FlashCedi (hereinafter referred to as "we") always puts the security of user personal information first. In order to protect your legitimate rights and interests, we have formulated the "FlashCedi Privacy Policy" (hereinafter referred to as "this Policy") to explain in detail how personal information is processed and your related rights when using our products/services.
【Important tips】
Before using FlashCedi products/services, please be sure to carefully read and fully understand the entire content of this policy, especially the important terms in bold. Your use indicates that you or your legal guardian (for minors) have fully understood and agreed to the entire content of this policy. If you do not agree to any of the terms in this policy, please stop using our services immediately. If you have any questions or suggestions, please communicate with us through the contact information listed in this policy.
Scope of application:
This policy applies to all products and services provided by the FlashCedi platform
This policy applies to products/services of the Company and its affiliates that use FlashCedi platform services but do not have independent privacy policies.
For products/services that already have independent privacy policies, their independent policies shall prevail; matters not covered by the independent policies shall still be subject to this Policy.
We promise to strictly comply with laws and regulations, provide you with rights to query, correct, and delete your personal information, and take effective measures to protect your information security.
1. How we collect and use your personal information
When you use our products/services, you need to authorize or can choose to authorize us to collect and use your personal information in the following circumstances: Basic functions: In order to provide you with the basic functions of our products/services, you need to authorize us to collect and use necessary information. If you refuse to provide the necessary information, you will not be able to use our products/services normally. Additional functions: In order to provide you with additional functions of our products/services, you can choose to authorize us to collect and use information. If you refuse to provide such information, you will not be able to use the relevant additional functions or achieve the expected functions, but it will not affect your use of the basic functions of our products/services. Please be aware that due to the wide variety of products and services we provide, we will collect and use your personal information based on the specific products/services you choose, follow the principle of "reasonable, legal, and necessary", and only collect and use the minimum personal information necessary to provide you with products/services. At the same time, you understand and agree that in order to provide you with better products and services, we may launch new or optimized functions from time to time, which may involve the collection and use of personal information for new purposes, scopes and methods. In this case, we will notify you separately through updates to this policy, pop-ups or in-app messages, etc., to explain the purpose, scope and method of collecting and using the corresponding information, and provide you with the option to agree or disagree. We will only collect and use the corresponding information after obtaining your explicit consent. If you have any questions, comments or suggestions during this process, you can contact us through the contact information provided in this Policy.
1.1 Help you register and manage your FlashCedi loan account
1.1.1 Account Registration To use the FlashCedi loan platform service, you must first register an account. We will collect your mobile phone number for identity identification. Refusal to provide it will result in the inability to create an account and use the service. We may link the information of your different devices to ensure service consistency. The lack of necessary information will affect the use of the service.
1.1.2 Account Login When you log in for the first time, in order to comply with legal regulations and ensure account security, we will send a verification code for identity authentication.
1.1.3 Information Maintenance and Account Management We will strictly keep your personal information confidential to optimize your service experience.
1.2 Providing security functions
1.2.1 Real-name authentication and management To use the loan service, you need to provide identity information (including name, gender, nationality, occupation, address, ID card, marital status, work information, emergency contact), payment account information and mobile phone number. These sensitive information will be submitted to legal institutions for verification. According to Ghana's financial regulations, you will not be able to use the platform services without this information.
1.2.2 Security To ensure the security and stability of the system and prevent unauthorized access and fraud, we will collect transaction information (scenario, amount, number of times), log data, device information (installation list, location, financial account ID, device identifier), network information (type, status, WiFi details, IP address) and running process information. Refusing to provide this information may affect the normal use of the service.
1.2.3 Credit Assessment
When you use credit services or apply for credit on the FlashCedi Loan APP, in order to accurately assess your credit status and repayment ability and prevent fraud, you need to voluntarily provide your name, ID number, address, occupation and work information, educational background information, bank card number, mobile phone number, emergency contact information, income information, email address, marital status and device information. If you refuse to provide the above information, we will not be able to assess your qualifications, credit status and repayment ability, and thus will not be able to provide the required services.
1.3 Customer Service and Dispute Resolution
To protect the security of your account, our customer service staff will authenticate your identity using your registered mobile phone number, name, ID number, and order information. When providing transaction-related customer service, we may query your identity information, account behavior records, browsing history, commonly used device and software information, and any information you provide when contacting customer service. If you need to modify your personal information (such as contact information or phone number), you may need to provide additional verification information. Refusing to provide the necessary information may affect the normal use of the service. All customer service communication records will be kept for at least 30 days to meet legal requirements, and the retention period may be extended if required by compliance or legitimate interests.
1.4 Loan and repayment processing
When using FlashCedi's lending services, you will need to provide your bank card number or mobile phone account information to complete the lending or repayment operations according to the transaction type. If you do not provide the necessary payment information, you may not be able to use the relevant services normally.
1.5 Product and service information push
We will send you product updates, lending service information and promotions through in-app notifications, SMS, email or phone calls. You can turn off notifications in the app settings at any time or contact customer service to cancel specific push notifications. This operation will not affect your use of FlashCedi's core lending functions.
1.6 Order Management
When you submit a loan application on the FlashCedi platform, the system will automatically generate an order and process relevant transaction information to complete the service.
Information required for the loan product/service you have selected;
Name and phone number of emergency contact;
The order information generated during your use of FlashCedi loan platform products/services.
1.7 Device Permissions
In order to provide a better service experience, FlashCedi Loan Platform may apply for the relevant permissions to use your mobile device according to the functional needs. You can decide whether to grant these permissions, and the platform will process the relevant data strictly in accordance with your authorization. Please note that the permissions provided by different operating system devices may vary.
By granting permission, you agree that we will collect and use relevant personal information to implement the corresponding functions. If you choose to refuse to grant permission, we will not collect the personal information corresponding to the permission, but you can still use the basic loan services of the platform normally. You can adjust the opening status of each permission at any time through the device settings.
It should be noted that closing a permission only affects the use of subsequent related functions, and will not affect the information that has been collected and used based on your authorization. The platform provides specific permission description documents for you to review for details. Some value-added services may require specific permission support to be fully used, but the basic loan function is not affected by the permission activation status.
User Data Collection Privacy Statement:
Before accessing the location, we will clearly inform the user and ask for their consent. User data is transferred via HTTPS (https://api.flashcedi.com/)
In order to provide you with more accurate services (such as localized recommendations, nearby service matching, etc.), FlashCedi may obtain your rough location information (such as the city or regional level) with your authorization and consent. We promise to strictly abide by relevant laws and regulations and take reasonable measures to protect your location privacy.
Purpose of permission: Providing localized content (such as regional news, weather, event recommendations, etc.); optimizing service experience (such as matching nearby service points, adjusting language and time zone settings); statistical analysis (such as user geographical distribution to improve product functionality); meeting legal and regulatory requirements (such as content compliance review).
FlashCedi may use your rough location information for anti-fraud detection and risk control when necessary. We are committed to strictly complying with data protection regulations and only using this information within a reasonable scope to maintain the security and fairness of the platform.
Location usage in anti-fraud scenarios
Your rough location information (such as country, province, or city level) may be used in the following security risk control scenarios:
Abnormal login detection: If your account is logged in from different regions within a short period of time, the system may trigger security verification to prevent the risk of account theft.
Transaction behavior analysis: Combined with location data, it can identify potential fraudulent transactions (such as large-value payments in different locations, abnormal device switching, etc.).
Prevent fraud and false orders: Detect and limit malicious fraud and arbitrage through false positioning or IP spoofing.
To ensure service security and provide specific functions (such as identity verification, face recognition, anti-fraud detection, etc.), FlashCedi may access your device camera function with your explicit authorization. We always follow the principle of minimum necessary and strictly protect the security of your image data. User data is transmitted through HTTPS (https://api.flashcedi.com/)
Data Collection and Processing Methods
Minimize collection: Only collect images necessary to achieve the function, such as local areas of identity documents or facial feature points (not complete facial photos).
Instant processing: After face recognition is completed, the original image is immediately deleted and only the encrypted feature values are retained for subsequent comparison.
Secure storage: ID card photos (if required to be retained) are encrypted and stored on domestic servers, with access permissions strictly isolated.
Permission management:
You can disable camera permissions at any time through your device's system settings (example path: Settings > App Management > FlashCedi > Permissions).
After turning it off, some functions (such as face recognition and QR code scanning) will not be available.
Protection of minors: Users under the age of 14 must have their guardian participate in the entire identity verification process.
Necessity of anti-fraud: Denying camera permissions may result in the inability to complete some risk control measures and affect the normal use of the account.
To ensure user safety and optimize service quality, we will collect the following emergency contact information:
Name (full name of emergency contact)
Contact number (valid phone number)
Relationship description (such as the relationship between the user, parent, spouse, friend, etc.)
Important Tips:
Users must inform the emergency contact in advance and obtain their explicit consent before providing us with relevant information.
This information will be used strictly for the following purposes:
Emergency handling: In the event of an accident or special situation, it is used to contact designated personnel in time to ensure user safety
Service optimization: By understanding the user's social network, we can provide a service experience that better meets personal needs.
We promise to:
All emergency contact information will be strictly protected
The information will not be used for other purposes without the consent of both the user and the contact person.
Users can request to update or delete emergency contact information at any time
To ensure the reliability and security of loan services, our application will request access to text messages related to financial transactions in your device (including bank reminders, bill notifications, etc.). This permission is only used for core functions such as credit assessment and anti-fraud, and strictly follows the following specifications:
Scope of data collection:
Only read text messages from verified financial institutions (e.g. banks, mobile money platforms)
Record the sender information and receiving time of relevant SMS for verification
Data usage:
Credit Assessment: Evaluate your creditworthiness by analyzing your financial activity
Anti-fraud: Detect unusual financial activity to prevent fraud risks
Privacy protection:
We will obtain your consent before activation
All data is transmitted via HTTPS encryption (https://api.flashcedi.com/)
Never shared with third parties without your permission
You may withdraw your authorization at any time through the contact information in Article 10 of this Policy.
Upon receipt of the withdrawal request, the relevant data will be processed immediately
This feature is a necessary part of the loan application process and fully complies with Google Play's permission policy requirements. We are committed to taking the highest standards of security measures to protect the security of your data.
In order to provide better financial services, we may collect the following categories of data: device-related information (including device model, brand, operating system version, IMEI/MEID identifier, device serial number and other hardware feature data), network connection status (covering Wi-Fi and mobile network information) and system configuration parameters (such as time zone settings, language preferences, Bluetooth status, etc.).
The collection of this data is mainly used for the following core purposes: 1) Service optimization and personalized recommendations, providing customized loan solutions by analyzing user device configurations and usage habits; 2) Security risk assessment, identifying potential device security risks to ensure user data security; 3) User experience improvement, continuously optimizing application functions and service quality based on user behavior characteristics.
In terms of data security, we strictly follow the following principles: all data collection activities will be carried out after obtaining explicit authorization from the user; users can withdraw authorization at any time through the contact information listed in this policy, and we will immediately terminate the relevant data processing upon receiving the request; all data transmissions are encrypted using the HTTPS protocol (via https://api.flashcedi.com/); no information will be disclosed to a third party without the user's permission. We continue to invest resources to improve the data protection system and adopt industry-leading security protection measures to ensure that user information is protected from unauthorized access or leakage risks.
1.8 Improvement of FlashCedi loan platform products/services
In order to continuously improve the service quality of the FlashCedi loan platform, we may process the collected information as follows:
De-identify data for statistical analysis, trend forecasting, and business decision-making to optimize platform content layout and functional design;
Analyze order data, combine it with geographic location, user preferences and demographic characteristics, and match it with third-party data when necessary to improve product services;
We may invite you to participate in market research through the contact information you have provided to assess user interests and guide product development. Whether or not you participate in the research does not affect the basic functions of the platform.
1.9 Special Notes on Personal Information Processing
If the information you provide contains other people's information (such as handling business on behalf of others or uploading content containing other people's information), you must ensure that you have obtained explicit authorization from the relevant individuals (or children's guardians). When processing sensitive information in specific scenarios, we will obtain your separate consent in accordance with the law.
When using personal information beyond the scope expressly stated in this policy, we will obtain your authorization again.
With your consent, we may obtain your information from legal channels such as affiliated companies and partners for the following purposes:
Real-name authentication management
Safety measures
credit assessment services
is subject to the specific product agreement. For example, the loan progress information provided by the affiliated company will be used to show you the approval status. We will verify the legitimacy and authorization scope of the third-party data source, and will obtain consent again if the scope of use needs to be expanded.
Note: As our business develops, if new information collection situations that are not listed are added, we will explain and obtain authorization through page prompts, announcements, etc. All information processing is subject to this policy.
Exceptions to consent
In accordance with relevant laws and regulations, we do not need to obtain additional authorization and consent to process your personal information in the following specific circumstances:
Necessary for the performance of FlashCedi’s legal obligations or duties;
Involving major national interests such as national security and national defense security;
Involving public safety, public health, and major public interest protection;
Related to judicial procedures such as criminal investigation, prosecution, trial and execution of judgment;
Necessary for the conclusion or performance of a contract to which you are a party;
It is necessary to protect your life or property in an emergency;
Based on personal information that you have disclosed yourself or that is otherwise legally disclosed;
Information obtained from legal public channels (such as government public information and news reports);
Use within a reasonable scope for public interest purposes such as news reporting and public opinion supervision;
Necessary to ensure the safe and stable operation of products and services (such as fault detection and processing);
Academic research institutions conduct research based on public interest and de-identify information;
Other circumstances stipulated by laws, regulations and national standards.
Special Notes:
When technical measures are taken to make personal information unable to be re-identified to a specific individual, the use of the relevant data does not require further notification;
This privacy policy only applies to the processing of personal information related to FlashCedi loan APP product services.
Cookies and similar technologies usage instructions
To optimize your service experience, we may use tracking technologies such as cookies:
Technology types: including but not limited to Cookies, pixel tags, etc.
Main Applications:
Keeping users logged in
Analyze service usage
Provide personalized content display
Ensure safe operation of services
Management method: You can manage cookie preferences through browser settings, but this may affect the experience of some functions.
2. How do we share, transfer, entrust processing and disclose your personal information?
2.1 Basic principles of information sharing
We only share your personal information with partners to the extent necessary, including but not limited to order information, account information, and device information, to ensure the smooth provision of services. During the sharing process, we strictly follow the following principles:
Legality principle: All sharing behaviors must comply with relevant laws and regulations.
Minimum Necessary Principle: Share only the minimum information necessary to achieve the purpose of the service
Security principle: partners are required to adopt security protection measures of the same standard as FlashCedi
Purpose limitation principle: partners shall not use information for purposes other than the agreed purpose
We will conduct a comprehensive assessment of our partners’ information processing capabilities, including:
Legality verification of data processing qualifications
Completeness review of security measures
Clear agreement on the scope of information use
If the partner needs to change the purpose or method of using information, it must obtain your explicit authorization again. We require all partners to sign a strict data protection agreement and take necessary technical means and management measures to ensure the security of your personal information and prevent information leakage, damage or tampering.
Business Partner Sharing
To ensure the smooth operation of services, we will share necessary information with partners in the following business scenarios:
Special Notes:
① Advertising services only provide non-identifying information such as device identifiers, or anonymized data
② The push of commercial information will strictly follow the user's right to choose, and the push function can be turned off at any time
③ All sharing behaviors clearly define the scope of data use through agreements
Share with Affiliates
Based on the needs of group operations, we will share information with related parties in the following circumstances:
Cross-platform service collaboration: sharing necessary information when providing you with extended services such as travel
Risk management: Sharing necessary information that has been security-assessed for anti-fraud purposes
Safeguard measures:
① Affiliates must comply with the same or stricter data protection standards
② Establish a hierarchical approval mechanism to control the sharing of sensitive information
③ Clarify the boundaries of information use through legal agreements
④ Regularly audit the compliance use of shared information
2.2 Information Transfer
We promise that we will not transfer your personal information in principle, except in the following statutory circumstances:
2.3 Personal Information Disclosure Rules
We only disclose your personal information in the following strictly limited circumstances:
Disclosure at your request:
Your separate written consent is required
Strictly follow the disclosure method and scope specified by you
Disclosure in accordance with statutory requirements:
You need to check the official legal documents issued by the law enforcement agency
Provide only the necessary information that strictly matches law enforcement requests
Keep complete records of the disclosure process for future reference
All disclosures will:
Conduct strict legal compliance review
Adopt the principle of minimum necessary
Maintain complete disclosure records
Inform you of the disclosure promptly (except where notification is not required by law)
We have a dedicated information security team to conduct a legality review of all transfer and disclosure requests to ensure that your personal information rights and interests are fully protected.
3. Data storage duration
We strictly follow the principle of minimization of storage and only retain your personal information within the following period:
Basic retention period: 90 days from the date of data collection (unless otherwise required by laws and regulations)
Service duration: the time necessary to continue to provide services (such as retaining the registered mobile phone number during the account duration)
Legal obligation period: the retention period required by relevant laws and regulations
Data deletion specifications:
After the storage period expires
If you actively exercise your right to delete or cancel your account,
we will:
① completely delete the relevant information
② anonymize it with technical processing (so that it cannot be associated with a specific individual)
Adjustment of storage period under special circumstances:
When the following legal reasons arise, we will extend the data retention period in accordance with the law:
Legal and regulatory requirements that should be complied with
Requirements for effective judicial documents
Requirements made by government departments in accordance with the law
Necessary to protect major public interests or the legitimate rights and interests of others
(including but not limited to: ensuring the safety of platform users, safeguarding the legitimate rights and interests of enterprises, etc.)
We have established a complete data lifecycle management system, and all data retention behaviors have undergone strict compliance review to ensure compliance with the requirements of laws and regulations such as the Cybersecurity Law and the Personal Information Protection Law.
4. Information security system
We have established a multi-level security protection system that meets the standards of the financial industry to fully protect the security of your personal information:
Core technology protection measures:
Financial-level special protection mechanism:
Establish a payment information security system that complies with PCI DSS standards
Implementing dynamic key management and quantum encryption technology
Deploy a financial-grade anti-fraud monitoring system
Implement UnionPay-level data security standards
4.1 Safety Management System
Organizational safeguards:
① Authority control: Implement a four-level access authority system, and all contact personnel must pass background checks and sign a confidentiality agreement.
② Behavior monitoring: Keep complete operation logs (at least 180 days) and establish a real-time warning mechanism for abnormal behavior
③ Capacity building: Conduct safety training for all employees every quarter and conduct ISO27001 compliance audits annually
④ Technical audit: Use static code scanning + dynamic penetration testing dual mechanisms to conduct regular security vulnerability assessments
Data governance principles:
Strictly follow the principle of minimizing data collection
Establish a data lifecycle management system
Implementing a hierarchical and classified protection strategy
Conduct data security impact assessments regularly
4.2 Personal Information Access Rights
You have the right to inquire about personal information according to law, which can be exercised through the following channels:
[Operation path] After logging in to the APP, go to "Home → My Account → Transaction Record" to view the complete bill information.
Special instructions:
The query process requires two-factor authentication
Some sensitive information may be displayed in an anonymized form
Circumstances where access is restricted by law will be explained
Query records will be included in the scope of security audit
We are committed to continuously investing in security resources and regularly updating our protection measures to ensure that your information is protected in accordance with the latest security standards.
4.3 Authorization scope management
You can adjust authorization permissions at any time by:
[Operation path] Home → Account Settings → Privacy Center → Permission Management
In this interface you can:
View the authorization status of each permission in real time
Disable specific function permissions (such as contacts, text messages, etc.)
Get the functional description and impact scope of each permission
4.4 Personal Information Deletion Mechanism
You have the right to request deletion of personal information in the following circumstances:
Illegal processing: We process your information in violation of laws and regulations
Unauthorized: Unauthorized collection/use of information without consent
Breach of contract: Processing information in violation of the agreement with you
Service termination: You cancel your account or we stop operating
Processing flow description:
① After the customer service accepts the application, a 15-working-day verification period will be initiated
② After confirmation of deletion, the deletion request will be sent to the partner simultaneously
③ The backup system will be completely cleared during the next scheduled maintenance
(Note: Situations that need to be retained according to law will be explained)
4.5 Right to be informed about information sharing
We protect your right to know in the following ways:
New shared scene notification:
New shared object types will be announced in the first 30 days
Before implementing the new usage method, a separate pop-up window will be displayed for confirmation
Policy update notice:
Major changes will be notified 15 days in advance
Update content is presented in the form of a version comparison table
Dual reminder via internal message + SMS
You can view the information sharing overview of the past 12 months in "Privacy Center → Data Sharing Record", including:
Shared object category
Shared Data Types
Shared time nodes
Legal basis
4.6 How to update this Privacy Policy
We may update this Privacy Policy based on business development or legal requirements, and the updated version will take effect after being publicized. For major changes (including but not limited to changes in service model, data processing purpose, personal information type, usage method, ownership structure, sharing objects, user rights exercise method, contact channels, etc.), we will inform you in advance through in-site notifications, SMS, emails or official website announcements. Without your explicit consent, we will not reduce your rights under this policy.
If you have any questions about this policy, or have complaints or suggestions about the handling of personal information, you can contact us in the following ways:
We will verify and process your request within 5 working days after receiving it. FlashCedi reserves the right of final interpretation of this policy, and the latest version shall be subject to the official website.