Kudo Trust Ltd

Privacy Policy

Introduction

About this Policy Welcome to Cashnow, where safeguarding the privacy of our Data Subjects' personal information is our top priority. This Privacy Policy describes our approach to collecting, utilizing, and disclosing your information when you engage with our services in accordance with the requirements of the Nigeria Data Protection Act (NDPA) 2023 and the Nigeria Data Protection Regulation (NDPR) 2019. It outlines your privacy rights and underscores the legal protections in place. If you do not agree with our policies and practices, you reserve the right to abstain from using our Service. Please note that this policy is subject to periodic updates (Refer to Section 12 on ‘Changes to this Privacy Policy’).

This privacy policy is between Cashnow and You. This constitutes our commitment to your privacy on all our Services. By accessing or using our Services, downloading the App, and providing your Personal Information to us, you expressly CONSENT to our collection, use, storage, and disclosure of such information as described in this Privacy Policy. Please, you are strongly advised to read the following Terms carefully.

However, if you opt-in or change your mind, you may withdraw your consent for the continued collection and use of information in accordance with this policy at any time by contacting us.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

‘Account’ means a unique account created for You to access our Service or parts of our Service

‘Application’ means the software program provided by the Company downloaded by You on any electronic device, named Cashnow.

‘Country’ refers to: Nigeria

‘Device’ means any device that can access the Service such as a computer, a cell phone or a digital tablet.

‘Personal Data’ is any information that relates to an identified or identifiable individual.

‘Service’ refers to the Application or the Website or both.

‘Usage Data’ refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

‘You’ means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data.

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally, identifiable information may include, but is not limited to:

Email address, First name, Last name, Phone number, Address, State, City, Bank Verification Number (BVN), Date of Birth, Gender, Marital status, emergency contacts including contacts phone number and contacts name, financial data, credit information, approximate location, device information, first language, age, educational level by granting permissions to the application

We may request access to your: Camera to enable us to capture your image to verify your identity. Emergency Contact to enable you to impute the information of your guarantor or next of kin. WE DO NOT HAVE ACCESS TO COLLECT, DOWNLOAD OR STORE THE INFORMATION OF YOUR PHONE CONTACT LIST AND WE WILL NEVER COMMUNICATE WITH ANY PERSON FROM YOUR CONTACT LIST. Our application simply gives you the option to select a contact and upload the information on your account profile for the aforementioned purposes. You hereby confirm that you have sought approval from the named person with regard to processing their data (name and contact details) and that they are willing to act as a guarantor for the loan facility or as your next of kin. You can enable or disable access to the information at any time through Your Device settings. We ensure transparency in our practices by informing users about the data we collect, the reasons for its collection, and how it will be used.

This data collection is conducted in strict compliance with the Nigeria Data Protection Act (NDPA) Nigeria Data Protection Regulation (NDPR) and the General Data Protection Regulation (GDPR) where applicable. Explicit consent is obtained from users before any information is collected while using the Application. We also conduct regular reviews and updates of our privacy practices to ensure ongoing compliance and the protection of your data.

The permission we need you provide

LOCATION

Permission Purpose:

We will collect your geographic location information and your IP address.

Data Usage.

Credit assessment: to assess the user’s credit rating in order to provide appropriate credit lines and loan services.
Compliance: we can only provide loan service in Nigeria

Data Security.

We encrypt Users’ location data using the HTTPS protocol and transmit it to our servers (https://console.minicloud-ng.com/) We do not share the data we collect with third parties without the user’s permission.

Personal Information

We collect personal information from our users including name, age, gender, telephone number, email address, date of birth, income, Bank Verification Number (BVN). We collect your personal information in order to assess your credit rating, your identity verification and provide you with a line of credit.

Data Usage.

Credit assessment: to assess the user’s credit rating in order to provide appropriate credit lines and loan services.
Customer service: to respond to users’ requests, questions and feedback and to provide customer support services.
Service improvement: for internal data analysis and research to improve our services and products.
Statutory Obligations: To fulfil legal, regulatory and governmental requirements.

Data Security.

We encrypt Users’ personal information using the HTTPS protocol and transmit it to our servers (https://console.minicloud-ng.com/) We do not share the data we collect with third parties without the user’s permission.

Device info

Permission Purpose:

Cashnow collects information about the user’s device, such as hardware information including the device's operating system, Android version, IMEI number, IMSI number, serial number, screen size and other hardware information

Data Usage.

Credit assessment: to assess your credit rating in order to provide appropriate credit limits and loan services.
Service Improvement: for internal data analysis and research to improve our services and products.
Device Management: To ensure that the application works properly on your device and to optimise the user experience.
Security and Fraud Prevention: uniquely identify the device and ensure that unauthorized devices are not to act on your behalf to prevent frauds

Data Security.

We encrypt users’ device information using the HTTPS protocol and transmit it to our servers (https://console.minicloud-ng.com/) We do not share the data we collect with third parties without the user’s permission.

Emergency Contact

When using the Cashnow App service, we will ask users to provide emergency contacts information. Users can both pick contacts from the contact list or input the contact info as emergency contacts, including contact name, phone number and relationship with you.

Data Usage:

Emergency Notification: In the event of an emergency, we will use emergency contact information to notify your contacts to ensure your safety and prompt assistance.
Customer Support: In some cases, we may use emergency contact information to provide better customer support services.

Data Security:

We use the HTTPS protocol to encrypt Users’ emergency contact information and transmit it to our servers (https://console.minicloud-ng.com/). We do not share the data we collect with third parties without the user’s permission.

Camera

Permission Purpose:

Cashnow use phone camera only for customer facial recognition. We will not access your phone album. The permission just allow customer take a selfie for facial recognize purpose

Data Usage:

Take a selfie for facial recognition purpose allow our system detect the fraud, we only open facial recognition to the customers who has detected with potential risk.

Data Security:

We will upload the collected data to the Cashnow server (https://console.minicloud-ng.com/) with high level protection. We will upload the customer’s selfie to trusted third-party for facial recognition.

APP LIST：

Permission Purpose:

We need to obtain your APP list permission. We will collect the APP list you have installed to identify whether you have Illegal application or Fraudulent application or unsafe software that is not officially certified by Google Data Usage:

To ensure you are using our App service under secure environment.
To detect any fraudulent Apps.

We will upload the collected data to the Cashnow server (https://console.minicloud-ng.com/) with high level protection.

SMS

Permission Purpose:

Cashnow collects the User’s SMS data to retrieve financial, transactional and fraudulent related data including the content of the SMS, the time the SMS was sent, and the mobile phone number to which the SMS was sent.

Data Usage:

We screen messages containing the user’s name, transaction description and transaction amount for user credit risk assessment.

In order to prevent users from using our services illegally, including fraud, money laundering and other illegal activities, we use SMS data as an important basis for making judgements about assessing a user’s fraud risk and financial situation. Cashnow will provide users with a dialog on whether to authorise the application to access the mobile phone’s SMS messages, and the user has the option of granting or denying permission. If the user refuses authorisation, this means that we do not have access to SMS messages and are unable to assess the user’s fraud risk and creditworthiness.

We do not monitor, read, store or share any personal SMS Log data of users.

Data Security:

We use the HTTPS protocol to encrypt and transmit Users’ SMS data to our servers (https://console.minicloud-ng.com/). We do not share the data we collect with third parties without the user’s permission.

Purpose of Collecting Personal Data

We will use your personal data for registration, loan approval, risk management, fraud prevention, debt collection, marketing, and other purposes in this Privacy Notice, to help us provide you with better services.

After creating your account, we may request additional personal data, such as your address, bank account information, income details, etc., for identity verification, loan disbursement, application compliance etc. Please ensure that the data you provide is accurate, complete or it will affect or reject your loan application.

During your use of our services, we may collect and process your personal data for the following purposes:

Registration and Account Management: We need your basic information to create and manage your account, enabling you to use the platform’s services smoothly.
Loan Approval and Disbursement: We will conduct credit assessments based on your personal and financial information to help us make reasonable loan decisions.
Risk Management and Fraud Prevention: We will analyze and monitor your behavior and transaction patterns to detect potential risks and fraudulent activities, protecting you and our platform.
Debt Collection and Debt Management: When necessary, we will use your contact information for debt collection to ensure your account is properly managed within the stipulated timeframe.
Marketing and User Communication: With your consent, we will send you marketing information related to products and services, including notifications about offers, events, or new features, to enhance your user experience.
Compliance and Legal Obligations: We will process personal data as required by laws and regulations to comply with anti-money laundering laws, data protection regulations, and other compliance requirements.

We will be adhering to the terms in this Privacy Notice and applicable legal regulations when processing and using personal data, ensuring that your personal data is effectively protected and that your privacy rights are respected during the processing.

Use of Personal Data

During your use of our services, we may manually or automatically process, use, and/or disclose your personal data for purposes that include:

Processing your loan applications and related transactions, including application approval, review, and fund disbursement.
Account management and maintenance.
Evaluating your creditworthiness using your personal and financial information to make lending decisions and manage risks.
Anti-fraud and device environment safety detect.
Processing your personal data in compliance with applicable laws, regulations, and regulatory requirements, such as tax reporting, anti-money laundering (AML), and counter-terrorism financing (CTF) regulations.
Providing necessary personal data to government authorities or judicial bodies to assist with investigations and legal proceedings.
Conducting internal audits and compliance activities to adhere to legal and regulatory standards.
Implementing data encryption and access control technologies to protect your personal data from unauthorized access and data breaches.
Monitoring system and network activity to detect and prevent fraudulent activities, ensuring the security of users and the platform.
Using real-time alert systems and risk analysis tools to detect abnormal user behavior and trigger appropriate protective actions.
Providing customized advertisements, promotional activities, and product recommendations to improve user experience and meet your preferences, with your consent.
In-app user behavior analyzing, improve user experience.
Providing data to attorneys and legal advisors to assist with legal matters and risk management when necessary.

Disclosure of Your Personal Data

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation Protect and defend the rights or property of the Company Prevent or investigate possible wrongdoing in connection with the Service Protect the personal safety of Users of the Service or the public Protect against legal liability

Security of Your Personal Data

At Cashnow, we prioritize your security and consistently work to protect your personal data from unauthorized or accidental access. Our dedication to data security is upheld through the implementation of suitable physical, technical, and organizational measures to safeguard your information. Our servers are protected behind firewall systems, encryption and access control to prevent unauthorized access. Only our authorized staff, agents, and contractors (who have agreed to keep information secure and confidential) have access to this information.

Please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Children’s Privacy

Our Service does not address anyone under the age of 18. We have implemented mechanisms to verify the age of our users to ensure compliance with applicable laws. Users may be required to provide their date of birth or a government-issued ID to confirm their eligibility to use our Service.

Your Rights

You have rights under data protection laws in relation to your personal data. These include rights to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party). You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios If you want us to establish the data’s accuracy Where our use of the data is unlawful but you do not want us to erase it Where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this action will not compromise the legality of any processing conducted prior to your consent. If you withdraw your consent, we may not be able to offer certain products or services. We will inform you if this situation arises at the time, you withdraw your consent.

If you wish to enforce any of the rights set out above, please contact us.

We endeavour to respond to all legitimate requests within one month. However, if your request is particularly complex or you have made several requests, it may take us longer than a month. In this case, we will notify you and keep you updated.

In addition to existing rights available under applicable law, you reserve the right to send a complaint to the Nigeria Data Protection Commission (NDPC) where there has been a violation of this Policy and/or your rights as a data subject at https://ndpc.gov.ng/contact/.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If you have any questions about this Privacy Policy, You can contact us:

By email: servicecashnow@gmail.com