Information We Collect
Categories of personal data we collect, what specific data points are gathered, and how we collect them.
Data We Collect
We collect and process the following categories of personal data:
| Category | Specific Data | Purpose |
|---|---|---|
| Account Information | Email address, phone number, first name, last name, username, password (stored as a cryptographic hash) | Account creation, authentication, and communication |
| Identity / KYC Data | Date of birth, BVN (Bank Verification Number), government-issued ID documents (front and back images), ID type, ID number, issue date, expiry date | Identity verification as required by CBN KYC regulations and anti-money laundering laws |
| Address Data | Street address, city, state, country, postal code | KYC compliance, virtual card issuance, and regulatory requirements |
| Financial Data | Payment card details (last 4 digits only, card type, expiry date, bank name, BIN), bank account numbers, wallet balances (NGN and USD), full transaction history | Payment processing, wallet funding, transaction records, and regulatory reporting |
| Subscription Data | Merchant name, subscription amount, billing interval, status, next due date | Subscription tracking, renewal management, and billing reminders |
| Virtual Card Data | Virtual card details issued by Sudo Africa (full PAN masked internally; only last 4 digits displayed to you) | Virtual card provisioning and subscription payments |
| Device Information | Device token, device type (iOS, Android, or Web) | Push notification delivery and device-specific service optimisation |
| Activity & Log Data | Recent activity logs, notification delivery logs, external API call logs | Service monitoring, debugging, security audits, and fraud prevention |
Important note about sensitive data: Your BVN and government-issued ID documents are classified as sensitive personal data under the NDPR. We collect these only because they are legally required for KYC compliance under CBN regulations. We will never use your BVN or ID documents for any purpose other than identity verification and regulatory compliance.
How We Collect Your Data
We collect personal data through the following methods:
- Directly from you — when you create an account, complete KYC verification, add a payment method, create a subscription, or contact our support team.
- Through Google OAuth2 — if you choose to sign in with Google, we receive your name and email address from your Google account. We do not access your Google contacts, calendar, or any other Google data.
- Automatically from your device — device token and device type are collected when you install the app and enable push notifications.
- From third-party payment processors — Paystack provides us with masked card details (last 4 digits, card type, and bank name) when you add a payment card. We never receive or store your full card number.
- From Sudo Africa — virtual card details are generated by Sudo Africa and relayed to your account. Full card numbers (PANs) are masked in our systems; only the last 4 digits are shown to you.
- Generated through your use of the Service — transaction history, activity logs, and subscription data are created as you use Subsecute.
Definitions
- "Personal Data" means any information that relates to an identified or identifiable individual, including but not limited to name, email address, phone number, BVN, financial data, and identification documents.
- "Processing" means any operation performed on personal data, including collection, recording, storage, retrieval, use, disclosure, or deletion.
- "Data Controller" means Trust Commerce (operating as Subsecute), which determines the purposes and means of processing your personal data.
- "Data Processor" means any third party that processes personal data on behalf of the Data Controller.
- "NDPR" means the Nigeria Data Protection Regulation 2019, as amended or supplemented.
- "CBN" means the Central Bank of Nigeria.
- "BVN" means Bank Verification Number, a unique identification number issued by the CBN to every bank account holder in Nigeria.
- "KYC" means Know Your Customer, the process of verifying the identity of users as required by Nigerian financial regulations.