Privacy Policy
1. Introduction
KashFlex, operated by VELASCO LENDING LIMITED, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you access or use our services. By using our services, you acknowledge and consent to the practices described in this Policy.
By engaging with our mobile application or any related services, you hereby:
Confirm that you have carefully read, understood, and agreed to the terms set forth in this Privacy Policy;
Provide your informed, explicit, and voluntary consent to the handling of your personal data as described herein;
Acknowledge and agree that continued use of our services following any updates or amendments to this Privacy Policy constitutes your acceptance of such changes.
If you access or use our services from outside Nigeria, you are solely responsible for ensuring compliance with the applicable data protection and regulatory requirements of your jurisdiction. KashFlex does not represent or warrant compliance with foreign laws outside Nigeria.
With your knowledge and explicit consent, KashFlex collects and processes specific categories of personal data, obtained either directly from you or automatically through your device. The collection of this data is essential to evaluate loan eligibility, enhance service delivery, improve user experience, and fulfill applicable legal and regulatory requirements.
Identity and Contact Information
Full legal name, date of birth, gender, and marital status
Educational history and current residential address
Contact details including phone number, email address, and messaging platform identifiers (e.g., WhatsApp)
Emergency contact information, such as the contact’s full name, relationship, and mobile number
Employment and Financial Data
Employment status, occupation category, industry, and relevant work experience
Income details, including monthly earnings and payment frequency
Banking information, including account number, bank name, and Bank Verification Number (BVN)
Device and Technical Information
Device specifications such as model, operating system version, and unique identifiers (e.g., Android ID)
Network and system data including IP address, language settings, time zone, and display resolution
Mobile network attributes such as carrier details, signal strength, battery status, RAM, and storage availability
Behavioral and Transactional Data
Loan application records and related submission details
Credit evaluation results, approval status, and repayment history
Application usage data, including interaction patterns and engagement behavior
Third-Party and Social Information
Data obtained from external sources such as credit bureaus, Know Your Customer (KYC) providers, and public registries
Limited social verification data (where legally permitted), including social profile validation or basic account metadata
At KashFlex, we adhere strictly to the principles of data minimization, transparency, and informed consent. Device permissions are requested only when they are essential for the proper functioning, security, or optimization of our services. Every request for access is disclosed in advance and requires your explicit authorization.
Permissions Not Collected or Used
To safeguard your privacy and avoid unnecessary data processing, KashFlex does not collect or utilize the following categories of device information:
Precise GPS coordinates
Personal photo gallery, file storage, or media library
Microphone input or audio recordings
Contact lists, call logs, or call history
Calendar entries, browser history, or installed application lists
Biometric identifiers, unless expressly required and authorized for KYC purposes
These permissions are not integral to our services and will never be requested.
Permissions Potentially Requested (Subject to Consent)
Certain permissions may be requested only with your prior, informed, and voluntary consent. These permissions enable specific service functions and remain under your full control.
Financial SMS Access
Purpose: To strengthen credit risk evaluation through limited financial SMS analysis.
Scope:
Timeframe: Restricted to SMS received within the previous 180 days.
Volume Limit: Up to 2,000 messages may be processed.
Data Points Extracted: Sender information, timestamp, and finance-related keywords only. Such as loan, cash, wallet, naira, repay, credit, bank transfer, etc.
Filters:
Excludes messages from personal contacts (e.g., +234 numbers).
Excludes non-financial content (e.g., shopping, education, entertainment, healthcare).
Excludes telecom service notifications (e.g., MTN, Airtel, Glo, 9Mobile).
Security & Privacy: Only filtered financial data is analyzed; raw SMS content is neither stored nor disclosed.
User Control: Permission can be revoked anytime through device settings, with immediate effect.
Camera Access
Use Cases:
Capturing photographs of official identification documents for KYC.
Performing biometric verification to reduce fraud and impersonation risks.
Safeguards: All images are encrypted during transfer and securely stored in compliance with data security standards.
Approximate Location Access
Purpose:
Validate consistency between declared and actual regional location.
Detect potentially fraudulent login or usage activity.
Assurance: Real-time tracking is not conducted. Access is approximate only and remains optional.
Advertising Identifier (AD_ID)
Purpose:
Measure the effectiveness of marketing campaigns (e.g., Google Ads, Facebook).
Evaluate customer acquisition channels and optimize performance.
Privacy Protection: The AD_ID is never linked with personally identifiable information and can be reset or disabled by the user at any time.
Network Connectivity
Purpose:
Verify internet connectivity before initiating transactions.
Strengthen fraud prevention by detecting potential use of VPNs or proxies.
Assurance: Browsing history, app lists, and unrelated network data are not accessed.
5. Use of Third-Party SDKs
The application integrates with the AppsFlyer SDK, developed by AppsFlyer Ltd. and registered in the Google Play SDK Console, for attribution and performance analytics.
Data Collected by SDK
Advertising Identifier (e.g., Google AD_ID)
Approximate device location
In-app user interactions (e.g., navigation patterns, button taps)
Application performance logs (e.g., crash reports, diagnostic data)
Purposes of SDK Integration
Track app installations and first-time activations
Measure session frequency and app usage behavior
Record specific in-app events (e.g., loan application submission)
Assess campaign performance and return on investment
Privacy Controls
All data transmitted via the SDK is encrypted using industry-standard protocols. The SDK does not collect precise GPS data, personal messages, contacts, or any sensitive personal files.
6. How We Use Your Information
We use the information we collect for various purposes, including but not limited to:
Processing loan applications and determining eligibility.
Verifying identity, conducting credit assessments, and preventing fraudulent activities.
Enhancing customer support, providing personalized experiences, and improving our services.
Sending important updates, notifications, and promotional offers.
Complying with legal and regulatory obligations.
Conducting research and analytics to improve our financial products.
7. Data Sharing and Disclosure
We do not sell your personal information. However, we may share your data with:
Service Providers: Third-party vendors that assist in loan processing, identity verification, credit scoring, payment collection, and customer support.
Regulatory Authorities: Government agencies or legal bodies when required to comply with applicable laws.
Debt Collection Agencies: In case of loan defaults, we may share your details with authorized agencies for recovery purposes.
Legal and Compliance Requirements: If required by law, subpoena, or other legal processes, we may disclose information to protect our rights and interests.
8. Data Security
We take extensive measures to protect your personal data from unauthorized access, alteration, loss, or misuse. These include:
Encryption of sensitive data during transmission and storage.
Regular security audits and vulnerability assessments.
Multi-factor authentication for user accounts.
Restricted access to personal data within our organization.
Continuous monitoring of systems for suspicious activities.
Despite our best efforts, no security system is completely foolproof. Users are encouraged to keep their login credentials confidential and report any unauthorized access.
9. User Rights and Choices
As a user of KashFlex, you have the following rights regarding your personal data:
Access and Update: You can review and update your personal information directly through the app to ensure it remains accurate and up-to-date.
Withdraw Consent: You may withdraw your consent for certain data processing activities at any time. Please note that this may limit or affect the functionality of our services.
Delete Data: You can request the closure of your account and the deletion of your personal data, subject to legal and regulatory requirements that may necessitate data retention.
Restrict Processing: Under specific circumstances, you may request to restrict the processing of your data, such as when you contest the accuracy of the data or object to its processing.
If you wish to exercise any of these rights, please contact us at support@kashflex.net. Our team will assist you in processing your request promptly and in accordance with applicable laws and regulations.
10. Retention of Information
We retain your data for as long as necessary to provide our services, fulfill legal obligations, and meet regulatory requirements. Typically, your data is stored for a period of 5 years from the date of your last interaction with KashFlex, unless a longer retention period is required by law. Even after account closure, some data may be retained for specific purposes, including but not limited to:
Compliance with financial and tax regulations (e.g., as required by local laws).Fraud prevention and risk management (e.g., to detect and prevent fraudulent activities).Dispute resolution and debt recovery (e.g., to resolve disputes or recover outstanding debts).
After the retention period expires, your data will be securely deleted or anonymized in accordance with our data protection policies. If you have any questions about our data retention practices, please contact us at support@kashflex.net.
11. Use of Cookies and Tracking Technologies
KashFlex uses cookies, web beacons, and similar tracking technologies to enhance user experience, improve security, and analyze usage patterns. Users can manage cookie preferences through browser settings.
12. Third-Party Links and Services
Our app may contain links to third-party websites or services. We are not responsible for the privacy practices of these external entities. We encourage users to review the privacy policies of such platforms before sharing personal information.
13. Children’s Privacy
KashFlex services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Users will be notified of any significant changes through the app or email. Continued use of our services after such changes constitutes acceptance of the revised policy.
15. Contact Information
If you have any questions regarding this Privacy Policy, please contact us at:
App: KashFlex
Company: VELASCO LENDING LIMITED
Email: support@kashflex.net
Address: 11 UNITY STREETAFOBAJE , OTTA , ADO-ODO/OTA, OGUN STATE
By using KashFlex, you acknowledge that you have read, understood, and agreed to this Privacy Policy.