Privacy policy

Payva ("we", "our", or "us") operates a trust infrastructure platform for social commerce in Nigeria, providing identity verification, escrow-style payment facilitation, and public reputation systems. We are committed to protecting the privacy and personal data of every user who interacts with our platform.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have as a data subject. It is designed to comply with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), and applicable international data protection standards.

By accessing or using Payva, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the platform immediately.

• Individual buyers and sellers using the Payva platform
• Businesses and merchants registered on Payva
• Visitors to our website or mobile application
• Any third party whose data is submitted to us in connection with a transaction or dispute

We process your personal data under the following legal bases as recognized by the NDPA 2023:

• Contractual Necessity: To create and manage your Payva account, facilitate escrow transactions, and provide our core services.
• Legal Obligation: To fulfil obligations under CBN regulations, AML/CFT laws, and KYC requirements.
• Legitimate Interest: To prevent fraud, secure the platform, resolve disputes, and improve our services in ways that do not override your rights.
• Consent: Where required by law, we will obtain your explicit consent before processing your data, particularly for marketing communications.

• Identity verification and fraud prevention
• KYC and AML compliance screening
• Facilitating, processing, and recording escrow transactions
• Managing disputes and investigating reported violations
• Maintaining your public reputation profile on the platform
• Sending transaction alerts, service updates, and required notifications
• Improving platform performance, features, and user experience
• Responding to your enquiries and support requests
• Complying with court orders, legal obligations, or regulatory requests

We may share your personal data with the following categories of third parties:

• Licensed Payment Processors: To process and hold funds in connection with escrow transactions.
• KYC and Identity Verification Providers: To verify the identity of users as required by law.
• Regulatory Bodies and Law Enforcement: Where we are legally required to disclose data, such as to the CBN, EFCC, NFIU, or courts of competent jurisdiction.
• Fraud Prevention Partners: To detect and prevent fraudulent activity on the platform.
• Technology Infrastructure Providers: Cloud hosting, data storage, and analytics providers who are contractually bound to protect your data.

We do not sell, rent, or trade your personal data to any third party for marketing or commercial purposes. Any data shared with service providers is governed by a data processing agreement requiring them to maintain confidentiality and process data only as directed.

We retain your personal data for as long as is necessary to:

• Provide and maintain our services to you
• Comply with applicable legal and regulatory retention requirements (e.g. CBN AML rules requiring transaction records to be kept for a minimum of five years)
• Resolve active or potential disputes
• Enforce our Terms of Service and other agreements

When data is no longer required, we will securely delete or anonymize it in accordance with our internal data lifecycle policy.

We use cookies and similar technologies to maintain your session and authentication state, remember your preferences, analyze platform usage and improve functionality, and detect fraud and unusual activity.

You may manage cookie preferences through your browser settings. Disabling certain cookies may limit your access to some features of the platform.

We implement industry-standard administrative, technical, and physical safeguards to protect your personal data, including:

• End-to-end encryption for data in transit (TLS/SSL)
• Encryption of sensitive data at rest
• Role-based access controls limiting internal data access
• Regular security audits and vulnerability assessments
• Secure data center infrastructure with access logging

No digital platform can guarantee absolute security. If we become aware of a data breach likely to affect your rights, we will notify you and the relevant regulatory authority as required by the NDPA 2023.

Under the NDPA 2023 and the NDPR, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data where there is no lawful basis for us to retain it.
• Right to Restriction: Request that we limit how we process your data in certain circumstances.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interest, including profiling.
• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting previous processing.

To exercise any of these rights, contact us at support@usepayva.com. We will respond within 30 days. In some cases, legal obligations may prevent us from fulfilling certain requests, and we will explain this to you if applicable.

Payva primarily processes data within Nigeria. Where data is transferred outside Nigeria, such as to cloud infrastructure providers or KYC partners, we ensure that appropriate safeguards are in place, including contractual data protection clauses that meet NDPA standards.

The Payva platform is intended solely for individuals who are 18 years of age or older. We do not knowingly collect personal data from minors. If you believe a minor has provided us with their data, please contact us immediately at support@usepayva.com and we will take prompt steps to remove the information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will notify you via email or a prominent notice on the platform at least 14 days before the changes take effect. Continued use of the platform after the effective date constitutes your acceptance of the updated Policy.

For all data privacy enquiries, subject access requests, or complaints:

• Email: support@usepayva.com
• Address: Lagos, Nigeria
• Data Protection Officer: Simeon Oluwatomisin Samson

If you believe your rights have been violated and our response is unsatisfactory, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC).