Finaive

Finaive TrustScore Privacy Policy

Effective Date: January 16, 2026

Introduction

Finaive's TrustScore platform is an informational AI-driven system that analyzes public and user-submitted data to generate trust indicators and risk signals. It does not provide law enforcement services, legal or financial advice, or any verification guarantees for identities or transactions – it simply offers a probabilistic opinion of trustworthiness based on available data. Users of the TrustScore platform remain responsible for their own decisions and due diligence; the TrustScores are meant to assist, not replace, your independent judgment.

This Privacy Policy explains what personal data is collected, how it is used, and how it is protected on the Finaive TrustScore platform. Finaive AI Innovations Ltd. ("Finaive" or "we"), as the provider of the TrustScore service, is the data controller responsible for all personal data processing in this context. We are committed to handling personal data in compliance with global data protection laws, including the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, the Nigeria Data Protection Regulation (NDPR) and Data Protection Act 2023, and U.S. state laws like the California Consumer Privacy Act (CCPA). In line with these regulations, we adhere to fundamental privacy principles – we clearly specify our purposes for data use, limit collection to what is necessary for legitimate purposes, obtain consent where required, implement appropriate security measures, and respect individuals' rights in their personal data.

Scope of this Policy

This Privacy Policy applies only to the Finaive TrustScore platform and the data processing activities directly related to generating and displaying TrustScores and associated trust/risk signals. It covers data collected through the TrustScore service (for example, when you search an entity's TrustScore or submit a scam report or feedback on the TrustScore platform). It does not apply to other Finaive products or services, such as our marketplace or escrow/payment services, which are governed by separate policies. In other words, this policy is focused exclusively on how we handle personal data for TrustScore generation and trust analytics, not the broader marketplace transactions or escrow processes. If we introduce new services or features outside the TrustScore system, those will be subject to their own privacy terms.

Note: The TrustScore platform is intended for use by adults. We do not knowingly collect personal data from children under 18 years of age. If you are under 18, please do not use the TrustScore service or submit personal information.

Data We Collect

We collect a range of data in order to provide and improve the TrustScore service. This includes:

  • Search Inputs: When you use the TrustScore search or query features, we collect the query terms you enter (for example, names, email addresses, phone numbers, or other identifiers you might look up). We use these inputs to fetch or calculate the relevant trust indicators. We do not retain the raw search strings longer than necessary to deliver results (except in aggregated form for analytics/debugging).
  • Scam Reports: If you submit a scam report or incident report through the TrustScore platform, we collect the information you provide in the report. This typically includes the content of your report (description of the event, names or identifiers of the parties involved, dates, screenshots or evidence you upload) and any contact details you choose to provide. Important: Scam reports you submit are considered user-generated content. They are not verified by Finaive for truthfulness and do not automatically alter any TrustScore.
  • Feedback and Comments: You may have the ability to provide feedback on the TrustScore platform or comment on trust indicators (for example, suggesting an improvement or disputing a score). In such cases, we collect whatever feedback or comment you submit, along with any personal identifiers attached to the feedback (such as your username, display name, or email if you provide it). This helps us in platform governance and improving our algorithms.
  • Usage Metadata: We collect metadata about your interactions with the TrustScore platform. This includes data such as the pages or profiles you view, the features you click on, time and date of access, the sequence of your actions, and other analytical information about how you navigate our service. This usage data is generally collected in aggregate or pseudonymous form, but it may be linked to your account or IP address in server logs. We use this information to analyze platform performance, detect unusual activities (for security/fraud prevention), and understand what features are most useful to our users.

Technical and Device Information

Like most online services, we automatically receive certain technical data when you use TrustScore. This includes your IP address, device type, operating system and version, browser type, device identifiers or fingerprinting information, and general location information derived from your IP (e.g. city or country). We also assign cookies or use similar technologies (explained below in Cookies and Tracking) to remember your preferences and manage your session. This technical information is used primarily for security (for example, to detect multiple accounts or suspicious usage), to adapt the service to your device, and to compile analytics about our user base. We may also collect log information like error logs to diagnose issues.

Inferred Data (Trust Signals)

Based on the inputs and data mentioned above – as well as certain public data sources and internal data from Finaive's ecosystem – the platform generates inferred personal data such as trust scores, risk ratings, and related indicators about individuals or entities. For example, the system may generate a TrustScore (a numerical score or category) for a seller or website, or flags indicating potential risk factors. These trust signals are produced by our algorithms analyzing various datapoints (identity verification status, transaction history, user feedback, etc.). While these scores are our proprietary assessments (and not definitive facts), they do relate to individuals or organizations and therefore are considered personal data in a legal sense. We protect these inferences similarly to other personal data.

We limit our data collection to the information needed to fulfill the purposes described in this Policy and we endeavor to collect minimal personal data required for TrustScore's functionality. In general, you directly provide most of the data above (e.g. your search queries, reports, and feedback). Some data (usage and device information, and trust score outputs) is collected or generated automatically by our systems. If we ever need to collect sensitive personal data or additional categories not listed here, we will do so in accordance with applicable law and, where required, seek your explicit consent.

Lawful Bases for Processing

We process personal data on the TrustScore platform under several legal bases, in compliance with the requirements of different jurisdictions:

Legitimate Interests

Many of our data processing activities are based on Finaive's legitimate interests. This means we have assessed that our processing is necessary to provide and improve the TrustScore service, and that it does not override your privacy rights. In particular, it is in our legitimate interest (and that of our user community) to use personal data to detect and prevent fraud, to evaluate trust and safety risks, and to inform users with trust indicators. For example, processing user reports and public data to generate a TrustScore, or analyzing usage patterns to secure the platform, are activities we conduct under legitimate interest in operating a fraud-prevention and trust analytics service. We apply safeguards to ensure this processing is not unduly intrusive – for instance, by using pseudonyms or aggregate data where feasible, and allowing users to object to certain uses (see Your Rights below).

Consent

In certain cases, we rely on your consent to process personal data. Where the law requires us to obtain consent (for example, some jurisdictions require consent for placing non-essential cookies, or to process certain sensitive personal information), we will do so. Also, if you voluntarily submit information (like a scam report or feedback), we take that as consent to use the information for the purposes stated (unless another lawful basis applies). You have the right to withdraw your consent at any time for future processing (see Your Rights), and we will honor such requests. Note that withdrawing consent will not affect the legality of processing already carried out. We do not use your data for marketing unless you have specifically agreed to such use (and currently, TrustScore does not involve any marketing communications).

Legal Obligation

We will process or disclose personal data when necessary for compliance with a legal obligation. This includes situations such as complying with court orders, fulfilling lawful requests from government or law enforcement, or meeting record-keeping obligations under applicable law. For example, data related to certain fraud reports might need to be retained or disclosed under anti-fraud or consumer protection laws. When we process data under a legal obligation, that obligation will be our lawful basis (instead of consent or legitimate interests).

Other Bases (as applicable)

If another lawful basis under data protection law applies to a specific processing activity, we will rely on it accordingly. For instance, if in the future the TrustScore platform offers paid services, the performance of a contract could be a basis for necessary data processing; or vital interests could apply in rare cases where processing someone's data is needed to protect someone's life or safety. We mention these here for completeness, but the primary grounds remain the three above (legitimate interests, consent, and legal requirements).

Our use of legitimate interests as a basis has been carefully evaluated to ensure it aligns with user expectations and regulatory requirements. Where required (such as under the Nigeria Data Protection Act 2023), we will not rely on legitimate interest for processing sensitive personal data without additional safeguards. We continuously monitor our processing activities and will adjust our legal bases if needed to remain compliant across jurisdictions.

How We Use Personal Data

We use the collected personal data to operate, improve, and protect the TrustScore platform. Specifically, personal data is used in the following ways:

  • To Generate TrustScores and Indicators: The primary use of personal data is to calculate and display trust metrics. For example, we use information about a user or entity (such as their verification status, history of transactions or reports, public records, and feedback from others) to algorithmically compute a TrustScore or related trust signals. This allows us to present an indicative "trust level" or risk assessment for that user or entity. The data you input (like search queries) enables us to retrieve the relevant TrustScore profile. In short, your data is processed to produce the very outputs (scores, risk flags, etc.) that are the core feature of the platform. These outputs are then shown to users as informational guides.
  • Platform Governance, Moderation, and Feedback Analysis: We use personal data to ensure the TrustScore platform remains reliable, fair, and useful. This includes moderating user-submitted content such as scam reports or comments. For instance, if we receive a scam report implicating someone, our team may review the details (personal data in the report) to decide if any action is needed (e.g., flagging a profile or removing false content). We also analyze feedback to improve our algorithms – for example, if multiple users report that a TrustScore seems inaccurate, we may use that information (in aggregate form) to adjust our scoring models or investigate data quality. All user contributions are subject to our content governance policies, and any personal data in them is used solely for review, not for marketing. We also use data for internal research and product development – for example, looking at patterns in scam reports to refine our fraud detection rules.

Security and Fraud Detection

Personal data (especially technical data and usage metadata) is critical for maintaining the security of the TrustScore platform and preventing misuse. We monitor IP addresses, device identifiers, and usage patterns to detect and block suspicious activities such as bots, fake accounts, scraping of data, or attempts to manipulate TrustScores. If we identify behavior that looks like fraud or platform abuse (for example, multiple reports coming from the same device under different names, or an attempt to spam the system), we use the relevant data to investigate and take appropriate action (which might include using automated tools or human review). This processing is done under our legitimate interest in fraud prevention and keeping the community safe. It also helps ensure the accuracy and integrity of TrustScores by protecting against gaming or tampering. Additionally, we may use aggregated trust data to improve our fraud detection across the Finaive ecosystem (e.g., informing the marketplace or escrow services of high-risk actors), but such sharing would only occur within our organization and under strict controls consistent with this Policy.

No Marketing or Resale of Data

We do not use personal data collected via TrustScore for any advertising or direct marketing purposes. You will not receive marketing emails or promotions as a result of providing your data to the TrustScore platform (unless you separately sign up for a newsletter, and even then those communications are governed by their own consent rules). Furthermore, we do not sell or rent personal information to third parties for their own marketing or other purposes. All personal data is used solely to provide and improve our trust analysis services, and for the ancillary purposes described in this Policy. We may, from time to time, use anonymized or aggregated data (stripped of personal identifiers) to publish insights about online trust trends or fraud statistics, but such data is not personal and cannot be traced back to any individual.

In summary, we use your data only to run and enhance the TrustScore platform and to protect our users – not to exploit your data commercially. If we intend to use personal data for any purpose materially different from the above, we will update this Privacy Policy and, if required, seek your permission.

TrustScore Disclaimer

TrustScores are opinions, not facts. The scores and risk levels provided on the TrustScore platform are generated through algorithms and available information, and are intended for general informational purposes only. They do not represent a proven truth about any person or business. A high TrustScore is not a guarantee that an entity is honest or risk-free, and a low TrustScore is not an accusation that an entity is fraudulent – it is simply an indicator that our system flagged certain risk factors. We do not warrant or guarantee the completeness, accuracy, or reliability of the information published via TrustScore, and the TrustScores may not always be up-to-date.

By using the TrustScore platform, you acknowledge that any reliance on a TrustScore or related signal is at your own discretion. Finaive is not liable for decisions you make based on TrustScores, and we strongly encourage you to consider multiple sources of information and use your own judgment in addition to any TrustScore provided. The TrustScore platform itself does not provide legal, financial, or professional advice, and it is not a substitute for proper due diligence (for example, performing identity verification, getting references, or using escrow for transactions). It is not a credit scoring or credit reporting service and is not regulated as such; it's an independent informational tool.

No Law Enforcement or Verification: Finaive's TrustScore is not an official law enforcement or regulatory tool, and we are not an authority that can "clear" or "flag" individuals in any legal sense. We do not make determinations of compliance with law or give any certification of "trustworthiness" beyond our internal analysis. Likewise, TrustScores are not a guarantee of identity or transaction verification – for instance, a "verified" badge or high score on our platform means the user passed our checks and had good history within our system, but it is not a government ID verification or a guarantee against future issues.

User Reports and Content

Any scam reports, comments, or feedback submitted by users are the opinions of those users and are not verified by Finaive. We may review and act on user reports (as explained above), but we do not independently confirm every claim. Accordingly, user-submitted reports do not automatically change a TrustScore. TrustScores are derived from a broad set of data and algorithms; while user feedback may be taken into account over time (especially if corroborated by others), there is no instant or manual adjustment of a score just because someone submitted a report. This preserves the integrity of the scoring system and prevents malicious manipulation. If you see information on the TrustScore platform that you believe is incorrect, misleading, or outdated, you can contact us (see Contact Us below) and we will review it, but we cannot guarantee an immediate change to any published score or content.

Updates to Scores

TrustScores are dynamic and may change as new data becomes available or as our algorithms are improved. We indicate the current version or date of scores where applicable. However, we make no warranty that any TrustScore will accurately predict an outcome in any given case – it is a probabilistic tool. Finaive disclaims all warranties, express or implied, regarding the TrustScore information, to the fullest extent permitted by law. In no event shall Finaive be liable for any loss or damage arising from your reliance on the TrustScore or other content on our platform; your use of the information is solely at your own risk.

By presenting this disclaimer prominently, we aim to be transparent and manage expectations. Bottom line: Use TrustScore as a helpful guide, but not as gospel truth. Always exercise due caution and confirm critical information through other means.

Data Retention

We retain personal data only for as long as it is necessary to fulfill the purposes described in this Privacy Policy, or as required by law, whichever is longer. We do not have a single fixed retention period for all types of data; instead, we apply a principles-based approach to retention:

Operational Retention

For data that is actively used in providing the TrustScore service (such as account information, trust profiles, and ongoing scam reports), we keep it for as long as your account exists or as long as the data is relevant to our services. For example, if you have created an account to submit scam reports or comments, we will retain your account data until you delete your account or request removal. TrustScore profiles and associated data are kept up-to-date as long as the subject is active in our system or being searched by users.

Scam Reports & Feedback

Content like scam reports and user feedback may be retained indefinitely in our system (unless you request deletion) because it contributes to historical records and trust assessments. However, if we determine a report is false or no longer relevant, we may remove or archive it. Even after removal from public view, we might keep an archived copy for a certain period in case of disputes, audits, or to improve our fraud models.

Usage and Log Data

Technical logs (IP addresses, device info, usage logs) are generally kept for a shorter duration needed for security analysis and system monitoring. We might retain log entries for a few weeks or months, unless they are flagged for investigation (in which case we may store relevant logs until the issue is resolved). Aggregated analytics data (which is not personally identifiable) may be kept longer to spot long-term trends.

Legal Requirements and Disputes

If we are under a legal obligation to retain data for a certain period (for example, under financial regulations or if ordered by a court to preserve data related to an investigation), we will retain data for that period. Also, if a user or third party raises a dispute or complaint, we may retain relevant data until the matter is resolved, even if that extends beyond our normal retention timeframe.

End of Use / Deletion

When personal data is no longer needed for any of the purposes outlined and we have no legal obligation to keep it, we will either delete it or anonymize it so that it can no longer be associated with an individual. For example, if you delete your TrustScore account (if accounts are applicable) or withdraw consent for us to hold your personal data, we will remove or anonymize the data associated with you, except for data we are required or permitted to keep by law. In such cases, we limit use of that retained data to the necessary legal purpose.

We regularly review the data we hold to ensure we're not keeping it longer than necessary. Our data retention practices are designed to comply with the storage limitation principle under GDPR and similar laws, meaning we do not keep personal data in identifiable form indefinitely without justification. When data is deleted, we follow secure deletion practices to prevent unauthorized recovery. Backup copies might persist for a short period until they are cycled out, but they remain protected.

If you have specific questions about the retention of a particular type of data, you can contact us (see Contact Us section), and we will provide details relevant to your query.

Your Rights

Under global data protection laws, you have a number of important rights regarding your personal data. We respect and uphold these rights. Subject to applicable law and any exceptions, your rights include:

  • Right of Access: You have the right to request a copy of the personal data we hold about you, as well as information on how we use it. This helps you understand and verify the lawfulness of our processing. Upon request, we will provide you with a summary of your personal data in our files, typically free of charge (unless the law allows charging a fee for repetitive or excessive requests).
  • Right to Rectification: If any of your personal data we have is incorrect or incomplete, you have the right to ask us to correct it. We encourage you to help us keep your information up-to-date. For example, if you find that your name or contact information is wrong in our records, or a TrustScore profile contains outdated info that you have the right to change, you can request an update.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data. You can ask us to remove specific information or even your entire profile from the TrustScore platform, and we will do so provided we don't have a compelling reason to continue processing it (such as a legal obligation or overriding legitimate interest). For instance, if you submitted a scam report and later want it removed, you can request deletion. Do note that this right is not absolute – if the data is crucial for others' safety or required by law to retain (e.g., fraud prevention records), we may inform you of our need to retain it in some form. But we will honor valid deletion requests to the fullest extent required by law.
  • Right to Object: You have the right to object to certain types of processing of your personal data. If we are processing your data based on legitimate interests, you can object if you feel it impacts your rights. For example, if you are listed on the TrustScore platform and you disagree with the processing of your data for trust scoring, you can object. If you object, we will re-evaluate our grounds for processing. Unless we have a strong, overriding legitimate reason to continue (or the objection relates to processing for direct marketing, in which case we will always honor it), we will stop or restrict the processing in question. Related to this, you also have the right not to be subject to a purely automated decision (including profiling) that significantly affects you, unless it's necessary for a contract with you, authorized by law, or based on your explicit consent. In the context of TrustScore, this means if you believe an automated scoring decision is unfair, you may object and request human review.
  • Right to Restriction of Processing: You have the right to request that we temporarily limit the processing of your personal data in certain situations. For instance, if you contest the accuracy of data or have objected to processing (and we are evaluating the request), you can ask that we restrict use of your data while we sort it out. When processing is restricted, we will still store your data, but not use it until the issue is resolved (except for certain exceptional purposes like legal claims).
  • Right to Data Portability: Where applicable (primarily under GDPR/UK law), you have the right to receive personal data you have provided to us in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller (for example, another service), if technically feasible. This typically applies to data processed by us with your consent or for performance of a contract, and which you provided directly (e.g., your account info or content you've given us). If you need your data ported to another platform, we will do our best to support that.
  • Right to Withdraw Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you consented to us using your email for a certain purpose, or you posted a comment and then change your mind about us holding that information, you can retract your consent. Once withdrawn, we will stop the consent-based processing for the future. (However, withdrawal does not affect the lawfulness of processing before the withdrawal.) We make it as easy as possible to withdraw consent – you can contact us or use any provided tools/settings for this.
  • Right to Non-Discrimination: We will never discriminate against you for exercising any of the rights above. If you choose to exercise your privacy rights, we will not deny you the TrustScore service, charge you different prices, or provide a lesser quality of service as a result.

To exercise any of these rights, please contact us through the channels listed in the Contact section. We will need to verify your identity to ensure we don't disclose data to the wrong person (for example, by asking you to provide information that confirms you are the subject of the data). We will respond to your request within the timeframes required by law. Under most laws, we aim to respond within 30 days of receipt of a valid request. If your request is complex or you have made multiple requests, we may extend this period (by an additional 30-60 days, depending on the jurisdiction); if so, we will inform you of the extension and the reason.

Please note that some rights may not be absolute. There are circumstances (defined in law) where we can refuse a request – for example, if fulfilling a deletion request would impede a legal investigation, or if an access request would reveal another person's personal data. If we must refuse any part of your request, we will explain our reasoning and inform you of any further options.

Finally, you have the right to lodge a complaint with a data protection authority or regulator if you believe we have infringed your privacy rights. We politely ask that you contact us first so we have the opportunity to address your concerns directly. But if you are not satisfied with our response, you can contact the relevant supervisory authority. For EU users, this might be your national Data Protection Authority; for UK users, the Information Commissioner's Office (ICO); for Nigerian users, the Nigeria Data Protection Commission (NDPC); for California residents, the California Attorney General or California Privacy Protection Agency; and so on. We will provide contact details for the appropriate authority upon request.

Data Sharing and Disclosure

We understand the importance of keeping your personal data private. Finaive does not share or disclose your personal data to third parties except in the limited circumstances described below, which are necessary to run our platform or required by law. Under no circumstances do we sell your personal information to third parties.

Service Providers (Processors): We use trusted third-party companies to help us provide the TrustScore services. These include, for example, cloud infrastructure providers (for data hosting and storage), analytics services (to help us understand how users use our platform), and security service providers (to detect anomalous behavior). When we share data with such service providers, we do so under strict contracts that bind them to protect your data and use it only to provide services to us and not for their own purposes. For instance, if we use a cloud server host, your data is stored on their servers but they cannot access or use it except as needed to keep it available to us. We ensure all our vendors are vetted for strong security and privacy practices, and if they are located in another country, appropriate safeguards (see International Transfers below) are in place. Examples of data shared can include: storing our database (which contains personal data) on a cloud platform, using an email service to send notification emails (which would require sharing your email address), or using a customer support tool to manage inquiries. In all cases, the third parties act under our instructions and do not get any independent rights to your data.

Within Finaive Corporate Group: If Finaive AI Innovations Ltd. has affiliates, parent, or subsidiary companies (for example, a branch in another country or a related entity handling certain operations), we may share data within our corporate family as necessary to operate the TrustScore platform. Any intra-group data sharing will follow the same security and privacy measures and will be covered by an internal agreement to ensure all entities honor the commitments in this Policy. For example, if Finaive establishes a UK entity for UK users, data from UK users might be managed by or shared with that entity to comply with local law, but the data will still be used only for TrustScore purposes.

Legal Requirements and Safety: We may disclose personal data to third parties if we in good faith believe that such disclosure is necessary to: (a) comply with any applicable law, regulation, legal process, or enforceable governmental request (such as a subpoena, court order, or law enforcement demand); (b) enforce or investigate potential violations of our Terms of Use or other agreements (for example, investigating fraud or misuse of our platform); (c) protect the rights, property, or safety of Finaive, our users, or the public. This could include sharing information with law enforcement or regulators (subject to proper process) or with cybersecurity firms in case of investigating a breach. If we receive a law enforcement request for user data, our policy is to review it carefully, only provide the data if legally compelled or if the request is valid under applicable law, and to push back or seek clarification when appropriate. We also might use legal counsel to ensure any disclosure is lawful and minimal.

Business Transfers: If Finaive undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of its assets, personal data might be among the assets transferred to or reviewed by the acquiring or merging party. In such an event, we will ensure that your personal data remains confidential and subject to this Privacy Policy (unless you are notified otherwise and given a chance to opt-out). Any successor company would be bound to use your data only for the same purposes for which we collected it, unless you consent to new processing. We will notify users (for example, via a notice on our site or an email) of any such change of ownership or control of personal information, as it may entail a new entity responsible for your data.

Aside from the parties above, we do not share personal data with any other third parties. This means we do not give out your information to advertisers, data brokers, or other random companies. In particular, we do not share your search queries or TrustScore activities with social media platforms or marketing networks (and we currently have no social media plug-ins that automatically send them data – if we ever integrate such features, we will do so only with your consent).

If in the future we need to share data in a way not covered above, we will update this Policy and, if required by law, obtain your consent. We also publish this information to be transparent about who may see your data. In all cases of sharing, we strive to share the minimum information necessary and to anonymize data where possible. For example, if we compile statistics on scam trends to share in a public report or with a partner, we would use aggregated data without personal identifiers.

Cookies and Tracking

Like most online services, the TrustScore platform uses cookies and similar tracking technologies to provide functionality and analyze usage. We aim to use these tools sparingly and in a privacy-friendly manner – only for legitimate operational needs and analytics, and not for advertising.

What are Cookies? – Cookies are small text files placed on your browser or device when you visit a website. They allow the website to recognize your device and store certain information about your preferences or past actions. Similar technologies include local storage, web beacons (pixel tags), and other tracking elements.

Types of Cookies We Use:

  • Essential Cookies: These are necessary for the platform to function. For example, if the TrustScore platform has a login feature or user preferences, we might use a cookie to keep you logged in as you navigate, or remember your language selection. Without these, certain services may not work properly. These cookies do not gather information for marketing, but simply for service delivery.
  • Analytics Cookies: We use these to understand how users interact with our platform, so we can improve it. For instance, we may use Google Analytics or a similar tool to collect information about page load times, which pages are visited most, how users found our site, etc. This helps us diagnose technical issues and design a better user experience. Any analytics provider we use is under contract with us and cannot use the data for their own purposes. We also configure such tools to respect privacy – for example, by anonymizing IP addresses when possible. These analytics cookies might collect information like your device type, OS, browser, and general location, but this is primarily aggregated statistics, not personal info to target you.
  • Security/Performance Cookies: We may use certain cookies to help protect our site (e.g., to differentiate real users from bots, or to prevent fraudulent use of credentials) and to ensure the site loads and functions quickly. For example, a cookie might be used to throttle request rates or balance load on our servers.

What We Don't Use: We do not use cookies for third-party advertising or tracking you across other sites. You will not see third-party advertising cookies (like those from ad networks) on the TrustScore platform, because we do not host third-party ads on TrustScore. We also do not use so-called "social plugins" that automatically send data to social networks unless you explicitly click on a share button. (Our site may have simple links to our social media pages, but those don't drop tracking cookies.)

Consent and Control: When you first visit our site, if you are in a jurisdiction that requires cookie consent (such as the EU), you will see a cookie banner or notice. This notice will inform you about our use of cookies and allow you to consent (for non-essential cookies) if you consent via this banner or by continuing to use the site after being notified, as per applicable law. If you opt out, we will either not use those cookies or will disable them. You can always change your cookie preferences by adjusting your browser settings to reject cookies or notify you when a cookie is being set. Additionally, most modern browsers allow you to delete cookies already set. Please be aware that if you disable cookies entirely, some features of the TrustScore platform might not work correctly – for example, you may not be able to remain logged in or your preferences may not be saved.

Do-Not-Track Signals: Some browsers have a "Do Not Track" (DNT) feature that sends a signal to websites that you do not want to be tracked. Currently, there is no industry consensus on how to interpret DNT signals. However, we treat DNT as an opt-out of tracking for advertising purposes. Since we do not engage in cross-site tracking or behavioral advertising, DNT has limited applicability on our site. Our analytics will still function as described (as it is considered site-level usage data, not third-party behavioral tracking), but again, you can opt out of analytics as described above or via tools like browser opt-out add-ons.

Third-Party Content: Occasionally, we might embed content or links from third-party sites (for example, a link to a reference website or an embedded map). If you click those links or view embedded content, those third parties might set their own cookies. This Privacy Policy does not cover third-party cookies set by external sites – we encourage you to read those parties' privacy policies if you visit their sites. We do ensure any third-party involved on our site is reputable and, for those that operate outside of your country, that proper GDPR safeguards are in place if they collect any data (for example, ensuring Google Analytics complies with EU standards).

In summary, our use of cookies is minimal and transparent. We use them to make the TrustScore service work smoothly and to learn how to serve you better, not to profile you or advertise to you. We provide you with choices regarding cookies in line with legal requirements. By using the TrustScore site with cookies enabled, you consent to our use of cookies for the stated purposes. If you have any concerns or questions about our cookie practices, feel free to contact us.

International Data Transfers

Finaive operates as a global platform, and the personal data we collect may be processed in or transferred to various countries. Primarily, our operations are based in Nigeria and the United States, but we may use cloud services or technical support from the European Union or other locations. Whenever we transfer personal data across national borders, we take steps to ensure it remains protected to the standards of your home jurisdiction.

Within Finaive and Our Infrastructure

Your data might be stored on servers outside your country. For example, if you are in the EU, your data might be processed on servers in the United States or Nigeria; if you are in Nigeria, your data might be stored on a European cloud server, and so on. We choose reputable data hosting providers with strong security. Regardless of where data is stored, we apply the same protections described in this Policy.

Adequacy and Safeguards

When transferring personal data from the European Economic Area (EEA), UK, or other regions with data transfer restrictions, we comply with those laws. This typically means we ensure the recipient country has an "adequate" data protection level or we implement lawful transfer mechanisms. For instance:

  • Standard Contractual Clauses (SCCs): For transfers from the EEA/UK to countries not deemed adequate (like the US or Nigeria), we have in place EU Commission-approved standard data protection clauses in our contracts with service providers or Finaive affiliates handling that data. These SCCs obligate the recipient to protect the data according to EU standards.
  • Adequacy Decisions: If data is transferred to a country that the EU (or UK, or Nigeria's NDPC) has formally recognized as providing adequate protection, we rely on that decision. (As of this policy's date, Nigeria is not yet formally "adequate" by EU standards, and the US is moving toward improved frameworks. We monitor these developments.)
  • Nigeria NDPR/NDPA Requirements: For transfer of data out of Nigeria, we comply with the Nigeria Data Protection Regulation and Act which require either transferring to countries with adequate data protection laws or ensuring other conditions are met (such as your consent, contract necessity, etc.). We follow the guidance of Nigeria's authorities (e.g., NITDA/NDPB) for any cross-border data transfer.

Other Safeguards

We may also employ additional safeguards such as encryption in transit, strict access controls, and periodic audits of our overseas partners. In some cases, we might perform privacy impact assessments before transferring data to new countries or services.

In all scenarios, our unwavering commitment is that your personal data will receive adequate protection regardless of where it is processed. We treat data with the same level of care, whether it's handled in Nigeria, the US, the EU, or elsewhere. Our internal policies and data handling practices are standardized globally.

If required by law, we will ask for your consent before transferring your data to a jurisdiction with different privacy standards. For example, some privacy laws might require explicit consent to transfer certain sensitive data abroad – we will comply with those provisions.

Access from Other Countries

Note that our staff or trusted contractors may sometimes need to access data remotely (for example, a developer debugging an issue from the US might access a database that contains EU user data). Such access is also considered a transfer. We ensure any personnel with access to personal data are trained in confidentiality and bound by strict agreements, no matter where they are located.

Government Requests

We want to be transparent that when data is stored in a particular country, it could be subject to that country's laws (like lawful access by authorities). For instance, data stored in the US might be accessible to US authorities under certain conditions, and data in Nigeria to Nigerian authorities. Our stance is to protect user privacy, so if we receive foreign government requests, we scrutinize them carefully and only comply if legally compelled. Where feasible and lawful, we may also redirect the requesting entity to obtain the data through international cooperation channels to ensure proper oversight.

Should you have questions about the international handling of your data, you can contact us. If needed, we can provide copies of the relevant contractual safeguards (like the SCCs) upon request.

Security Measures

We take the security of your personal data very seriously. Finaive has implemented a robust set of technical and organizational measures to prevent unauthorized access, alteration, disclosure, or destruction of personal data. While no system can be 100% secure, we strive to adhere to or exceed industry best practices to protect your information.

Here are some key aspects of our security program:

Encryption

All communications between your browser and the TrustScore platform are encrypted using HTTPS/TLS protocols. This means any data you transmit (such as search queries or login credentials) is encrypted in transit to prevent eavesdropping. Sensitive personal data and credentials are also encrypted at rest in our databases or storage systems. For example, passwords are stored using secure hashing, and any verification documents (if ever used in TrustScore context) would be stored in encrypted form. We also utilize end-to-end encryption for particularly sensitive data flows where applicable.

Access Control

We employ the principle of least privilege (PoLP) for both system and personnel access. Internally, only authorized staff with a valid need can access personal data, and even then, only the minimum amount of data necessary for their role. For instance, our support team might have access to your account info if needed to assist you, but they would not have access to raw system logs unless required. Administrative access to databases or servers is tightly controlled through authentication, and we keep logs of such access. We periodically review permissions to ensure no one has more access than required.

Network & System Security

Our servers and networks are protected by firewalls and monitoring systems. We actively monitor for unusual patterns that might indicate a security attack (such as suspicious login attempts or spikes in certain activities). We use anti-malware, intrusion detection systems, and other tools to guard against viruses, SQL injection, XSS, and other common threats. Software on our platform is kept up-to-date with security patches. We also isolate environments (e.g., separating testing/staging environments from production data) to reduce risk.

Testing and Audits

We conduct periodic security assessments of our platform. This includes quarterly penetration testing by internal or third-party experts, who attempt to ethically hack our systems to find vulnerabilities. Any critical issues found are patched as a priority. Additionally, we plan regular external security audits (at least annually) to validate our controls. These audits may cover both our infrastructure and our policies. Where required (for instance by Nigerian regulators or EU standards), we maintain compliance certifications or assessments.

Data Minimization & Pseudonymization

Wherever feasible, we minimize the personal data we collect and store. If full data is not needed, we might store a pseudonymized token or hash instead. For example, if we only need to flag that two scam reports came from the same source without storing the actual name, we could use a hash of an identifier. This way, even if there were a breach, the data would be less immediately harmful. We also scrub or redact personal identifiers from free-text fields after use, if they are not needed.

Physical Security

Our servers are hosted in secure data centers that have 24/7 monitoring, access badges, biometric controls, and other physical safeguards. Although we use cloud providers, we choose ones with reputable security certifications (such as ISO 27001, SOC 2, etc.). Any on-premises systems (like employee laptops or local servers) are encrypted and protected as well.

Employee Training & Policies

All Finaive employees and contractors with potential access to personal data are trained on data protection principles and security practices. We have internal confidentiality agreements and policies that require safeguarding user data. We also have an incident response plan – if a security incident is suspected, our team is instructed on how to contain and investigate it swiftly.

Third-Party Risk Management

When we work with service providers (data processors), we evaluate their security measures too. We use contractual clauses to ensure they meet our security requirements. For example, our cloud provider must commit to certain encryption and access control standards, and to notify us promptly of any incidents on their end.

Data Backups and Recovery

We maintain encrypted backups of critical data to ensure we can recover from system failures or ransomware attacks without data loss. Backup data is stored securely and separate from main systems. We periodically test restoration procedures.

Monitoring and "Bug Bounties"

We continuously monitor our systems for breaches or anomalies. We also encourage responsible disclosure of security vulnerabilities; if independent researchers or users report issues, we promptly investigate. We may in the future implement a bug bounty program to reward security researchers for identifying flaws.

Compliance Measures

Our security framework is designed to comply with data protection regulations like GDPR, NDPR, etc. For instance, under GDPR we must report certain personal data breaches to authorities and users within specific timeframes. We have procedures in place to meet those obligations. So far, we have had no significant data breaches. If that changes, we will follow all legal requirements in notifying affected users and authorities.

While we invest heavily in security, it's also important for users to play a role. Protect your account credentials and notify us immediately if you suspect any unauthorized access to your account or data. We will support users in any such event.

In summary, protecting your data is a top priority for us. We employ industry-standard security practices and constantly update them as new threats emerge. However, if you have reason to believe your data may have been compromised or have any security-related questions, please reach out to us right away.

Policy Updates and Contact Information

Changes to this Policy: We may update or modify this Privacy Policy from time to time, especially as our TrustScore platform evolves or as privacy regulations change. If we make material changes (meaning changes that significantly affect how your personal data is handled), we will notify you by appropriate means. This could include posting a prominent notice on our website, updating the effective date at the top of this Policy, or contacting you via email (if you have provided one) to inform you. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of the TrustScore platform after any changes signifies your acceptance of the updated terms. Of course, if required by law, we will obtain your consent for substantial changes in how we use data (for example, if we ever wanted to use your data for a new purpose not covered here).

We maintain an archive of previous versions of this Policy (available upon request), so you can see what changes have been made. The "Effective Date" at the top reflects the date of the latest revision. Older versions will be dated accordingly.

Contact Us: If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. We are here to help and address any issues you may have about privacy or security.

  • Email: You can reach our privacy team at contact@finaive.com. This is our designated contact for privacy inquiries, including requests to exercise your data rights. Please include in your email the detail of your request or question, and any relevant information we might need to assist you (but do not include sensitive personal information beyond what's necessary). We will respond as soon as possible, generally within a few business days.
  • Address: Finaive AI Innovations Ltd., Nigeria. (Note: We are in the process of establishing our primary office address. Once finalized, we will update this section with the full mailing address for official communications.) In the meantime, email is the fastest way to reach us for privacy matters.
  • Telephone: You may call us at +234 916 844 6233 during business hours (Mon–Fri, 8am–5pm West African Time) for urgent matters. Bear in mind that for formal data requests (like an access or deletion request), we will likely ask you to also send an email so that we have a written record.

When you contact us, we may ask you to verify your identity (especially for data access/deletion requests) to ensure we are dealing with the correct individual. For example, we might ask you to write to us from the email associated with your account or provide some identifying information.

We will do our best to resolve any complaints or concerns you have about your privacy. If, however, you feel that we have not addressed your issue satisfactorily, you have the right to contact your local data protection authority as noted in Your Rights above. For example, EU users can reach out to their national DPA, Nigerian users can contact the Nigeria Data Protection Bureau/Commission, and Californian users can contact the California Privacy Protection Agency or Attorney General. We sincerely hope that won't be necessary, and we welcome the opportunity to make things right.

Thank you for reading this Privacy Policy. We value your trust in Finaive's TrustScore platform, and we are committed to living up to that trust by handling your personal information with care, transparency, and respect for your privacy.