Privacy Policy

TripleLens is a product of Live Capital Limited (RC 7880441), a company incorporated in Nigeria with its registered office at 32C Cameron Road, Ikoyi, Lagos, Nigeria.

In this policy “TripleLens,” “we,” and “us” refer to Live Capital Limited acting through the TripleLens product at https://triplelens.com and its companion applications at app.triplelens.com and admin.triplelens.com. Live Capital Limited is the data controller for personal information processed in connection with TripleLens under the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR). Where another data-protection law applies to you, we honour the rights it grants.

This policy covers personal information collected through our websites, applications, APIs, support channels, and the in-product KYC and verification flows. It does not cover services operated by third parties even if you reach them through us (for example, your bank, a payment provider, a fund manager, or an external supplier). Their handling of your information is governed by their own policies.

We group the information we hold about you into the following categories.

• Account information. Name, email address, password (stored only as a one-way hash), phone, nationality, account creation timestamp, last-login timestamp.
• Profile information. Profile type (Retail Investor, Business, Institution, or Supplier), display name, @handle, avatar, audiences you self-declare, membership and role on a profile.
• Identity and corporate verification (KYC and KYB). Government ID details, selfie/liveness data, business registration documents (such as CAC certificates), beneficial-owner information, and verification outcomes returned by our verification partners.
• Financial and operational information. For Businesses, application details, requested amounts, business plans, financial statements, and post-deployment reporting. For Investors, allocation and investment history. For Institutions, Fund-creation, fund-application, and deployment information.
• Transaction information. Deposit, withdrawal, investment, and disbursement records, including amounts, counterparties on the Platform, and timestamps.
• Communications. Email, in-product chat, support tickets, invitations, and notifications you send or receive via TripleLens.
• Device and technical information. IP address, user-agent, device and OS identifiers, language, time zone, referrer, and pages visited.
• Cookies and similar storage. See section 7.

• Directly from you, when you sign up, complete KYC, create or update a profile, submit an application, or send us a message.
• Automatically, from your device when you use the Platform (logs, cookies, device identifiers).
• From third parties we engage to verify identity (Smile Identity, Sumsub), validate corporate existence (regulators and registries), prevent fraud, and deliver email, hosting, and analytics.
• From other users, where they reference you (for example, an institution that invites you to a profile, or a business that lists you as a beneficial owner).

• Performance of a contract. To deliver the Platform you have signed up to, including account creation, profile management, fund applications, and transactions.
• Compliance with a legal obligation. To meet anti-money laundering, counter-terrorist-financing, sanctions, tax, and audit requirements. This is the principal basis for KYC and ongoing risk monitoring.
• Legitimate interests. To keep the Platform secure, prevent fraud, investigate misuse, improve the product, and develop new features, where these interests are not overridden by your rights and freedoms.
• Consent. For analytics and marketing cookies, marketing emails, and any other processing where consent is the applicable basis. You can withdraw consent at any time without affecting earlier processing.

• To create, secure, and operate your account and profiles.
• To verify identity and corporate existence, and to keep verification current as we are required to.
• To process applications, investments, and disbursements, and to keep an auditable record of those transactions.
• To respond to your questions and provide support.
• To detect, investigate, and prevent fraud, money laundering, sanctions evasion, and other misuse of the Platform.
• To meet legal, regulatory, accounting, and reporting obligations.
• To understand how the Platform is used and to improve it. Where this involves cookies or third-party analytics, we ask for your consent first.
• To send you service notifications, and, with your consent, marketing updates.

We group cookies into three categories, matching the consent banner.

• Necessary. Required for core site functions, security, and fraud prevention. These include the small cookie that remembers your consent choice. Always active.
• Analytics. Helps us understand which pages are useful and where people get stuck. Off until you opt in.
• Marketing. Used to share relevant updates about TripleLens and measure the performance of those communications. Off until you opt in.

You can change your choice at any time from the “Cookie Settings” link in the site footer. Consent choices are retained for up to 12 months, after which we ask you again.

We do not sell your personal information. We share it only where we need to.

• Service providers and processors acting on our behalf for hosting (Google Cloud, Vercel, Cloudflare), email delivery (Amazon SES), identity verification (Smile Identity, Sumsub), fraud prevention, analytics, payments, and customer support. They are bound by written data-processing terms and may use the information only to provide the service to us.
• Other users on the Platform, where the design of the product makes that necessary. For example, an Investor in a Fund sees information about the Businesses that have applied to or received capital from that Fund; an Institution that you invite to a profile sees information about that profile.
• Regulators, law enforcement, and other authorities, where we are required to disclose information or where disclosure is necessary to protect rights, safety, or property.
• Professional advisers (lawyers, auditors, insurers) under duties of confidence.
• A successor entity, in connection with a merger, acquisition, financing, reorganization, or sale of substantially all our assets, subject to the successor honouring this policy.

Some of our service providers operate outside Nigeria. Where personal information is transferred outside Nigeria, we rely on either the recipient country’s adequacy status under the NDPA, contractual data-protection terms with the recipient, or your explicit consent, depending on the circumstances. The protections applied in this policy travel with your information regardless of where it is processed.

We keep personal information for as long as we need it for the purposes set out in this policy, and then we delete or anonymize it. Specific minimum periods include:

• Account and profile records: while your account is active, plus up to seven (7) years after closure to meet our anti-money laundering record-keeping obligations.
• KYC and verification records: at least seven (7) years from the end of the business relationship, in line with applicable Nigerian AML requirements.
• Transaction records and audit logs: at least seven (7) years from the transaction date.
• Marketing-consent records: while consent is active, plus up to two (2) years after withdrawal to evidence the withdrawal.
• Cookie-consent records: up to twelve (12) months.
• Support correspondence: typically up to three (3) years after the interaction.

We may keep information longer where required by law, regulation, court order, or where it is reasonably necessary to defend against a legal claim.

We apply layered technical and organizational measures, including:

• encryption in transit (TLS) on all public endpoints;
• encryption at rest for databases, file storage, and backups managed by our cloud providers;
• password hashing with industry-standard algorithms and never storing plaintext credentials;
• role-based access control on internal systems, with the principle of least privilege;
• multi-factor authentication for staff access to production systems;
• audit logging of administrative actions, with logs reviewed periodically and on incident;
• regular dependency, library, and infrastructure updates, and vulnerability monitoring;
• screening of staff with access to personal information, and a written confidentiality obligation in their contracts.

No system is impenetrable. You can help protect yourself by using a strong unique password, enabling any account-protection features we offer, and notifying us immediately at contact@livecapital.fund if you suspect unauthorized access.

If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Nigeria Data Protection Commission within the timelines set by the NDPA, and we will notify affected individuals without undue delay where the risk is high. The notification will describe the nature of the breach, the categories and approximate numbers of records concerned, the likely consequences, and the measures we have taken or propose to take.

Under the NDPA, NDPR, and similar laws that may apply to you, you have the right to:

• Access the personal information we hold about you.
• Correct information that is inaccurate or incomplete.
• Delete information we hold about you, subject to retention obligations we cannot lawfully shorten.
• Restrict or object to processing in defined circumstances.
• Withdraw consent at any time for processing based on consent. This does not affect lawfulness of earlier processing.
• Portability: receive a copy of the information you provided in a structured, commonly used, machine-readable format.
• Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you, without human review.

To exercise any of these rights, email contact@livecapital.fund. We may need to verify your identity before acting on a request. We aim to respond within thirty (30) days, and we will explain any delay or refusal.

Parts of our identity verification, fraud-prevention, and sanctions-screening processes are automated. They include comparing the documents and biometric data you submit with the data held or referenced by our verification partners, and screening identifiers against published sanctions and politically-exposed-persons lists. Where an automated result is negative and that has a meaningful effect on you (for example, blocking an account), a human reviewer is available to re-examine the decision on request. Email contact@livecapital.fund to request human review.

TripleLens is intended for individuals who are at least 18 years old and for organizations acting through authorized representatives. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided personal information to us, please contact us and we will delete it.

The Platform may link to external sites or display content from external sources. We are not responsible for the privacy practices of those third parties. Review their policies before sharing personal information with them.

We may update this page from time to time. If we make a material change to how we process personal information or to cookie categories, we will give reasonable notice (for example, by email or by re-surfacing the consent banner) before the change takes effect.

We hope to resolve any concern directly. If you are not satisfied, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC). You may also be able to raise a complaint with the data-protection authority in your country of residence.

For privacy questions or to exercise any right, email contact@livecapital.fund or write to us at:

Live Capital Limited (RC 7880441)
32C Cameron Road, Ikoyi, Lagos, Nigeria
+234 (0) 901 392 2180