Privacy Policy — Astro Citadel LTD

Effective date: — This policy explains how Astro Citadel LTD ("we", "us", "Citadel") collects, uses, shares and protects personal data from users of our websites, mobile applications, APIs and services.

1. Who we are

Astro Citadel LTD (Registration No: RC 8444801) operates digital financial and business services under the brand Astro Citadel. Our headquarters: Astro Citadel LTD (address as published on our site). This Privacy Policy applies to all services provided by Astro Citadel LTD including our website, mobile apps, APIs and partner integrations.

2. Personal data we collect

We collect different types of data depending on how you interact with our services. This includes:

2.1 Identifiers & account data

  • Full name, username, email address, phone number, date of birth and government IDs (NIN, BVN) when required for identity verification.
  • Account credentials and authentication tokens (passwords are stored hashed).

2.2 Financial & payment data

  • Payment information (payment provider token, transaction references). We do not store full card numbers or bank account credentials unless explicitly required and secured via our payment partners.
  • Transaction history, balances, loan and sponsorship application data.

2.3 Device, usage & analytics

  • IP address, device identifiers, browser and operating system, usage logs, app performance metrics and crash reports.

2.4 Identity verification & KYC data

  • ID images, selfies (if provided), NIN/BVN lookup results and verification metadata returned by identity providers (e.g., Kora, Dojah, VerifyMe, etc.).

2.5 Communications

  • Messages you send to customer support or agents, and consent records for marketing communications.

3. How we use personal data

We use personal data for the following purposes:

  • To create and maintain your account, authenticate you, and manage your profile.
  • To process payments, top-ups, withdrawals, loans and sponsorship applications and to update balances.
  • To comply with legal and regulatory obligations (KYC/AML checks, tax reporting).
  • To verify identity and reduce fraud using third-party verification providers.
  • To provide customer support (via email, WhatsApp, phone) and to send transactional notifications (payment receipts, alerts).
  • To improve our services using analytics, diagnostics and quality monitoring.
  • To communicate offers and marketing only if you opt in; you may unsubscribe anytime.

4. Payments, disbursements and wallet

We partner with licensed payment providers (for example, KoraPay and other payment processors) to handle card/payments, disbursements and identity checks. When you fund your wallet or receive a disbursement:

  • We send payment instructions and minimal data (reference, amount, beneficiary details) to the payment provider to complete the transaction.
  • Payment providers may return transaction confirmation or failure status which we record in our systems for reconciliation and customer service.
  • We recommend you review your payment provider’s privacy policy — Astro Citadel is not responsible for their independent data practices.

4.1 Wallet & balance handling

Wallet balances, deposits and withdrawals are recorded in our database. We’ll only send funds to verified bank accounts or wallets after checks and necessary approvals. In the event of transaction disputes, we may share transaction records with payment providers and relevant authorities.

5. Sharing personal data

We may share personal data with:

  • Payment processors (to process deposits and withdrawals).
  • Identity verification providers (for NIN/BVN/NIN image verification, facial matching — e.g., Kora, Dojah, VerifyMe or similar).
  • Service providers (hosting, email, analytics, customer support platforms).
  • Regulatory, law enforcement or tax authorities when required by law or in response to lawful requests.

We require third parties to protect data and only use it to provide services to us. We will never sell your personal data to third parties for direct marketing without your consent.

6. Security and data protection

We implement administrative, technical and physical safeguards to protect your data, including encryption in transit (TLS), hashed passwords, restricted access, and monitoring. No system is 100% secure — if a breach occurs we will notify affected users and regulators as required by law.

7. Data retention

We retain personal data for as long as necessary to provide services, comply with legal obligations (e.g., financial recordkeeping), resolve disputes and enforce agreements. When data is no longer needed we delete or anonymize it.

8. Your rights

Depending on your jurisdiction you may have rights including:

  • Access — request a copy of personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion — request deletion of personal data (subject to legal retention obligations).
  • Restriction or objection to processing in certain situations.
  • Data portability — request your data in a machine-readable format.

To exercise rights, contact us at support@astrocitadelltd.com. We may request identity verification before acting on requests.

9. Cookies & tracking

We and our partners use cookies and similar technologies for authentication, analytics and personalization. You can control cookies via your browser/device settings. Blocking cookies may affect some features of our services.

10. Children

Our services are not intended for children under 13 (or the age required by local law). We do not knowingly collect personal data from children without parental consent. If you believe a child’s data has been collected, contact us to request removal.

11. Google Play / Play Store notice

When our mobile app is distributed via Google Play (the Play Store), the following additional points apply:

  1. Developer identity: Astro Citadel LTD is the app developer. Our contact email for Play Store users is support@astrocitadelltd.com.
  2. Data safety & disclosure: To comply with Google Play’s Data safety requirements, we disclose the types of data collected (e.g., account info, financial info, identifiers, device info) and the purposes (e.g., payments, authentication, fraud prevention). We only request permissions that are necessary for the app’s functionality.
  3. Permissions: If the app requests sensitive permissions (contacts, camera for ID upload, storage for receipts), we will explain why they are needed and request consent at runtime.
  4. In-app purchases & billing: Where Google Play Billing is used, purchases are processed by Google Play’s billing system. For external payment processors (e.g., KoraPay) we use secure tokens and follow Play Store policies regarding payments.
  5. Play Store Compliance: Our app and policy follow Google Play Developer Policies and the Payments policy. Any required disclosures in the Play Console (content ratings, privacy labels/data safety form) will be kept accurate and up to date.
  6. Data export for Play: To facilitate Play Console reviews, audits or user support, we may provide Google with relevant data if requested under lawful process or policy enforcement.

If you have questions about the Google Play listing or data safety form, contact support@astrocitadelltd.com.

12. International transfers

We operate globally and cross-border transfers may occur (for example, when using international payment or verification providers). When transferring data outside your jurisdiction we apply safeguards such as standard contractual clauses or rely on providers that maintain adequate protections.

13. Changes to this policy

We may update this policy periodically. The effective date at the top will indicate when changes were made. For material changes we will notify users via email or in-app notice.

14. Contact & Data Protection Officer

If you have questions about this Privacy Policy or wish to exercise your rights, contact:

Astro Citadel LTD
Email: support@astrocitadelltd.com
Registered company: RC 8444801

Data Protection Officer (DPO): contact via support@astrocitadelltd.com.