Shella Privacy Policy
This Privacy Policy explains how MINC TECHNOLOGIES LTD ("Shella," "we," "us," or "our") collects, uses, shares, and protects personal information when you use the Shella digital payments platform, including our website, mobile applications, and the APIs and payment infrastructure we make available to businesses and merchants (collectively, the "Services").
By creating an account or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Services.
If you access Shella through a business or merchant that has integrated our APIs, please also review that partner's own privacy notice, which governs how they handle your information within their application.
1. Who we are
[Shella legal entity name] is the data controller responsible for personal information processed through the Services, except where we act as a processor on behalf of business and merchant partners (see Section 9).
- Registered address: House 34 F.O William Street, Life Camp - Abuja
- Contact for privacy matters: eng@shella.tech
- Data Protection Officer / privacy contact: Oluwaseun Olusi
2. Scope of this policy
This policy applies to:
- Individual users who use Shella to buy airtime and data, pay utility bills, settle cable TV and internet subscriptions, schedule or automate payments, and use other digital payment services.
- Business and merchant partners who integrate our APIs and payment infrastructure, and the individuals who administer those partner accounts.
- Visitors to our website and other public-facing properties.
It does not cover the practices of third parties we do not control, including billers, service providers, and partners who use our APIs within their own products.
3. Information we collect
We collect the following categories of information.
3.1 Information you provide to us
- Identity and account information: name, username, date of birth, and login credentials.
- Contact information: email address, phone number, and postal or billing address.
- Identity verification (KYC) information: government-issued identification numbers, identity documents, and other information we are required to collect to verify your identity and comply with financial regulations. [Adjust to the specific KYC requirements of your jurisdiction.]
- Financial and payment information: bank account details, card information, wallet balances, and linked payment methods. [If card data is handled by a PCI-DSS-compliant processor and tokenized rather than stored by Shella, state that here.]
- Transaction information: details of the payments you make, including biller or merchant, amount, date, service type (e.g., airtime, data, utility, cable TV), and status.
- Automation and scheduling data: recurring payment instructions, reminders, schedules, and preferences you configure.
- Communications: information you provide when you contact support, respond to surveys, or otherwise communicate with us.
3.2 Information we collect automatically
- Device and technical information: device type, operating system, browser type, unique device identifiers, and mobile network information.
- Usage information: features used, pages viewed, actions taken, and the dates and times of your activity.
- Log data: IP address, access times, app crashes, and other diagnostic data.
- Approximate location: derived from your IP address, and, where you grant permission, more precise location from your device.
- Cookies and similar technologies: as described in Section 8.
3.3 Information we receive from third parties
- Payment processors, financial institutions, and billers: confirmation of transactions, account status, and settlement information.
- Identity verification and fraud-prevention providers: results of identity, sanctions, and fraud checks.
- Business and merchant partners: information about transactions you initiate through their integrated applications.
- Analytics and advertising providers: aggregated or device-level information about how you found and interacted with the Services.
4. How we use your information
We use personal information to:
- Provide the Services: create and manage your account, process and settle transactions, and deliver airtime, data, bill payment, and subscription services.
- Enable automation: operate reminders, scheduling, and automated recurring payments you set up.
- Verify your identity and comply with law: perform KYC checks and meet anti-money-laundering (AML), counter-terrorist-financing, tax, and other legal and regulatory obligations.
- Prevent fraud and secure the platform: detect, investigate, and prevent fraudulent, unauthorized, or unlawful activity, and protect the rights and safety of users, Shella, and others.
- Provide customer support: respond to your questions, resolve disputes, and troubleshoot problems.
- Communicate with you: send transactional messages (such as receipts, reminders, and security alerts) and, where permitted, service updates and marketing.
- Improve and develop the Services: analyze usage, conduct research, and build new features.
- Meet legal and business requirements: enforce our terms, establish or defend legal claims, and support corporate transactions.
5. Legal bases for processing
Where data-protection law requires a legal basis (for example, under the GDPR or equivalent regimes), we rely on the following, depending on the context:
- Performance of a contract: to provide the Services you request.
- Legal obligation: to meet KYC, AML, financial-reporting, and record-keeping requirements.
- Legitimate interests: to secure the platform, prevent fraud, and improve the Services, balanced against your rights.
- Consent: for certain marketing, optional data collection, and precise location, which you may withdraw at any time.
6. Transaction and financial data
Because Shella is a payments platform, some processing is essential and cannot be opted out of while you use the Services:
- We must process transaction and identity data to execute payments and to satisfy legal and regulatory obligations.
- We may be required to retain transaction and KYC records for a minimum period set by law, even after you close your account (see Section 11).
- Card and certain sensitive payment data are handled in accordance with applicable payment-card security standards (e.g., PCI-DSS).
7. How we share information
We do not sell your personal information. We share it only as described below.
- Service providers (processors): cloud hosting, communications, analytics, customer support, and similar vendors who process data on our behalf under contract.
- Payment partners and billers: banks, payment processors, telecom operators, utility companies, and other billers, as needed to complete the transactions you request.
- Identity and fraud-prevention providers: to verify identity and screen for fraud, sanctions, and other risks.
- Business and merchant partners: where you use Shella through a partner's integrated application, we share information necessary to process your transactions with that partner.
- Legal, regulatory, and law-enforcement authorities: where required by law, regulation, legal process, or to protect rights, property, or safety.
- Professional advisors: auditors, lawyers, and insurers, as needed.
- Corporate transactions: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.
- With your consent: for any other purpose disclosed at the time.
8. Business and merchant partners (API and payment infrastructure)
When a business or merchant integrates our APIs and payment infrastructure:
- We may act as a processor for personal information the partner collects from its own customers and passes to us to process transactions, in which case the partner is the controller and its privacy notice governs that data.
- We act as a controller for information we collect directly, such as partner account administration, our own fraud monitoring, and regulatory compliance.
- Partners are responsible for obtaining any necessary consents from their own users and for handling that data lawfully. Our respective responsibilities are set out in the applicable partner or data-processing agreement.
9. Cookies and similar technologies
We and our providers use cookies, SDKs, and similar technologies to keep you signed in, remember preferences, secure the Services, measure usage, and, where permitted, support marketing. You can manage cookies through your browser or device settings, and, where required, through our consent tools. Disabling some cookies may affect functionality.
10. Data security
We use industry-standard technical and organizational measures to protect personal information, which may include encryption in transit and at rest, access controls, network protections, monitoring, and staff training. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Please keep your login credentials confidential and notify us immediately at eng@shella.tech if you suspect unauthorized access to your account.
11. Data retention
We retain personal information for as long as your account is active and as needed to provide the Services. We retain transaction, KYC, and other records for longer where required to meet legal, regulatory, accounting, tax, or dispute-resolution obligations — financial regulations may require retention for a minimum of 2 years after an account closes or a transaction occurs. When information is no longer needed, we delete or anonymize it.
12. International data transfers
Where we transfer personal information across borders, including to service providers or affiliates in other countries, we implement appropriate safeguards required by applicable law, such as standard contractual clauses, adequacy decisions, or your consent where permitted. [Describe the specific mechanisms and locations relevant to Shella.]
13. Your rights and choices
Subject to applicable law, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your information, subject to our legal retention obligations.
- Restrict or object to certain processing.
- Port your information to another provider.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with your data-protection or financial regulator.
To exercise these rights, contact us at eng@shella.tech. We may need to verify your identity before responding. Note that certain rights are limited where we must retain data for regulatory or fraud-prevention reasons.
Marketing choices
You can opt out of marketing communications at any time using the unsubscribe link or your account settings. You will still receive essential transactional and security messages.
14. Automated processing and fraud monitoring
We use automated systems to monitor transactions and detect fraud, money laundering, and other risks. These processes may flag, delay, or decline transactions. Where automated decisions produce legal or similarly significant effects and the law grants you rights in relation to them, you may request human review by contacting eng@shella.tech.
15. Children's privacy
The Services are not directed to, and we do not knowingly collect personal information from, individuals under [18 / applicable age of majority]. If we learn that we have collected such information without appropriate consent, we will delete it. If you believe a minor has provided us information, contact eng@shella.tech.
16. Third-party services and links
The Services may link to or interoperate with third-party websites, billers, and applications that we do not control. This policy does not apply to those third parties, and we encourage you to review their privacy notices.
17. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Services or by other appropriate means and update the "Last updated" date above. Your continued use of the Services after changes take effect constitutes acceptance of the revised policy.
18. Contact us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at:
MINC TECHNOLOGIES LTD House 34, F.O Williams Street, Life Camp - Abuja Email: eng@shella.tech Oluwaseun Olusi
19. Jurisdiction-specific disclosures
[Add any region-specific sections your legal counsel requires, for example:]
- [Nigeria — NDPA/NDPR]: [disclosures and lawful bases as required.]
- [European Economic Area / UK — GDPR/UK GDPR]: [controller details, EU/UK representative, transfer mechanisms, supervisory authority.]
- [United States — state privacy laws, e.g., CCPA/CPRA]: [categories of information, "do not sell/share" rights, and required consumer disclosures.]
- [Other jurisdictions in which Shella operates.]