App Store Image  Panaxia

Privacy Policy

Effective Date: 2026-04-20

App: Lite Loan (iOS)

Controller / Company: PANAXIA LENDING LIMITED

Contact:

Preface & Scope

This Privacy Policy explains how Lite Loan (the “App”, “we”, “us”, or “our”) collects, uses, stores, discloses, and protects personal information in connection with the App when operated and offered to users in the Federal Republic of Nigeria. It is written to meet the compliance requirements of the Apple App Store (including App Tracking Transparency and the App Store privacy nutrition label) and Nigerian data protection law (including the Nigeria Data Protection Regulation — NDPR), and relevant financial-sector requirements.

Applicability: This policy applies to all users in Nigeria and to all personal data processed by the App, mobile back-end services, customer support, payment processors, and authorized third-party service providers acting on our behalf.

Categories of Personal Data Collected

We collect only data necessary for the provision of credit services and lawful risk management. Each data category below contains the purpose, lawful basis, retention guidance and whether the data is mandatory for the service.

  1. Identity & Account Data — Full name, date of birth, national ID, BVN/NIN, selfie photo, email address, phone number.

    • Purpose: identity verification, credit assessment, account management.
    • Legal basis: Contract performance; legal/regulatory compliance; legitimate interest (fraud prevention).

  2. Emergency Contact Data — We only collect contacts which provided by borrower.

    • Purpose: loan application verification, repayment reminders, limited credit risk validation, fraud detection, customer support.
    • Legal basis: Explicit consent for access to emergency contacts; contract performance or legitimate interest for transactional communications.
    • Mandatory: Emergency contacts access is optional but may be required for certain advanced risk-assessment features; refusal may limit app functionality.
    • Emergency contacts must never be used to disclose loan details to third-party contacts or to enable harassment/illegal debt collection.

  3. Device & Technical Data — Device identifiers (Advertising ID / IDFA where applicable), hardware & OS info, IP address, network status, app usage logs, crash reports.

    • Purpose: security, fraud prevention, analytics, personalization.
    • Legal basis: Legitimate interest; contract performance.

  4. Approximately Location Data — Approximate/mobile location.

    • Purpose: assess service availability, fraud/risk scoring, regulatory compliance.
    • Legal basis: Explicit consent (for approximately location) or legitimate interest for approximate location.

  5. Financial & Transactional Data — Bank account numbers, tokenized card data, loan history, repayment history, credit score data obtained from credit bureaus.

    • Purpose: underwriting, disbursements, repayments, reconciliation, regulatory reporting.
    • Legal basis: Contract performance; legal/regulatory obligations.

  6. Third-Party Data — Credit bureau data, identity verification providers, payment providers, anti-fraud vendors.

    • Purpose: credit assessment and KYC (know-your-customer).
    • Legal basis: Contract performance; user consent when applicable.

  7. Communications Data — Customer support transcripts, call recordings (where lawful and consented).

    • Purpose: dispute resolution, quality assurance.
    • Legal basis: Consent; legitimate interest.

How We Collect Data

  • Directly from you when you register, apply for credit, upload documents, or contact support.
  • With your explicit consent by accessing device permissions (Contacts, Camera, Location, Photos/Storage, where used).
  • From third parties: credit bureaus, identity verification providers, payment processors, analytics providers.
  • Automatically via cookies, SDKs and device identifiers while you use the App.

The App must present clear, permission-specific prompts on first use and at the point of feature access (iOS permission dialogues + in-app explanation screen). For SMS/Contacts/Call Log access, the in-app rationale must be explicit.

Use of Collected Data (Purposes)

We use personal data only for the following purposes:

  • To evaluate eligibility, underwrite loans, and set credit limits.
  • To disburse funds and collect repayments.
  • To send transactional communications (statements, reminders, receipts).
  • To detect, prevent and investigate fraud, money laundering, and other illicit activities.
  • To comply with legal/regulatory obligations and respond to lawful requests from authorities.
  • To improve user experience and product performance (analytics and A/B testing) — only aggregated or pseudonymized where possible.

Limitation: Data collected for these purposes will not be used for unrelated marketing or sold to third parties without explicit consent.

Sharing & Disclosures

We will not disclose personal information beyond what is necessary. Possible recipients include:

  • Service providers / processors: payment processors, cloud hosting, KYC/identity vendors, analytics providers, legal and audit advisors.
  • Credit bureaus / lenders: if you apply for credit or where required by law.
  • Regulators / law enforcement: when legally compelled.
  • Acquirers / successors in corporate transactions: in mergers or asset transfers (users will be notified and given choices as required by law).

Each third-party recipient will be contractually bound to process data only for specified purposes and to maintain security measures (encryption, access controls, confidentiality obligations).

Cross‑Border Transfers

Where data is transferred outside Nigeria, we will ensure an adequate level of protection is maintained through appropriate safeguards (e.g., Standard Contractual Clauses, binding corporate rules, or equivalent contractual protections), and we will disclose the jurisdictions involved. Data transfers necessary for international payment processing, fraud prevention or hosting will be limited to lawful and secure processors.

User Rights & How to Exercise Them

Under NDPR and applicable laws you may:

  • Access your personal data.
  • Request correction or update.
  • Request deletion where lawful and no retention obligations exist.
  • Object to or restrict processing where applicable.
  • Withdraw consent at any time (withdrawal will not affect processing based on consent before withdrawal or lawfully necessary processing).
  • Request portability of data (to the extent technically feasible).

Requests can be made via: email liteloan.help@panaxia.co, in‑app support, or phone. We will verify identity and respond within 30 calendar days unless otherwise required by law or where an extension is necessary. For straightforward rectification requests we aim to complete verification and correction within 3 business days.

Security Measures

We employ organizational, technical and physical safeguards, including but not limited to:

  • Encryption of data at rest and in transit (AES-256 for storage; TLS 1.2+ for transport).
  • PCI‑DSS tokenization for payment credentials where applicable.
  • Role-based access control and least privileged policies.
  • Multi-factor authentication for administrative access.
  • Regular security audits, penetration testing, and code security reviews.
  • Full audit logging of administrator access (retained for at least 2 years).
  • Staff confidentiality agreements, background checks and mandatory annual data protection training.

Breach response: We maintain an incident response plan. Material breaches will be reported to the competent regulator and affected users in accordance with applicable law and, where required, within 72 hours of becoming aware of a qualifying breach.

Retention & Deletion

We retain personal data only as long as necessary to fulfill processing purposes, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Loan active: Data required for servicing remains for the duration of the loan.
  • Post‑repayment (core risk records): identity, loan performance, repayment history — retained for no longer than 5 years after loan closure unless law requires longer.
  • Emergency Contact content: retained only as necessary for repayment communication and risk analysis; deleted or irreversibly anonymized after expiry of the retention term.
  • Backups: Deleted according to backup rotation policies; logically deleted data will be removed from backups at the next secure backup cycle.

Do not use indefinite retention language. Retention must be reflected in backend retention configuration and third‑party processor contracts.

Minors

We do not knowingly provide credit services to persons under 18. We do not intentionally collect personal information of minors. If we discover we have collected information about a minor in violation of this policy, we will delete it promptly.

App Tracking Transparency (ATT) & Advertising ID

For iOS users, where we perform cross‑app / cross‑website tracking or display personalized advertising, we will:

  • Present the Apple ATT prompt and obtain explicit opt‑in consent prior to tracking.
  • In App Store Connect, accurately list the data categories and purposes in the privacy nutrition label.
  • Allow users to opt out of personalized ads and of tracking at any time via in‑app controls and device settings.

Cookies & Similar Technologies

We use cookies, SDKs, pixel tags and similar technologies for security, analytics, and product improvement. Users can manage cookie preferences and opt out of non‑essential analytics via the App settings.

Permissions — Suggested iOS Prompt Text (point-of-access explanations)

  • Emergency Contacts:

By granting access to your device contacts, Lite Loan may access contact details solely to verify account references and reduce fraud risk. Contact access is limited to: validating contacts you provide as account references, supporting identity and relationship-based fraud detection, and preventing duplicate or synthetic applications. We will not disclose your contacts to third parties, nor will we use contact data to contact, notify, or pursue your contacts about your loan. Revoking this permission may affect certain verification and fraud-prevention features. To request deletion of any contact data we have retained, please submit a request to liteloan.help@panaxia.co; requests will be processed in accordance with applicable law and this Policy.

  • Camera / Photos:

Lite Loan requires access to your device camera and/or photo library to enable you to take or upload identity documents (e.g., national ID, passport) and selfies for identity verification (KYC) and anti-fraud checks. Images and photos collected are used exclusively for identity verification and related compliance purposes and will not be repurposed or disclosed without your explicit consent except as required by law. All captured or uploaded images are transmitted and stored using encryption, access to them is strictly limited to authorized personnel and processors, and they will be retained only for the period necessary to complete verification and meet legal/operational retention requirements. You may view, update, or request deletion by contacting liteloan.help@panaxia.co.

  • Approximately Location:

To confirm service availability in your area and to detect and prevent fraud (for example, by identifying anomalous geographic activity), Lite Loan may collect location information from your device (including GPS, Wi-Fi, and cell-tower based location). Location data will be used only for the stated purposes and will not be disclosed to unrelated third parties. You may choose whether to allow location access “Always”, “While Using the App”, or “Never” in your device or app settings; declining location access may reduce the accuracy of service availability checks and certain fraud-detection capabilities. For information on how we store, retain, and delete location data or to request deletion, please contact liteloan.help@panaxia.co.

Account Cancellation & Post‑Closure Handling

Account cancellation conditions:

  • All loans must be fully repaid and no pending automatic payments or disputes exist.
  • Complete identity verification must be provided during cancellation request.

Post‑closure implications:

  • Account deactivated and access removed.
  • Personal information retained for regulated retention periods (see Section 9) for credit‑reporting / legal obligations; historical repayment records will be retained for 5 years for credit reporting purposes (or as required by law).
  • Users may request deletion of data that is not subject to regulatory retention; we will notify third parties to delete shared records where feasible.

Third‑Party Cooperation & Mandatory Disclosures

We work with the following categories of third parties. For each category, we disclose types of data shared and legal purpose. Replace placeholder names with actual partner names:

  • Credit Bureaus: share identity, BVN/NIN, loan status, repayment history — purpose: credit reporting and fraud prevention.
  • Payment Processors: share bank account details and transaction metadata — purpose: disbursement and reconciliation.
  • KYC / ID Verification Providers: share identity documents and selfie images — purpose: KYC and fraud prevention.
  • Authorized Collection Agents (licensed & compliant): share borrower identity and outstanding balance strictly for lawful, regulated debt recovery; contracts must prohibit harassment and unlawful practices.

Absolute prohibition (non-negotiable): Contacts, SMS, or other personal information must never be used to harass third‑party contacts, to disclose loan amounts to others, or to enable illegal/abusively aggressive collection practices.

Complaints & Remedies

If you believe your rights have been violated, you may:

  1. Contact our Data Protection Officer at DPO EMAIL for internal remedy.
  2. File a complaint with Nigeria’s regulatory authority (NDPC) or pursue remedies under applicable laws.

We will investigate complaints and respond promptly; escalation paths and response SLAs must be visible in‑app and on the public privacy page.

Changes to This Policy

We may update this Privacy Policy. For material changes we will provide prominent notice (in‑app popup and App Store metadata update) and, where required by law, obtain consent again. The latest effective date appears at the top of this policy.

Contact & Record of Changes

Contact: +2342018892090

Email:liteloan.help@panaxia.co