Privacy Policy

SafliPay Technologies Limited ("SafliPay", "we", "us") provides SafePay, a neutral payment protection service for buyers and sellers during commercial transactions. We are the data controller for personal information you provide when creating an account or using our services.

Our practices are designed to comply with the Nigeria Data Protection Regulation (NDPR) 2019 and its Implementation Framework, as well as the CBN Guidelines on Customer Due Diligence for Banks and Other Financial Institutions.

We collect the following categories of personal data:

• Identity data: full name, date of birth, government-issued ID number (NIN, BVN, international passport, or driver's licence), and biometric liveness data collected during verification via MetaMap.
• Contact data: email address and mobile phone number.
• Financial data: bank account details, deal amounts, transaction histories, SafePay balances, and withdrawal records.
• Device and usage data: IP address, device model, operating system, app version, and in-app activity logs used for security and service improvement.
• Dispute data: messages, photographs, receipts, and other evidence files submitted during the dispute resolution process.

We collect data directly from you when you create an account, complete identity verification, initiate or confirm a deal, fund SafePay, raise a dispute, or contact our support team. Device and usage data is collected automatically when you interact with the SafliPay application.

We process your personal data on the following lawful bases under the NDPR:

• Contract: processing necessary to deliver the SafePay service you have agreed to use.
• Legal obligation: KYC and AML checks required by CBN regulations for licensed payment service providers.
• Legitimate interest: fraud detection, platform security, and service improvement, where these interests do not override your rights.
• Consent: marketing communications, which you may withdraw at any time through your account settings or by contacting us.

We use your data to:

• Create and maintain your SafliPay account
• Verify your identity in line with CBN tiered-KYC requirements
• Hold and release SafePay funds according to the agreed deal terms
• Process dispute evidence and issue binding resolutions
• Detect and prevent fraud, money laundering, and account abuse
• Send transactional notifications about your active deals and account activity
• Comply with regulatory reporting obligations to the CBN and NFIU

We share your data only with parties necessary to deliver the service. We do not sell your personal data or share it with advertisers.

• CBN-licensed partner financial institutions that hold SafePay funds in regulated accounts on your behalf.
• MetaMap, our identity verification provider, which processes liveness and government-ID data to complete KYC checks in line with CBN requirements.
• Regulatory authorities, including the CBN, NFIU, and EFCC, when disclosure is required by Nigerian law or regulation.

Identity records and transaction data are retained for a minimum of five years from account closure, as required by CBN anti-money-laundering guidelines. Dispute evidence is retained for seven years. Device and usage logs are retained for twelve months.

You may request deletion of data that is not subject to a statutory retention requirement by contacting us at hello@saflipay.com. We will action all valid requests within 30 days.

Under the NDPR, you have the right to access the personal data we hold about you, correct inaccuracies, request erasure of data we are not legally required to retain, object to processing based on legitimate interest, and receive your data in a portable format.

To exercise any right, email hello@saflipay.com. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Nigeria Data Protection Bureau (NDPB) at ndpb.gov.ng.

We protect your data with TLS 1.3 encryption in transit and AES-256 encryption at rest. High-value actions require biometric confirmation (Face ID or fingerprint) on your device. Biometric data is processed entirely within your device's secure enclave and is never transmitted to SafliPay's servers. Passwords are hashed using industry-standard algorithms, and sensitive database fields are individually encrypted.

Every balance change, status update, and dispute decision is logged to an append-only audit ledger retained for compliance and downloadable by you as proof.

We may update this Privacy Policy to reflect changes in our practices or regulatory requirements. We will notify you of material changes via in-app notification or email at least 14 days before they take effect. Continued use of SafliPay after the effective date of a revised policy constitutes your acceptance of the changes.