Types of Data Collected

ViitPay may collect the following categories of personal information:

• Identity Information: Name, date of birth, gender, photograph, and other identity documents.
• Contact Information: Phone number, email address, and mailing address.
• Financial and Transaction Data: BVN, bank account details, credit/debit card data (if any), transaction history and balances, and payment account numbers.
• Technical Data: Device identifiers (e.g. IMEI), IP address, operating system, app usage logs, and location information (if enabled) to improve security and service operation.
• Profile and Verification Data: Security question/answer, customer support interactions, and any other data you provide to verify your identity or profile.

"Personal Data" is any information relating to an identified or identifiable person. By collecting this data, ViitPay acts as a Data Controller; if you link third-party accounts, the external provider may also process your data under its own policy.

How Data Is Used

ViitPay processes your personal data for the following purposes, in line with NDPR principles of lawfulness, purpose limitation, and data minimization:

• Service Provision: To open and maintain your Account, process transactions, authenticate your identity, and communicate with you about the Services.
• Compliance and Security: To comply with legal/regulatory obligations (KYC, AML/CFT rules), to verify your identity (e.g. using BVN), to prevent fraud, and to monitor for suspicious activity.
• Customer Support: To respond to inquiries or complaints and to improve our service offerings.
• Operational Improvements: To analyze usage patterns and improve the app's performance and features.
• Legal and Regulatory: To report to regulators, comply with court orders or law enforcement requests, and to enforce our Terms of Use.

We will use your data only for the purposes disclosed to you at the time of collection or as otherwise permitted by law (purpose limitation). We collect only the data necessary to provide and improve our services (data minimization).

Third-Party Data Sharing

ViitPay does not sell your personal data. We may share your data with:

• Regulatory Authorities: Central Bank of Nigeria, NDPC (NDPR Commission), law enforcement, or courts when required by law.
• Financial Institutions: Banks and mobile money operators for payment processing or account linking. When you top up or withdraw funds, we share necessary transaction details with the partner bank/MMO.
• Service Providers: Trusted third-party vendors (e.g. IT hosts, payment processors, KYC/verification services) who are bound by contract to protect your data.
• Affiliates: Other companies in the ViitPay corporate group, if any, under strict confidentiality obligations.
• Business Transfers: In the event ViitPay is acquired or merges, user data may be transferred as part of the transaction, under comparable privacy commitments.

All sharing is done in accordance with NDPR requirements: we disclose data only for the specified lawful purposes (consistent with purpose limitation), and we require third parties to handle your data securely.

Data Retention Policy

ViitPay retains your personal data only as long as necessary to fulfill the purposes listed above or as required by law. For example, transaction records may be kept for a minimum period mandated by the CBN (often 5–10 years for financial records). When data is no longer needed, we will securely delete or anonymize it.

Your Rights under NDPR

Under the NDPR (and NDPA 2023), you have rights over your personal data, including the right to:

• Access your data (obtain a copy of data we hold about you).
• Rectification of inaccurate or incomplete data.
• Erasure (Deletion) of data when it is no longer necessary or if you withdraw consent.
• Restrict or object to certain processing (e.g. direct marketing).
• Data Portability: Receive your data in a portable format to transfer to another service.
• Withdraw Consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact our Data Protection Officer (see below). We will respond to your request in accordance with NDPR timelines and inform you of actions taken. If we deny a request, we will provide reasons and your right to complain to the NDPR Commission.

Security Measures

ViitPay employs appropriate technical and organizational security measures to protect your personal data. This includes encryption of data in transit and at rest, secure servers, access controls, and regular security audits. We limit access to your data to authorized personnel only. Despite these measures, no system can be perfectly secure; however, we endeavor to prevent data breaches and will notify you and authorities in accordance with NDPR guidelines if a breach occurs.

Contact for Data Protection Inquiries

If you have any questions or concerns about our data practices, or wish to exercise your NDPR rights, you may contact our Data Protection Officer at:

We will address your inquiries and requests promptly in accordance with applicable Nigerian data protection laws.