We collect and use any information you supply when you interact with any of our touch points. When you open an account with us, you share details like your names, Bank Verification Number (BVN), identification documents, address and pictures. By using our card or any Kuda Application to transact, you also share details of your transactions with us. Additionally, we may request explicit permission to see other information like your address book, location, photos and data from your phone camera. Other details we collect and what we do with them include;
- Details you give when you sign up for a Kuda account, like your BVN, names, date of birth, gender, phone number, residential address, and email address are in fulfillment of regulatory requirements.
- Your profile picture.
- We collect a video of your face during a liveness check done to confirm that you're the one opening or upgrading your Kuda account. We share this video with a third-party service provider to facilitate our liveness check.
- You may choose not to upload a video of your face on the Kuda app, however, this will limit what you can do with your Kuda account as the identification and verification will be incomplete.
- We will not share the video of your face that we collect during a liveness check with advertisers or anyone else other than the third-party service provider that facilitates the liveness check process.
- If at any time you choose to withdraw your consent for us to use this video for your liveness check, we will delete it. However, please note that this would affect your ability to use your account as certain services are dependent on us processing your video for the liveness check.
- Information you give us through the in-app chat so we can help you.
True Depth API Usage
- We use the True Depth API within the camera module to record a video of the user for a liveness check during our Know Your Customer (KYC) process. This process is required to meet account opening regulations.
- The Kuda app collects the camera intrinsic matrix, facial expressions, orientation and location of the user's head, and the position of the camera to verify that the user is recording the video live.
- The video is shared with a third party service solely to verify the user's identity, after which it is deleted as required under applicable laws and regulations.
- The third party service is obligated to protect the user's data in accordance with data protections laws and is not allowed to use this data for any form of marketing or venture outside its agreement with us.
- The user can opt out of the video capture process at any time.
Information you give us when you contact us through other channels
If you contact us via other means than the in-app chat, we collect the following information so we can answer your questions or take action.
- The phone number you’re calling from and information you give us during the call
- The email address you use and the contents of your email (and any attachments) sent to us.
- Public details from your social media profile (like Facebook, Instagram or Twitter) if you reach out to us via these platforms, and the contents of your messages or posts to us.
Information we collect when you use Kuda channels
- The mobile network operator and the operating system that you use,
- Your IP addresses and device ID
- Your phone contacts so you can make airtime purchases or pay contacts on Kuda
Information we get from third parties
As part of our Know Your Customer (KYC) process, we run checks on the identity information you supply during signup. We will try to verify the authenticity and validity of the identification document that you have provided, either directly from the issuing authorities or through authorized service providers.
Also, when you request for credit or lending related products and services, we run further checks with the licensed credit bureaus for eligibility checks in line with regulations.
How do we use your information?
The Nigerian Data Protection Regulations 2019 (NDPR) requires that we have a lawful basis for processing your personal information. At least one of the following lawful basis must apply before we process your personal information: contractual or legal obligations, legitimate interest of the data controller, public interest, vital interest of the data subject or consent.
We collect certain data from you to fulfill the contract we have with you, or to enter into a contract with you. We use this data to:
- Give you the services we agreed to in line with our terms and conditions.
- Send you messages about your account and other services you use if you get in touch, or we need to tell you about something..
- Exercise our rights under contracts we’ve entered into with you, like managing, collecting and recovering money you owe us.
- Investigate and resolve complaints and other issues.
We have to ensure we aren’t breaking any laws by banking you by preventing illegal activities like money laundering, terrorism financing and fraud. To do this, we need your data to;
- Confirm your identity when you sign up or get in touch.
- Prevent illegal activities like money laundering, tax evasion and fraud.
- Keep records of information we hold about you in line with legal requirements.
- Adhere to banking laws and regulations (these mean we sometimes need to share customer details with regulators, tax authorities, law enforcement or other third parties).
Legitimate Interest of the data controller
In some instances, we need to use the data you supply us for our legitimate interests. This means we’re using your data in a way that you might expect us to, for a reason which is in your interest and doesn't override your privacy, interests or fundamental rights and freedoms.
For certain information, we’ll ask for your consent. We’ll ask for your consent to:
- Market and communicate our products and services. You can always unsubscribe from receiving these if you want to;
- Help protect you against fraud by tracking the location of your phone if you’ve authorised it;
- View your contact list for airtime purchases.
When do we delete your data?
We are basically storing and processing your personal data only as long as it is necessary to perform our obligations under the agreement with you or as long as the law requires us to store it.
That means, if the data is not required anymore for statutory or contractual obligations, your data will be deleted.
If you choose to delete your Kuda account, we will delete any data you have previously given us, including the video of your face uploaded during the liveness check. However this is subject to the retention regulations that apply to such data as stipulated by the regulators.