Third-party service providers that process personal data on behalf of Fastro, DPAs, and our 30-day change-notice policy (R-CPH-22).
Fastro Technologies Ltd ("Fastro") uses the following sub-processors to operate the platform. Each sub-processor is bound by a Data Processing Agreement (DPA) aligned with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023.
| Provider | Purpose | Data processed | DPA in place |
|---|---|---|---|
| Paystack (Stripe, Inc.) | Payment processing and transfer recipient management | Payment card details, bank account numbers, transaction amounts | Yes — Paystack Data Processing Agreement |
| Cloudinary | Media storage and image transformation for menu photos and KYC documents | Menu images, KYC document images, rider/vendor profile photos | Yes — Cloudinary GDPR/NDPR DPA |
| Termii | SMS OTP delivery and phone verification | Phone numbers, OTP message content | Yes — Termii DPA |
| Resend / Mailgun | Transactional email delivery (order confirmations, admin alerts, data-export links) | Email addresses, message content | Yes — Resend Data Processing Agreement |
| Google Maps Platform | Address geocoding, distance matrix, map rendering in the mobile app | Location coordinates, address strings | Yes — Google Cloud Data Processing Amendment |
| Smile ID | KYC document verification and biometric face-match | Government ID images, selfie images, NIN/BVN hashes | Yes — Smile ID Data Processing Agreement |
| Supabase (for Realtime) | WebSocket broadcast of live order and rider-location updates | Order status events, anonymised rider coordinates | Yes — Supabase Data Processing Agreement |
| Firebase Cloud Messaging (FCM) | Push notification delivery to iOS and Android devices | Device push tokens, notification payload | Yes — Google Cloud Data Processing Amendment |
| Sentry | Error monitoring and crash reporting for web and mobile apps | Stack traces, sanitised request metadata (PII scrubbed before ingestion) | Yes — Sentry Data Processing Agreement |
Fastro will notify all registered users and subscribed compliance contacts at least 30 days before adding a new sub-processor or materially changing how an existing sub-processor processes personal data. Notice is given by:
If you object to the addition of a new sub-processor, you may close your account at any time per your NDPR Data Rights.
Send an email to compliance@fastroapp.com with the subject line "Subscribe to sub-processor notices" and your name and organisation (if applicable). You will receive email notifications of any future changes at least 30 days in advance.
For questions about sub-processors or DPAs, contact our Data Protection Officer at dpo@fastroapp.com.
Was this helpful? Contact support if you need more help.