Privacy Policy
Effective date: 22 June 2026 · Version 1.1
This Privacy Policy explains how Nippyy Innovations Limited ("Nippyy", "we", "us", "our") collects, uses, stores, shares and protects your personal information when you use our app, website and related services (together, the "Services"). It applies however you access the Services — on a phone, tablet, computer or other device. Nippyy Innovations Limited (RC 8409868) is a company registered in Nigeria.
Nippyy is a financial technology company that operates a cross-border peer-to-peer payments platform. We are not a licensed bank or money transfer operator — regulated money transmission, settlement and banking services are provided by our licensed partners (see "How we share your information"). We use stablecoins only to settle funds between Nippyy and these partners behind the scenes: you never hold a crypto wallet or interact with any blockchain, you deal only in regular currency, and none of your personal information is stored on any blockchain.
We handle your personal information in line with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation (NDPR) and, because our systems are hosted in the European Union, the EU General Data Protection Regulation (GDPR). Where more than one of these applies, we follow the higher standard.
By using our Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.
1. Information We Collect
a. Information you provide to us
We collect personal information you give us when you sign up for a Nippyy account, go through our identity verification, make or receive payments, contact our support team, or otherwise use the Services.
b. Information we collect automatically
When you use the Services, our systems automatically record certain technical information — such as your device details, IP address, and how you interact with the Services — including through cookies and similar technologies (see "Cookies") and through security technology we use to tell human users apart from automated bots.
c. The information we collect
Depending on how you use Nippyy, the personal information we collect, use, process, store or transfer includes:
Your liveness selfie is biometric data, which counts as sensitive personal information. We only process it with your explicit consent and where the law allows. Your BVN and NIN are sensitive national identifiers; we store them for identity verification, fraud prevention and our legal obligations, access is limited to authorised staff, and they are protected as described in "How we protect your information".
2. How We Use Your Information
We use the personal information we collect to:
- create and manage your account and verify your identity (to meet our legal KYC and anti-money-laundering obligations);
- process your transactions and provide the Services (to perform our contract with you);
- detect, prevent and investigate fraud and financial crime, and carry out sanctions and screening checks (our legal obligations and our legitimate interest in keeping Nippyy safe);
- provide customer support and communicate with you about the Services (to perform our contract and our legitimate interests);
- operate, analyse, improve and develop the Services (our legitimate interests);
- comply with our legal and regulatory obligations, and establish, exercise or defend legal claims; and
- send you marketing, only where you have agreed (your consent).
You can withdraw consent at any time. This will not affect anything we did before you withdrew it, and it does not apply where the law requires us to keep certain records.
3. Identity Verification, KYC & Anti-Money-Laundering
As a cross-border payments business operating through licensed partners, we and our partners must comply with Nigeria's anti-money-laundering (AML) and counter-terrorist-financing rules and the directives of the Central Bank of Nigeria, as well as our partners' obligations in their jurisdictions. To comply, we:
- verify your identity before and during your use of Nippyy — including your BVN, NIN, government ID and a liveness check;
- monitor transactions and run sanctions and politically-exposed-person (PEP) checks;
- report to regulators and file suspicious-activity reports where the law requires; and
- keep identity and transaction records for the period the law requires (see "How long we keep your information").
Identity verification is carried out through our identity-verification provider. We store your BVN and NIN for identity verification, fraud prevention and these legal obligations.
4. Automated Decisions & Profiling
We use automated tools, including profiling, to verify identity, monitor transactions, and detect and prevent fraud and financial crime. In some cases these tools can decide automatically whether a transaction may proceed — for example, blocking a payment that looks high-risk.
Where a decision that significantly affects you is made solely by automated means, you can ask for a person to review it, share your point of view, and challenge the decision. To do this, contact us using the details in "Contact us & complaints". Please note that some checks (such as fraud and sanctions screening) are required by law, and a human review cannot override a legal duty to block or report a transaction.
5. How We Share Your Information
We do not sell your personal information. We share it only as needed to provide the Services and meet our legal obligations, with the following categories of recipients:
| Recipient | Why we share | Where |
|---|---|---|
| Licensed payment, settlement & money-transfer partners | Cross-border money transmission, payouts and settlement | Nigeria / Canada |
| Licensed banking partners | Regulated banking and payment rails | Nigeria |
| Identity-verification providers | Identity verification and biometric liveness checks | Nigeria |
| Cloud hosting providers | Hosting and data storage | France (EU) |
| Analytics providers | Website and product analytics | United States |
| Security & fraud-prevention providers | Bot detection, human verification and abuse prevention | United States |
| Regulators, courts & law enforcement | Where required or permitted by law, or to protect against fraud and harm | Nigeria / as required |
We put a data processing agreement in place with each provider that handles personal information on our behalf, and they may only use your information to perform the service we have engaged them for. We may also disclose your information where we believe in good faith it is necessary to comply with the law, enforce our terms, or protect the rights, property or safety of Nippyy, our users or the public. If Nippyy is involved in a merger, acquisition or sale of assets, we will give notice before your information becomes subject to a different privacy policy. We will update this policy if we engage new providers, and you can request a current list of our processors from us at any time.
6. International Transfers
Because our systems are hosted in France, our settlement partner operates in Canada, and some providers (such as our analytics and security providers) are based in the United States, your personal information is transferred to and processed in countries outside Nigeria. Whenever we do this, we make sure it is protected — for example, because the destination is recognised as providing strong data-protection standards (such as the EU and Canada), or, for countries that are not (such as the United States), through approved contractual terms such as Standard Contractual Clauses. You can ask us for details of the safeguards we use for any specific transfer.
7. How Long We Keep Your Information
We keep your personal information only for as long as we need it for the purposes set out in this policy, or for as long as the law requires.
When we no longer need other information, we delete it or anonymise it so you can no longer be identified.
8. Your Rights
Subject to the law, you have the right to:
- request a copy of the personal information we hold about you;
- correct information that is inaccurate or incomplete;
- request deletion of your information (subject to the legal retention above);
- restrict how we use your information in certain circumstances;
- request that we transfer your information to another organisation;
- object to certain uses, such as direct marketing;
- object to solely automated decisions and request human review;
- withdraw consent where we rely on it; and
- lodge a complaint with the supervisory authority (see below).
To exercise any of these rights, contact us using the details in "Contact us & complaints". We may need to verify your identity first, and we will respond within the time the law allows.
9. How We Protect Your Information
We take the security of your information seriously and use appropriate technical and organisational measures to protect it, including:
- encryption of your data in transit (TLS/HTTPS) and at rest;
- additional field-level encryption for sensitive identifiers (BVN and NIN) and biometric data;
- databases kept off the public internet, with authentication and firewall controls;
- role-based access on a need-to-know basis, following the principle of least privilege;
- multi-factor authentication for administrator and server access;
- logging and monitoring of access to sensitive data;
- encrypted backups; and
- contractual security obligations on all our partners and providers.
We keep these measures under review and update them as our Services and the threat landscape change. No method of transmission or storage is ever completely secure, so we cannot guarantee absolute security, but we work hard to protect your information.
10. Data Breaches
If a personal data breach is likely to put your rights at risk, we will notify the Nigeria Data Protection Commission without undue delay — and, where feasible, within 72 hours of becoming aware of it. Where the breach is likely to put you at high risk, we will also notify you.
11. Children
The Services are intended only for people aged 18 and over. We do not knowingly collect personal information from anyone under 18, and if we learn that we have, we will delete it promptly.
12. Cookies
We use cookies and similar technologies to operate the Services, keep them secure, remember your choices, and understand how the Services are used (including through analytics cookies). You can manage your choices through our cookie banner or your browser settings. For full details, see our Cookie Policy.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our Services, how we use personal information, or the law. When we do, we will revise the effective date at the top of this page, and where changes are significant we will provide additional notice.
14. Contact Us & Complaints
If you have any questions about this Privacy Policy, want to exercise a right, or wish to make a complaint, please contact our Data Protection Officer:
| Contact | Data Protection Officer, Nippyy Innovations Limited |
| [email protected] |
You also have the right to lodge a complaint with the supervisory authority:
| Authority | Nigeria Data Protection Commission (NDPC) |
| [email protected] | |
| Phone | +234 (0) 916 061 5551 |
| Address | No. 12 Clement Isong Street, Asokoro, Abuja, FCT, Nigeria |
If you are in the European Union, you may also lodge a complaint with your local data-protection authority.
Nippyy is a financial technology company, not a bank or licensed money transfer operator. Regulated payment, settlement and banking services are provided by licensed partners.