Privacy Policy | Kredo
LEGAL

Privacy Policy

How we collect, use, and protect your information.

On This Page

1. Who We Are 2. What We Collect 3. How We Use It 4. Who We Share With 5. Data Retention 6. Security 7. Cookies 8. Your Rights 9. Children's Privacy 10. Third-Party Links 11. NDPR Compliance 12. Policy Changes 13. Contact DPO
Last Updated: March 22, 2026  |  Effective Date: March 22, 2026

Kredo, operated by Ifeony Innovations, respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and safeguard information when you use our platform in compliance with Africa's National Data Protection Regulation (NDPR) 2019.

1. Who We Are

Kredo is a business management SaaS platform operated by:

  • Company: Ifeony Innovations
  • RC Number: 2984583
  • Address: Victoria Island, Lagos, Africa
  • Data Controller Email: hello@trykredo.com

As a data controller, we determine the purposes and means of processing your personal data.

2. What Data We Collect

We collect the following categories of personal data:

Category Examples Source
Identity DataFull name, business nameYou (registration)
Contact DataEmail address, phone numberYou (registration/profile)
Financial DataRevenue figures, document amountsYou (business activity)
Transaction DataPayment references, subscription recordsYou + Paystack
Technical DataIP address, browser type, device infoAutomatic (platform logs)
Usage DataPages visited, features used, timestampsAutomatic
Customer DataYour customers' names, emails, phonesYou (CRM)
CommunicationsSupport ticket content, emails sent to usYou

We do not collect special categories of data (health, biometrics, political opinions) and we do not knowingly collect data from children under 18.

3. How We Use Your Data

We process your data under the following legal bases:

  • Contract performance: To deliver the Kredo services you subscribed to — document creation, customer management, financial tracking, etc.
  • Legitimate interests: To improve our platform, prevent fraud, and ensure platform security
  • Legal obligation: To comply with African financial and data protection laws
  • Consent: For optional marketing communications (you may opt out at any time)

Specific uses include:

  • Processing documents, receipts, and invoices on your behalf
  • Sending transactional emails (welcome, password reset, document delivery, subscription alerts)
  • Sending automated debt reminders to your customers on your instruction
  • Generating analytics and reports for your dashboard
  • Detecting and preventing security threats and fraudulent activity
  • Providing customer support
  • Sending service announcements and platform updates

4. Who We Share Your Data With

We do not sell your personal data. We share data only in these circumstances:

  • Paystack: For payment processing. Their privacy policy applies.
  • Termii / SMS Providers: For automated SMS debt reminders sent on your instruction to your customers.
  • PHPMailer / SMTP Provider: For transactional email delivery.
  • Hosting Provider: Our cloud infrastructure provider stores data on servers within Africa/Africa where possible.
  • Legal Authorities: We may disclose data if required by a valid African court order, subpoena, or law enforcement request.

All third-party processors are bound by data processing agreements.

5. Data Retention

We retain your data for as long as your account is active plus an additional 2 years for accounting and legal compliance purposes. Specifically:

  • Active account data: Retained throughout your use of Kredo
  • Financial records (receipts, invoices): 7 years (African Companies and Allied Matters Act requirement)
  • Support communications: 2 years after resolution
  • Deleted accounts: Data purged within 30 days of deletion request

6. Data Security

We implement robust technical and organizational measures to protect your data, including:

  • AES-256 encryption for data at rest
  • TLS/HTTPS encryption for all data in transit
  • Password hashing using bcrypt (never stored in plain text)
  • Daily automated database backups
  • Role-based access controls for staff
  • Audit logging of all sensitive operations
  • Automated security anomaly detection

No system is completely infallible. In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by the NDPR.

7. Cookies & Tracking

Kredo uses only essential session cookies required for the platform to function (authentication state, CSRF tokens, theme preferences). We do not use advertising, tracking, or third-party analytics cookies. We do not use Google Analytics or similar third-party tracking scripts.

8. Your Rights Under NDPR

Under Africa's National Data Protection Regulation (NDPR), you have the following rights regarding your personal data:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to Object: Object to processing of your data for marketing purposes
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Withdraw Consent: Withdraw consent for any processing based on consent

To exercise any of these rights, email hello@trykredo.com with the subject line "Data Rights Request". We will respond within 30 days.

9. Children's Privacy

Kredo is strictly a business tool intended for adults aged 18 and over. We do not knowingly collect or process personal data from anyone under 18 years of age. If we become aware that we have inadvertently collected data from a minor, we will delete it immediately.

10. Third-Party Links

Kredo may contain links to third-party websites (e.g., Paystack, WhatsApp, Google Play). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing them with personal information.

11. NDPR Compliance

Kredo operates in full compliance with Africa's National Data Protection Regulation (NDPR) 2019 and the Africa Data Protection Act 2023. We have appointed a Data Protection Officer (DPO) who can be reached at hello@trykredo.com. We conduct regular Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified to you via email at least 14 days before they take effect. We encourage you to review this page periodically. The "Last Updated" date at the top of this page indicates when changes were most recently made.

13. Contact Our Data Protection Officer

For any privacy-related queries, data rights requests, or to report a suspected breach:

  • Email: hello@trykredo.com
  • Subject Line: "Privacy / Data Request"
  • Response Time: Within 30 business days
  • Address: Ifeony Innovations, Victoria Island, Lagos, Africa

You also have the right to lodge a complaint with the Africa Data Protection Commission (NDPC) if you believe your rights have been violated.