Privacy Policy

Legal Name: Radian Alliance Limited

Registration Number: RC 1959744

Registered Address: 3 Alfred Olaiya Street, Awuse Estate, Ikeja, Lagos, Nigeria

Privacy Contact: privacy@arcadia-research.com

General Contact: hello@buildwithradian.xyz

This Privacy Policy applies to:

• Visitors to our website (buildwithradian.xyz)
• Prospective customers who submit access requests through our website
• Business customers who use our API integration software to connect to licensed payment service providers

Important: Radian is a B2B software company that provides integration tools. We do not provide payment services, do not hold customer funds, and do not process payments. All payment processing is performed by Central Bank of Nigeria (CBN)-licensed payment service providers including Paystack, Flutterwave, Interswitch, and others.

3.1 Information You Provide Directly

When you submit a request for access through our website, we collect:

• Full name
• Company name
• Work email address
• Use case description

When you become a customer and use our API integration platform, we may additionally collect:

• API credentials and authentication tokens
• Business configuration settings (payment provider preferences, routing rules, split payment configurations)
• Technical contact information for support purposes

3.2 Transaction Data (Pass-Through Only)

As an integration layer, transaction data flows through our system to connect your platform with licensed payment providers. This includes:

• Transaction amounts and currency
• Transaction timestamps and status
• Merchant identifiers
• Payment method type (not card details)
• Transaction reference numbers

Critical Clarification: We do NOT store complete transaction details permanently. Transaction data passes through our system in real-time to facilitate routing between your platform and payment providers. We retain only metadata logs for operational purposes as described in Section 7 (Data Retention).

We NEVER collect, store, or process:

• Full credit or debit card numbers
• Card verification values (CVV)
• Card PINs or passwords
• Bank account credentials
• Customer funds or balances

3.3 Automatically Collected Information

We do NOT use:

• Cookies or similar tracking technologies
• Analytics tools (Google Analytics, Mixpanel, etc.)
• Third-party advertising or marketing trackers
• Session replay tools

We DO collect:

• API request logs: timestamp, endpoint accessed, response status, request duration (for debugging and security purposes)
• Server logs: IP addresses, user agents, request/response data for API calls (retained for 90 days for operational purposes)

We use the information we collect for the following purposes:

4.1 To Provide Our Services

• Process access requests and evaluate suitability for sandbox access
• Facilitate API connections between your platform and licensed payment providers
• Route transaction requests to appropriate payment providers based on your configuration
• Monitor system performance and uptime
• Provide technical support and troubleshooting

4.2 For Security and Fraud Prevention

• Detect and prevent unauthorized API access
• Investigate security incidents
• Monitor for suspicious patterns or anomalies
• Maintain audit trails for compliance purposes

4.3 For Business Operations

• Communicate with you about service updates, maintenance, or changes
• Respond to inquiries and provide customer support
• Improve our integration platform and develop new features
• Comply with legal obligations and regulatory requirements

4.4 We Do NOT Use Your Information For

• Targeted advertising or marketing
• Selling or renting your data to third parties
• Behavioral tracking or profiling
• Processing payments or holding funds

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

5.1 With Payment Service Providers

When you use our integration platform, transaction data is shared with the licensed payment providers you've selected (such as Paystack, Flutterwave, Interswitch) to facilitate payment processing. This sharing is necessary to provide our core service. Each payment provider operates under their own privacy policy and data protection practices.

5.2 With Service Providers

We share information with third-party service providers who perform services on our behalf:

• Cloud Infrastructure: Amazon Web Services (AWS) for hosting and data storage
• Email Services: For transactional communications (access confirmations, system notifications)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.3 For Legal Compliance

We may disclose information when required by law, including:

• In response to court orders or legal process
• To comply with regulatory requirements (Central Bank of Nigeria, Nigeria Data Protection Commission)
• To protect the rights, property, or safety of Radian, our customers, or others
• To investigate fraud, security incidents, or violations of our Terms of Service

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your personal information.

We implement industry-standard security measures to protect your information:

6.1 Technical Safeguards

• Encryption: All data transmission uses TLS 1.2 or higher encryption
• Data Storage: Information is stored on secure AWS infrastructure with encryption at rest
• Access Controls: Role-based access controls limit employee access to data based on job function
• API Security: Authentication via API keys, rate limiting, and request validation
• Monitoring: 24/7 system monitoring for security incidents and anomalies

6.2 Organizational Safeguards

• Employee training on data protection and security best practices
• Confidentiality agreements with all employees and contractors
• Regular security audits and vulnerability assessments
• Incident response procedures for security breaches

6.3 Limitations

While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute security of information transmitted over the internet. You are responsible for maintaining the confidentiality of your API credentials and notifying us immediately of any unauthorized access.

We retain different types of information for varying periods:

7.1 Access Request Information

• Active prospects: Retained for 2 years from last contact
• Reason: To evaluate suitability and maintain communication history for business development purposes

7.2 Customer Account Information

• Active customers: Retained while your account is active and for 2 years after account closure
• Reason: To provide ongoing service, maintain business records, and comply with legal obligations

7.3 Transaction Logs and Metadata

• Standard API logs: 90 days
• Transaction metadata: 7 years (amount, timestamp, status, reference numbers—no card details)
• Reason: Operational debugging (90 days) and financial record-keeping compliance (7 years)

7.4 Security and Incident Logs

• Security incident logs: 7 years
• Reason: Legal defense, regulatory compliance, and forensic analysis

7.5 Deletion Process

When retention periods expire or upon approved deletion requests, data is permanently deleted within 30 days. This timeframe accommodates backup cycles and ensures complete removal across all systems.

As a Nigerian company processing data of Nigerian data subjects, we comply with the Nigeria Data Protection Regulation (NDPR) 2019. You have the following rights:

8.1 Right to Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data.

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purpose collected
• You withdraw consent (where consent was the legal basis)
• You object to processing and there are no overriding grounds
• The data was unlawfully processed

Exception: We may retain data when required for legal obligations, establishment of legal claims, or public interest.

8.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

8.5 Right to Object

You have the right to object to processing of your personal data for direct marketing purposes or based on legitimate interests.

8.6 Right to Lodge a Complaint

You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data protection rights have been violated:

Nigeria Data Protection Commission
Email: info@ndpb.gov.ng
Website: https://ndpb.gov.ng

8.7 Exercising Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@arcadia-research.com
• Subject line: "NDPR Rights Request - [Your Name]"

We will respond to your request within 30 days. We may request additional information to verify your identity before processing requests.

Your information is stored on Amazon Web Services (AWS) infrastructure. While our primary users are in Nigeria, data may be processed in AWS data centers outside Nigeria.

When transferring data internationally, we ensure adequate safeguards are in place:

• Standard contractual clauses with service providers
• Compliance with NDPR requirements for cross-border data transfers
• Encryption in transit and at rest

Payment providers (Paystack, Flutterwave, Interswitch, etc.) operate under their own data processing agreements and may transfer data according to their policies.

Our services are designed for businesses and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information promptly.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify you via email (if you've provided an email address) or prominent notice on our website
• We encourage you to review this policy periodically to stay informed

Continued use of our services after changes become effective constitutes acceptance of the updated Privacy Policy.

Under NDPR, we process your personal data based on the following legal grounds:

12.1 Consent

When you submit an access request, you provide explicit consent for us to process your contact information to evaluate your request and communicate with you.

12.2 Contract Performance

For customers using our services, processing is necessary to perform our contract with you and provide the integration platform you've subscribed to.

12.3 Legitimate Interests

We process data based on legitimate business interests for:

• Security monitoring and fraud prevention
• System performance optimization
• Business analytics and improvement

12.4 Legal Obligations

We process data to comply with legal requirements including:

• Financial record-keeping regulations
• Tax obligations
• Regulatory reporting to CBN and NDPC
• Response to lawful requests from authorities

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days. For urgent matters, please indicate "URGENT" in your email subject line.