Last updated: 26 May 2026 · GadroFi is in private alpha. This policy will be finalised before public launch. Compliant with the Nigerian Data Protection Act (NDPA).
Account info (name, email, phone, password hash), banking info (bank code, account number, resolved holder name), trade history, and audit logs of every money-moving action. For Tier 2 verification we also collect a government ID image + selfie, processed by our KYC partner.
To run your account, settle payouts to your bank, satisfy Nigerian AML/KYC obligations, and detect fraud. We do not sell your data.
Internal GadroFi staff with a need-to-know basis. Our payment provider (Paystack), custody partner (Quidax), and KYC provider for the relevant operations only. Authorities when legally compelled.
Account data for as long as your account is open + 7 years thereafter (regulatory minimum). ID images are not stored by GadroFi — they pass through our KYC provider and we retain only a verification result.
You can request a copy of your data, ask us to correct it, or ask us to delete it (subject to our 7-year retention requirement) by emailing privacy@gadrofi.app.
Passwords stored as scrypt hashes. All traffic over TLS. Audit logs of every state-changing action. We will notify affected users within 72 hours of a confirmed data breach.
Questions: privacy@gadrofi.app.