Personal
Community
About
Business
Download Kredete

Privacy Policy

Last updated November, 2025

Introduction

This Privacy Policy describes how Kredete (“we”, “us”, “our”) processes personal data in connection with our Card-as-a-Service and Banking offerings provided in partnership with Orenda and regulated Issuers.

This Policy complies with the EU General Data Protection Regulation (GDPR).

By using our Services, you also agree to the Privacy Policies of Orenda and the relevant Issuer, as each party separately processes your data for different purposes.

Data Controllers & Roles

For GDPR purposes:

Kredete – Data Controller for your app profile, onboarding with us, customer support, analytics, and service personalization.

Orenda Financial Services Limited – Separate Data Controller providing the technology platform, compliance checks, and transaction processing 

Issuer (Electronic Money Institution) Separate Data Controller for your wallet, card issuance, e-money account, and regulated obligations.

Each party determines its own data processing scope.

Categories of Personal Data We Collect

a. Identity Data

b. Contact Data

c. KYC/AML Data

d. Financial Data

e. Technical Data

f. Support & Communication Data

Personal data means any information about an individual from which that person can be directly or indirectly identified. In connection with the services we provide, we collect personal and financial information from you while you use our products and services and when you create an account or sign in to our Website. We may ask you to provide us with certain personal data to contact or identify you, and some may be collected automatically for our Website to function effectively. We also collect personal data when you provide feedback and/or report a problem. We do not consider personal data to include information that has been made anonymous such that it does not identify a specific user.

The personal data we obtain include:

a. First and last name

b. The domain name of the Internet service provider (ISP)

c. Email address

d. The Internet protocol (IP) address used to connect your device to the Internet for identification purposes

e. Phone number

f. Device data

g. Account details (including username and password)

h. Web pages visited, duration and frequency of visit

i. Transactional data (information relating to payment)

j. Date and time of your visits

k. Financial information (which may include ATM card details, Bank Verification Number (BVN), credit worthiness, etc.)

l. Location data

m. Marketing and communications data (includes both a record of your decision to subscribe to our newsletter or to withdraw from receiving marketing materials from us)

We may also receive data from:

Orenda (including but not limited to platform usage, risk flags);

The Issuer (transaction level information);

KYC verification partners

Legal Basis

We are required to process your data under at least one of these lawful bases:

a. Legitimate interest: Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided your rights and interests do not outweigh those interests.

b. Consent: You have given explicit consent for us to process your data for a specific purpose.

c. Contract: If your data processing is necessary for a contract you have with us or because we have asked you to take specific steps before entering into that contract.

d. Legal obligation: If the processing of your data is necessary where there is a statutory obligation on us.

Use of Data

Purpose of Processing: We collect your data:

  1. To administer our business.
  2. To help us to develop, improve, customize or restructure our services.
  3. To enforce our terms of service and any terms and conditions of any other agreements for our services.

Legitimate interest, contract

  1. To take statistical data and analytics for our use internally.
  2. To send you service related messages.
  3. To analyze Site usage and provide, maintain and improve the content and functionality of the Site.

Legitimate interest

Consent

  1. To secure your data and prevent fraud.

Legitimate interest, legal obligation

  1. To create and manage your account.
  2. To communicate with you.
  3. To address your inquiries, process your registration, and complete your transactions.
  4. To enable an easy and effective payment system.

Contract

  1. To inform you whenever there are changes to our terms of business or services.

Legal obligation, contract

  1. To fulfil our Know Your Customer (KYC) obligation.
  2. To interact with regulatory authorities or other public authorities concerning you.

YOUR RIGHTS AS A DATA SUBJECT

The law vests you with certain rights as a data subject. They include the right to:

a. Access personal data we hold about you by requesting a copy of the personal data we hold about you;

b. Rectify such information where you believe it to be inaccurate;

c. Restrict the processing of your data in certain circumstances;

d. Object to the processing of your data where we intend to process such data for marketing purposes;

e. Where feasible, receive all personal data you have provided to us—in a structured,

Data Sharing

We share data with:

Orenda Financial Services Limited  to operate the platform and fulfil compliance obligations. 

Issuer(s) for regulated e-money and payment services.

KYC/AML vendors ; identity verification providers.

Payment processors & card schemes.

Cloud hosting and IT infrastructure providers.

Regulators and law enforcement authorities where required by law.

Data may be transferred outside the EU using:

Standard Contractual Clauses (SCCs);

Adequacy decisions; or

Equivalent safeguards.

Our app may contain links to third-party services. We are not responsible for their privacy practices.

We may update this Policy to reflect legal or operational changes. Updates will be communicated through the app or website.