Effective Date:
15th of April, 2025
Last reviewed: June 4th, 2026
Services Offered
Kytra provides comprehensive financial solutions including:
Payment collection and processing
Virtual accounts, wallets, and card issuance
API integration for financial services
White-label solutions for businesses
Multiple wallet integration
POS terminal services and direct debit mandates
Information We Collect
Personal
- Full name & contact details (email, phone)
- BVN & NIN (where required for KYC)
- Passwords, PINs & biometric data (used for authentication)
- Geolocation & photographs (identity verification)
- IP address and device identifiers
Business
- Company details and contact persons
- Tax identification (TIN) information
- Transaction history, invoices and receipts
Technical
- Usage data and logs
- Cookies and local storage
- Tracking data (analytics & crash reports)
How We Use Your Information
Service Provision: Account creation, transaction processing, payment settlement and delivery of services
Verification & Compliance: Identity verification (KYC), anti-money laundering checks and statutory reporting
Fraud Prevention: Monitoring, analysis of transactions and suspension/removal of suspicious accounts
Communication: Transaction alerts, security and service updates, marketing where you opt-in
Service Improvement: Analyzing usage patterns and improving features
Data Sharing with Financial Partners & Third Parties
Shared Data Includes:
- Name, phone number, BVN, NIN
- KYC documents, transaction details and payment metadata
Purpose: Compliance, transaction processing, fraud prevention and regulatory reporting
Customer Permission: Shared only with explicit consent or where required by law.
We may share data with:
- Licensed banks and payment processors for settlement and reconciliation
- Identity verification providers (KYC)
- Regulatory bodies when legally required
- Third-party service providers (analytics, crash reporting, cloud hosting)
Third-Party SDKs & Services
Our application relies on trusted third-party SDKs and service providers to enable core features such as analytics, authentication, payments, notifications, and app performance monitoring.
These providers may receive certain categories of data that are necessary for their services to function. We do not sell or misuse your data, and all third-party access is governed strictly by contract and compliance requirements.
Third-Party Services We Use
The exact data shared depends on your usage of specific features.
Below is the list of third-party services integrated into the app and the purpose each one serves.
-
Analytics & Crash Reporting (e.g., Firebase Analytics, Google Analytics, Sentry):
These services collect anonymized usage statistics, device information, crash logs, and performance data.
This helps us diagnose issues, understand app behaviour, and improve functionality.
-
Push Notification Services (e.g., Firebase Cloud Messaging):
Receives a unique device notification token to deliver alerts, updates, and authentication messages.
No personal message content is stored by us or by Google.
-
Payment Processing (e.g., Paystack, Flutterwave, Stripe):
These providers handle payment information securely. Sensitive card details are processed directly by the payment processor
and are not stored on our servers. We may receive non-sensitive transaction metadata for record purposes.
-
Identity Verification (e.g., Dojah, Creditchek, Prembly):
Used for KYC (Know-Your-Customer) compliance. These providers may receive identity documents, photographs, biometrics,
and verification data strictly to complete regulatory identity checks.
-
Cloud Hosting & Storage (e.g., AWS, DigitalOcean, Google Cloud):
Used for hosting APIs, storing encrypted backups, logs, and files. Cloud providers only store data on our behalf
and do not have permission to access or use it for their own purposes.
⚠️ Important:
We regularly review and update this list. If any SDK or provider is added or removed, this section will be updated immediately
and users will be informed where required.
Permissions & Device Access (Why we request them)
Below we explain the common permissions requested by the mobile app and why they are necessary.
| Permission |
Purpose |
| Camera |
Capture ID documents and selfies for identity verification (KYC). |
| Location |
Optional geolocation used for fraud prevention and address verification. Only collected with explicit consent. |
| Storage / Photos |
Upload or cache identity documents and receipts when you choose to do so. |
| Phone / Contacts |
(Optional) To prefill contact details or for certain integrations. We do not read or send contacts without consent. |
| Notifications |
Send transactional alerts and important account messages. You may opt-out in settings. |
| Biometric Authentication |
Enable secure login using device biometrics (fingerprint / face). We store only template hashes managed by the OS — not raw biometric images. |
Data Retention
We retain personal data only for as long as is necessary to provide services, comply with legal obligations, resolve disputes, and enforce our agreements.
- Transactional data: retained for a minimum of 5 years for regulatory and auditing purposes (or as required by local law).
- KYC / identity documents: retained while your account is active and for a further period required by law (typically 5 years after account closure).
- Analytics & logs: retained in aggregated or pseudonymized form for up to 2 years unless a longer period is required.
⚠️ Adjust retention periods to match your legal obligations and company policy.
Legal Basis for Processing
Where applicable, we rely on one or more lawful bases to process personal data:
- Contractual necessity: to perform obligations under agreements with you (e.g., payments, settlements).
- Legal compliance: to comply with laws and regulations (KYC, AML, tax reporting).
- Consent: where you have given explicit consent (e.g., marketing, optional services).
- Legitimate interests: for fraud detection, network security and improving our services, where such interests are not overridden by individual rights.
Your Rights
Depending on your jurisdiction, you may have rights including:
- Access your personal data
- Request correction or completion of your data
- Request deletion of your data (“right to be forgotten”) where there is no overriding legal obligation to retain it
- Withdraw consent at any time
- Object to or restrict processing in certain circumstances
- Portability of your data in a commonly used format
How to request access, correction, or deletion
- Email us at kytracustomersupport@gmail.com with subject "Privacy Request" and include your full name, registered email/phone, and a description of the request.
- We will verify your identity before fulfilling requests to protect accounts and prevent fraud. Verification may require sending a government ID or a selfie.
- We will respond within a reasonable time and in any case within applicable legal timeframes (e.g., 30 days where required by law).
Important: If you request deletion, some data may be retained in anonymized or aggregated form for analytics or to meet legal obligations.
Data Security
Encryption
Data encrypted during transmission and at rest using industry-standard algorithms.
Access Control
Role-based access and least-privilege policies for staff and service accounts.
Monitoring & Audits
Regular security reviews, penetration tests and logging for forensic purposes.
International Transfers
We may transfer or store your data outside your home country (e.g., cloud providers in other jurisdictions). Where transfers occur, we take steps to ensure appropriate safeguards are in place (standard contractual clauses, adequate provider security, or consent when required).
Children's Privacy
Our services are for users aged 18 and above. We do not knowingly collect personal data from children under 18. If you believe we have collected such data, contact us and we will take steps to remove it.
Changes to Privacy Policy
KYTRA reserves the right to update this policy at any time. We will notify users of significant changes via email and app notifications where appropriate. The "Effective Date" will be updated following material changes.
Data Safety Summary (for App Stores)
This summary is written to assist with App Store / Google Play submissions. Ensure you reflect the same information in the store Data Safety form.
- Data Collected: Identity (name, ID numbers), Contact info (email, phone), Financial & transaction data, Identifiers (device, IP), User content (photos for KYC), Location (where consented).
- Purpose: Account creation, payments, KYC/AML compliance, fraud prevention, analytics, and notifications.
- Shared: Banks, payment processors, KYC providers, cloud hosts, and authorities when required by law.
- Data handling: Encrypted in transit and at rest; retention periods as stated above.
⚠️ Make sure the above items match the responses in your Google Play Data Safety form and list exact SDKs and third-party names there.
Complaints & Regulator Contact
If you are unhappy with how we handled your request, you can escalate to the relevant regulator. For Nigeria: the National Information Technology Development Agency (NITDA) and the National Data Protection Commission (NDPC) are relevant authorities for data protection complaints. Where applicable, you may also have the right to lodge a complaint with a supervisory authority in your jurisdiction.
Contact Information
Email
kytracustomersupport@gmail.com
Address
BLOCK C SUIT 10 ABIOLA SHOPPING MALL, DELTA STATE
To make a privacy request (access, correction, deletion), email us at
kytracustomersupport@gmail.com with subject "Privacy Request" and include your name and registered contact details. We will verify your identity before fulfilling requests.
© 2026 KYTRA. All Rights Reserved.