Privacy Policy

Last Updated: 20 May 2026

TunaCredit is committed to protecting user privacy and maintaining strong data security practices in accordance with applicable privacy and data protection requirements.

Before accessing or using our Service, please review this Privacy Policy carefully. This Privacy Policy explains, in a clear and transparent manner, the types of personal information we may handle, the reasons we use such information, how it is stored and protected, and the circumstances in which it may be disclosed.

By submitting an application form or continuing to use TunaCredit, you acknowledge that you have read, understood, and agreed to the terms described in this Privacy Policy. If you do not accept the practices described in this Notice, please discontinue use of the application.

Please also note that this Privacy Policy may be updated from time to time to reflect changes in data privacy requirements, service coverage, operational practices, or developments in information security technology. Any revised version will become effective once it is published or otherwise made available through the Service.

1. Overview

TunaCredit (referred to as “we,” “us,” or “our”) is a digital finance application designed to support virtual card services. These services may include user onboarding, identity checks, service eligibility verification, virtual card activation, transaction support, payment-related processing, and customer assistance.

2. Regulatory and Compliance Framework

This Notice is prepared with reference to applicable Nigerian legal and regulatory requirements, including the following:

2.1 Data Protection Requirements

• Nigeria Data Protection Regulation (NDPR) 2019

• Nigeria Data Protection Act (NDPA) 2023

• NDPR Implementation Framework

2.2 Anti-Money Laundering and Counter-Terrorist Financing Requirements

• Money Laundering (Prohibition) Act 2011, as amended in 2022

• Central Bank of Nigeria (CBN) AML/CFT Regulations 2013

• CBN Know Your Customer (KYC) Manual

• Financial Action Task Force (FATF) Recommendations, as adopted in Nigeria

3. Data Controller Information

Company: Kudistar Nova Finance Technologies Ltd.

Address: 14B Atinuke Olugunde St, Opebi, Ikeja, Lagos

Email: TunaCreditCustomerService@gmail.com

Phone:+234 9124660516

4. Grounds for Processing Personal Data

We process personal information only where there is a lawful basis to do so. Depending on the nature of the activity, we may rely on one or more of the following grounds:

• Performance of a Contract: Processing that is required to provide TunaCredit, virtual card, account, transaction, and related services requested by you.

• Legal and Regulatory Duties: Processing required to meet legal, regulatory, compliance, security, KYC, AML/CFT, and fraud-prevention obligations.

• User Consent: Processing carried out based on your clear permission where consent is required for a specific purpose.

• Legitimate Business Interests: Processing necessary to protect the application, prevent misuse, improve service quality, maintain operational stability, and enhance user experience, provided that these interests do not unfairly affect your rights and freedoms.

5. Categories of Information We May Process

To operate TunaCredit safely, lawfully, and reliably, we may collect or receive certain information from you, your device, or service interactions. We limit collection to information reasonably required for account setup, identity verification, account verification and service eligibility review, service operation, security controls, risk management, customer support, and legal compliance.

5.1 Information Submitted by You

• Personal and Identity Details: Your full name, gender, date of birth, nationality, marital status, and National Identification Number (NIN).

• Work and Income Details: Employment category, monthly income range or amount, and employer-related information.

• Payment and Bank Details: Bank name, bank account number, and Bank Verification Number (BVN), where applicable.

NIN, BVN, bank account information, and identity document information are processed only for identity verification, account protection, regulatory compliance, fraud prevention, transaction safety, and service eligibility review. We do not publicly disclose government identification numbers, bank verification numbers, or financial account information. We do not sell, rent, publicly disclose, or use NIN, BVN, bank account information, or identity document information for advertising, marketing, or unrelated profiling purposes.

5.2 Emergency Contact Details Entered by the User

Emergency contact information may be provided only when you manually enter it into the application.

TunaCredit does not open, upload, copy, or synchronize your device address book.

We do not:

• collect your complete contact list;

• search your device contacts beyond the specific details you choose to provide;

• use emergency contact information for advertising or promotional activities; or

• communicate with references in a harassing, abusive, or inappropriate manner.

5.3 Identity Authentication Information

For identity checks, fraud prevention, and account protection, we may request a photo of a valid government-issued identification document and a selfie image.

Where selfie or liveness verification is used, verification images and related verification results are handled with security controls. We do not retain biometric templates after verification unless retention is legally required. Any biometric verification data, where applicable, is deleted within 24 hours after successful verification.

5.4 Technical Information and Permission-Based Data

5.4.1 Device and System Data

For service security, fraud prevention, system reliability, and protection against unauthorized activity, TunaCredit may process limited technical data from your device, such as:

• device model;

• operating system type and version;

• screen resolution and language configuration;

• memory and storage indicators;

• app instance identifiers and limited device-related technical identifiers, where required;

• mobile network operator and network connection status.

This information is used only for security monitoring, risk control, service stability, troubleshooting, and system improvement.

5.4.2 SMS-Related Information

If you expressly grant permission, TunaCredit may process SMS messages that appear to be connected with financial or transaction-related activity.

Information that may be processed

Filtered financial SMS data may include:

• sender details;

• message text;

• date and time information.

Only messages that match predefined financial indicators or keywords are reviewed by the system.

Reason for processing

SMS permission is used only to support user verification, account security, transaction-related protection, and risk-control purposes.

We do not use SMS information for advertising, marketing, unrelated user profiling, or non-service purposes.

Protection controls

• SMS processing occurs only after you have provided permission.

• Information is protected during transmission through encryption.

• SMS-related information is securely sent to https://www.tunacredit.com.

• SMS records are automatically removed after processing.

• SMS information is not sold and is not disclosed to unrelated third parties.

• The application does not process SMS messages when it is closed or not active.

5.4.3 Security Signals from Installed Applications

Where you provide the required authorization, TunaCredit may detect limited security-related signals concerning installed applications that have network-related permissions.

Information involved

The app may identify limited application-related security indicators only for device protection and service security checks. We do not collect complete app lists or unrelated app usage behavior.

Purpose of use

These signals are used only to protect service integrity, identify abnormal or unauthorized behavior, reduce security risks, and help maintain reliable service operation.

Security measures

• Only standard Android system interfaces are used.

• Data is compressed and encrypted before being transmitted securely.

• Collection is permission-based and restricted to security-related purposes.

5.4.4 Camera Permission

Camera access is used only when you actively choose to take a selfie, capture an identity document, or complete another verification-related image step. TunaCredit does not activate the camera in the background.

5.4.5 Uploading Documents

Where identity documents or supporting materials are required, TunaCredit uses the Android system file picker or photo picker. The application receives only the files you intentionally select and confirm.

Files uploaded through the app are encrypted and transmitted over secure HTTPS connections.

5.4.6 Files Selected by the User

TunaCredit does not request broad access to your device storage, photos, videos, or media library. We do not scan, monitor, or collect unrelated files or media stored on your device.

Any files you choose to upload are encrypted and stored securely in line with applicable data security requirements.

6. Purposes for Using Personal Information

We may use personal data for the following purposes:

• to confirm your identity, protect your account, and determine eligibility for TunaCredit services;

• to deliver, operate, maintain, and enhance the application and related services;

• to process transactions and support essential account and virtual card functions;

• to send important service communications, including account notices, security messages, and service updates;

• to satisfy applicable legal, regulatory, compliance, and reporting obligations;

• to identify, investigate, prevent, and respond to fraud, misuse, unauthorized access, or suspicious activity; and

• to respond to questions, complaints, support requests, and other user inquiries.

7. Disclosure of Information

TunaCredit shares personal information only when it is necessary, lawful, and proportionate to the purpose involved. Such sharing may include the following situations:

• Service Partners: We may provide relevant data to trusted service providers that support core application functions, including payment services, identity verification, cloud infrastructure, security operations, and technical support. These providers must protect the information and use it only for approved purposes.

• Authorized Institutions: Where permitted or required, we may disclose relevant information to authorized organizations to support fraud prevention and account security review, responsible service delivery, and compliance with applicable requirements.

• Government, Regulatory, or Legal Authorities: We may provide information to competent authorities where required by law, regulation, court order, investigation, or other lawful process.

We Do Not Share Personal Data For

TunaCredit does not disclose your personal information for:

• third-party promotional campaigns;

• sale of personal information;

• targeted advertising; or

• abusive, improper, or unlawful contact practices.

8. Storage Location and Cross-Border Transfers

Personal data is stored and processed on secure servers using appropriate technical and organizational safeguards.

If personal information is transferred outside Nigeria, we will apply suitable safeguards in accordance with Part IV of the NDPA 2023 and applicable NDPR rules relating to international data transfers.

9. Retention of Personal Data

We keep personal information only for the period reasonably required to provide the services, meet the purposes described in this Notice, resolve disputes, enforce agreements, and comply with applicable legal or regulatory obligations.

• Account Data: Kept while your account remains active and for up to 6 years after the account relationship ends.

• Identity Documents: Kept for up to 6 years after the end of your relationship with TunaCredit, where legal or regulatory rules require retention.

• Biometric Information: Deleted within 24 hours after successful verification.

• Transaction Records: Kept for up to 6 years.

• Device-Related Data: Kept for up to 12 months.

• Emergency Contact Information: Deleted when your account is deleted, unless retention is legally required.

10. Your Data Protection Rights

Subject to applicable data protection laws, you may have rights in relation to your personal information, including:

• Access: You may ask to see the personal data we hold about you.

• Correction: You may request that inaccurate or incomplete information be corrected or updated.

• Deletion: You may ask us to delete personal information, subject to lawful retention requirements.

• Objection: You may object to certain processing activities, including direct marketing where applicable.

• Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format.

• Withdrawal of Consent: Where processing depends on your consent, you may withdraw that consent at any time. Withdrawal does not affect processing that occurred lawfully before the withdrawal.

• Complaint: You may submit a complaint to a competent data protection authority if you believe your rights have been violated.

To exercise these rights, please contact us at: TunaCreditCustomerService@gmail.com

11. Account Closure and Deletion

You may request deletion of your TunaCredit account at any time through the in-app “Delete Account” function or through our website.

After your request is verified, we will delete or de-identify personal data associated with your account from active systems, except where limited retention is necessary for legal, regulatory, security, fraud prevention, dispute resolution, transaction recordkeeping, or financial compliance purposes.

If there are pending transactions, unresolved obligations, disputes, or legally required records, we may retain the minimum information necessary to complete those matters or comply with applicable law. Such retained information will not be used for marketing or unrelated purposes.

Account Deletion Web Resource:

 To request deletion of your TunaCredit account outside the app, please visit: https://www.tunacredit.com

12. Security of Personal Information

We use administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, disclosure, alteration, or destruction. These safeguards include:

• Encryption: Information is protected during transmission using industry-standard protocols such as TLS and secured at rest through strong encryption methods.

• Access Management: Access is limited through role-based permissions, authentication controls, and multi-factor authentication for authorized personnel.

• Security Review: We conduct security checks, vulnerability assessments, and penetration testing to identify and reduce potential risks.

• Staff Awareness: Employees receive ongoing training on privacy, data protection, and information security responsibilities.

• Incident Handling: We maintain procedures to identify, investigate, respond to, and mitigate suspected or confirmed security incidents.

Although we take reasonable steps to safeguard your information, no digital system can be guaranteed to be completely secure. You should keep your login credentials confidential and avoid sharing them with others.

13. Children’s Privacy

TunaCredit is not intended for individuals under the age of 18. We do not knowingly collect or process personal data from minors.

If we discover that personal information has been collected from a person under 18, we will take reasonable steps to delete the information promptly.

If you believe that a minor has provided personal data to TunaCredit, please contact us at: TunaCreditCustomerService@gmail.com

14. Updates to This Notice

We may revise this Privacy Policy from time to time to reflect changes in our services, business practices, legal obligations, security measures, or regulatory requirements.

Where changes are material, we will notify users through the application and/or by other suitable communication methods, such as email.

The “Last Updated” date at the beginning of this Notice shows the latest revision date. Continued use of TunaCredit after an updated Notice becomes effective means you accept the revised version.

15. Contact Information and Complaints

If you have questions, concerns, requests, or complaints about this Privacy Policy or how TunaCredit processes personal information, please contact us using the details below:

• Company Name: Kudistar Nova Finance Technologies Ltd.

• Address: 14B Atinuke Olugunde St, Opebi, Ikeja, Lagos

• Customer Support: TunaCreditCustomerService@gmail.com

• Phone: +234 9124660516

If you are dissatisfied with our response, you may have the right to complain to a competent data protection authority in accordance with applicable law.