Effective Date: February 10, 2026
At Paydora, we are committed to protecting your privacy and securing your personal data in compliance with the Nigerian Data Protection Regulation (NDPR) 2019.
This Privacy Policy explains how Paydora Limited collects, uses, discloses, and protects your personal information. As a NIN verification service provider, we handle sensitive personal data and are committed to the highest standards of data protection.
By using our services, you consent to the collection and use of your information as described in this policy. Please read this policy carefully to understand our practices regarding your personal data.
Paydora Limited ("we", "us", "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy applies to all users of our NIN verification services, website, and mobile applications (collectively, the "Services").
We are registered with the Nigerian Data Protection Commission (NDPC) as a data controller and processor. Our registration number is DPC/NG/2023/12345.
We adhere to the following data protection principles under NDPR 2019:
"Personal Data"
Any information relating to an identified or identifiable natural person as defined under NDPR Section 1.3.
"Sensitive Personal Data"
Data relating to racial or ethnic origin, political opinions, religious beliefs, health, genetics, biometrics, NIN, etc. (NDPR Section 1.3(xvii)).
"Data Controller"
Paydora Limited, who determines the purposes and means of processing personal data.
"Data Processor"
Any person who processes personal data on behalf of the Data Controller.
"Processing"
Any operation performed on personal data including collection, recording, storage, etc.
"Data Subject"
The individual to whom personal data relates (you, our user).
The Data Controller responsible for your personal data is:
We collect the following categories of personal data:
| Data Category | Type of Data | Purpose | Legal Basis |
|---|---|---|---|
| Personal Data |
|
Account creation, verification, communication | Contract performance, Legitimate interest |
| Sensitive Data |
|
NIN verification services | Explicit consent, Legal obligation |
| Financial Data |
|
Payment processing, refunds | Contract performance, Legal obligation |
| Technical Data |
|
Security, analytics, service improvement | Legitimate interest |
National Identity Number (NIN) is classified as sensitive personal data under NDPR. We process NIN data only for verification purposes and with your explicit consent. We do not store NIN data longer than necessary for verification completion.
You provide NIN and personal information through our secure platform
We verify NIN through authorized API channels with encryption
We generate verification reports with necessary data only
Data is stored in encrypted databases with access controls
Data is deleted according to retention policies
We use your personal data for the following purposes:
We will only send you marketing communications if you have explicitly opted in. You can unsubscribe at any time by clicking the unsubscribe link in our emails or contacting our support team.
Under NDPR 2019, we process your personal data based on one or more of the following legal bases:
Processing necessary to perform our contract with you (providing verification services).
NDPR Section 2.2(a)
Your clear affirmative consent for specific processing activities (especially for sensitive data).
NDPR Section 2.3
Processing necessary to comply with Nigerian laws and regulations.
NDPR Section 2.2(b)
Processing necessary for our legitimate business interests (security, fraud prevention).
NDPR Section 2.2(f)
We may share your personal data with the following categories of recipients:
All third-party processors sign Data Processing Agreements (DPAs) that comply with NDPR requirements. These agreements ensure they implement appropriate security measures and only process data for specified purposes.
We do not sell, trade, or rent your personal data to third parties for marketing purposes. Your data is only shared as described in this policy or with your explicit consent.
We implement comprehensive security measures to protect your personal data:
In the event of a data breach, we will notify the Nigerian Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, as required by NDPR Section 3.1(10). Affected data subjects will also be notified without undue delay.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Type | Retention Period | Reason for Retention |
|---|---|---|
| Account Information | 5 years after account closure | Legal requirements, fraud prevention |
| NIN Verification Records | 7 years | Regulatory compliance, audit purposes |
| Transaction Records | 7 years | Financial regulations, tax compliance |
| Communication Data | 3 years | Customer service, dispute resolution |
| NIN Numbers | 30 days after verification | Temporary processing, then anonymized |
| Inactive Accounts | 2 years of inactivity | Then deleted or anonymized |
When data retention periods expire, we securely delete or anonymize the data. Anonymized data may be retained for statistical analysis. You can request earlier deletion of your data by exercising your rights under NDPR.
As a data subject under NDPR 2019, you have the following rights regarding your personal data:
You can request a copy of your personal data we hold.
NDPR Section 3.1(1)
You can request correction of inaccurate or incomplete data.
NDPR Section 3.1(2)
You can request deletion of your personal data ("right to be forgotten").
NDPR Section 3.1(3)
You can request restriction of how we process your data.
NDPR Section 3.1(4)
You can request your data in a structured, commonly used format.
NDPR Section 3.1(5)
You can object to certain types of processing.
NDPR Section 3.1(6)
You can withdraw consent at any time, without affecting prior processing.
NDPR Section 2.3(5)
You can complain to the NDPC if you believe your rights have been violated.
NDPR Section 4.1(9)
To exercise any of these rights, please contact our Data Protection Officer at:
We will respond to your request within 30 days as required by NDPR Section 3.1(8).
Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children under 18.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we learn that we have collected personal data from a child under 18 without parental consent, we will delete that information promptly.
Our Services may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party services.
We encourage you to review the privacy policies of any third-party services you access through our platform. We are not responsible for the privacy practices or content of third-party services.
Your personal data is primarily processed and stored in Nigeria. However, some of our service providers may process data in other countries.
When data is transferred outside Nigeria, we ensure appropriate safeguards are in place:
By using our Services, you acknowledge that your personal data may be transferred to, stored, and processed in countries other than Nigeria, subject to the safeguards described above.
We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements.
Your continued use of our Services after any changes to this Privacy Policy constitutes acceptance of those changes. If you do not agree with the updated policy, you must stop using our Services.
Response Time: 48 hours
Business Hours: Mon-Fri, 9am-6pm WAT
You have the right to lodge a complaint with the supervisory authority:
Nigerian Data Protection Commission (NDPC)
Plot 1252, Michael Okpara Street, Wuse Zone 5, Abuja, Nigeria
At Paydora, we are committed to protecting your privacy and securing your personal data. This Privacy Policy, together with our Terms of Service and Cookie Policy, governs our relationship with you regarding data protection.