Privacy Policy

Effective Date: June, 2026

Last Updated: June 2026

This Privacy Policy explains how PayIQ (“we,” “us,” “our,” or “the App”), operated by [Company Legal Name] (“Company”), collects, uses, shares, and protects your personal information when you use the PayIQ mobile application and related services (the “Services”).

PayIQ is built around an AI-powered chat interface that helps you manage payments, savings, cards, budgeting, and (for eligible users) financial advice. Because the chat assistant is central to how PayIQ works, this Policy pays particular attention to how your data is handled when you interact with our AI features, and what information is, and is never, shared with our AI provider.

By creating an account or using PayIQ, you agree to the practices described in this Policy. We comply with the Nigeria Data Protection Act, 2023 (“NDPA”) and the regulations issued by the Nigeria Data Protection Commission (“NDPC”).

1. Information We Collect

We collect the following categories of information:

1.1 Information You Provide Directly

  • Identity information: full name, date of birth, gender, government-issued ID details (e.g. BVN, NIN), and photographs used for identity verification (KYC).
  • Contact information: phone number, email address, and residential address.
  • Account credentials: username, password (stored in hashed form), and transaction PIN (stored encrypted, never in plain text).
  • Financial information: bank account details, card information, transaction history, savings goals, and budget preferences.
  • Communications: messages you send through the chat interface, including free-flow text messages and patterned transaction inputs.

1.2 Information Collected Automatically

  • Device information: device type, operating system, unique device identifiers, and mobile network information.
  • Usage information: app navigation patterns, feature usage, session duration, and crash logs.
  • Location information: approximate location derived from IP address, where required for fraud prevention or regulatory compliance.
  • Transaction metadata: timestamps, transaction status, and device fingerprints used for fraud detection.

1.3 Information From Third Parties

  • Identity verification providers, for KYC checks required under Central Bank of Nigeria (CBN) regulations.
  • Payment processors, banking partners, and card networks involved in completing your transactions.
  • Credit reference bureaus, where relevant to credit-related features.

2. How We Use Your Information

We use your information to:

  • Create and manage your PayIQ account, and verify your identity (KYC/AML compliance).
  • Process payments, transfers, airtime purchases, bill payments, card issuance, and savings goal transactions.
  • Power the chat interface, including understanding your free-flow messages, routing them to the correct feature, and generating conversational responses.
  • Generate spending insights, budget summaries, financial health scores, and (for Premium users) personalised financial advice.
  • Detect, investigate, and prevent fraud, money laundering, and unauthorised account activity.
  • Send you transaction confirmations, security alerts, and service notifications.
  • Improve PayIQ’s features, troubleshoot issues, and develop new services.
  • Comply with legal and regulatory obligations, including those imposed by the CBN and NDPC.

Where any processing activity could produce a decision with legal or similarly significant effects on you (for example, automatically declining a transaction or service based solely on automated analysis), you have the right under Section 37 of the NDPA to request human review, express your point of view, and contest that decision. PayIQ does not use fully automated decision-making for such outcomes without human oversight.

3. How We Share Your Information

We share information only as necessary, and only with:

  • Licensed banking and payment partners, to process your transactions.
  • Identity verification providers, to fulfil KYC obligations.
  • Regulatory and law enforcement authorities, where required by law or by a valid order from the CBN, NDPC, or a court of competent jurisdiction.
  • Service providers who support our infrastructure (e.g. cloud hosting, customer support tools), under contractual confidentiality and data processing obligations.

4. Data Security

We apply industry-standard security measures to protect your information, including:

  • Encryption of sensitive data in transit (TLS) and at rest.
  • Hashing of passwords and encryption of transaction PINs.
  • Role-based access controls limiting employee access to personal data on a need-to-know basis.
  • Regular security assessments and penetration testing of our systems.
  • Fraud monitoring systems that flag unusual account activity.

While we work to protect your information, no system can be guaranteed to be completely secure. We encourage you to use a strong, unique password and to keep your transaction PIN confidential.

5. Data Retention

We retain your personal information for as long as your account remains active, and for a period afterwards as required to comply with our legal, accounting, and regulatory obligations, including CBN record-keeping requirements for financial transactions. When information is no longer required, we securely delete or anonymise it.

6. Your Rights Under the NDPA

As a data subject under the Nigeria Data Protection Act, 2023, you have the right to:

  • Be informed about how your personal data is collected and used (this Policy).
  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete personal data.
  • Request deletion of your personal data, subject to our legal and regulatory retention obligations.
  • Withdraw consent for processing that is based on consent, without affecting the lawfulness of processing carried out before withdrawal.
  • Object to certain types of processing, including direct marketing.
  • Request human review of, and contest, any decision based solely on automated processing that has a legal or similarly significant effect on you.
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data has been mishandled.

To exercise any of these rights, contact us using the details in Section 10. We will respond within the timeframes required by the NDPA.

7. Children’s Privacy

PayIQ is intended for users who meet the minimum age requirement under Nigerian law and our Terms of Service. We do not knowingly collect personal information from children below this age. If we become aware that we have collected such information, we will take steps to delete it.

8. International Data Transfers

Some of our service providers may process information outside Nigeria. Where this occurs, it is limited to the scrubbed, aggregated summaries described in Section 3, and we take steps to ensure such transfers comply with the cross-border data transfer requirements of the NDPA, including ensuring an adequate level of protection or appropriate safeguards are in place.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes through the app or by email, and will update the “Last Updated” date at the top of this Policy.

10. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact: privacy@payiqapp.com