Privacy Policy

Afupay Privacy Policy
This Privacy Policy (“Policy”) describes how Afupay.com (“Afupay,” “we,” “us,” or “our”) collects, processes, uses, shares, protects, and retains your personal data when you use our investment platform, website, mobile applications, APIs, communication channels, and related services (collectively, the “Services”). This Policy applies to users located in West Africa, including but not limited to Nigeria, Ghana, Côte d’Ivoire, Senegal, Benin, Togo, Burkina Faso, Guinea, and Mali, as well as any users anywhere else Afupay serves.
This Policy governs the following:
a. How we collect individual-level personal and financial information (“Personal Data”).
b. Why we process and use your Personal Data.
c. Legal bases for processing under applicable laws (e.g., NDPR, Ghana Data Protection Act, ECOWAS, GDPR).
d. How we share your data with partners or authorities.
e. Your rights and how to exercise them.
f. Our security and retention commitments.
g. How this Policy interacts with other Afupay policies (Terms, Cookie Policy, KYC, AML, Risk Disclosure).
By using Afupay, you accept the practices described in this Policy. If you do not agree with any aspect of this Policy, you must not use the Services or provide Personal Data to Afupay.
We rely on multiple lawful bases depending on the processing activity:
Consent – for marketing communications, promotional emails, cookies.
Performance of Contract – to open/manage accounts, process trades, and provide services.
Legal Obligation – for AML/KYC compliance, tax reporting, audit, fraud investigations.
Legitimate Interests – fraud prevention, product improvement, service optimization, direct marketing (with opt-out).
Vital Interests – rare cases like preventing imminent physical harm or crime detection/support.
Where special category data is involved (e.g., biometric ID), processing is strictly consented to by you and/or required by law.
We collect the following information, with details subject to regional legal requirements:
Identity & Verification Data
Full legal name
Date of birth
Gender (optional)
Nationality/citizenship
Government-issued ID images (passport, national ID, voter card)
Biometric data for verification (selfie photos)
Tax Identification Number (e.g., TIN, SSN)
Contact Data
Mailing address
Email address
Mobile phone number(s)
Emergency contact (voluntary)
 Financial Data
Bank account number and bank name
Credit/debit card data (via secure tokenized processors)
Transaction history
Investment balances and statements
Income proof (pay slips, payslips, tax returns)
Technical & Usage Data
IP address and geolocation data
Browser and operating system details
Device and mobile network information
Login/logout timestamps
Session activity logs
Cookies and tracking identifiers
Communications Data
Email and chat messages with support
Recordings of calls (with your consent)
Customer satisfaction survey responses
Other Data
Preferences (language, account notifications settings)
Risk appetite, investment goals
Referral information (who referred you, if applicable)

How We Collect Your Data !!!!!!!!!!!!
 Directly From You
Completing registration, KYC, or subscription forms
Fund deposits or withdrawals
Direct communication (email, chat, phone)
User-generated content like feedback, portfolio names, reviews
Automatically via Technology
Website/app analytics tools (internal or third-party)
Session recording (with your consent where required)
Cookies and pixels to track usage
From Third Parties
Identity verification providers
Credit bureaus and background screeners
Payment processors and partner financial institutions
Public databases or open data sources
Referrers (who may have introduced you)

Why We Use Your Data (Purposes)
We use your Personal Data for the following processing activities:
Account Creation & Management
To verify identity in compliance with AML/KYC laws
To set up and maintain your account
To manage user preferences and platform functionality
Transaction Services
To accept deposits and facilitate withdrawals securely
To execute investment orders
To facilitate account-to-account transfers
For reconciliation and auditing
Compliance & Fraud Prevention
To screen against sanction lists or watchlists
To conduct ongoing transaction monitoring
To support legal or regulatory investigations
To implement fraud scoring and risk modeling
Customer Care & Support
To handle inquiries, disputes, or complaints
To improve the quality of service
To record calls when permitted
Marketing & Communications
To inform you of new features, promotions, or policy updates
To deliver tailored content based on risk profiles/interests
To comply with opt-in/opt-out preferences
Research & Analytics
To analyze user behavior and investment trends
To improve user interface and offer enhancements
To support internal reporting and strategic growth initiatives
Legal Obligations & Security
To retain data for audit and regulatory compliance
To notify authorities as required by law
To protect against security threats or breaches
Sharing & Disclosure of Data
We only share your data in limited circumstances:
Third-Party Service Providers
Payment Processors (e.g., Stripe, Flutterwave) – to process transactions
Custodians/Brokers – holding assets securely
KYC/AML Vendors – identity proofing
IT Providers – data storage, support, analytics
CRM/Support – to handle communications
We vet providers carefully and bind them under GDPR-level Data Processing Agreements.
Regulators & Law Enforcement
Tax authorities
Financial regulators (e.g., SEC, FRC, Central Bank)
Police, anti-corruption and anti-terrorism agencies
All disclosures are lawful, proportionate, and logged.
Affiliated Companies
Group companies acting as joint controllers
In corporate transaction events (sale, merger) under confidentiality safeguards
User Consent-Based Sharing
With your explicit consent, e.g., account aggregation services, advisors, family members
Public Information
In aggregated, anonymized form for statistics or marketing
User-generated content may be made public if posted (reviews, Q&A)
Cross-Border Data Transfers
We operate globally and may transfer your data outside your home country, including to:
Vendor servers
Regulatory authority request channels
To protect your rights, we deploy:
Standard Contractual Clauses
Binding Corporate Rules where relevant
Adequate technical and organizational safeguards
You can request details about transfer mechanisms at privacy@afupay.com.
Data Retention Policy
We retain your Personal Data only as long as necessary:
Active Users
Data kept until account closure + retention period
After Account Closure
Account data: 5 years minimum (ECOWAS / WAEMU / NDPR standards)
Transaction/financial records: 7 years
Marketing preferences: until you revoke consent
Deletion Upon Request
We erase non-essential data at your request (unless prevented by law)
Stored data is securely deleted, backups overwritten
Your Privacy Rights
You have the following legal rights (frequency and applicability vary by jurisdiction):
1. Right of Access – see what data is processed
2. Rectification – update incorrect or incomplete data
3. Erasure – request deletion of non-retention data
4. Restriction – limit processing in certain cases
5. Portability – receive data for other services
6. Object – to direct marketing or processing under legitimate interest
7. Withdraw Consent – for marketing or cookie consent
8. Lodge a Complaint – with DPA, e.g., Nigeria’s NDPR Commission
To exercise these rights, email privacy@afupay.com supplying proof of identity and the nature of your request. We'll respond within legal timeframes.
Cookies & Tracking Technologies
Afupay uses cookies and similar technologies to improve your experience:
Types of Cookies
Strictly necessary – enable core functionality
Performance/Analytics – Google Analytics, Amplitude (anonymized IPs)
Functional – save preferences (language, theme)
Targeting/Advertising – for tailored offers
Cookie Management
Consent obtained via banner/pop-up
You can revoke consent/correct preferences at any time
Browser/device settings allow cookie control or blocking
Refer to our detailed Cookie Policy for further instructions and cookie lists.
Security Measures
We apply multiple security controls:
Technical
Data encryption at rest and transit
Secure authentication (MFA)
Firewall, IDS/IPS, DDoS defenses
Network segmentation and hardened systems
Organizational
Access based on “least privilege”
Employee vetting and training
Incident response and breach notification protocols
Regular vulnerability assessments and audits
Third-Party Assurance
SOC II, ISO 27001 certifications for key providers
Contractual obligations for data security
Despite strict controls, you acknowledge that no system is infallible.
Children’s Privacy
We do not knowingly collect or process data of individuals under 18.
If a parent or guardian believes their child has provided data, they may request deletion by contacting us. Once verified, we’ll remove the data promptly.
Marketing Communications
Opt-In / Opt-Out
User consent sought before marketing messages
Easy unsubscribe links in emails
Promotional push and SMS follow local regulations
Targeted Offers
Based on services used, investment profiles
We’ll not share marketing data with unrelated third parties
Regulatory Compliance
Adhere to local anti-spam frameworks
Maintain documented proof of consent
International Regulations & Standards
Afupay adheres to:
Nigeria – NDPR and Central Bank KYC rules
Ghana – Data Protection Act, Bank of Ghana acts
WAEMU/ECOWAS – regional directives
OHADA – harmonized legal structure
GDPR – for EU cross-border users
PCI-DSS – for payment card data security
ISO 27001 / SOC II – for information security
We regularly audit and update policies to maintain compliance.
Policy Updates
We will review and update this Policy as needed.
Material changes will be communicated via:
Banner or notice on the website
Email or in-app messages
Non-material tweaks may be saved on-site without explicit notice.
Your continued use after updates means you accept the changes.
 Contact & Data Protection Officer (DPO)
If you have:
Questions or concerns about this Policy,
Want to exercise your rights,
Want to report a data breach,
Contact our DPO:
less
CopyEdit
Afupay Data Protection Officer  
Address: [Registered Legal HQ in West Africa]  
Email: privacy@afupay.com  
Phone: +[Country Code] [Number] (WhatsApp optional)  
We strive to respond within 30 days unless extended for complex cases (as permitted by law).