Privacy Policy
Last Updated: June 26, 2026
1. Introduction
Welcome to XENDMi. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website or use our mobile applications (the "Platform") and tell you about your privacy rights and how the law protects you.
2. The Data We Collect About You
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of services you have purchased from us.
- Location Data includes your real-time location to facilitate package tracking and delivery services.
- Facial Images. During identity verification, Xendmi asks you to take a selfie (a single photograph of your face). See the dedicated Facial Images and Biometric Data section below for the complete explanation of how this image is collected, used, stored, shared, retained, and deleted.
3. Facial Images and Biometric Data
During identity verification (KYC), Xendmi asks you to take a selfie (a single photograph of your face). This section explains exactly how that image is handled. Xendmi does not perform facial recognition, does not create biometric templates or faceprints, does not run any automated face-matching, and does not use facial images to train any machine learning model.
- What we collect. A single selfie image (JPEG or PNG). No biometric template, no faceprint, no derived vector representation is computed or stored. We do not access live camera frames beyond capturing the single image you take and submit.
- How we use it. The selfie is used only to (a) allow a Xendmi admin to manually verify, by visual comparison against the government-issued ID document you upload, that you are a real person matching the ID, and (b) become your profile photo shown to other users so they can recognise you. We do not use it for advertising, profiling, surveillance, or any analysis beyond the manual review described above.
- Where it is stored, and who has access. The selfie is uploaded to Cloudinary, our image-hosting and storage processor, under a service agreement that requires Cloudinary to process the data only on our behalf and not to use it for any other purpose. Cloudinary acts as a data processor; Xendmi remains the data controller. The image is not shared with any other third party, is never sold, is never used for advertising, and is never provided to any machine learning or analytics provider for training.
- How long we keep it. The selfie is retained while your Xendmi account is active. When you delete your account, the image is deleted from Cloudinary, except where Nigerian financial-services KYC regulations require us to retain identity- verification records for a fixed regulatory period (typically 5–7 years). After that regulatory window, the image is permanently deleted.
- Your right to request deletion. You may request earlier deletion of your facial image at any time by emailing info@xendmi.com. We will action the deletion within a reasonable timeframe, subject only to the regulatory retention requirement above.
4. How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you (e.g., matching senders with agents).
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
5. Disclosures of Your Personal Data
We may share your personal data with the parties set out below for the purposes set out in section 4 above.
- Internal Third Parties: Other companies in the XENDMi Group acting as joint controllers or processors.
- External Third Parties: Service providers acting as processors based who provide IT and system administration services, payment processing, or identity verification.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.
6. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
7. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
8. Contact Us
If you have any questions about this privacy policy or our privacy practices, please contact us in the following ways:
Email address: info@xendmi.com