Privacy Policy

Scope & Controller

This Policy explains what personal data we collect, why, how we share it, and your rights. The Company is the data controller for the Services.
Contact: hello@usefinstack.co.

Data We Collect (Categories)

• Identity & onboarding: name, date of birth, government ID, BVN.
• Contact: email, phone, postal address.
• Financial & transactional: bank details, payment records, transaction history.
• Technical & usage: IP, device, browser, logs, cookies, analytics.
• Support & communications: messages, dispute information.
• Optional profiling data: risk scores, fraud flags, preferences (where you consent).

How We Collect

Directly from you (forms, uploads, KYC screens), from partners (payment/KYC providers, banks), and automatically (cookies, logs).

Why We Process (Purposes & Lawful Bases)

• Provide the Services, manage accounts and process transactions — contractual necessity.
• Verify identity and comply with KYC/AML — legal obligation.
• Detect and prevent fraud, secure the platform — legitimate interests.
• Marketing (news, offers) — consent; you may opt out anytime.

KYC / BVN Specifics

We collect BVN and identity documents only when needed for financial onboarding. We retain KYC records as required by law and to meet regulatory requests.

Sharing & Subprocessors

We share data with service providers (payment processors, cloud hosts, KYC vendors), banks, and when required by law. We require subprocessors to meet our security and confidentiality standards. A current list of major subprocessors is available on request via hello@usefinstack.co.

International Transfers

Data may be processed outside the country where you live. We use contractual safeguards and technical protections to keep data secure during transfers.

Data Retention (Practical Buckets)

• KYC & transaction records: retained for regulatory period (recommendation: 7 years from account closure) or as required by law.
• Account & transactional data: retained while account is active + reasonable period for disputes/compliance.
• Marketing data: retained until you opt out.

(These are operational rules — confirm exact retention periods with counsel; we’ll apply the minimum required by law.)

Automated Decisions & Profiling

We may use automated models for fraud detection and risk scoring. Those decisions help secure accounts and reduce abuse. If a decision materially affects you and you request review, we’ll provide human review where required by law.

Your Rights & How to Exercise Them

You may request access, correction, deletion, restriction, or portability of your data, and withdraw consent. To make a request email hello@usefinstack.co. We will verify identity before fulfilling requests. We aim to respond to verifiable requests within 30 days; complex requests may require additional time and lawful limits may apply.

Security & Breach Handling

We apply administrative, technical and physical safeguards. If a breach triggers notification obligations under applicable law, we will notify affected users and relevant authorities without undue delay.

Cookies & Tracking

We use essential cookies for platform function and optional cookies for analytics and marketing. Marketing cookies require your consent; you may change cookie settings in the app or your browser.

Children

We do not knowingly process personal data of children under 13. If we become aware we will remove it.

Changes to this Policy

We may update this Policy. Material changes will be communicated via email or in-product. Continued use after notice means you accept the updated Policy.