1. Introduction and Purpose

Ognimohub MFS ("Ognimohub", "we", "our", or "us") operates as a licensed Mobile Finance Service provider and technology company offering MFS, IT Solutions, e-Learning, and Digital Marketing services through multiple digital platforms. We are firmly committed to upholding the privacy rights and data protection entitlements of all individuals who interact with our services.

This Data Deletion and Right to Erasure Policy ("Policy") is established in accordance with internationally recognized data protection frameworks, including the European Union General Data Protection Regulation (GDPR) — Article 17 Right to Erasure, the California Consumer Privacy Act (CCPA), and applicable local financial regulations governing the handling, retention, and secure disposal of personal and financial data.

This Policy governs the processes, timelines, exceptions, and user rights associated with the deletion of personal data collected and processed by Ognimohub. We recognize that the right to erasure is a fundamental data subject right, and we are committed to honoring it transparently, promptly, and in full compliance with our legal obligations.

2. Scope of This Policy

This Policy applies to all registered users, customers, and data subjects whose personal data is processed by Ognimohub across any of the following services and platforms:

• Ognimohub MFS — Mobile Finance Service platform (mobile and web applications)

• IT Solutions — enterprise and consumer technology service users

• e-Learning — learners, instructors, and administrators on Ognimohub educational platforms

• Digital Marketing — clients, campaign recipients, and associated contacts

• ognimohub.com — visitors and registered users of our corporate website

This Policy applies regardless of the channel through which personal data was collected, including mobile applications, web portals, API integrations, third-party referrals, or direct engagement with Ognimohub representatives.

3. Legal Basis and Regulatory Compliance

Ognimohub processes and deletes personal data in accordance with the following applicable legal frameworks and industry standards:

• General Data Protection Regulation (GDPR) — Articles 17, 18, 19, and 21 governing the right to erasure, restriction of processing, notification obligations, and the right to object.

• California Consumer Privacy Act (CCPA) / CPRA — granting California residents the right to request deletion of personal information.

• Central Bank and Financial Intelligence Unit (FIU) regulations governing the retention of financial records for anti-money laundering (AML) and counter-financing of terrorism (CFT) compliance.

• ISO/IEC 27001 — Information Security Management System standards for data handling and secure disposal.

• Payment Card Industry Data Security Standard (PCI DSS) — applicable to cardholder data processing and secure deletion.

• Electronic Communications and data privacy laws applicable in the jurisdictions in which Ognimohub operates.

Where a conflict exists between a user's deletion request and a mandatory legal retention obligation, the legal obligation shall take precedence. Users will be clearly informed of any such exceptions at the time of their request.

4. Categories of Personal Data Subject to Deletion

Upon a verified and approved deletion request, Ognimohub will permanently delete or irreversibly anonymize the following categories of personal data, subject to the retention exceptions detailed in Section 9:

4.1 Identity and Account Data

• Full name, username, and display name

• Email address and mobile phone number

• Date of birth and nationality

• Government-issued identification documents (National ID, Passport, Driver's Licence)

• Biometric and facial verification data submitted during KYC onboarding

• Account credentials, passwords, and authentication tokens

4.2 Financial and Transaction Data

• Wallet balances and account history

• Transaction records, payment receipts, and transfer logs (subject to regulatory retention requirements — see Section 9)

• Bank account details, mobile money numbers, and linked payment instruments

• Credit and risk assessment data

4.3 Device and Technical Data

• Device identifiers (IMEI, device ID, MAC address)

• IP addresses, operating system, and application version logs

• Session data, access logs, and authentication history

• Push notification tokens

4.4 Behavioural and Usage Data

• In-app navigation and feature usage analytics

• e-Learning progress, course completions, and assessment records

• Search history and in-platform interactions

4.5 Communication Data

• Support ticket history and customer service communications

• In-app chat and messaging history

• Email and notification correspondence

4.6 Marketing and Consent Data

• Marketing preferences and subscription opt-ins/opt-outs

• Survey responses and feedback submissions

• Referral and affiliate tracking data

5. How to Submit a Data Deletion Request

Ognimohub provides multiple accessible channels through which data subjects may submit a formal deletion request. All channels are monitored by our dedicated Data Protection team. The deletion request must be submitted by the account holder or an authorized representative.

5.1 In-App Account Deletion (Recommended)

The fastest and most direct method of initiating an account deletion is through our mobile app. This method triggers an automated deletion workflow and does not require manual review for standard accounts with no outstanding obligations.

1. Open the mobile app and log in to your account.

2. Navigate to Profile Settings from the main menu or account dashboard.

3. Scroll to the Account Management section and select Delete Account.

4. Review the deletion summary disclosures presented on screen.

5. Confirm your identity via OTP or biometric verification as prompted.

6. Submit the deletion request. You will receive an in-app confirmation and email acknowledgement immediately.

5.2 Deletion via External Channels

Where in-app deletion is not possible or preferred, users may submit a deletion request via any of the external channels listed in the table above. When contacting us, please include the following information to facilitate prompt processing:

• Full name as registered on the account

• Registered mobile number or email address

• A clear and explicit statement requesting account and data deletion

• The reason for deletion (optional, but helpful for service improvement)

• For MFS accounts: the last four digits of any linked financial instrument (for identity verification purposes only)

6. Identity Verification

To protect users from unauthorized deletion requests — which could constitute account fraud or identity theft — Ognimohub may require identity verification before processing any deletion request. The verification method applied will be proportionate to the sensitivity of the account and the data involved.

• Standard accounts: OTP verification to the registered mobile number or email address.

• MFS and financial accounts: Additional verification including answering security questions, submitting a government-issued ID, or completing a live selfie verification.

• Business and enterprise accounts: Verification via an authorized signatory, board resolution, or power of attorney.

If identity cannot be verified within 10 business days of a request being submitted, Ognimohub reserves the right to decline the deletion request and will notify the requestor accordingly. The requestor may resubmit with the correct verification documentation at any time.

7. Deletion Processing Timeline

Ognimohub is committed to processing all verified deletion requests within the timeframes outlined below, in compliance with GDPR Article 12(3) which mandates a response within one calendar month, extendable by a further two months where requests are complex or numerous.

If a deletion request cannot be completed within the standard 30-day window due to technical complexity, regulatory review, or incomplete verification, Ognimohub will notify the requesting party in writing within 30 days of the original request, providing an explanation and a revised completion date.

8. What Happens After Your Data is Deleted

This section provides a comprehensive and transparent account of the consequences, downstream effects, and processes that occur following a confirmed data deletion request. Ognimohub believes users deserve complete clarity on the lifecycle of their deletion request.

8.1 Immediate Effects Upon Confirmation

Once your deletion request is confirmed and identity verification is complete, the following actions are initiated immediately:

• Your account is deactivated and access is revoked across all Ognimohub platforms and applications.

• All active sessions, authentication tokens, and API access credentials associated with your account are invalidated.

• You will no longer be able to log in, recover, or reactivate the account.

• All marketing communications, promotional emails, and push notifications will cease immediately.

• Your profile will no longer be visible to other users or searchable within any Ognimohub platform.

8.2 Data Deletion from Primary Systems

Within 30 days of your confirmed deletion request:

• Personal profile data, account credentials, and identity documents are permanently deleted from Ognimohub's active production databases.

• Financial data not subject to mandatory regulatory retention is purged from transaction processing systems.

• Behavioural analytics, usage logs, and device identifiers are either deleted or irreversibly anonymised such that they can no longer be associated with your identity.

• All KYC documents and biometric data are securely destroyed in compliance with ISO 27001 data disposal standards.

• Third-party processors and sub-processors engaged by Ognimohub who hold your data are notified and instructed to delete your data within the same timeframe.

8.3 Purge from Backup and Archival Systems

Backup and disaster recovery systems are not updated in real-time. As a result, residual copies of your data may persist in encrypted backup storage for up to 90 days following the deletion of live data. During this period:

• Your data in backup systems is isolated and flagged for deletion at the next scheduled backup purge cycle.

• The data in backup systems will not be accessed, processed, or used for any purpose other than disaster recovery.

• Upon completion of the backup purge cycle, all residual copies will be permanently overwritten and irrecoverable.

8.4 Written Confirmation of Deletion

Upon completion of the deletion process, Ognimohub will issue a formal written Deletion Confirmation Notice to the email address or contact channel provided at the time of the request. This notice will confirm:

• The date on which the deletion request was received and verified.

• The categories of data that have been permanently deleted.

• Any categories of data that have been retained and the legal basis for such retention.

• The expected date of purge from backup systems (where applicable).

8.5 Third-Party and Integrated Services

Where your personal data has been shared with or processed by third-party service providers, partners, or integrated platforms in connection with Ognimohub's services, we will:

• Notify all relevant third-party data processors of your deletion request within 72 hours of confirmation.

• Require all processors to confirm deletion of your data within 30 days, in accordance with their data processing agreements with Ognimohub.

• Document third-party deletion confirmations as part of our internal compliance records.

Please note that Ognimohub cannot control the data retention practices of independent third-party services that you have independently authorized outside of the Ognimohub platform. If you connected your account to external services, you should also submit independent deletion requests to those providers.

8.6 Impact on e-Learning and Digital Marketing Services

• e-Learning: Course completion certificates and academic records associated with your profile will be permanently deleted. If you require a copy of your records prior to deletion, you must request them before submitting a deletion request.

• Digital Marketing: All subscriber lists, campaign contact records, and behavioral targeting profiles linked to your account will be removed from our marketing systems and any integrated marketing platforms.

8.7 Account Reactivation Is Not Possible

Once a deletion request has been fully processed and confirmed, the action is irreversible. Ognimohub does not maintain the ability to recover or reactivate a deleted account. Any historical records, transaction references, or preferences associated with the deleted account will be permanently lost. Should you wish to use Ognimohub services in the future, you will be required to register as an entirely new user and complete the full onboarding and KYC verification process again.

9. Mandatory Data Retention Exceptions

The right to erasure is not absolute. In accordance with applicable law and regulatory frameworks governing financial services providers, Ognimohub is legally required to retain certain categories of data for defined periods, irrespective of a user's deletion request. Such retained data will:

• Be securely stored in restricted-access systems with strict access controls.

• Not be used for any commercial, marketing, or operational purpose beyond the specific legal obligation.

• Be permanently deleted at the earliest permissible date following the expiry of the mandatory retention period.

The principal categories of data subject to mandatory retention include:

• Financial transaction records — retained for a minimum of 5 to 7 years as required by AML/CFT regulations and tax authorities.

• KYC and customer due diligence records — retained for a minimum of 5 years following the end of the business relationship, in compliance with financial intelligence and anti-money laundering regulations.

• Fraud investigation records — retained for the duration of any active fraud investigation and for a minimum period thereafter as directed by law enforcement or regulatory authorities.

• Legal and dispute records — data relevant to ongoing or reasonably foreseeable litigation, regulatory proceedings, or dispute resolution will be retained for the duration of such proceedings.

• Tax and audit records — financial data required for tax compliance and external audit purposes will be retained for the applicable statutory period.

Where mandatory retention applies, Ognimohub will clearly communicate this to the requesting party, specify the categories of data being retained, the legal basis for retention, and the expected retention period.

10. Your Additional Data Subject Rights

In addition to the right to deletion, data subjects whose data is processed by Ognimohub are entitled to the following rights under applicable data protection law:

• Right of Access — you may request a copy of all personal data we hold about you (Subject Access Request / SAR).

• Right to Rectification — you may request correction of inaccurate or incomplete personal data.

• Right to Restriction of Processing — you may request that we restrict the processing of your data in certain circumstances.

• Right to Data Portability — you may request that we provide your data in a structured, commonly used, and machine-readable format.

• Right to Object — you may object to the processing of your data for direct marketing, profiling, or legitimate interests purposes.

• Right to Withdraw Consent — where processing is based on your consent, you may withdraw it at any time.

• Right to Lodge a Complaint — you have the right to lodge a complaint with your national or regional Data Protection Authority (DPA) if you believe your rights have been infringed.

11. Data Protection Officer and Contact

Ognimohub has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and all applicable data protection regulations. If you have concerns regarding the processing or deletion of your personal data, you may contact our DPO directly through any of the following channels:

12. Data Security and Disposal Standards

All data deletion operations are carried out in accordance with recognized secure disposal standards. Ognimohub employs the following technical and organizational measures to ensure that deleted data is irrecoverable:

• Cryptographic erasure — encryption keys are permanently destroyed, rendering encrypted data unreadable.

• Overwriting — storage media containing personal data is overwritten using industry-standard methods (NIST 800-88, DoD 5220.22-M).

• Database purging — logical deletions are followed by scheduled physical purge operations to ensure data is fully removed from underlying database structures.

• Audit trails — all deletion operations are logged in immutable audit records for internal compliance and regulatory inspection purposes. Audit logs themselves do not contain the deleted personal data.

13. Policy Review and Updates

This Policy is reviewed at least annually and updated as necessary to reflect changes in applicable laws, regulatory requirements, or Ognimohub's data processing practices. The most current version of this Policy is always available at ognimohub.com.

Material changes to this Policy will be communicated to registered users via in-app notification, email, or prominent notice on our website prior to the changes taking effect. Continued use of Ognimohub's services following notification of changes constitutes acceptance of the revised Policy.

14. Governing Law and Dispute Resolution

This Policy is governed by the laws of the jurisdiction in which Ognimohub MFS is registered and operates, and shall be interpreted in conformity with applicable international data protection standards, including the GDPR where applicable by virtue of data subjects being located within the European Economic Area.

Any dispute arising from the application or interpretation of this Policy that cannot be resolved informally through our support channels shall be referred to the competent supervisory authority or court of jurisdiction.

Ognimohub MFS  |  Data Deletion & Right to Erasure Policy  |  Version 1.6  |  May 2026