1. Introduction
Cardtel Technologies Ltd ("Cardtel", "we", "us", or "our") operates the Cardtel platform at cardtel.africa, providing virtual dollar card issuance, NGN wallet services, and gift card trading to users in Nigeria and across Africa.
This Privacy Policy describes how we collect, use, process, and protect your personal information when you use our services. By creating an account or using our platform, you agree to the practices described in this policy.
2. Information We Collect
We collect the following types of information:
- Identity information: Full name, date of birth, email address, phone number
- Identity verification (KYC): Bank Verification Number (BVN), government-issued ID (NIN, passport, driver's license, voter's card), ID document images
- Financial information: Transaction history, wallet balances, card usage data, bank account details used for deposits
- Device information: IP address, browser type, operating system, device identifiers
- Usage data: Pages visited, features used, time spent on platform, click data
- Communications: Support messages, feedback, and correspondence with our team
We do not store your full card CVV or card PINs. Sensitive card data is encrypted and handled in accordance with PCI-DSS standards through our card issuance partner.
3. How We Use Your Data
We use your personal information to:
- Create and manage your Cardtel account
- Issue and manage your virtual USD card
- Process wallet funding, transfers, and gift card trades
- Verify your identity in compliance with CBN KYC requirements
- Detect and prevent fraud, money laundering, and unauthorized access
- Send transaction notifications, security alerts, and account updates
- Improve our platform and personalise your experience
- Comply with legal, regulatory, and reporting obligations
- Respond to your support requests and communications
4. Information Sharing
We do not sell your personal data to third parties. We may share your information with:
- Card issuance partners (e.g. Sudo Africa) for virtual card creation and management
- Payment processors (e.g. Flutterwave, Korapay) for wallet funding and transactions
- Identity verification services for BVN and ID verification
- Regulatory bodies including the Central Bank of Nigeria (CBN) and EFCC when legally required
- Law enforcement when required by court order or Nigerian law
- Service providers who help us operate our platform (hosting, email, analytics) under strict confidentiality agreements
All third parties we work with are contractually bound to process your data only as instructed and to maintain appropriate security measures.
5. Data Security
We take the security of your data seriously and implement the following measures:
- 256-bit SSL/TLS encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Bcrypt hashing for all passwords (never stored in plain text)
- JWT-based authentication with 30-day token expiry
- Rate limiting and brute-force protection on all authentication endpoints
- Regular security audits and penetration testing
- Access controls ensuring only authorised personnel can access user data
Despite these measures, no system is 100% secure. We encourage you to use a strong, unique password and enable 2FA when available. Report any suspicious activity to security@cardtel.africa immediately.
6. Data Retention
We retain your personal data for as long as your account is active and for a period of 7 years after account closure, as required by Nigerian financial regulations (CBN AML/CFT Guidelines).
Transaction records are retained for a minimum of 5 years. KYC documents are retained for 5 years after the end of the business relationship, in line with the Money Laundering (Prevention and Prohibition) Act 2022.
You may request deletion of your account and personal data by contacting us. Note that we may retain certain data where required by law or for legitimate business purposes.
7. Your Rights
Under the Nigeria Data Protection Act (NDPA) 2023, you have the following rights:
- Right of access: Request a copy of the personal data we hold about you
- Right of rectification: Request correction of inaccurate or incomplete data
- Right of erasure: Request deletion of your data (subject to legal retention requirements)
- Right to object: Object to processing of your data for marketing purposes
- Right to data portability: Request your data in a structured, machine-readable format
- Right to withdraw consent: Withdraw consent for processing at any time
To exercise any of these rights, email us at privacy@cardtel.africa. We will respond within 30 days.
8. Cookies
We use cookies and similar tracking technologies to improve your experience on our platform. Cookies we use include:
- Essential cookies: Required for the platform to function (authentication sessions, security tokens)
- Analytics cookies: Help us understand how users interact with our platform (Google Analytics)
- Preference cookies: Remember your settings and preferences
You can control cookie settings in your browser. Disabling essential cookies may affect platform functionality.
9. Children's Privacy
Cardtel is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account on our platform, please contact us immediately at support@cardtel.africa and we will delete the account and associated data.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email and by posting a prominent notice on our platform at least 14 days before the changes take effect.
Your continued use of Cardtel after the effective date of the revised policy constitutes your acceptance of the changes.
11. Contact Us
If you have any questions about this Privacy Policy, how we handle your data, or wish to exercise your rights, please contact:
- Email: privacy@cardtel.africa
- Support: support@cardtel.africa
- Address: Cardtel Technologies Ltd, Lekki Phase 1, Lagos, Nigeria
- WhatsApp: +234 800 000 0000
For data protection complaints, you may also contact the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.