Privacy Policy

EFFECTIVE: JANUARY 1, 2025

1. Information We Collect

We collect information you give us directly — your name, phone number, BVN, government-issued ID,
address, and the contents of your transactions. We also collect device information (model, OS version,
IP address) and app-usage data needed to keep VimaPay secure and reliable.

We never collect more than we need.

2. How We Use Your Information

We use your data to provide VimaPay services, verify your identity, prevent fraud, comply with legal
obligations, communicate with you about your account, and improve the product. We do not sell your
personal data to third parties — ever.

3. Sharing of Information

We share information only with:

  • Our regulated banking partners to enable transactions
  • KYC providers to verify your identity
  • Law enforcement when legally compelled
  • Trusted vendors (e.g. cloud hosting, customer-support tools) bound by strict data-processing agreements

4. Data Retention

We retain your personal data for as long as your account is active and for up to 7 years after closure,
in line with CBN record-keeping requirements. Transaction records are retained for the period required
by Nigerian law.

5. Cookies & Tracking

Our website uses essential cookies for sign-in and security and optional analytics cookies to understand
product usage. You can disable non-essential cookies at any time from the cookie banner. The mobile app
does not use third-party advertising trackers.

6. Security Measures

VimaPay applies AES-256 encryption at rest, TLS 1.3 in transit, hardware-backed key storage, and
continuous threat monitoring. Access to production data is tightly restricted and audited.

No system is 100% secure, but we treat security as a daily discipline, not a checkbox.

7. Your Rights

Under the Nigeria Data Protection Regulation (NDPR) and where applicable the EU GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion (subject to regulatory retention rules)
  • Object to certain processing
  • Lodge a complaint with the NITDA or your local data protection authority

To exercise any right, email
privacy@vimapay.com.

8. Third-Party Services

VimaPay integrates with third parties including Mono, Paystack, Smile Identity, and Twilio. Each
integration is governed by its own privacy policy, and we share only the minimum data required for
the integration to function.

9. Children’s Privacy

VimaPay is not intended for anyone under 18. We do not knowingly collect personal data from children.
If you believe a child has provided us with personal information, contact us immediately and we will
delete it.

10. Changes to Policy

We may update this Privacy Policy as our product evolves. Material changes will be communicated at
least 14 days before they take effect via in-app notification and email.

11. Contact Us

Reach our Data Protection Officer at
privacy@vimapay.com

Get App