Privacy Policy

CreedPay is a crypto financial services platform built for Nigerians. We enable seamless conversion of digital assets such as USDT and USDC to Nigerian Naira, cross-chain token swaps, peer-to-peer wallet transfers, and bank-linked payment services. Our platform is designed to prioritise user autonomy, which is why many core features are available without requiring an account or identity verification.

This Privacy Policy explains what information we collect, why we collect it, how we use it, and the choices you have regarding your data. By using CreedPay, you agree to the practices described in this document.

We distinguish between two categories of users: Guest Users who use our anonymous offramp and swap features without an account, and Registered Users who create an account and may optionally complete identity verification for higher transaction limits. Different data practices apply to each category.

The data we collect depends entirely on how you interact with CreedPay. We follow a minimum-collection principle: we only gather what is necessary to provide the service you have requested.

When you use anonymous features

For our anonymous Crypto to Naira offramp and Swap and Bridge features, we collect only the information necessary to process your transaction: your Nigerian bank account number and bank name, the blockchain network and wallet address you send funds from, the transaction hash and on-chain confirmation data, and the amount and token type you convert. We do not ask for your name, email address, phone number, or any form of government-issued identification.

When you create an account

Registered users provide an email address and password during sign-up. Your email is used for account security, transaction notifications, and platform communications. We never sell or rent your email address to third parties.

When you complete KYC verification

Users who elect to complete identity verification to unlock higher transaction limits provide a government-issued photo ID such as a National Identification Number card, international passport, or driver's licence, a selfie or liveness check photograph, and basic personal details including your legal name and date of birth. KYC data is processed by our regulated identity verification partner and retained in accordance with applicable Nigerian financial regulations.

Technical data collected automatically

When you visit CreedPay, our servers automatically receive standard technical data including your IP address, browser type and version, device type, operating system, pages visited, and the time and duration of your visit. This data is used to maintain platform security, detect fraud, and improve performance. It is not linked to your identity for anonymous users.

We use the information we collect for specific, legitimate purposes. We do not use your data for advertising, behavioural profiling, or any purpose unrelated to delivering the CreedPay service.

Transaction processing

Bank account details you provide are used solely to execute the Naira disbursement for your specific transaction. We do not store your bank details after a transaction is completed unless you are a registered user who has saved a bank account to your profile.

Account management

For registered users, we use your email address to authenticate your identity, send transaction receipts and alerts, notify you of important platform changes, and respond to support requests. You may opt out of non-essential communications at any time from your account settings.

Security and fraud prevention

We analyse technical data and transaction patterns to detect suspicious activity, prevent fraudulent transactions, and protect the integrity of the platform. This is a legitimate interest that enables us to keep CreedPay safe for all users.

Regulatory compliance

Where required by Nigerian law and financial regulations, we may be obligated to retain certain transaction records and verify user identities. We fulfil these obligations while minimising the scope of data retained.

Platform improvement

Aggregated, anonymised usage data helps us understand how people interact with CreedPay so we can improve features, fix issues, and develop new services. This data cannot be used to identify individual users.

We do not sell, rent, or trade your personal information. We share data only in the limited circumstances described below.

Banking and payment partners

To process Naira disbursements to your bank account, we transmit your bank account number and the transaction amount to our licensed banking and payment processing partners. These partners are bound by strict data protection and financial services regulations.

Identity verification partner

KYC data, including your ID document and selfie, is processed by our identity verification service provider. This provider operates under a data processing agreement with CreedPay and may not use your data for any purpose other than identity verification on our behalf.

Blockchain infrastructure

Blockchain transactions are inherently public. When you send cryptocurrency to a CreedPay deposit address, your sending wallet address and the transaction details are permanently recorded on the public blockchain ledger. This is an intrinsic property of blockchain technology and is not within our control.

Law enforcement and legal obligations

We may disclose your information if required to do so by a valid court order, regulatory authority, or applicable law. We will notify you of such requests to the extent permitted by law.

Business transfers

In the event of a merger, acquisition, or sale of CreedPay assets, your data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

We retain your data only for as long as necessary to fulfil the purposes for which it was collected, subject to legal and regulatory requirements.

Transaction records for anonymous offramp transactions are retained for a limited period for fraud prevention and dispute resolution purposes. Bank account details provided for anonymous transactions are not stored beyond the transaction window unless you are a registered user who has explicitly saved a bank account.

For registered accounts, account data including your email address and transaction history is retained for the duration of your account and for a reasonable period thereafter to enable dispute resolution and comply with financial regulations.

KYC verification data is retained in accordance with the record-keeping requirements mandated by applicable Nigerian financial and anti-money laundering regulations, which may require retention for up to seven years from the date of the transaction or account closure.

You may request deletion of your account and associated personal data by contacting our support team. Note that certain data may be required to be retained by law regardless of your deletion request.

You have meaningful rights over your personal data. We are committed to honouring these rights promptly and transparently.

Right to access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used format within a reasonable timeframe.

Right to correction

If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it.

Right to deletion

You may request that we delete your personal data. We will fulfil this request where we are not required to retain the data by law. Deletion of your account will not erase blockchain transaction records, which are public and permanent by nature.

Right to data portability

Registered users may request an export of their transaction history and account data in a machine-readable format.

Right to object

You may object to certain uses of your data, including processing for marketing communications. Opting out of marketing emails can be done directly from any email we send you or through your account settings.

To exercise any of these rights, please contact us at privacy@creedpay.io.

Protecting your data is a core responsibility we take seriously. We employ industry-standard security measures to safeguard the information we collect.

All data transmitted between your browser and CreedPay is encrypted using TLS. Sensitive data stored on our systems is encrypted at rest. Access to personal data is restricted to authorised personnel who require it to perform their duties, and all access is logged and audited.

Our infrastructure undergoes regular security assessments. We maintain incident response procedures to detect, contain, and remediate security breaches promptly. In the event of a breach that may affect your data, we will notify you and relevant regulatory authorities as required by law.

While we take every reasonable precaution, no internet-based service can guarantee absolute security. We encourage you to use a strong, unique password for your CreedPay account and to enable any two-factor authentication options we make available.

CreedPay uses cookies and similar technologies to operate our platform, maintain your session when you are logged in, and understand how our service is used.

We use essential cookies that are necessary for the platform to function. These include session cookies that keep you logged in during your visit and security cookies that help protect against cross-site request forgery attacks. These cookies cannot be disabled without impairing platform functionality.

We use analytics cookies to understand aggregate usage patterns such as which features are most popular and where users encounter friction. This data is anonymised and used solely to improve the platform. You may opt out of analytics tracking in your browser settings.

We do not use advertising or tracking cookies. We do not allow third-party advertisers to place cookies on our platform.

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable legal requirements. When we make material changes, we will notify registered users by email and will update the effective date at the top of this page.

We encourage you to review this policy periodically. Your continued use of CreedPay after a policy update constitutes your acceptance of the revised terms.

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@creedpay.io.