APEXN PATH TECH LIMITED, the operator of the CashMe app, complies with the Interim Regulatory and Registration Framework and Guidelines for Digital Lending, 2022, as set by Nigeria’s regulatory authorities for digital money lenders. This Privacy Policy outlines why we collect your personal information, the types of data we gather, how we store and share it, and your rights regarding your data. By clicking “Accept” after reviewing the privacy rights and policies in the CashMe app, you consent to the collection and processing of your personal information as described below.

Personal and Sensitive Information We Collect

To provide you with secure, tailored, and seamless access to our services, we may collect and process the following personal information:

1. Basic Details: Full name, date of birth, gender, marital status, home address, phone number, and email address.

2. Identification Data: Government-issued ID details (type and number) and facial recognition data.

3. Financial Information: Bank account details, including bank name, account number, and the phone number linked to your bank account.

4. Education and Employment Details: Educational background, degree, and occupation type.

5. Contact Information: Details of relatives, family members, or other contacts, including their names and phone numbers.

Additionally, we collect device-related data to enhance our credit assessment process, such as your device’s make, model, and operating system. We may also obtain information from third parties, such as credit bureaus or other financial institutions, to complement the data you provide. By signing up for CashMe, you authorize us to collect and process the information outlined above.

This policy is designed to be clear and transparent for our users in Nigeria, ensuring you understand how your data is handled while using the CashMe app.

Permission Information

To evaluate your loan eligibility and amount, and to expedite your loan application, we require access to the following permissions on your device:

SMS

With your consent, CashMe accesses only SMS data related to financial transactions to support risk assessment and fraud detection. We use advanced multi-type filtering technology to ensure only relevant information is collected, ignoring unrelated SMS content. Granting SMS permission is entirely optional, and you can fully control its activation or deactivation in your device settings. If permission is granted, retrieved SMS data (including sender information, timestamps, and message details) is securely transmitted to our server (https://www.apexnpath.com). If you wish to delete your data, you can do so via the account deletion option provided in the app. Without your consent, we will not share this information with third parties.

Location

With your permission, CashMe may collect your approximate location to enhance account security and provide a better service experience. If permitted, the collected location data is securely transmitted to our server (https://www.apexnpath.com). Without your consent, we will not share this data with third parties.

Camera

CashMe requires access to your mobile device’s camera to capture photos of your identification documents and perform facial recognition for loan applications, verifying that the ID photo matches your facial recognition data. We only use the camera to take necessary photos with your consent. The collected data is encrypted and uploaded to our server (https://www.apexnpath.com). Without your permission, we will not share this information with third parties.

List of Installed Applications

To ensure your device’s security and confirm that no non-Google trusted or malicious apps are installed that could compromise your financial safety, we collect data on the applications installed on your device, such as app names and package names, when you submit a loan application. This data is encrypted before being uploaded. It may be used to identify potentially illegal applications and prevent fraud. We only collect this data with your consent. The information is securely transmitted to our server (https://www.apexnpath.com), and we will not share it with third parties without your permission.

Device Information

CashMe needs to collect and monitor your device information, including name, model, region, language, identification codes, hardware and software details, status, usage patterns, and unique identifiers (such as IMEI and serial number). This helps us identify the device making the loan request and any additional devices, enabling proper assessment of your personal data to prevent fraud. The collected data is encrypted and uploaded to our server (https://www.apexnpath.com). Without your consent, we will not share this information with third parties.

Purpose of Processing User Data

More specifically, we may process your personal data for one or more of the following purposes:

• To verify your identity in accordance with Know Your Customer (KYC), Anti-Money Laundering (AML), and Countering the Financing of Terrorism (CFT) requirements.

• To manage and maintain your account with us.

• To detect and prevent fraud or unauthorized use of our products and services.

• To better manage our business and your relationship with us, including quality control and staff training, to ensure we continue providing accurate information, products, and services.

• To improve our products and services and develop new ones.

• To inform you about changes to the benefits and features of our products and services.

• To market our services, including sending you information about our products, features, promotions, surveys, news, updates, and events, as well as providing personalized marketing information. If you do not wish to receive marketing information, you can opt out when creating your account.

• To provide personalized advertising and marketing services.

• To respond to your inquiries and resolve disputes.

• To address legal claims, compliance, audits, risk management, enforcement procedures, and regulatory functions.

If we need to process your criminal record information, biometric data, or any other type of special personal data for any of the above purposes, you must explicitly consent to the collection, use, and storage of your personal data. If you choose to withdraw your consent, we recommend reviewing the “Right to Withdraw” section below. Please note that withdrawing consent will prevent you from using our products and services.

How We Share, Transfer, and Disclose Your Personal Information

Sharing

We do not share your personal information with any companies, organizations, or individuals outside our platform, except in the following circumstances:

1. With Your Explicit Consent: We will share your personal information with other parties only after receiving your clear approval.

2. Legal or Regulatory Requirements: We may share your information as required by laws, regulations, litigation needs, or lawful requests from administrative or judicial authorities.

3. Service Providers: Certain features or modules of our services are supported by external vendors, and we may share your information with them as necessary for service delivery.

4. Affiliated Entities: To provide seamless services through linked accounts, detect account irregularities, or protect the safety of our affiliates, users, or the public, we may share your information with our affiliated companies.

5. Authorized Partners: We may delegate specific services or tasks to trusted partners, sharing only the information necessary for them to fulfill their roles. These partners are prohibited from using your information for any other purpose.

6. Publicly Available Information: If your personal information has already been disclosed publicly through legal or open channels (e.g., news reports or government platforms), it may be shared.

7. Other Legal Circumstances: We perform rigorous security checks on third-party APIs and SDKs used for sharing information, ensuring they implement protective measures and comply with applicable laws and regulations.

Transfer

We generally do not transfer your personal information to any company, organization, or individual, except in these cases:

1. With Your Prior Consent: We will transfer your information only after obtaining your explicit consent or authorization.

2. Business Transactions: In cases of asset transfers, credit assignments, mergers, acquisitions, or bankruptcy liquidations involving personal information, we will ensure that the new entity holding your information adheres to this privacy policy. If not, we will require them to seek your authorization again.

Public Disclosure

We will only disclose your personal information publicly in the following situations, while employing industry-standard security safeguards:

1. As Per Your Instructions: We will disclose your specified personal information in the manner you have explicitly agreed to.

2. Legal Obligations: If required by laws, regulations, or mandatory requests from administrative, judicial, or regulatory authorities, we may disclose your personal information based on the specified type and method.

How We Safeguard Your Personal Information

1. We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, use, alteration, damage, or loss. These measures include encryption technologies to ensure data confidentiality, as well as robust defenses against malicious attacks.

2. If any or all of our services cease operation, we will inform you via announcements or SMS. In the event of service disruptions due to factors like war, local conflicts, technical failures, cyberattacks, natural disasters, public health crises, or human errors, we will take all feasible emergency response and recovery actions.

3. Please note that, due to technological limitations and potential malicious threats, unforeseen incidents may occur beyond our reasonable control. The internet is not entirely secure, so we recommend using strong passwords and security tools to help protect your account.

4. In the event of a personal information security breach, we will comply with legal requirements by promptly notifying you of the incident’s details through SMS, official website announcements, or other effective channels. We will also report the incident’s handling to regulatory authorities as required.

How We Secure Your Personal Information

We employ industry-standard security protocols to safeguard your personal information, preventing unauthorized access, disclosure, use, alteration, damage, or loss. We take all reasonably practicable steps, such as using encryption to protect data confidentiality and deploying trusted mechanisms to shield against malicious attacks, to ensure your privacy is protected.

Should any or all of our services cease operation, we will inform you via announcements or SMS. If our operations are disrupted due to events like war, local conflicts, technical issues, cyberattacks, natural disasters, public health crises, accidents, or human errors, we will make every effort to implement emergency response and recovery measures.

Please be aware that technological limitations and potential malicious threats may lead to unforeseen incidents beyond our reasonable control. The internet is not completely secure, so we encourage you to use strong passwords and security tools to help us keep your account safe.

In the event of a personal information security breach, we will comply with legal requirements by promptly notifying you of the incident’s details through SMS, website announcements, or other effective methods. We will also report the handling of such incidents to regulatory authorities as required.

Your Rights as a Data Subject

We place great importance on protecting your rights to manage your personal information and provide you with options to control it. You have the right to access, correct, withdraw, or delete your information to safeguard your privacy and security.

1. Right to Access
   Unless prohibited by law, we strive to ensure you can easily access your personal information whenever you use our services. To view or edit your account details (such as phone number, login password, gesture password, or bank account information), you can do so within the CashMe app or reach out to our CashMe support team for assistance.

2. Right to Correct
   If you need to update your personal information or notice errors in how we’ve processed it, you have the right to make corrections. You can update your details directly in the app or submit a correction request via our feedback and error-reporting channels. We may ask you to verify your identity before processing your correction request.

3. Right to Withdraw Consent
   You may modify or withdraw your consent for data collection at any time. However, withdrawing consent may prevent us from providing certain services tied to that consent. Please note that we will continue to store or disclose any personal information provided before withdrawal, in line with applicable laws and this Privacy Policy.

4. Right to Delete
   You can request to delete your account through the “Delete Account” feature in the app settings. Deleting your account will stop all services, so please proceed carefully. Be aware that we will retain or disclose personal information provided before deletion, as required by applicable laws and this Privacy Policy.

5. Handling Issues
   If you’re unable to access, correct, withdraw, or delete your personal information through the methods above, or if you have questions about how we collect or use your data, please contact our CashMe support team. For security, we may ask for a written request or other proof of identity. We’ll respond to your inquiry as quickly as possible after verifying your identity.

We will make reasonable efforts to honor your requests for accessing, correcting, withdrawing, or deleting personal information. However, we may decline requests that are unreasonably repetitive, demand excessive technical resources, jeopardize others’ rights, or are highly impractical.

Where and How Long We Store Your Personal Information

Personal information we collect and generate in your country/region will be stored within that country/region. If personal information collected in Nigeria needs to be transferred to overseas entities for cross-border business purposes with your authorization, we will strictly comply with applicable laws, administrative regulations, and relevant regulatory authorities’ requirements, ensuring that overseas entities keep your personal information confidential.

Unless otherwise required by laws or regulations, we will retain your personal information only for the period necessary to fulfill the purposes outlined in this policy (5 years). Once your personal information is anonymized, it becomes usable and shareable data, and we are not required to notify you or obtain your consent for its storage or processing. After the legally mandated retention period expires, we will anonymize or delete your information.

Deleting Your Personal Information and Canceling Your Account

You can delete your account using the “Delete Account” feature in the app settings. Upon receiving your deletion request, we will process it in accordance with your instructions and relevant laws and regulations. Most deletion requests are automatically approved, and you can view the results within the app.

If we have shared your personal information with third parties in violation of laws, regulations, or our agreement with you, we will immediately stop sharing it upon your request and notify the third party to delete it promptly. If your personal information has been publicly disclosed, we will cease disclosure upon your request and issue a notice requiring relevant recipients to delete the information.

You may also request account cancellation or discontinuation of specific services by contacting us at apexnpath@hotmail.com. After verifying your cancellation details, contract performance, and other relevant information, we will review and process your account cancellation request within 15 working days.

Notice on the Protection of Minors

We place a high priority on protecting minors’ personal information. If you are a minor, you are not permitted to use our products or services.

Updates to Our Privacy Policy

We may update this Privacy Policy from time to time. We recommend checking this page periodically for changes. We will notify you of updates by posting the revised Privacy Policy on this page, and changes will take effect immediately upon posting.

Contact Us

If you have any questions, comments, or suggestions about this policy, or if you suspect your personal information may have been compromised, you can reach us via:

Email: apexnpath@hotmail.com
Service Hours: 9:00 - 16:00
Address: B1 Block 2 Flat 2, Kabusa Garden FCT Und St. Dakwo, Abuja, FCT, Nigeria

Last Updated: April 15, 2025