Legal
1. INTRODUCTION & DATA CONTROLLER
This Privacy Policy outlines how Lattice Technologies Ltd hereinafter known as ("the Company", "we", "us", or "our") collects, uses, processes, discloses, and safeguards personal data through the Scamrader application. For the purposes of the Nigeria Data Protection Act (NDPA), Lattice Technologies Ltd acts as the Data Controller.
2. LEGAL BASES FOR DATA PROCESSING
Under the NDPA, we only process personal data where a lawful basis exists. We rely on the following processing triggers:
- Consent: When you explicitly authorize us to access your device telemetry or submit a report.
- Contractual Necessity: To provide the core risk-intelligence services you request when signing up for an account.
- Legitimate Interests: To detect, prevent, and mitigate financial fraud, protect the integrity of the Nigerian fintech ecosystem, and safeguard our platform from cyber threats.
- Public Interest / Legal Obligation: For cooperation with law enforcement agencies and regulatory bodies in tracking financial crimes.
3. DATA WE COLLECT
- Account Data: Name, email address, phone number, and account credentials created during onboarding.
- Reporting Submissions (Threat Intelligence): Phone numbers, bank account numbers, wallet addresses, names of suspected bad actors, chat screenshots, and narrative transaction evidence submitted by users.
- Device & Telemetry Data: IP addresses, device fingerprints, operating system type, unique device identifiers, and in-app behavioral telemetry collected to identify bot networks or malicious reporting behaviors.
4. HOW WE USE AND SHARE THE DATA
- Algorithmic Profiling: To evaluate reported data signals against our Threat Databases to generate dynamic risk ratings.
- Anonymized Crowdsourcing: When a user queries a phone number or account, we display the risk metadata. We do not reveal the identity of the user who submitted the report to ensure whistleblower protection.
- Law Enforcement Integration: Verified fraud trends and telemetry may be securely shared with law enforcement networks or licensed financial partners under strict data-sharing agreements.
5. THE "REPORTED DATA" EXEMPTION PROTOCOL (Processing Scammer Data)
A critical inclusion under the NDPA for fraud platforms: When users submit the personal data of third parties (e.g., a fraudster's bank account or phone number), Scamrader this data under the lawful basis of Legitimate Interest and Public Interest (Fraud Prevention). Such processing is strictly optimized for risk analysis and is insulated from standard third-party deletion requests where retention is required for legal compliance or crime prevention.
6. DATA MINIMIZATION, SECURITY & RETENTION
- Encryption: All personal data and transaction telemetry are encrypted in transit via SSL/TLS and at rest using industry-standard cryptographic architectures.
- Retention Period: We retain account data for as long as your account is active. Threat intelligence data (flagged accounts) is retained permanently in an anonymized, aggregated format to maintain historical fraud trends, unless expunged via our formal Notice and Takedown Procedure.
7. DATA SUBJECT RIGHTS
In accordance with the NDPA, users possess the following rights, exercisable via privacy@scamrader.com:
- The right to access or request a digital copy of their processed personal data.
- The right to rectify inaccurate or incomplete personal records.
- The right to request the erasure of their account data (subject to legal or legitimate interest retention overrides).
- The right to object to or restrict specific processing matrices.
8. DATA PROTECTION OFFICER (DPO)
The Company has designated a Data Protection Officer to oversee compliance with the NDPA. For all inquiries regarding data governance, you may contact our compliance desk directly at legal@scamrader.com