Privacy Policy

Cardgoal ("we", "our", or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our mobile application or visit our website (together, the "Service").

We encourage you to read this policy carefully to understand your rights and how we handle your information. By using the Service, you agree to the practices described in this policy.

1. Information We Collect

a. Information You Provide

When you use our services—such as creating an account, submitting a trade, or completing identity verification (KYC)—you may provide the following personal information:

  • Full name, email address
  • Bank account details (for withdrawals)
  • Gift card codes or Image
  • Government-issued ID and selfie (where required for KYC)

b. Automatically Collected Non-Personal Information

We also automatically collect non-personal data when you interact with our Service, including:

  • Device information (model, OS version, language)
  • IP address
  • Browser type
  • Network provider
  • App usage data
  • Referral and install sources

c. Analytics via Adjust SDK

We use Adjust, a third-party analytics SDK, to track app usage and measure marketing effectiveness. Adjust collects:

  • Google Advertising ID (GAID) or Apple IDFA
  • Anonymized IP address
  • Device type and OS version
  • App events and user interactions
  • Install and referral sources

Adjust ensures that the data is anonymized and does not contain personally identifiable information (PII). For more details, see Adjust's Privacy Policy.

2. How We Use Your Information

We use the information we collect to:

  • Process your trades – Verify gift cards, execute payouts, and manage your account.
  • Comply with legal obligations – Perform KYC, detect fraud, and meet Nigerian AML/CTF regulations.
  • Improve and personalize your experience – Resolve crashes, monitor feature usage, save preferences, and suggest tailored Rate-Booster Coupons.
  • Communicate with you – Deliver service alerts, important updates, and (with your consent) promotional messages.

3. Legal Basis

We process your data based on one or more of the following legal grounds under the Nigeria Data Protection Act 2023 (NDPA):

  • Performance of a contract.
  • Compliance with legal obligations
  • Our legitimate interests
  • Your explicit consent

We do not sell your personal data. Data is shared only with trusted providers or regulators when required by law.

4. Permissions We Request

To provide core functionality, our app may request access to the following device permissions:

  • Camera – To capture images of gift cards or identification documents for trades or verification.
  • Photo Library – To allow users to upload existing images of gift cards or documents.
  • Push Notifications – To inform you about order status, withdrawal updates, customer support replies, and optional promotional content.

You will be prompted to grant or deny each permission. You may also adjust these settings later via your device's system preferences. Denying permission may limit related features but will not block overall access to the Service.

5. Sharing & Disclosures

We may share your data with:

  • Service Providers – Including cloud hosting and secure payment processors
  • Financial Institutions – Such as settlement banks and card issuers
  • Transaction Counterparties – Where needed to resolve a trade-related dispute
  • Regulators or Law Enforcement – As mandated under AML/CTF laws, court orders, or NDPA obligations
  • Corporate Events – In the context of mergers, acquisitions, or asset transfers (subject to confidentiality agreements)

We do not sell or share your personal data with third-party advertisers.

6. Cookies & Tracking

Our website does not use cookies or track visitors. Within the mobile app, we use the Adjust SDK for analytics and install attribution only. No cookies are stored or accessed.

7. Data Security & Retention

We take your data security seriously and implement strong security measures to protect your personal information. These measures include:

  • Data Encryption – All user data is encrypted during storage and transmission.
  • Access Control – Only authorized personnel can access sensitive data through role-based access controls.
  • Security Monitoring – We regularly monitor our systems for potential threats to data security.

In compliance with regulations, transaction and KYC records are stored for at least five (5) years. After this period, the records are securely deleted or anonymized.

8. Your Rights (NDPA 2023)

You may:

  • Access, correct, erase, restrict, or port your data
  • Object to certain processing or withdraw consent
  • File a complaint with the Nigeria Data Protection Commission

To exercise your rights, email us at service@cardgoal.com, we will respond to verified requests within 30 days.

9. Children

The Service is not directed to persons under 18 years. We do not knowingly collect data from minors. Parents may request deletion via the contact address below.

10. International Transfers

Data may be processed in Nigeria or other jurisdictions. Where data leaves Nigeria, we rely on adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms recognised by the NDPA 2023.

11. Updates

We may revise this Policy. Material changes will be announced in-App and on our website 14 days before they take effect, unless a shorter period is required by law.

12. Contact

If you have questions, concerns, or requests regarding this Terms of Service, please contact us at: