Information We Collect
Categories of personal data we collect, what specific data points are gathered, and how we collect them.
Data We Collect
We collect and process the following categories of personal data:
| Category | Specific Data | Purpose |
|---|---|---|
| Account Information | Email address, phone number, first name, last name, username, password (stored as a cryptographic hash) | Account creation, authentication, and communication |
| Address Data | Street address, city, state, country, postal code | KYC compliance and regulatory requirements |
| Financial Data | Payment card details (last 4 digits only, card type, expiry date, bank name, BIN), bank account numbers, wallet balances (NGN and USD), full transaction history | Payment processing, wallet funding, transaction records, and regulatory reporting |
| Subscription Data | Merchant name, subscription amount, billing interval, status, next due date | Subscription tracking, renewal management, and billing reminders |
| Device Information | Device token, device type (iOS, Android, or Web) | Push notification delivery and device-specific service optimisation |
| Activity & Log Data | Recent activity logs, notification delivery logs, external API call logs | Service monitoring, debugging, security audits, and fraud prevention |
How We Collect Your Data
We collect personal data through the following methods:
- Directly from you — when you create an account, complete KYC verification, add a payment method, create a subscription, or contact our support team.
- Through Google OAuth2 — if you choose to sign in with Google, we receive your name and email address from your Google account. We do not access your Google contacts, calendar, or any other Google data.
- Automatically from your device — device token and device type are collected when you install the app and enable push notifications.
- From third-party payment processors — Paystack provides us with masked card details (last 4 digits, card type, and bank name) when you add a payment card. We never receive or store your full card number.
- Generated through your use of the Service — transaction history, activity logs, and subscription data are created as you use Subsecute.
Definitions
- "Personal Data" means any information that relates to an identified or identifiable individual, including but not limited to name, email address, phone number, and financial data.
- "Processing" means any operation performed on personal data, including collection, recording, storage, retrieval, use, disclosure, or deletion.
- "Data Controller" means Trust Commerce (operating as Subsecute), which determines the purposes and means of processing your personal data.
- "Data Processor" means any third party that processes personal data on behalf of the Data Controller.
- "NDPR" means the Nigeria Data Protection Regulation 2019, as amended or supplemented.
- "CBN" means the Central Bank of Nigeria.
- "KYC" means Know Your Customer, the process of verifying the identity of users as required by Nigerian financial regulations.