Privacy Policy

Definitions

For the purposes of this Privacy Policy, the following definitions apply: • "Personal Data" means any information relating to an identified or identifiable individual, as defined under the NDPR 2019. • "Behavioural Data" means financial activity data including payment patterns, account activity, wallet behaviour, and other observable financial behaviours. • "Processing" means any operation performed on personal data, including collection, storage, use, and disclosure. • "Data Controller" means CreditVeto Africa, which determines the purposes and means of processing your personal data. • "Third Party" means any individual or organisation other than you and CreditVeto Africa. • "Consent" means a freely given, specific, informed, and unambiguous indication of your agreement to the processing of your personal data. • "Onboarding" means the account registration and setup process through which you provide consent and activate your Credit Veto profile.

Data We Collect

To deliver our services, CreditVeto Africa collects, stores, and processes the following categories of data:

Personal Identification Information

• Full name, phone number, and email address • Government-issued identification: BVN, NIN, and liveness verification

Your BVN and NIN are collected solely to verify your identity during onboarding. This data will not be shared with any third party beyond what is strictly necessary for identity verification, and will not be used as an input into your Veto Score calculation.

Financial Behaviour Data

• Bill payment history (electricity, internet, water, cable, and similar recurring payments) • Rent payment activity and frequency • Airtime and mobile data purchase patterns • Digital wallet transactions, including inflows and outflows • Linked account transaction history (where applicable and with explicit consent) • Savings activity, voluntary top-ups, and financial consistency indicators

Device & Technical Data

• Device identifiers and IP addresses • Location data (where permitted by your device settings) • Fraud detection and security signals, including device stability and unusual activity patterns

How We Use Your Data

CreditVeto Africa uses collected data to: • Generate your Veto Score and Credit Visibility Report • Provide personalised financial insights and recommendations • Improve our behavioural scoring models and platform performance • Detect and prevent fraudulent or suspicious activity • Conduct internal research and service optimisation using aggregated or anonymised data We will not use your data for any purpose not described in this policy without first obtaining your separate, explicit consent.

Data Sharing — Third Parties & Service Providers

To operate the platform, we work with a limited number of third-party service providers for specific technical functions, including: • Cloud infrastructure and data hosting providers • Identity verification providers (for BVN, NIN, and liveness checks only) • Fraud detection and cybersecurity tools • Analytics and platform performance tools (using aggregated or anonymised data only) All service providers are contractually bound to handle your data securely and only for the specific purpose for which it was shared.

Data Security

CreditVeto Africa implements reasonable technical and organisational measures to protect your data, including: • Encrypted data transmission (TLS/SSL protocols) • Secure cloud infrastructure with access controls • Fraud monitoring and anomaly detection systems • Internal access restrictions limiting data access to authorised personnel only All personal data is processed in compliance with the Nigeria Data Protection Regulation (NDPR) 2019. By using this platform, you acknowledge that no digital system can guarantee absolute security and accept the residual risks associated with data transmission over the internet.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law or necessary for legal proceedings.

Changes to This Policy

CreditVeto Africa reserves the right to amend this Privacy Policy to reflect changes in our practices, legal requirements, or advancements in technology. We will notify you via the platform or by email at least 14 days before they take effect. Continued use of the platform constitutes acceptance of the revised policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at [email protected]. Thank you for entrusting us with your personal information. We are committed to protecting your privacy and providing you with exceptional service.