Legal

Privacy Policy

Last updated: 29 April 2026

This Privacy Policy explains how DigAjo ("we", "our", "us") collects, uses, shares, and protects your personal information when you use our mobile app, web platform, or any related service (the "Service"). By using DigAjo, you agree to this Policy.

1. Information we collect

Information you give us directly:

  • Your full name, date of birth, phone number, and email address.
  • Your residential address and a copy of your utility bill (for KYC).
  • Your Bank Verification Number (BVN) and/or National Identification Number (NIN), as required by the Central Bank of Nigeria.
  • A passport photograph and (optionally) a liveness selfie.
  • Bank account details for payouts and withdrawals.
  • Profile information you choose to add (avatar, display name).

Information we collect automatically:

  • Transaction records — every contribution, payout, transfer, fee.
  • Device information — model, OS version, app version, language.
  • Network metadata — IP address, approximate location (city level), timestamps.
  • Push notification tokens (so we can deliver alerts to your device).

2. How we use your information

  • To create and operate your account.
  • To verify your identity (KYC) as required by Nigerian financial regulation.
  • To process contributions, payouts, and withdrawals.
  • To send transactional notifications (SMS OTPs, push notifications, email confirmations).
  • To detect and prevent fraud, money laundering, and terrorism financing.
  • To comply with our legal and regulatory obligations.
  • To improve the Service — anonymised, aggregated usage metrics only.

3. Who we share your information with

We do not sell your data. We share specific data with specific third parties only to deliver the Service or comply with the law:

  • NetMFB / partner microfinance bank — for virtual account creation, fund transfers, and settlement.
  • Cloudflare R2 — encrypted storage for KYC documents (passport, utility bill).
  • Termii — to deliver SMS one-time codes and transaction alerts.
  • Expo (Expo Application Services) — for push notification delivery to your device.
  • Law enforcement and regulators — when legally compelled by valid Nigerian court orders or NCC, EFCC, or CBN directives.

4. How we protect your data

  • All data in transit uses TLS 1.2+ encryption.
  • Sensitive identifiers (BVN, NIN) are stored as one-way hashes, not in plaintext.
  • Passwords are hashed with bcrypt; transaction PINs are hashed separately.
  • KYC documents are stored in encrypted-at-rest object storage (Cloudflare R2).
  • Database access is internal-only — no public network path to customer data.
  • Production systems are accessed by named team members only, with audit logging.

5. Your rights (NDPR-compliant)

Under the Nigeria Data Protection Regulation, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data (subject to regulatory record-keeping rules).
  • Withdraw consent for non-essential processing.
  • Lodge a complaint with the National Information Technology Development Agency (NITDA).

To exercise any of these rights, see our data deletion page or email compliance@digajo.com.

6. Data retention

We retain personal data for as long as your account is active. After account deletion, we retain transaction records for at least seven years as required by Nigerian financial regulation (anti-money laundering laws). Other personal data is purged within 30 days of deletion request.

7. Children

DigAjo is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has used the Service, contact us and we will remove their data.

8. Changes to this policy

We will update this Policy from time to time. Material changes will be communicated via in-app notification and email. The date at the top reflects the most recent update.

9. Contact

Privacy questions or concerns: compliance@digajo.com