Privacy Policy

CashTrack ("we", "our", or "us") is committed to protecting the privacy of Nigerian businesses and their customers. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our invoicing, payment tracking, and tax compliance platform.

CashTrack never touches your money. We are an invoicing and record-keeping tool. All payment processing is handled by licensed third-party providers.

1. Information We Collect

We collect the following categories of information:

• Account Information: Business name, email address, phone number, password (hashed), business address, and state of operation.
• Business Data: Invoices, client records, payment records, tax calculations, and financial reports you create within the platform.
• Client Data: Names, email addresses, phone numbers, and billing addresses of your clients that you enter into CashTrack.
• Usage Data: Browser type, IP address, pages visited, features used, and session duration for analytics and service improvement.
• Communication Data: Email and WhatsApp messages sent through our platform to your clients.

2. How We Use Your Information

• Providing and maintaining the CashTrack platform and its features.
• Generating invoices, tracking payments, and computing tax estimates.
• Sending transactional emails and WhatsApp notifications on your behalf.
• Processing subscription payments for your CashTrack plan.
• Improving our services through aggregated, anonymised usage analytics.
• Communicating service updates, security alerts, and support responses.
• Complying with legal obligations under Nigerian law.

3. Data Storage & Security

Your data is stored securely using Supabase, a cloud database platform with enterprise-grade security. All data is encrypted at rest and in transit using AES-256 encryption and TLS 1.2+. Passwords are hashed using bcrypt and are never stored in plain text.

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction, including regular security audits and access controls.

4. Payment Processing

Subscription payments are processed by Paystack, a CBN-licensed payment processor. CashTrack does not store your credit card numbers, bank account details, or other sensitive payment information. Paystack's handling of your payment data is governed by their own privacy policy and PCI DSS compliance.

When your clients pay invoices via Paystack payment links, their payment data is handled entirely by Paystack. CashTrack only receives confirmation of payment status.

5. WhatsApp Integration

CashTrack offers optional WhatsApp notifications via the Twilio API. When enabled, we send invoice reminders and payment confirmations to your clients' phone numbers. Message content is limited to transactional information related to invoices you have created. You are responsible for ensuring you have your clients' consent to receive these messages.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required by Nigerian tax law to retain financial records for a minimum of 6 years. Aggregated, anonymised data may be retained indefinitely for analytics purposes.

7. Your Rights

Under the Nigerian Data Protection Regulation (NDPR), you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Restrict Processing: Request that we limit how we use your data.
• Data Portability: Request your data in a structured, machine-readable format.
• Object: Object to processing of your data for certain purposes.
• Withdraw Consent: Withdraw any previously given consent at any time.

8. NDPR Compliance

CashTrack is committed to compliance with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023. We process personal data lawfully, fairly, and transparently. We collect data only for specified, explicit, and legitimate purposes and do not process data in a manner incompatible with those purposes.

We have appointed a Data Protection Officer to oversee our compliance efforts. For NDPR-related inquiries, please contact us using the details below.

9. Third-Party Services

We use the following third-party services that may process your data:

• Supabase: Database hosting and authentication infrastructure.
• Paystack: Payment processing for subscriptions and invoice payments.
• Twilio: WhatsApp and SMS message delivery.
• Resend: Transactional email delivery.
• Vercel: Application hosting and deployment.

Each provider operates under their own privacy policies and data processing agreements.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: