Privacy Policy

Account & Identity Information

• Full legal name, email address, phone number, and date of birth
• Username, password (stored as a cryptographic hash), and profile photo
• Business name, registration number, and tax identification number (for business accounts)
• Government-issued identification documents (national ID, passport, driver`s licence) collected as part of our Know Your Customer (KYC) process
• Selfie or biometric likeness used for identity verification purposes

Financial Information

• Bank account details, routing numbers, and account holder information
• Mobile Money account numbers (MTN Mobile Money, Vodafone Cash, AirtelTigo Money, and equivalents)
• Card details — handled exclusively by PCI-DSS compliant payment processors; Crednce never stores raw card numbers
• Wallet balances, transaction history, and payout preferences

Transaction & Deal Data

• Deal agreements, scope documents, milestone definitions, and delivery timelines
• Files, deliverables, and communications submitted as part of a deal
• Milestone status records, approval timestamps, and audit trails
• Dispute submissions, evidence files, and resolution outcomes
• AI audit logs generated during milestone verification
• Contract metadata including parties, amounts, currencies, and deal lifecycle events

Communications

• Messages exchanged between deal parties on the Platform
• Support tickets, live chat transcripts, and email correspondence with Crednce
• Ratings, reviews, and feedback submitted on completed deals
• Notifications and responses to system-generated alerts

Technical & Usage Data

• IP address, device identifiers, browser type and version, and operating system
• Pages visited, features used, click events, session duration, and navigation paths
• Geolocation data (city or region level) derived from your IP address
• Cookies, local storage tokens, and similar tracking technologies as described in Section 8
• API request logs including timestamps, endpoints, and response codes

Information from Third Parties

• Identity verification results from accredited KYC/AML service providers
• Credit or risk signals from financial intelligence partners (aggregated, not raw bureau data)
• Social login profile data if you choose to sign in via Google or similar OAuth providers
• Referral source information when you join through a partner or affiliate programme

Platform Operations

• To create, authenticate, and manage your account
• To facilitate the creation, management, and closure of deals and escrow arrangements
• To process deposits, milestone releases, refunds, and withdrawals
• To generate legally binding deal contracts and store timestamped records
• To send transactional notifications — payment confirmations, milestone updates, dispute alerts

Identity & Compliance

• To verify your identity and comply with KYC, AML, and counter-terrorism financing regulations
• To assess risk profiles and prevent fraudulent or prohibited transactions
• To comply with regulatory reporting obligations, tax authority requests, and court orders
• To maintain records as required by applicable financial services legislation

Trust & Safety

• To detect, investigate, and prevent fraud, abuse, and violations of our Terms of Service
• To run AI-powered milestone audits that verify deliverables against agreed scope
• To facilitate dispute resolution — including review by human specialists
• To enforce sanctions screening and politically exposed person (PEP) checks

Product & Experience

• To personalise your dashboard, surface relevant deals or providers, and tailor notifications
• To analyse usage patterns and improve Platform features, reliability, and performance
• To conduct internal research, A/B tests, and product experiments using aggregated or de-identified data
• To generate public marketplace statistics (always aggregated — never identifying individual users)

Marketing & Communications

• To send product updates, feature announcements, and relevant promotions — only if you have opted in
• To respond to enquiries, feedback, and support requests
• To inform you of material changes to this Policy or our Terms of Service
• You may unsubscribe from marketing communications at any time via your account settings or the unsubscribe link in any email

With Your Deal Counterparty

• When you enter a deal, your display name, profile, and deal-related communications are visible to the other party. We do not share your banking details or identification documents with counterparties.

With Service Providers

• Payment processors and banking partners (to execute deposits, releases, and withdrawals)
• KYC/AML identity verification providers (to validate government-issued identification)
• Cloud infrastructure and hosting providers (data stored in secure, GDPR-adequate facilities)
• Email delivery, SMS, and push notification providers
• Analytics and performance monitoring tools (receiving only pseudonymous data)
• Fraud detection and risk intelligence platforms
• All service providers are bound by data processing agreements and may only use your data to provide services to Crednce.

For Legal and Regulatory Reasons

• When required by applicable law, regulation, or enforceable governmental request
• In response to valid court orders, subpoenas, or regulatory enquiries
• To protect the rights, property, or safety of Crednce, our users, or the public
• To enforce our Terms of Service or exercise or defend legal claims

In Corporate Transactions

• In the event of a merger, acquisition, asset sale, or restructuring, your information may be transferred to the successor entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

Access

• You may request a copy of the personal information we hold about you.

Correction

• You may request that inaccurate or incomplete data be corrected. You can also update most account information directly in your profile settings.

Deletion

• You may request deletion of your personal data. We will honour such requests where data is not required by law to be retained and where deletion does not prevent us from complying with legal obligations or resolving open disputes.

Portability

• Where technically feasible, you may request your data in a structured, machine-readable format (JSON or CSV).

Objection & Restriction

• You may object to, or request restriction of, certain processing activities, particularly where processing is based on legitimate interests.

Withdrawal of Consent

• Where processing is based on consent (e.g. marketing emails), you may withdraw consent at any time without affecting the lawfulness of prior processing.

Complaints

• If you are dissatisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction (e.g. the Data Protection Commission in Ghana, the NDPC in Nigeria, or the Information Regulator in South Africa).

Strictly Necessary

• Authentication tokens, CSRF protection, session management. These cannot be disabled without breaking core functionality.

Functional

• Preference storage (language, timezone, notification settings). Disabled by default, enabled on your choice.

Analytics

• Pseudonymous usage data to improve the Platform (e.g. page views, feature usage). You may opt out via your account settings or a global opt-out mechanism we provide.

Marketing

• Used only if you have opted in to marketing communications. Never shared with ad networks or third-party advertisers.