Privacy Policy

Last Updated: May 4, 2026

01 INTRODUCTION

Welcome to Cidapay, owned and operated by CIDA DIGITALS SOLUTIONS LIMITED ("we," "us," or "our"). This Privacy Policy describes how we collect, use, process, and disclose your information, including personal data, in conjunction with your access to and use of our mobile application and financial services.

By using Cidapay, you consent to the data practices described in this policy. We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner in compliance with the Nigeria Data Protection Regulation (NDPR) and other applicable data protection laws.

02 PRIVACY MISSION STATEMENT

Our mission is to provide secure, transparent, and efficient financial services while maintaining the highest standards of data privacy. We believe that your financial information is personal and sensitive; therefore, we only collect what is necessary to provide our services and protect your account from fraudulent activities.

03 GENERAL PRINCIPLES FOR PROCESSING PERSONAL DATA

We adhere to the following principles when processing your personal data:

  • Legality, Fairness, and Transparency: Data is processed lawfully and transparently.
  • Purpose Limitation: Collected for specified, explicit, and legitimate purposes.
  • Data Minimization: Adequate, relevant, and limited to what is necessary.
  • Accuracy: Kept up to date and corrected without delay if inaccurate.
  • Storage Limitation: Kept in a form which permits identification for no longer than necessary.
  • Integrity and Confidentiality: Processed in a manner that ensures appropriate security.

04 LAWFUL BASIS FOR COLLECTING AND PROCESSING PERSONAL DATA

We process your personal data based on several legal grounds:

  • Contractual Necessity: To fulfill our obligations under our Terms of Use.
  • Legal Obligation: To comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations.
  • Legitimate Interests: For fraud prevention, network security, and service improvement.
  • Consent: Where you have given us explicit permission (e.g., promotional marketing).

05 INFORMATION WE MAY COLLECT FROM YOU

We collect various types of information to provide and improve our services:

A. Personal Identity & KYC Data

  • Full name, date of birth, and gender.
  • Government-issued ID (NIN, BVN, Voter's Card) and facial biometrics for identity verification.
  • Proof of address and contact details (email and phone number).

B. Financial & Transaction Data

  • Bank account details, card information (processed via secure partners), and wallet balances.
  • Transaction history, including recipients, amounts, and dates.

C. Scoped Device & Technical Data

Device Information: We collect specific device identifiers (Device ID, Operating System, Model) to identify trusted devices and prevent account takeovers.

Geolocation: With your permission, we collect coarse/fine location during transaction authorization to detect unusual patterns and prevent cross-border fraud.

Contacts: If you use the "Send to Contact" feature, we access your contacts to help you find recipients. We do not store or upload your entire contact list to our servers.

06 HOW WE COLLECT INFORMATION

We collect information through:

  • Direct Interactions: Data you provide during registration or when filling forms.
  • Automated Technologies: Technical data collected automatically as you use the app.
  • Third Parties: Verification services (e.g., Dojah), financial partners, and credit bureaus.

07 HOW WE USE YOUR PERSONAL DATA

We use your data for the following purposes:

  • To verify your identity and authorize transactions.
  • To prevent, detect, and investigate fraud and money laundering.
  • To provide customer support and resolve technical issues.
  • To comply with regulatory requirements from the Central Bank of Nigeria (CBN).
  • To enhance app performance and develop new features.

08 DATA PROTECTION IMPACT ASSESSMENTS

We conduct regular Data Protection Impact Assessments (DPIAs) for high-risk processing operations to identify and mitigate risks to the rights and freedoms of our users.

09 YOUR RIGHTS AS A DATA SUBJECT

Under the NDPR, you have the right to:

  • Request access to your personal data.
  • Request rectification of inaccurate data.
  • Request erasure of data (the "right to be forgotten"), subject to legal hold requirements.
  • Object to or restrict the processing of your data.
  • Data portability to another service provider.

10 RETENTION OF YOUR DATA

We retain your personal data as long as your account is active. Even after account closure, we are legally required by financial regulations to keep KYC and transaction records for a minimum of 5 to 7 years.

11 ACCURACY OF YOUR DATA

We take every reasonable step to ensure that your personal data is accurate. Please update your profile information immediately if there are any changes to your address or contact details.

12 SECURITY OF YOUR DATA

We implement industry-standard security measures, including:

  • AES-256 bit encryption for data at rest.
  • SSL/TLS encryption for all data in transit.
  • Multi-factor authentication (MFA) and Biometric locks.
  • Regular third-party security audits and penetration testing.

13 DATA SHARING AND CROSS-BORDER TRANSFERS

We may share data with financial partners and law enforcement when required. If we transfer data across borders, we ensure the recipient country has adequate data protection laws or implement Standard Contractual Clauses.

14 WHERE WE STORE YOUR INFORMATION

Your information is stored on secure cloud servers. We utilize data centers that comply with international security standards (ISO 27001/SOC2).

15 EMERGING TECHNOLOGIES

We use facial recognition and liveness detection for KYC. This biometric data is processed securely and is never shared with unauthorized third parties.

16 COOKIES

Our web interfaces use cookies to remember session states and for analytics. You can manage cookie preferences in your device settings.

17 AUTOMATED PROCESSING

We use automated systems to score transactions for fraud. If a transaction is flagged, it may be held for manual review by our security team.

18 SOCIAL EVENTS

Information collected during promotional events or surveys is handled in accordance with this policy and the specific terms of the event.

20 PROMOTIONAL MATERIALS

You can opt-out of marketing communications at any time via the app settings or the "unsubscribe" link in our emails.

21 COMPLAINTS

If you have any concerns regarding your data, please contact our Data Protection Officer at support@cidapay.com.

22 UPDATES TO THE PRIVACY POLICY

We may update this policy to reflect changes in our practices or regulatory requirements. We will notify you of any significant shifts via app notifications or email.

Cookies & Privacy

We use cookies to ensure you get the best experience on our website. By continuing to use this site, you agree to our Privacy Policy.