Friend Indeed

Privacy Policy

Data Controller: Friend Indeed Limited (RC [RC NUMBER]), a private company limited by shares incorporated in the Federal Republic of Nigeria.
Registered office: [REGISTERED OFFICE ADDRESS, NIGERIA]
Effective date: 30 June 2026  ·  Version: 1.8  ·  Last updated: 2 July 2026

Contents

  1. Who we are
  2. Scope, summary & our Terms
  3. Information we collect
  4. Information we do not collect
  5. Contacts & mutual-matching
  6. How & why we use information
  7. Automated processing, content checks & verification
  8. Legal bases (GDPR/UK/NDPA)
  9. Sensitive information
  10. How information is shared
  11. No sale / no targeted-ad sharing
  12. International data transfers
  13. Data retention
  14. Security & data breaches
  15. Cookies & similar technologies
  16. Your privacy rights
  17. Deleting your account
  18. Children's privacy
  19. Notifications & messages
  20. Sanctions & access restrictions
  21. United States notice (California & other states)
  22. EU/EEA & UK notice (GDPR)
  23. Canada notice (PIPEDA)
  24. Nigeria notice (NDPA 2023)
  25. Changes to this policy
  26. How to contact us

1. Who we are

Friend Indeed ("Friend Indeed", the "App") is operated by Friend Indeed Limited ("we", "us", "our"), a private company limited by shares incorporated in the Federal Republic of Nigeria with registration number [RC NUMBER] and registered office at [REGISTERED OFFICE ADDRESS, NIGERIA]. For the purposes of data-protection law, Friend Indeed Limited is the data controller of the personal information described in this policy.

You can reach our privacy team at [privacy@friendindeed.example]. Our Privacy Officer or Data Protection Officer (where one is required by applicable law) is [DPO NAME], contactable at [dpo@friendindeed.example]. See Section 26 for full contact details, including our representatives for the EU/EEA and the UK.

2. Scope, summary & our Terms

Friend Indeed is a private, closed-circle social notification utility. It lets a person who needs help post a request and notifies that person's mutual contacts — friends who have saved the person in their phone and whom the person has saved in return — so that those friends may choose to help, including by sending a personal gift of money directly to one another using their own external payment methods.

Friend Indeed never touches money. We do not hold, receive, process, transmit, escrow or guarantee funds; we never take possession, custody, or control of user funds; we provide no wallet, stored value, payout or refund service; and we never collect or store your or anyone's card numbers, CVV codes, or bank-login credentials. Any gift happens entirely outside the App, directly between users, through payment methods the users choose themselves. This Privacy Policy reflects that limited role.

Global availability. Friend Indeed is available worldwide, and this Privacy Policy applies to all users globally. The general protections described in this policy apply to everyone, wherever they use the App; the country- and region-specific notices in Sections 21–24 add rights for users in those places and supplement, rather than replace, those general protections.

This policy applies to the Friend Indeed mobile applications and any related websites or support channels we operate that link to it. It does not apply to third-party services (for example, your bank, mobile-money provider, or any payment app) that you use to send or receive money — those services have their own privacy policies.

2.1 Relationship to our Terms & Conditions

This Privacy Policy is part of, and should be read with, our Terms & Conditions, which contain binding provisions stating that Friend Indeed is not a money transmitter, does not provide escrow or wallets, does not take custody or control of funds, and strictly prohibits the solicitation or repayment of loans. The Terms & Conditions govern all use of the App and are available at [https://www.friendindeed.example/terms]. Our Community Guidelines and Safety & Fraud Policy also apply.

3. Information we collect

We practise data minimisation and collect only what the App needs to work. The categories below identify what we collect, whether it is required or optional, and why.

3.1 Information you give us at sign-up (required)

DataRequired?Why we collect it
Telephone numberRequiredYour account identifier and login credential (verified by one-time code); used to match you with your mutual contacts, and shown on your profile to those mutual contacts (who, by definition, already have your number).
First name and last nameRequiredSo your friends can recognise who is asking for help and who is on their contact list.

3.2 Information you may choose to add to your profile (optional)

DataRequired?Why we collect it
Social-media handlesOptionalTo enrich your profile so friends can recognise and connect with you.
Receiving account details (e.g., a bank account number or mobile-money handle)OptionalShown to your mutual contacts as part of your help requests (not on your profile), purely as your instruction for how they may choose to send you a gift. We do not use these details to move, process or verify any money. You are responsible for ensuring they are accurate and appropriate to share with your mutual contacts. See Sections 4 and 14.
Profile pictureOptionalTo enhance your profile and help friends identify you.

3.3 Information generated when you use the App

The specific third-party service providers and software development kits (SDKs) we use to provide, secure and analyse the App are listed in Section 10. Data these tools collect on our behalf is treated as our collection and is disclosed here and in our Google Play Data Safety form and Apple App Privacy label.

4. Information we do not collect

To remove any doubt about our role, we confirm that Friend Indeed does not:

The optional receiving account details you may add (Section 3.2) are stored only so they can be displayed to your mutual contacts as your instruction. They are your account details for receiving gifts — not a payment instrument we operate — and we do not use them to initiate or verify any transaction.

5. Contacts & how mutual-matching works

The heart of Friend Indeed is its closed circle: a help request is only ever shown to, and can only be answered by, your mutual contacts — people whom you have saved in your phone and who have also saved you in theirs. Strangers never see or respond to your requests.

To make this work, with your permission the App reads your device address book to identify which of your contacts also use Friend Indeed. We have engineered this to be privacy-protective:

Because matching is mutual and requests are shown only within your closed circle, Friend Indeed deliberately avoids broadcasting requests, or any person's data, to the wider public or to strangers. You can turn contact-matching on or off, and you can revoke the contacts permission at any time in your device settings.

6. How and why we use information

7. Automated processing, content checks & verification

We use a combination of automated checks and human review to keep the App safe:

We may use personal information to investigate impersonation, identity theft, fraudulent help requests, or other misuse of the platform, and we may ask you for additional information to verify your identity, investigate suspected misuse, enforce our policies, or comply with legal obligations.

8. Legal bases for processing (GDPR, UK GDPR & NDPA)

Where the EU/UK GDPR or Nigeria's NDPA 2023 applies, we rely on the following lawful bases:

PurposeLawful basis
Creating your account; identifying you to friends; matching; posting requests; delivering notifications; providing optional paid featuresPerformance of a contract with you (GDPR Art. 6(1)(b); NDPA s.25)
Accessing your contacts for matching; the optional email you provide via the feedback form; optional marketing; any non-essential device telemetryConsent, which you may withdraw at any time (GDPR Art. 6(1)(a); NDPA ss.25–26)
Including sensitive details in a help request (e.g., financial hardship or health)Explicit consent for special-category data (GDPR Art. 9(2)(a); NDPA s.30) — see Section 9
Fraud prevention, safety, security, abuse-handling and service improvementLegitimate interests (GDPR Art. 6(1)(f); NDPA s.25), balanced against your rights
Meeting legal, regulatory, safety and law-enforcement obligationsLegal obligation (GDPR Art. 6(1)(c); NDPA s.25)

9. Sensitive information

A help request inherently signals possible financial hardship, and you may choose to include health or other personal details (for example, "help with surgery costs"). Under the GDPR/UK GDPR this can be special-category data (Art. 9); under the NDPA it is sensitive personal data; and under California law it is sensitive personal information. Before you publish a request that contains health, disability, mental-health, medical, or other special-category information, we ask you to give your explicit consent through a separate, specific confirmation at the time you create the request; we do not treat the act of posting a request, by itself, as that consent. We share it only with your mutual contacts, never publicly. You can delete a request at any time, and you should include only what you are comfortable sharing with your friends. We do not use sensitive information to infer characteristics about you for advertising.

10. How information is shared

We share personal information only as described here.

10.1 With your mutual contacts

Everything described here is shared only within your closed circle of mutual contacts, and is controlled by you. On your profile, your mutual contacts can see your name, telephone number, profile picture, and any social-media handles you add. When you post a help request, the request itself — together with any receiving account details you include so your friends know how to send help — is shown to your mutual contacts as part of that request (not on your profile). Your mutual contacts also see the request's status (for example, open, closed, or fulfilled) and its amounts — the amount requested, the amount gifted, and an amount still pending your acknowledgement. When a mutual contact logs a gift toward your request, the amount they log is shared with you so you can acknowledge it; until you do, it counts toward the pending total, and once acknowledged it moves into the amount gifted shown to the circle. Your other mutual contacts see only these aggregate totals — not who gifted or how much any individual gave. These figures are user-reported and are not amounts the App processes or verifies (Section 4). Your telephone number is visible only to your mutual contacts, who by definition already have it. This sharing is the core purpose of the App.

10.2 With service providers (processors / sub-processors)

We use a limited set of service providers who process personal data only on our instructions and are bound by contract to protect it. We maintain an up-to-date list; the current categories are:

CategoryProvider
Backend hostingGoogle Cloud Run (Google LLC)
Authentication, push notifications & file storage (profile photos, transfer proofs)Firebase (Google LLC)
SMS one-time-code deliveryTermii (primary); Africa's Talking (fallback)
In-app purchases (Angel membership, request-extension)Apple — App Store (iOS); Google Play (Android)

We share your phone number with the SMS providers solely to deliver your one-time verification code. Payment for in-app purchases is handled entirely by Apple or Google; we receive only the store receipt token, never your card details.

10.3 With Apple and Google

Only in connection with optional in-app purchases, which they process. We do not receive your payment details from them.

10.4 For legal and safety reasons

We may disclose information to regulators, courts, or competent law-enforcement, judicial, regulatory and financial-intelligence authorities where we reasonably believe, after reviewing the request, that disclosure is required or permitted by applicable law or is necessary to prevent fraud, harm, or unlawful activity. We review legal requests and disclose information only to the extent we reasonably believe is lawful.

10.5 In a corporate transaction

If we are involved in a merger, acquisition or asset sale, subject to this policy and applicable law.

11. We do not sell your information or use it for targeted advertising

We do not sell your personal information, and we do not share your personal information with third parties for cross-context behavioural advertising. We have not done so in the preceding 12 months. (This statement is made for the purposes of the California CCPA/CPRA and applies globally as a matter of our practice.)

12. International data transfers

We are based in Nigeria and use Google Cloud (Cloud Run) and Firebase (Google LLC) to store and process your information, which may be hosted in [HOSTING REGION(S)]. This means your information may be transferred across borders, including outside Nigeria, the EEA and the UK, where data-protection laws may differ and where it may, in some circumstances, be accessible to foreign authorities under local law.

When we transfer personal information internationally we use appropriate safeguards, including:

You may request a copy of the relevant safeguards using the contact details in Section 26.

13. Data retention

We keep personal information only as long as needed for the purposes in this policy:

14. Security & data breaches

We use appropriate technical and organisational measures to protect personal information, including one-way hashing (SHA-256) of contact telephone numbers on your device, TLS/HTTPS for data in transit, on-device protections (a hashed PIN and an optional biometric lock), access controls and least-privilege permissions, monitoring and logging, and secure, reputable cloud infrastructure. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

Data breaches. We maintain a data-breach response process and will notify you and the relevant supervisory authority within the timeframes required by law — for example, within 72 hours of becoming aware of a notifiable breach for the supervisory authority under the GDPR/UK GDPR (Arts. 33–34), and as required under the NDPA (ss.39–40) and PIPEDA.

Receiving account details. The optional receiving account details you provide are displayed to your mutual contacts as text instructions. While we protect this data with the measures above, you are responsible for verifying a recipient's details before sending any money outside the App, and we are not liable for transfers sent to incorrect, out-of-date, or fraudulently altered account instructions.

15. Cookies & similar technologies

The App itself does not rely on advertising cookies. We and our service providers use device identifiers and similar technologies within the App (for example, for authentication, push notifications, analytics and crash reporting, as listed in Section 10). Any website we operate that links to this policy may use strictly necessary and, with your consent where required, analytics cookies; where that applies, a separate cookie notice will be provided on the website.

16. Your privacy rights

We make these core privacy rights available to all users globally, subject to identity verification and applicable law. Region-specific detail is in Sections 21–24.

To exercise any right, contact us (Section 26) or use the in-app controls. We will verify your identity and respond within the time limits set by applicable law. You may use an authorised agent where the law allows.

17. Deleting your account and data

You can delete your account at any time from within the App ([Settings → Account → Delete Account]); a web-based route is also available at [https://www.friendindeed.example/delete-account].

When you delete your account, we anonymise your profile rather than keep it: your first and last name are replaced with a generic label, and your phone number, profile photo, receiving/bank details and social links are removed. We permanently delete your synced contacts and friend links, your blocks, your device push tokens, your app settings and preferences, your saved requests, your notification inbox, your Angel beneficiary settings, your feedback (including any feedback email), and your on-device data (PIN, device identifier and biometric setting). We also delete your authentication account so your login cannot be reused.

We retain, in anonymised form, the records that other people rely on: your past help requests and the transfer history between you and the friends you transacted with, and notifications that already sit in other users' inboxes. These no longer identify you; we keep them to preserve the integrity and accuracy of those other users' records and to meet legal, tax, safety and fraud-prevention obligations.

18. Children's privacy

You must be 18 or older to use Friend Indeed. We do not knowingly collect personal information from anyone under 18, regardless of any local law that may define a "child" by a younger age. If we learn that we have collected information from someone under 18, we will delete it promptly. Contact us (Section 26) if you believe a minor has provided us information.

19. Notifications and messages

The App's core function is to notify your mutual contacts of help requests, and to notify you of activity relevant to you, by push notification and/or SMS. By creating an account and enabling notifications you consent to receive these service messages, which are necessary to provide the App. Where required by law (including the U.S. Telephone Consumer Protection Act), we obtain your express consent before sending messages and honour opt-outs. You can control push notifications in your device settings; some service messages are essential to the App and cannot be switched off while you hold an account. Any optional marketing messages are sent only with your separate consent and you can opt out at any time.

20. Sanctions & access restrictions

We may restrict or refuse access to the App where required by applicable sanctions, export-control laws, or similar legal restrictions.

21. United States privacy notice (California & other state laws)

This section supplements our policy and applies to residents of U.S. states that have enacted comprehensive consumer-privacy laws — including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states as their laws take effect. It serves as our notice at collection under applicable state law.

21.1 California (CCPA / CPRA)

The following applies to California residents.

Categories of personal information collected (last 12 months)

Category (Cal. Civ. Code §1798.140)CollectedExamples
IdentifiersYesName, telephone number, email address (only if you provide it via the feedback form), device/app identifiers, IP address
Customer-records informationYesReceiving account details you choose to add
Internet/network activityYesApp usage, diagnostics, crash logs
Sensitive personal informationYesFinancial-hardship status implied by a request; any health or similar details you include
User contentYesHelp-request text and images, profile picture, social handles
Geolocation (precise)No
Biometric informationNo

Sources: you; your device; and your selections within the App. Business/commercial purposes: as in Sections 6–7. Disclosures: to the service providers and recipients in Section 10. Sale/share: we do not sell or share personal information, including sensitive personal information, for cross-context behavioural advertising, and we do not use sensitive personal information beyond the purposes permitted by the CPRA.

Your California rights: to know, to delete, to correct, to opt out of sale/sharing (not applicable as we do neither), to limit use of sensitive personal information (we already limit it), and to non-discrimination. California's "Shine the Light" law: we do not share personal information with third parties for their own direct marketing. To exercise rights, contact us (Section 26); we will verify and respond within statutory timeframes, and you may use an authorised agent.

21.2 Virginia, Colorado, Connecticut, Texas & other states

Depending on your state of residence, you may have the right to: confirm whether we process your personal information and to access it; delete it; correct it; obtain a portable copy of it; and opt out of the "sale" of personal information, of targeted advertising, and of profiling that produces legal or similarly significant effects. We do not sell personal information, serve targeted advertising, or carry out such profiling, so these opt-outs have nothing to apply to. Where a state law requires opt-in consent to process sensitive data (for example, information about health or a request that reveals it), we obtain that consent, as described in Section 9. You also have the right to appeal a decision on your request, and the right to be free from discrimination for exercising your rights.

Other U.S. states. Residents of other states may have additional privacy rights as new state laws come into force. Where required by law, we will honour those rights and provide mechanisms to exercise them. To exercise any right, contact us (Section 26); we will verify your request, respond within the timeframe set by your state's law, allow an authorised agent where permitted, and provide an appeal route where required.

22. EU/EEA & UK privacy notice (GDPR / UK GDPR)

The data controller is Friend Indeed Limited (Section 1). Our lawful bases are in Section 8. You have the rights in Section 16, including to lodge a complaint with a supervisory authority. As explained in Section 7, we do not use your personal information for automated decision-making that produces legal or similarly significant effects about you without human involvement. International transfers are addressed in Section 12.

23. Canada privacy notice (PIPEDA & Quebec Law 25)

We handle personal information in accordance with PIPEDA's ten fair-information principles, including accountability, identifying purposes, consent, limiting collection/use/retention, accuracy, safeguards, openness, individual access and challenging compliance. Meaningful consent: enabling contact-matching requires your express, opt-in action; consenting to this policy does not, by itself, authorise access to your address book. Cross-border processing: as noted in Section 12, your information may be stored or processed outside Canada (for example in [HOSTING REGION(S)]) and may be subject to the laws of those countries, including lawful access by their authorities. Challenging compliance: you may direct questions or complaints to our Privacy Officer at [privacy@friendindeed.example]; if unsatisfied, you may contact the Office of the Privacy Commissioner of Canada (priv.gc.ca), and Quebec residents may contact the Commission d'accès à l'information.

24. Nigeria privacy notice (NDPA 2023)

We process personal data in accordance with the Nigeria Data Protection Act 2023 (NDPA) and applicable directives, and we recognise the authority of the Nigeria Data Protection Commission (NDPC). We provide the information required by s.27, rely on the lawful bases in s.25 (and, for sensitive data, s.30), and obtain consent that is informed, specific, freely given, unambiguous and withdrawable (s.26). You have the data-subject rights in s.34 and the rights of withdrawal and objection in ss.35–36. Cross-border transfers are made under ss.41–43 (Section 12), and we handle security and breaches under ss.39–40. Where we are required to appoint a Data Protection Officer or to register with the NDPC, we do so.

Friend Indeed is a social-notification platform for help between mutual contacts. It does not pool, hold, manage, invest, transmit, or control user funds, and does not operate as a regulated crowdfunding or securities offering. If you believe your data has been handled in violation of the NDPA, you may lodge a complaint with us (Section 26) and with the NDPC.

25. Changes to this policy

We may update this policy from time to time. We will update the "Last updated" date above and, for material changes, give you notice in the App or by other reasonable means before they take effect. Where a material change affects how we use your information in a way that requires your consent, we will ask for your renewed consent (for example, through an in-app notice requiring you to review and accept) rather than relying on continued use alone. Otherwise, continued use after an updated policy's effective date means the updated policy applies to your future use of the App, except where additional consent is required by law.

26. How to contact us

Friend Indeed Limited
Registered office: [REGISTERED OFFICE ADDRESS, NIGERIA]
Privacy team: [privacy@friendindeed.example]
Privacy Officer / Data Protection Officer (where required by law): [DPO NAME][dpo@friendindeed.example]
General support: [support@friendindeed.example]
EU representative (Art. 27, where required): [EU REPRESENTATIVE]
UK representative (where required): [UK REPRESENTATIVE]