Updated at 2026-04-29

Privacy Policy

Effective Date: April 29, 2026

1. Introduction

Bitcardo ("we", "our", or "us") is committed to protecting your privacy and handling your personal data in accordance with the Nigeria Data Protection Regulation 2019 (NDPR) and other applicable data protection laws.

Bitcardo is a financial technology platform operated by Cowrybags Limited, located at 6, Ilo-Awela Road, Tollgate, Ota, Ogun State, Nigeria. The Bitcardo mobile application and related software are developed and maintained by LearnPOD Technologies on behalf of Cowrybags Limited.

This Privacy Policy applies to our website, subdomains, mobile application, and related services (collectively, the “Service”). By using our Service, you agree to the collection, use, disclosure, storage, and protection of your personal data as described in this Policy.

2. Data Controller

Bitcardo, operated by Cowrybags Limited, acts as the Data Controller of your personal data.

• Company: Cowrybags Limited
• Address: 7 Babalegba Street, Off Ilo-Awela Road, Tollgate, Ota, Ogun State, Nigeria
• Email: [email protected]
• DPO Contact: [email protected]

3. Definitions

• Personal Data: Information that identifies or can identify an individual.
• Customer: Any user of Bitcardo services.
• Device: Any internet-enabled device used to access the Service.
• Service: All Bitcardo products including digital asset transactions, wallet services, identity verification, and related features.
• Cookies: Small data files stored on your browser for functionality, security, analytics, and user experience.

4. Information We Collect

We collect only data that is necessary to provide, secure, improve, and comply with legal obligations relating to our services.

Identity Data

• Full name
• Date of birth
• Bank Verification Number (BVN)
• National Identification Number (NIN)
• Government-issued identity documents where required

Contact Data

• Email address
• Phone number

Financial and Transaction Data

• Bank account details
• Wallet addresses
• Digital asset, gift card, wallet, and transaction records
• Payment and payout information

Technical Data

• IP address
• Device and browser information
• Usage logs
• Security and fraud monitoring data

Device Permissions

• Location: Used for fraud detection, security checks, and location-based compliance where required.
• Camera and Gallery: Used to allow identity verification uploads and supporting document uploads.

Communications

• Support messages
• User feedback
• Service-related correspondence

5. Lawful Basis for Processing

We process your personal data under one or more of the following lawful bases:

• Your consent provided during onboarding or use of specific features.
• Contractual necessity to deliver the services you request.
• Legal obligation under applicable laws, regulations, and compliance requirements.
• Legitimate interest for fraud prevention, platform security, service improvement, and dispute resolution.

6. How We Use Your Information

We use your data to:

• Verify your identity and perform KYC checks.
• Prevent fraud, impersonation, unauthorized access, and misuse of the Service.
• Process digital asset, wallet, gift card, payout, and financial transactions.
• Provide customer support and resolve disputes.
• Improve platform performance, reliability, and user experience.
• Send service-related notifications, security alerts, transaction updates, and account messages.
• Comply with legal, regulatory, audit, tax, and law enforcement obligations.

7. Digital Asset Risk Disclosure

Digital assets such as cryptocurrencies are volatile and may involve financial risk. Bitcardo does not guarantee profits, returns, price stability, or transaction outcomes. Users are responsible for understanding the risks before engaging in any digital asset transaction.

8. Data Sharing and Third Parties

We do not sell your personal data.

We may share your data with trusted third parties where necessary to provide our services, meet compliance obligations, prevent fraud, or protect users and the platform. These third parties may include:

• Identity verification providers such as Mono.
• Payment processors and financial infrastructure providers.
• Fraud detection, compliance, analytics, and security providers.
• Hosting, database, and cloud service providers.
• Regulatory authorities, courts, law enforcement agencies, or government bodies where required by law.

All third parties are required to maintain confidentiality, process data only for approved purposes, and apply appropriate security safeguards.

9. Data Security

We implement appropriate technical and organizational safeguards to protect your personal data, including:

• Encryption of sensitive data where appropriate.
• Secure server infrastructure.
• Access control systems.
• Monitoring, logging, and threat detection.
• Administrative and operational security controls.

No system is completely secure, but we continuously review and improve our security practices to reduce risk and protect user data.

10. Data Retention

We retain personal data only for as long as necessary to:

• Provide our services.
• Comply with legal, regulatory, tax, audit, and reporting obligations.
• Prevent fraud, resolve disputes, and enforce our agreements.

When data is no longer required, it will be securely deleted, anonymized, or archived in accordance with applicable legal and operational requirements.

11. International Data Transfers

Your data may be processed outside Nigeria where our service providers operate. Where this occurs, we will take reasonable steps to ensure that appropriate safeguards are in place in line with NDPR and applicable data protection standards.

12. Your Rights Under NDPR

You have the right to:

• Access your personal data.
• Request correction of inaccurate or incomplete data.
• Request deletion of your data, subject to legal and regulatory retention requirements.
• Withdraw consent where processing is based on consent.
• Object to or restrict certain processing activities.
• Request data portability where applicable.

Requests can be made using the contact details provided in this Policy.

13. Account Management and Deletion

You may update, correct, or delete your information by contacting us or using available account features within the app.

Account deletion requests can be made through the app or by emailing [email protected]. Certain data may be retained where required by law, regulation, compliance, fraud prevention, dispute resolution, or legitimate business purposes.

14. Cookies and Tracking Technologies

We use cookies, sessions, and local storage to:

• Maintain secure sessions.
• Improve functionality and performance.
• Analyze platform usage.
• Remember user preferences.

You can disable cookies through your browser settings, although some features may not function properly. We may also use third-party tools such as Google Maps API for location-based services and security-related functionality.

15. Third-Party Services and Links

Our Service may contain links to third-party platforms or integrate with third-party services. We are not responsible for their privacy practices, content, or security. Your use of third-party services is subject to their respective policies and terms.

16. Business Transfers and Affiliates

Your data may be transferred in connection with a merger, acquisition, sale of assets, corporate restructuring, financing, or similar business transaction. We may also share data with affiliated entities for operational, technical, compliance, administrative, and service delivery purposes.

17. Personnel Data

If you are an employee, contractor, or applicant, we may process your personal data for recruitment, employment administration, benefits, compliance, security, and operational purposes.

18. Data Breach Notification

In the event of a data breach that affects your personal data, we will take appropriate steps to contain and investigate the incident. Where required by NDPR or applicable law, we will notify affected users and relevant authorities within the required timeframe.

19. Children’s Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that a minor has provided personal data, we will take reasonable steps to delete such information, subject to legal and operational requirements.

20. Governing Law

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria.

21. Changes to This Policy

We may update this Policy periodically to reflect changes in our services, legal requirements, technology, or operational practices. Continued use of the Service after an update constitutes acceptance of the updated Policy.

22. Contact Us

If you have any questions, requests, or concerns about this Privacy Policy or how we handle your personal data, please contact us:

• Company: Cowrybags Limited
• Address: 7 Babelegba street, Off Ilo-Awela Road, Tollgate, Ota, Ogun State, Nigeria
• Email: [email protected]
• DPO Email: [email protected]