BLUVERTEX LIMITED, ("we", "us", "our") operates the DumaPay mobile application (the "App"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App to purchase airtime/data, access loan services, and utilize other features.
By registering or using the App, you agree to the terms of this Privacy Policy. If you do not agree, please do not access or use the App.
1. Information We Collect
We collect information necessary to provide our services, verify your identity (as required by Nigerian regulations), prevent fraud, and improve your experience:
1.1 Personal Information You Provide:
While using our service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you, which may contain:
(a) Identity Data:
- Full name, gender, date of birth, phone number, email, selfie, BVN, NIN.
- To verify identity, the app allows users to take a photo directly using the device camera.
- The app does not access or read your photo library.
- All photos are used solely for verification purposes and are securely encrypted during transmission and storage.
(b) Contact Data:
- During the loan application process, users may provide reference contacts (name, phone number, relationship).
- Before entering this information, a clear consent popup is presented, explaining that the information will be used only for credit risk assessment and emergency contact if we cannot reach the user directly.
- Users must confirm their consent before submitting any contact information.
- This information is voluntarily provided, and we never disclose personal or financial information to these contacts.
- The app does not request or access your phone contacts or address book, and the data is never used for marketing or unsolicited communication.
(c) Financial Data:
- Bank account details (for loan disbursement/repayment), transaction history within the App (top-ups, loan transactions), and airtime/data purchase details.
All information provided is processed in compliance with local data protection laws.
1.2 Information Collected Automatically:
(a) Device Information:
- Device type (make/model), operating system, unique device identifiers (e.g., IDFA), IP address, browser type, and mobile network information.
(b) Usage Data:
- Features you access, time spent on the App, pages visited, clickstream data, transaction timestamps, and error logs.
1.3 Device Permissions
Depending on your device, we may request certain permissions to access data for specific functions:
(a) Camera
- Used only when you actively choose to take a photo for identity verification or document submission.
- Camera access is never used in the background without your action.
(b) Contacts
- The app does not request or access system contacts.
- Reference contact information is provided manually by the user with clear prior consent.
- Collected contacts are used only for credit risk assessment and emergency contact purposes and never for marketing.
Permissions Management
- All permissions must be granted explicitly by the user.
- Users may revoke permissions at any time via their device settings.
- Revoking permissions may impact certain features of the App.
1.4 Data Security and Compliance
- All sensitive information is encrypted during transmission and storage.
- Only authorized personnel involved in loan verification or risk assessment may access your data.
- We have implemented internal privacy audits and pre-release compliance checklists to ensure all future updates remain fully aligned with Apple's privacy guidelines and local data protection laws.
2. How We Use Your Information
We use the information we collect for the following purposes, based on legitimate business interests, contractual necessity, legal compliance, and with your consent where required:
2.1 To provide and manage the App's services: Process airtime/data purchases, facilitate loan applications, disbursements, repayments, and collections.
2.2 To verify your identity and comply with KYC (Know Your Customer) and AML (Anti-Money Laundering) regulations mandated by the Central Bank of Nigeria (CBN) and NDIC.
2.3 To assess your creditworthiness for loan services, including performing credit checks with licensed Nigerian Credit Bureaus.
2.4 To prevent, detect, and investigate fraud, money laundering, terrorism financing, and other illegal activities.
2.5 To communicate with you: Send transaction confirmations, loan status updates, service announcements, security alerts, and respond to inquiries.
2.6 To personalize your experience and improve the App: Analyze usage trends, develop new features, and enhance security.
2.7 To comply with legal and regulatory obligations under Nigerian law, including the NDPA 2023, CBN Regulations, NDIC Act, and others.
2.8 For debt recovery purposes in case of loan default (using lawful means).
2.9 For direct marketing (e.g., promotional offers for airtime/data or loans) only with your explicit prior consent. You can opt-out anytime.
3. Legal Basis for Processing (Under NDPA 2023)
We process your personal information based on one or more of the following legal grounds:
3.1 Performance of a Contract: Necessary to provide the services you request (e.g., processing top-ups, executing loan agreements).
3.2 Legal Obligation: To comply with Nigerian laws and regulations (e.g., KYC, AML, CBN guidelines, tax reporting, NDPA requirements).
3.3 Legitimate Interests: To operate our business effectively and securely, prevent fraud, manage risks, improve our services, and ensure network security (balanced against your rights).
3.4 Consent: For specific purposes where we clearly ask for and obtain your explicit consent (e.g., precise location tracking if applicable, specific marketing communications). You can withdraw consent at any time.
4. How We Share Your Information
We may share your information only as described below and with appropriate safeguards:
4.1 Service Providers: Trusted third parties who perform services on our behalf under strict contractual obligations (e.g., cloud hosting providers in secure locations, payment processors, SMS gateways, identity verification services, credit bureaus, customer support platforms). We ensure these providers comply with data protection standards.
4.2 Mobile Network Operators (MNOs): Necessary to fulfill your airtime/data top-up requests (e.g., MTN, Glo, Airtel, 9mobile).
4.3 Credit Bureaus: To report your loan repayment history (positive or negative) as required by CBN regulations and to obtain your credit report for assessment.
4.4 Regulatory & Government Authorities: When required by law, regulation, legal process, or government request (e.g., CBN, NDIC, EFCC, Police, NDPC - Nigeria Data Protection Commission).
4.5 Fraud Prevention & Security Partners: To combat fraud and enhance security.
4.6 Group Companies: If applicable, within our corporate group for internal administrative purposes under strict confidentiality.
4.7 Business Transfers: In connection with a merger, acquisition, sale of assets, or bankruptcy. You will be notified via the App and/or email of any change in ownership or control.
4.8 With Your Consent: For any other purpose disclosed to you when you provide the information or with your explicit permission.
5. Data Security
We implement robust technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction, in line with the NDPA 2023 requirements. These include:
5.1 Encryption of sensitive data in transit (SSL/TLS) and at rest.
5.2 Secure access controls and authentication procedures.
5.3 Regular security assessments and vulnerability testing.
5.4 Employee training on data privacy and security.
5.5 Restricted access to personal information on a need-to-know basis.
However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by Nigerian law (e.g., for tax, accounting, anti-fraud purposes, credit reporting, or regulatory compliance under CBN, NDIC, or NDPA). Retention periods are based on:
6.1 The purpose for which the data was collected.
6.2 Legal, regulatory, tax, or accounting requirements (e.g., CBN requires transaction records retention for 5+ years).
6.3 Operational needs (e.g., managing loan accounts, resolving disputes).
6.4 Legitimate business interests (e.g., fraud prevention).
We securely delete or anonymize data when it is no longer needed.
7. Your Rights Under the NDPA 2023
The NDPA grants you certain rights regarding your personal information. You may have the right to:
7.1 Access: Request access to the personal information we hold about you.
7.2 Rectification: Request correction of inaccurate or incomplete personal information.
7.3 Erasure (Deletion): Request deletion of your personal information under certain circumstances (subject to legal retention requirements, especially for financial records).
7.4 Restriction of Processing: Request restriction of processing your information under specific conditions.
7.5 Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format (where feasible).
7.6 Objection: Object to the processing of your personal information based on our legitimate interests. You have an absolute right to object to direct marketing.
7.7 Withdraw Consent: Where processing is based on consent, withdraw your consent at any time (without affecting the lawfulness of processing before withdrawal).
7.8 Lodge a Complaint: Complain to the Nigeria Data Protection Commission (NDPC) if you believe your rights have been violated.
How to Exercise Your Rights: To exercise any of these rights, please contact us using the details in Section 10 below. We may need to verify your identity before fulfilling your request. We will respond within the timeframe required by the NDPA (generally one month).
8. Children's Privacy
Our App and services are not directed at children under the age of 18 (Minors). We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will take steps to delete it promptly. If you believe a child under 18 has provided us with personal information, please contact us.
9. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify you of material changes by:
9.1 Posting the revised Privacy Policy within the App.
9.2 Sending an in-App notification or email (where appropriate).
Your continued use of the App after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.
10. Contact Us & Data Controller
If you have any questions, concerns, requests regarding this Privacy Policy, or wish to exercise your data subject rights under the NDPA, please contact us at: