who we share it with, how long we keep it, your rights, and how to contact us. It applies to our website, apps, and customer support channels. Details about cookies and similar technologies are provided in our separate Cookies Policy. This Policy does not cover employee or recruitment data.

3. Personal data we collect

We collect personal data to onboard you, verify identity and address, screen for sanctions and politically exposed persons, process and monitor payments, prevent fraud and financial crime, deliver transfers, provide support, and meet legal/regulatory obligations. Data comes from you, your devices, our website/app, payment and verification partners acting under our instructions, and reputable public sources.

3.1. Identity and contact data

Name, customer ID/reference numbers, date of birth, place of birth, nationality, gender, residential address, email, phone, and identifiers visible on your identity documents. Where required, we collect a selfie or liveness capture to confirm you are the rightful holder.

3.2. Verification and screening data

Images of identity documents and proof of address, results of electronic address checks, sanctions/PEP and adverse-media screening results, and internal risk indicators generated by our compliance systems and analysts. We may also request additional documents and information for compliance and enhanced verification where necessary (for example, recent bank statements, payslips or income evidence, source-of-funds or purpose-of transfer declarations, and proof of relationship to the beneficiary). For Open Banking payments, authorisation occurs within your bank’s secure flow. We process verification and screening data to comply with anti-money-laundering, sanctions and fraud prevention laws and to provide the service.

3.3. Account and profile data

Login credentials and security settings, country of residence, time zone and language, occupation and employer details (where relevant for KYC), intended use of the service, source-of-funds category, purpose-of-transfer information, marketing preferences, and customer risk ratings and flags applied by our systems or analysts. This section also includes beneficiary details you provide (name, country, account or wallet identifiers, relationship) and other profile fields captured in your account.

3.4. Payment and transaction data

Funding method information (for example, masked card details or open-banking payment confirmations), authorisation results, chargebacks, refunds and cancellations, transfer amounts and currencies, exchange rates, corridors, payout method, timestamps, statuses, compliance hold reasons/codes, and audit logs retained for anti-money-laundering and fraud-prevention purposes.

3.5. Device, usage and security data

IP address and approximate geolocation inferred from IP, device type and identifiers, operating system, browser/app version, screen size, language, time zone, network/provider, and device integrity signals (for example, jailbreak/root status, emulator/automation checks, VPN/proxy detection). We also collect security and telemetry data such as login timestamps, session IDs, cookie/SDK identifiers, anti-bot tokens, crash logs, and usage data (pages/screens viewed, clicks/taps, feature use, session duration).

3.6. Communications and support data

Messages, attachments, tickets and notes from your interactions with us via in-app help, email, phone, or chat (including, where permitted, call recordings), plus outcomes and audit trails of those interactions.

3.7. Beneficiary and counterparty data

Personal data about beneficiaries you nominate (for example, name, contact details, country, payout account/wallet identifiers) and, where relevant, information about counterparties or payers provided by banks and payment networks to complete, investigate, or recall a transfer. .

3.8. Sources of data

Data you provide directly; data generated by your use of our website/app and devices; data from payment partners, banks and card schemes; data from identity/address verification and fraud-prevention service providers acting under our instructions; and data from official lists and reputable public registers or media sources.

3.9. Children

We do not knowingly collect data from anyone under 18 and do not offer the service to minors.

3.10. Customer declarations and acknowledgements

During onboarding and before certain transfers we record your confirmations (with timestamp, IP and device data) that: you are the account/card holder; the funds are your own and lawfully obtained; you are not sending on behalf of a third party; the purpose of transfer and relationship to the beneficiary are accurate; and you agree to our Terms and policies. These declarations form part of your compliance record.

4. How We Use Your Data (Purposes)

We use personal data to create and manage your account; verify identity and address; run sanctions/PEP and adverse-media screening; assess and monitor fraud and financial-crime risk (including transaction monitoring and linked-account analysis); process payments and refunds; communicate about transfers, document requests, security notices, and service updates; provide customer support and handle disputes; operate, secure, and improve our website, apps, and systems; meet legal, regulatory, tax, audit, and record-keeping duties; and defend or establish legal claims. Where permitted by law, we may also send optional surveys or marketing that you can opt out of at any time.

5. Our Legal Bases For Processing

Depending on the activity and your country of residence, we rely on:

• performance of a contract (to create your account, process payments, and deliver transfers);
• compliance with legal obligations (anti-money-laundering, sanctions, fraud prevention, reporting, and statutory record keeping);
• our legitimate interests (keeping the service secure, preventing abuse, improving performance, customer service, and managing legal claims); and
• your permission where required by local law for optional marketing communications or certain cookies (see our Cookies Policy).

6. Automated Decisions And Profiling

Our systems generate risk scores and decisions to help detect fraud and financial crime and to verify identity and address. Signals can include device and network checks, IP/geo patterns, document and liveness results, payment behaviour, corridor risk, sanctions/PEP matches, and prior account activity. Outcomes may include instant approval, a request for documents, a compliance hold, decline of a payment, or account restrictions. Higher-risk cases are routed to human review. Where applicable law gives you the right, you may request human review of an automated outcome, express your view, and contest the decision by contacting [email protected].

7. Who We Share Data With

We share data with trusted service providers acting under our instructions and with other recipients where the law allows or requires it. These include: identity and address-verification and fraud-prevention providers; sanctions/PEP and adverse-media data providers; payment partners for Open Banking and card processing; payout banks and correspondent networks; cloud hosting, security, logging, analytics, and communications platforms; customer-support and ticketing tools; professional advisers, auditors, and insurers; regulators, supervisory and tax authorities, dispute-resolution bodies, and law-enforcement agencies; and, where relevant, entities involved in a business reorganisation, merger, or sale subject to appropriate safeguards.

8. International Transfers And Safeguards

Your personal data may be stored or processed outside your country of residence (for example, where our cloud, verification, payment, or support providers operate). Where we transfer data internationally, we use lawful safeguards such as adequacy regulations/decisions, standard contractual clauses (including the UK addendum where applicable), intra-group agreements, and transfer-impact assessments. We also apply technical and organisational protections (encryption in transit and at rest, strict access controls, logging, and vendor due-diligence). If local law requires additional information about cross-border transfers, it is set out in your Jurisdiction Annex.

9. How Long We Keep Your Data

We keep personal data only as long as needed for the purposes in this Policy and to meet legal, regulatory, tax, and accounting requirements, then delete or anonymise it. Typical retention periods include:

• customer due-diligence (KYC/AML) and transaction records: at least five years after the end of the relationship or the date of the last transaction;
• financial and accounting records: up to six years (or longer where law requires);
• complaint files: at least three years after resolution;
• security logs and telemetry: typically 12–24 months.

Retention can be extended if there is an ongoing dispute, investigation, chargeback, or legal hold. Country-specific rules are set out in your Jurisdiction Annex.

10. Your Rights

Depending on your country, you may have rights to request access to your data; rectification of inaccurate data; erasure in certain circumstances; restriction or objection to processing (including where based on our legitimate interests); and data portability. Where decisions are made using automated processing that produce legal or similarly significant effects, you may request human review, express your view, and contest the decision. You can change marketing preferences and cookie choices at any time (see our Cookies Policy). We may ask for proof of identity and will respond within the timeframes set by applicable law.

11. How to contact us or complain

For privacy questions or requests, contact [email protected] or write to: Data Protection Contact, Roze Remit, 14 High Street, Barkingside, Ilford, IG6 2DF, United Kingdom.

If you are not satisfied, you can complain to your data-protection supervisory authority. For UK residents this is the Information Commissioner’s Office (ICO). Details for other countries are provided in your Jurisdiction Annex. For service complaints about our remittance service (not data-protection issues), please follow the Complaints process in our Terms and your Jurisdiction Annex (for UK residents, this includes escalation to the Financial Ombudsman Service).