Carder
← Legal & Compliance

Privacy Policy

Last updated: 1 June 2026

Carder NG Ltd (“Carder”, “we”, “us”) respects your privacy. This Policy explains what personal data we collect when you use the Carder app and carder.ng, how we use and share it, and the rights you have. We handle personal data in line with the Nigeria Data Protection Act, 2023 (NDPA).

1. Who we are

Carder NG Ltd is a company registered in Nigeria, based in Benin, Edo State. For the purposes of the NDPA, Carder is the data controller responsible for your personal data. You can reach us at [email protected].

2. Information we collect

Information you provide

Your name, email address, phone number, date of birth, residential address, and the credentials you set when you create an account.

Identity verification (KYC)

To meet our legal Know Your Customer and anti-money-laundering obligations, we collect your Bank Verification Number (BVN), a government-issued identifier such as your NIN, and a live selfie or other biometric used to confirm your identity.

Financial and transaction data

Your wallet balances, dollar card activity, gift card and bill purchases, and your transaction history on Carder.

Technical and usage data

Device information, IP address, app version, and analytics about how you use the app, collected to keep the service secure and working well.

Communications

Messages and information you send when you contact our support team.

3. How we use your information

  • To create your account and provide the Carder services.
  • To verify your identity and prevent fraud and financial crime.
  • To meet our legal and regulatory obligations, including AML/CFT and tax requirements.
  • To process your transactions and provide customer support.
  • To secure, maintain, and improve the app.
  • To send you service messages, and, where you have consented, updates about Carder.

4. Our legal bases

Under the NDPA, we rely on one or more of the following:

  • Performance of our contract with you (to provide the service).
  • Compliance with a legal obligation (such as KYC and AML rules).
  • Your consent (which you can withdraw at any time).
  • Our legitimate interests in running, securing, and improving Carder, balanced against your rights.

5. How we share your information

We do not sell your personal data. We share it only as needed to run the service and meet the law:

  • Licensed partners and service providers that help us deliver the service, such as card issuing, payment and settlement, identity verification, bill and gift-card vendors, cloud hosting, and communications providers.
  • Regulators and authorities, including the Central Bank of Nigeria (CBN), the Nigerian Financial Intelligence Unit (NFIU), and law enforcement, where we are required or permitted by law.
  • Professional advisers such as auditors and lawyers, under confidentiality.
  • A successor entity if Carder is involved in a merger, acquisition, or asset transfer.

6. International transfers

Some of our service providers may process data outside Nigeria. Where this happens, we take steps so that your data continues to be protected to a standard consistent with the NDPA.

7. How long we keep your data

We keep your personal data for as long as you have an account and as long as we need it to provide the service. Where the law requires it, we keep records for longer; for example, KYC and AML records are kept for at least five years after the end of our relationship with you.

8. How we protect your data

We use encryption, access controls, and staff vetting to protect your data. No method of transmission or storage is completely secure, but we work to safeguard your information and to respond quickly if an incident occurs.

9. Your rights

Under the NDPA, you have the right to:

  • Access the personal data we hold about you.
  • Ask us to correct inaccurate or incomplete data.
  • Ask us to delete your data, where we are not required to keep it by law.
  • Object to or ask us to restrict certain processing.
  • Request a copy of your data in a portable format.
  • Withdraw consent where we rely on it.

To exercise any of these, email [email protected]. You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).

10. Children

Carder is not intended for anyone under 18. We do not knowingly collect data from children.

11. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the date at the top of this page.

12. Contact us

Questions about this Policy or your data can be sent to [email protected].