CardPaix User App
Privacy Policy
Your privacy and security matter to us
Effective Date: November 17, 2025 | Last Updated: November 17, 2025
Introduction
Welcome to CardPaix User App ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application (the "App").
By using CardPaix, you agree to the collection and use of information in accordance with this policy.
1.Information We Collect
1.1 Personal Information You Provide
Account Information
- Email Address: For registration, login, and notifications
- Username: Displayed in your profile
- Password: Encrypted for account security (not stored in plain text)
Financial Information
- Bank Account Details: Bank name, code, account number, holder name
- Wallet Information: Wallet ID and transaction history
- Transaction Data: Amounts, types, timestamps, and status
Purpose: To enable withdrawals, process transactions, and provide financial services.
1.2 Information Automatically Collected
📍 Location Data
Approximate Location: Country, city, and GPS coordinates
Purpose: Security verification, fraud prevention, and regulatory compliance
⚠️ Note: Location is only collected during login/verification, not continuously tracked.
📱 Device Information
- Device ID: Unique identifier (Android ID or generated ID)
- Device Attributes: Model, OS version, app version
- Platform: Android or Web
Purpose: Device recognition, session management, multi-device support, security
📊 App Usage Data
- Performance metrics (startup time, API response)
- Crash reports (error logs, stack traces)
✅ Status: Firebase Analytics and Crashlytics are now active.
1.3 App Permissions
🌐 Network
- • Internet access (API communication)
- • Network state (connectivity check)
📷 Camera & Storage
- • Camera (profile pictures, documents)
- • Photo library (image selection)
- • Media storage (Android 13+)
Note: Permissions are only requested when you use features that require them.
1.4 Communication Data
Customer Support Messages: Chat messages, images, and files sent to our support team
Purpose: To provide customer support and resolve your issues.
2.How We Use Your Information
✅ Service Delivery
- • Account management
- • Process transactions
- • Verify bank accounts
- • Send notifications
🔒 Security & Fraud
- • Detect fraud
- • Verify login attempts
- • AML compliance
- • KYC requirements
💬 Customer Support
- • Respond to inquiries
- • Troubleshoot issues
- • Provide assistance
📈 App Improvement
- • Analyze performance
- • Fix bugs
- • Develop new features
⚖️ Legal Compliance
- ✅ Nigeria Data Protection Regulation (NDPR)
- ✅ Central Bank of Nigeria (CBN) digital payment requirements
- ✅ Anti-Money Laundering (AML) regulations
3.How We Share Your Information
❌We DO NOT Sell Your Data
We never sell your personal information to third parties for marketing purposes.
Service Providers We Work With
🏦 Banking Verification Services
Purpose: To verify your bank account details
Data Shared: Account number, bank code, account holder name
☁️ Firebase (Google)
- • Crashlytics: Anonymous crash reports
- • Performance Monitoring: App metrics
- • Data Shared: Device info, app version, crash logs (no personal IDs)
✅ Status: Active and monitoring app performance
Legal Requirements
We may disclose your information if required by law or to:
- Comply with legal processes (court orders, subpoenas)
- Respond to government authorities
- Protect our rights, property, or safety
- Prevent fraud or illegal activities
4.How We Protect Your Information
Encryption in Transit
All data transmitted over HTTPS/TLS
Encryption at Rest
Sensitive data encrypted in our database
Secure Storage
Flutter secure storage for local data
Additional Security Measures
- Limited employee access to personal data
- Regular security audits and updates
- Secure backend infrastructure
- Monitoring for suspicious activities
- Automatic token refresh to minimize exposure
Your Responsibilities
- ✓ Choose a strong, unique password
- ✓ Keep your login credentials confidential
- ✓ Log out from shared devices
- ✓ Report suspicious activity to: support@cardpaix.com
5.Your Rights and Choices
👀 Access & Update
- • View your profile and account info
- • Edit username and profile details
- • View transaction history
🗑️ Data Deletion
- • Remove bank accounts
- • Clear chat history
- • Delete account (contact support)
🔐 Permission Control
- • Revoke camera/storage in settings
- • Location only on login
📧 Marketing
- • Opt-out of promotional emails
- • Still receive transaction emails
Note: Account deletion permanently removes all data. Some information may be retained for legal compliance.
6.Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Until account deletion | Service provision |
| Transaction Records | 7 years | Legal/tax compliance |
| Chat Messages | 2 years or until deleted | Customer support |
| Device Information | While account active | Security & fraud prevention |
| Crash Logs | 90 days | App improvement |
7.Children's Privacy
CardPaix is not intended for users under 18 years old. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us at support@cardpaix.com, and we will delete it immediately.
8.International Data Transfers
Primary Storage: Nigeria-based servers
If your data is transferred outside Nigeria, we ensure:
- Adequate data protection measures
- Compliance with NDPR (Nigeria Data Protection Regulation)
- Standard contractual clauses with service providers
9.Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you by:
Email notification
In-app notification
Updated date on this page
Your continued use of the App after changes constitutes acceptance of the updated policy.
10.Nigeria-Specific Compliance
NDPR Compliance
CardPaix complies with the Nigeria Data Protection Regulation (NDPR) 2019:
- Lawful basis for data processing
- Data minimization (collect only what's necessary)
- User consent and transparency
- Right to access, rectify, and delete data
- Data breach notification procedures
Financial Regulations
- Central Bank of Nigeria (CBN) digital payment guidelines
- Anti-Money Laundering (AML) compliance
- Know Your Customer (KYC) procedures for large transactions
11.Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your data:
CardPaix Support
📱 Phone
+852 6231 0480🌐 Website
https://cardpaix.com⏱️ Response Time
Within 7 business days
Glossary
NDPR
Nigeria Data Protection Regulation 2019
CBN
Central Bank of Nigeria
KYC
Know Your Customer - identity verification process
AML
Anti-Money Laundering regulations
Your Trust is Important to Us
At CardPaix, we are committed to maintaining the highest standards of data protection and privacy. We continuously review and improve our practices to ensure your information remains secure and your privacy is respected.
Have Questions About Our Privacy Policy?
Our team is here to help. Contact us anytime for clarification or to exercise your privacy rights.