Skip to content
MehaleqMehaleq

Privacy Policy

Last updated: June 2026

1. Introduction

This Privacy Policy explains how Mehaleq (“Mehaleq”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal information when you use the Mehaleq platform (the “Service”). Because Mehaleq is a custodial financial service, some data collection is required by law and is necessary to provide the Service. By using Mehaleq you agree to this Policy.

2. Information we collect

We collect the following categories of information:

  • Account data: name, email address, username, password (stored only as a secure hash), and authentication data such as two-factor and passkey credentials.
  • Identity verification (KYC) data: your national ID document, a selfie, and related details you submit to verify your identity. These documents are uploaded directly from your browser to our storage provider.
  • Transaction data: deposits, withdrawals, trades, offers, balances, on-chain addresses and transaction hashes, and ETB payment details exchanged during a trade.
  • Support and communications: messages you send to support, in-trade chat, dispute submissions, and reports.
  • Device and usage data: IP address, device and browser information, session and security logs, and similar technical data used to operate and secure the Service.

We do not collect or store the private keys to any external wallet you control.

3. How we use your information

We use your information to:

  • provide, operate, and maintain the Service and your account;
  • verify your identity and process deposits, trades, and withdrawals;
  • prevent, detect, and investigate fraud, abuse, and security incidents;
  • meet our legal, regulatory, AML, counter-terrorist-financing, and sanctions-screening obligations;
  • communicate with you, including service, security, and support messages; and
  • improve the reliability and safety of the Service.

4. Legal bases for processing

We process personal data where it is necessary to perform our contract with you (providing the Service), to comply with legal obligations (such as KYC/AML requirements), to pursue our legitimate interests in operating a secure platform and preventing fraud, and, where applicable, with your consent. Where we rely on consent, you may withdraw it at any time.

5. How we share information

We share personal information only as needed, including with:

  • Service providers who help us run the Service (for example, identity and document storage, hosting, authentication, communications, and error monitoring), under contractual confidentiality and security obligations;
  • Competent authorities and regulators where required by law, court order, or a valid legal request; and
  • Other parties where necessary to protect the rights, safety, and property of Mehaleq, our users, or the public, or in connection with a business transfer.

We do not sell your personal data.

6. Blockchain transactions are public

Deposits and withdrawals are recorded on public blockchains. Wallet addresses, amounts, and transaction details on-chain are publicly visible and outside Mehaleq’s control, and cannot be deleted or altered. Be mindful of this before sharing addresses or transaction identifiers.

7. Storage, security & retention

We apply technical and organizational measures to protect your data, including encryption in transit, restricted and audited access to identity documents, and secure session handling. No system is perfectly secure, but we work to limit the personal data we hold and to protect what we keep.

We retain personal information for as long as your account is active and thereafter for the period required to meet our legal, regulatory, accounting, and dispute-resolution obligations (including mandatory AML record-keeping), after which we delete or anonymize it.

8. Your rights and choices

Subject to applicable law, you may request access to, correction of, or deletion of your personal data, and may object to or request restriction of certain processing. Some data — particularly KYC/AML and transaction records — must be retained to meet legal obligations, so we may be unable to delete it on request. To exercise a right, contact us using the details below.

9. Cookies and sessions

We use strictly necessary cookies to keep you signed in and to secure your session. These are required for the Service to function and are not used for advertising.

10. International data transfers

Some of our service providers may process data outside Ethiopia. Where we transfer personal data internationally, we take steps to ensure it remains protected in line with this Policy and applicable law.

11. Children

The Service is not directed to anyone under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us data, contact us so we can remove it.

12. Changes to this Policy

We may update this Policy from time to time. When we make material changes we will update the “Last updated” date and, where appropriate, notify you. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

13. Contact

Privacy questions or data requests? Email privacy@mehaleq.com.