Welcome to Cashat

Privacy Policy

Privacy Policy for Cashat

Effective Date: August 09, 2025

This Privacy Policy (“Policy”) outlines how Cashat Technologies Limited (“Company,” “we,” “us,” or “our”), a company incorporated under the laws of the Federal Republic of Nigeria with its registered office in Lagos, Nigeria, collects, uses, processes, stores, shares, and protects your personal information when you access or use the Cashat app, website, USSD codes, WhatsApp bots, or any related services (collectively, the “Platform” or “Services”). This Policy applies to all users, including consumers, merchants, agents, herders, buyers, and stakeholders (e.g., market heads, vets, government agencies), across Africa and globally where Services are offered. By using the Platform, you consent to the practices described herein. If you do not agree, please refrain from using the Services.

Cashat operates as a pan-African fintech super-app, unifying financial services like P2P transfers, remittances, QR payments, and livestock trading modules. We are committed to complying with applicable data protection laws, including Nigeria’s Nigerian Data Protection Regulation (NDPR), the General Data Protection Regulation (GDPR) for European users, South Africa’s Protection of Personal Information Act (POPIA), Kenya’s Data Protection Act, and international standards like the Financial Action Task Force (FATF) guidelines for anti-money laundering (AML). We may update this Policy to reflect changes in laws or operations, with notice provided via the Platform or email. Continued use after updates constitutes acceptance.

  1. Introduction and Scope

This Policy governs the processing of personal data collected through the Platform, including during account creation, transactions, KYC verification, and livestock module interactions (e.g., listings, escrow payments). It applies to all data subjects interacting with Cashat, regardless of jurisdiction, and is supplemented by local laws where Services are offered.

  1. Definitions
  • Personal Data: Any information relating to an identified or identifiable individual (e.g., name, phone number, ID, transaction history).
  • Processing: Any operation on personal data (e.g., collection, storage, use, sharing).
  • User: Any individual or entity using the Services (e.g., herders, buyers, merchants, agents).
  • Stakeholders: Includes market heads, vets, transporters, government agencies, and cooperatives involved in livestock trades.
  • KYC: Know Your Customer verification data (e.g., ID, address).
  • Cookies: Small files stored on your device for functionality and analytics.
  1. Data We Collect

We collect the following data to provide and improve the Services:

  • Registration Data: Phone number, email, name, date of birth, gender (for KYC compliance).
  • KYC Data: Government-issued ID (e.g., passport, driver’s license), proof of address, business documents for merchants/agents.
  • Transaction Data: Payment details, livestock listings (e.g., photos, weights, vet certs), escrow records, fee payments.
  • Device Data: IP address, device type, OS, browser, geolocation (for fraud detection).
  • Usage Data: Login times, menu selections, transaction history, app interactions.
  • Optional Data: Photos, voice recordings (USSD voice prompts), marketing preferences.
  • Third-Party Data: From partners (e.g., banks for remittances, L-PRES for livestock data).

Data is collected via app forms, USSD inputs, WhatsApp messages, website interactions, and agent transactions. Cookies and analytics tools (e.g., Google Analytics) may track usage.

  1. How We Use Your Data

We process your data for the following purposes:

  • Service Delivery: Enable P2P transfers, remittances, QR payments, livestock trades, and merchant services.
  • KYC/AML Compliance: Verify identity per CBN, FATF, and local laws (e.g., NDPR, GDPR).
  • Fraud Prevention: Detect and prevent illegal activities using transaction analysis and geolocation.
  • Personalization: Tailor offers (e.g., rewards, livestock add-ons) and multi-language support (Hausa, Yoruba, English).
  • Improvement: Analyze usage for product enhancements (e.g., USSD voice prompts).
  • Marketing: Send promotional content (opt-in only, opt-out via settings).
  • Legal Obligations: Share with regulators (e.g., tax authorities) or respond to lawful requests.

Data processing is based on consent, contract performance (e.g., transactions), legal obligations, or legitimate interests (e.g., fraud prevention), as defined under applicable laws.

  1. Legal Basis for Processing
  • Consent: For marketing and optional data (e.g., photos), revocable via settings.
  • Contract: To fulfill Services (e.g., escrow payments).
  • Legal Obligation: Compliance with AML, KYC, and tax laws (e.g., FATF, CBN).
  • Legitimate Interest: Fraud detection, platform security, and business operations.
  1. Data Sharing and Transfers

We may share your data with:

  • Service Providers: Banks, payment processors (e.g., Flutterwave), L-PRES for livestock reporting, and tech partners for analytics.
  • Agents: For cash-in/out or livestock mediation (bound by confidentiality).
  • Regulators: Government agencies for tax, AML, or export compliance (e.g., Nigerian Customs Service).
  • Law Enforcement: Under lawful orders (e.g., court subpoenas).
  • Business Transfers: In mergers/acquisitions, with notice.

International Transfers: Data may be transferred to countries outside your jurisdiction (e.g., EU for processing, US for cloud storage). We use standard contractual clauses (SCCs) under GDPR, NDPR cross-border guidelines, and equivalent safeguards (e.g., POPIA). Users in restricted jurisdictions (e.g., under UN sanctions) are excluded.

  1. Data Security

We implement:

  • Encryption (AES-256) for data at rest and transit.
  • 2FA, biometric/PIN authentication, reCAPTCHA for access.
  • Regular security audits and penetration testing.
  • Data retention: 5 years post-account closure (per AML laws), then anonymized unless legally required.

Despite measures, no system is fully secure. We are not liable for breaches due to user negligence (e.g., weak passwords).

  1. Your Rights and Choices

Under applicable laws (e.g., GDPR, NDPR), you have rights:

  • Access: Request your data (within 30 days).
  • Rectification: Correct inaccurate data.
  • Erasure: Delete data (subject to legal holds).
  • Restriction: Limit processing (e.g., marketing).
  • Portability: Receive data in structured format.
  • Objection: Opt-out of non-essential processing.
  • Complaints: Contact local data authorities (e.g., Nigeria Data Protection Commission).

To exercise rights, email legal@cashat.africa with ID verification. Opt-out of marketing via app settings.

  1. Children’s Privacy

Services are not for users under 18. We do not knowingly collect children’s data; if detected, we delete it and notify parents.

  1. Third-Party Links and Services

The Platform may link to third-party sites (e.g., payment gateways). We are not responsible for their privacy practices; review their policies.

  1. Retention and Deletion

Data retained for 5 years post-account closure or as required by law (e.g., AML retention under FATF). Deletion requests processed within 30 days, subject to legal holds.

  1. Changes to This Policy

Updates posted in-app with the effective date. Significant changes (e.g., new data uses) trigger email/SMS notifications. Continued use equals consent.

  1. Contact Us

For privacy inquiries: