Privacy Policy

Last Updated: 16th of April 2026

Introduction

1.1. This Privacy Policy sets out the basis upon which Yiksi Limited (“Yiksi”, “we”, “us”, or “our”) collects, uses, processes, stores, transfers, and protects personal data in connection with:

• Our website: https://yiksi.so/
• Our digital payment and remittance platform Toospay
• Services delivered through API integrations, agents, and third-party partners
(collectively, the “Services”).

1.2. This Privacy Policy applies to all users, including:
• Individual customers (B2C Users)
• Corporate and institutional clients (B2B Users)
• Agents, partners, and API-integrated platforms.

1.3. By accessing or using the Services, you acknowledge that you have read, understood, and agreed to the collection and use of your personal data as described in this Privacy Policy.

1.4. Where you provide personal data relating to third parties (including beneficiaries, employees, or agents), you warrant that you have obtained all necessary consents and authorizations required under applicable law.

2. Regulatory Framework

2.1. Yiksi LTD is licensed as a Money Transfer Business (MTB) by the Central Bank of Somalia (CBS) and processes personal data in accordance with:
• The Financial Institutions Law, 2025 (FIL 2025)
• Applicable AML/CFT/CPF laws and regulations
• Directives, guidelines, and circulars issued by the CBS
• Relevant international data protection and financial crime prevention standards, including FATF Recommendations.

2.2. Yiksi LTD processes personal data where necessary to comply with its statutory obligations, including obligations relating to:
• Customer identification and verification
• Transaction monitoring and risk profiling
• Suspicious transaction reporting and regulatory disclosures.

2.3. Yiksi LTD may be required by law to disclose personal data to competent authorities without prior notice to the data subject.

3. Information We Collect

3.1. Yiksi LTD collects and processes personal data necessary for the provision of regulated financial services and compliance with applicable laws.

3.2. Identification Data
• Full legal name
• National identification number, passport details, or other official identifiers
• Date and place of birth
• Photographs, biometric data, or facial recognition data (where applicable for verification purposes).

3.3. Contact Data
• Mobile phone number
• Email address
• Residential or registered business address.

3.4. Financial and Transaction Data
• Payment instructions and transaction history
• Sender and beneficiary details
• Bank account or mobile wallet details
• Source of funds and purpose of transactions.

3.5. Business and Corporate Data (B2B)
• Certificate of incorporation and registration details
• Ownership structure and beneficial ownership information
• Identification of directors, shareholders, and authorized signatories
• Board resolutions or authorization documents.

3.6. Technical and Usage Data
• IP address and device identifiers
• Browser type and operating system
• Login data and access timestamps
• API usage logs and integration activity.

3.7. Risk and Compliance Data
• Sanctions screening results
• Risk classification and internal compliance assessments
• Watchlist matches and adverse media findings.

4. How We Collect Information

4.1. Personal data is collected through a combination of direct, indirect, and automated means, including but not limited to

• Direct interactions with Users, including during account registration, onboarding, identity verification, transaction initiation, customer support engagements, and ongoing account maintenance

• API integrations and partner platforms, where Users access Yiksi services through third-party systems, applications, or embedded payment solutions

• Agents and payout partners acting on behalf of Yiksi, including during customer onboarding, cash-in/cash-out transactions, and identity verification processes

• Third-party service providers, including identity verification providers, sanctions screening tools, fraud detection systems, and compliance data providers

• Financial institutions and payment infrastructure providers, including banks, correspondent institutions, mobile money operators, and payment processors involved in transaction executio

• Publicly available sources and official registries, including government databases, corporate registries, sanctions lists, and other legally accessible information sources

• Communications and interactions, including emails, calls, and support requests, which may be recorded or logged for quality assurance, security, and compliance purposes.

4.2. Yiksi LTD may also generate, infer, or derive personal data through internal systems and analytics, including:
• Risk profiling and customer classification models
• Transaction monitoring and behavioral analysis
• Fraud detection and prevention mechanisms
• Sanctions screening results and compliance assessments
• System logs, audit trails, and security monitoring tools.

4.3. Where personal data is obtained indirectly (including via API integrations, agents, or third parties), Yiksi shall process such data on the basis that it has been lawfully collected and shared, and reserves the right to request confirmation of such compliance from the relevant party.

5. Purpose of Data Processing

Yiksi LTD processes personal data strictly for legitimate, specified, and lawful purposes, including:

5.1. Provision of Services
• Processing domestic and international remittance transactions
• Managing user accounts and payment instructions
• Facilitating bulk and agent-based payments.

5.2. Regulatory Compliance
• Conducting KYC, CDD, and EDD procedures
• Monitoring transactions for suspicious activity
• Conducting sanctions screening and compliance checks
• Filing Suspicious Transaction Reports (STRs) and regulatory returns.

5.3. Risk Management and Fraud Prevention
• Detecting and preventing fraud, abuse, and financial crime
• Performing transaction monitoring and anomaly detection
• Protecting system integrity and operational security.

5.4. Operational and Business Purposes
• Customer support and dispute resolution
• Service improvement and system optimization
• Internal audits and compliance reviews.

6. Legal Basis for Processing
6.1. Yiksi LTD processes personal data based on one or more of the following legal grounds:
• Performance of a contract: where processing is necessary to provide requested services
• Legal and regulatory obligations: including obligations under FIL 2025 and AML laws
• Legitimate interests: including fraud prevention, risk management, and service improvement
• Consent, where required under applicable law.

6.2. Where consent is relied upon, Users may withdraw consent at any time, subject to legal and regulatory limitations.

7. Data Sharing and Disclosure
7.1. Yiksi may disclose personal data where necessary to:

a) Regulatory Authorities
• Central Bank of Somalia
• Financial Reporting Center
• Law enforcement and government agencies.

b) Financial and Operational Partners
• Banks and correspondent institutions
• Payment processors and clearing systems
• Agents and payout partners.

c) Service Providers
• Identity verification providers
• Technology and cloud service providers
• Compliance and screening service providers.

d) API and Integration Partners
Where services are accessed through API integrations, relevant personal data may be shared with the integrating partner for transaction execution.

7.2. All disclosures are made in accordance with applicable legal and regulatory requirements.

8. Cross-Border Data Transfers
8.1. Due to the international nature of remittance services, personal data may be transferred, stored, or processed outside the Federal Republic of Somalia.

8.2. Such transfers may involve jurisdictions with different data protection standards.

8.3. Yiksi LTD shall implement appropriate safeguards, including contractual protections and security controls, to ensure that personal data remains adequately protected.

9. Data Retention
9.1. Personal data shall be retained for a minimum period of five (5) years, in accordance with:
• FIL 2025
• AML/CFT/CPF laws
• Central Bank of Somalia directives.

9.2. Data may be retained for longer periods where required for:
• Ongoing investigations
• Legal proceedings
• Regulatory compliance.

9.3. Upon expiry of the retention period, data shall be securely deleted or anonymized, unless retention is otherwise required.

10. Data Security
10.1. Yiksi LTD implements appropriate technical, physical, and organizational measures to safeguard personal data, including:
• Encryption and secure communication protocols
• Role-based access controls and authentication systems
• Network monitoring and intrusion detection systems
• Regular security assessments and audits.

10.2. Access to personal data is restricted to authorized personnel on a need-to-know basis.

10.3. Users or Partners are responsible for maintaining the confidentiality of their login credentials and must notify Yiksi of any unauthorized access.

11. API and Third-Party Integrations
11.1. Where services are accessed through APIs or third-party platforms:
• The integrating party is responsible for lawful data collection and user consent
• The integrating party must implement appropriate security controls
• Data sharing is limited to what is necessary for service delivery.

11.2. Yiksi LTD may monitor API activity to ensure compliance with security and regulatory requirements.

11.3. Yiksi LTD shall not be responsible for data handling practices of third parties beyond its control.

12. User Rights
12.1. Subject to applicable law, Users may have the right to:
• Access their personal data
• Request correction of inaccurate or incomplete data
• Request deletion, where legally permissible
• Object to or restrict certain processing activities.

12.2. Requests may be declined where processing is required for legal or regulatory purposes, including AML/CFT obligations.

13. Cookies and Tracking Technologies
13.1. Yiksi LTD may use cookies and similar technologies to:
• Facilitate secure login sessions
• Improve platform functionality
• Analyze usage and performance.

13.2. Users may manage cookie preferences through browser settings, though disabling cookies may affect functionality.

14. Changes to this Privacy Policy
14.1. Yiksi LTD reserves the right to amend this Privacy Policy at any time to reflect changes in:
• Legal and regulatory requirements
• Business operations
• Technology or security practices.

14.2. Updated versions will be published on the Platform and shall take effect upon publication.

15. Contact Information
For privacy-related inquiries, data requests, or complaints:

Yiksi LTD
Email: info@yiksi.so
Website: https://yiksi.so/

Acknowledgment
By accessing or using the Services, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

Yiksi is licensed by the Central Bank of Somalia as a Remittance Service Provider and operates in full compliance with all applicable regulatory, compliance, and governance standards.