Privacy Policy
Last Updated: [November 21, 2025]
This Privacy Policy ("Policy") governs the collection, use, storage, disclosure, and protection of information about you ("User" or "you") when you access or use Cardnaira's official website ([Insert Official Website URL], the "Service") to sell gift cards. By using the Service, you acknowledge that you have read, understood, and agreed to the terms of this Policy, including the collection and use of your information as described herein. Cardnaira ("we", "us", or "our") is committed to complying with Nigerian Data Protection Act, Ghana Data Protection Act, and international data protection principles to safeguard your privacy.
We collect information necessary to provide and improve the Service, prevent fraud, and comply with legal obligations. The information collected includes:
Personal Identification Information: Full name, email address, phone number, residential address (city/state), and government-issued identification documents (e.g., national ID card, passport, driver’s license) required for KYC (Know Your Customer) verification.
Financial Information: Bank account details (account name, account number, bank name, branch location) for processing NGN (Nigerian Naira) or GHS (Ghanaian Cedi) payments and withdrawals. We do not store sensitive payment card data (e.g., credit/debit card numbers, CVV).
Gift Card Information: Gift card brand, card number, PIN code, denomination, expiration date (if applicable), and purchase receipt (if requested) to verify card validity and process transactions.
Usage and Technical Data: Automatically collected when you interact with the Service, including IP address, browser type and version, device model, operating system, internet service provider, access time, pages visited, transaction history, and interaction logs (e.g., buttons clicked, forms submitted).
Communication Data: Content of emails, SMS messages, or support tickets exchanged between you and our customer service team, used to resolve inquiries and improve service quality.
We use your information solely for legitimate business purposes, including:
Completing KYC verification to confirm your identity, comply with anti-money laundering (AML) regulations, and prevent fraudulent activities.
Processing gift card sales: verifying card legitimacy, confirming transaction details, and facilitating payments to your registered bank account.
Providing customer support: responding to your inquiries, resolving transaction disputes, and addressing service-related issues.
Improving the Service: analyzing usage patterns to optimize website functionality, enhance security measures, and develop user-centric features.
Sending important notifications: transaction confirmations, account updates, withdrawal status, policy changes, and fraud alerts via email or SMS.
Detecting and preventing fraud: identifying suspicious activities (e.g., multiple invalid card submissions, unusual login locations) to protect your account and our Service.
Complying with legal obligations: responding to court orders, government requests, or regulatory requirements.
We implement industry-leading security measures to safeguard your information from unauthorized access, disclosure, alteration, or destruction:
Data Encryption: All data transmitted between your device and our website is encrypted using SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocol. Sensitive data (e.g., bank account details, ID documents) is stored using AES-256 encryption.
Access Controls: Only authorized personnel (e.g., compliance team, customer support) with a legitimate business need have access to your sensitive information. All employees are required to sign confidentiality agreements and complete data security training.
Security Audits: Regularly conduct internal and third-party security audits, vulnerability assessments, and penetration testing to identify and address potential risks.
Fraud Prevention Systems: Deploy AI-powered fraud detection tools to monitor transactions and block suspicious activities in real time.
Data Minimization: Collect only information necessary for the stated purposes. Gift card PIN codes are irreversibly anonymized or deleted immediately after verification; other data is retained only for as long as required.
We do not sell, rent, or share your personal information with third parties for marketing purposes without your explicit consent. We may disclose your information in the following limited circumstances:
Trusted Service Providers: Share information with third-party vendors who assist us in operating the Service (e.g., payment processors, KYC verification providers, cloud storage services). These providers are contractually obligated to protect your data and only use it for the purposes we specify.
Legal Compliance: Disclose information if required by law, court order, government regulation, or to protect our legal rights, property, or safety, or the rights, property, or safety of others.
Business Transfers: In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity, subject to the terms of this Policy.
Fraud Prevention: Share information with law enforcement agencies or financial institutions to investigate or prevent fraudulent activities, identity theft, or other illegal acts.
Under applicable data protection laws, you have the following rights:
Right to Access: Request a copy of the personal information we hold about you.
Right to Correction: Request correction of inaccurate, incomplete, or outdated personal information.
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal information, subject to legal obligations (e.g., retaining transaction records for tax or regulatory purposes).
Right to Restriction of Processing: Request that we limit the processing of your information (e.g., if you dispute the accuracy of the data).
Right to Data Portability: Request a copy of your personal information in a structured, machine-readable format for transfer to another data controller.
Right to Opt-Out: Opt out of non-essential communications (e.g., marketing messages) by following the unsubscribe instructions in the messages or contacting our customer support.
To exercise these rights, please submit a written request to [Insert Email Address] with your full name, registered email, and proof of identity. We will respond to your request within 30 business days.
We retain your information for as long as necessary to:
Provide and maintain the Service.
Comply with legal, tax, or regulatory obligations (e.g., retaining transaction records for 7 years as required by Nigerian and Ghanaian financial regulations).
Resolve disputes and enforce our agreements.
After the retention period, we securely delete or anonymize your personal information to ensure it can no longer identify you. Anonymized data may be used for analytical purposes without restriction.
After verifying the validity of your gift card, we encrypt and store the card number for transaction record-keeping (in compliance with regulatory requirements).
The gift card PIN code is irreversibly anonymized or deleted immediately after verification to prevent unauthorized use.
We do not share gift card details with third parties except as required to verify card validity with the gift card issuer (with your implicit consent).
Our website may contain links to third-party websites (e.g., gift card brand official sites, bank portals). This Policy does not apply to third-party websites, and we are not responsible for their privacy practices or content. We encourage you to review the privacy policies of any third-party sites you visit.
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will promptly delete the data and terminate the account. Parents or guardians who believe their child has provided information to us may contact [Insert Email Address] to request deletion.
Cardnaira's services are only provided through our official website ([Insert Official Website URL]). We do not offer any services or conduct transactions through social media platforms, instant messaging apps, or third-party websites. Please beware of counterfeit channels to avoid fraud or information theft.
We may update this Policy from time to time to reflect changes in legal requirements, service features, or business practices. We will notify you of material changes by:
Posting the updated Policy on our website with a new "Last Updated" date.
Sending a notification to your registered email or SMS.
Your continued use of the Service after the update constitutes acceptance of the revised Policy. We recommend reviewing this Policy periodically.
If you have any questions, concerns, or requests regarding this Policy or the handling of your personal information, please contact us at:
Email: [Insert Email Address]
Phone: [Insert Phone Number]
Mailing Address: [Insert Physical Address]
