Your privacy is
our priority.

At Paykudy, transparency is the foundation of trust. Here is how we safeguard, process, and respect your personal data in strict compliance with regulatory standards.

Last Updated: March 2026
Version 2.0 (Regulatory Compliant)

1. Regulatory Compliance Framework

Paykudy ("we", "us", or "our") is committed to protecting user privacy. This policy governs our data processing activities in strict adherence to the Nigeria Data Protection Regulation (NDPR), the Nigeria Data Protection Act (NDPA), and where applicable to global users, the General Data Protection Regulation (GDPR).

2. Information We Collect

To provision regulated fintech services, fulfill Know-Your-Customer (KYC) directives, and optimize user experience, we collect and process the following categories of data:

  • Personal Identifiers: Full name, date of birth, biometric verification numbers (where legally permissible), email address, phone number, and residential address.
  • Financial Data: Transaction records, transaction amounts, card usage history, and tokenized linked bank account details.
  • KYC & Regulatory Documents: Government-issued identification (e.g., Driver’s License, International Passport, National Identity Number), proof of address, and verification photographs.
  • Technical Metadata: Internet Protocol (IP) address, geolocation logs, unique device identifiers, operating system variants, and app telemetry data.

3. Lawful Bases for Processing

Under both NDPR and GDPR, we only process your data when a legitimate legal ground exists:

Contractual Necessity

To create your account, process funds transfers, issue payment instruments, and handle customer service duties.

Legal Obligation

Fulfilling Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), and Central Bank reporting obligations.

Legitimate Interests

Executing advanced system optimization, threat analysis, platform infrastructure security, and fraud mitigation models.

Explicit Consent

Where you provide distinct approval for optional opt-in features or secondary marketing updates.

4. Cookies and Tracking Technologies

We use standard browser cookies, web beacons, and local tracking tokens to remember user settings, authenticate user sessions, and evaluate marketing conversion funnels.

You have the option to configure your system browser preferences to reject cookies completely; however, certain transactional workflows or dashboard interface views within the Paykudy ecosystem may fail to render or operate correctly without essential functional tokens enabled.

5. Third-Party Sharing and Disclosures

Paykudy does not barter or sell personal records to third-party brokers. We disclose subsets of records only to data processors who operate under strict non-disclosure obligations:

"Data is shared explicitly with licensed partner commercial banks, card network operators (e.g., Visa, Mastercard), identity verification registries, and statutory regulatory or judicial bodies as mandated by national financial compliance legislation."

6. Data Retention Standards

We store collected profiles only as long as necessary to complete operational requests or meet legal statutory guidelines. Under financial regulatory frameworks, standard transaction data and customer KYC documents are retained for a minimum mandatory duration of **six (6) to seven (7) years** following the formal closure of the associated user account.

When data outlives its operational use-case or statutory minimum lifecycle, it is programmatically purged, anonymized, or destroyed using secure digital deletion parameters.

7. Your Data Subject Rights

Pursuant to the protections afforded under the NDPR and GDPR, users are granted the following specific, enforceable statutory rights:

  • Right of Access & Portability: Request confirmation of records held, copy provisions, or machine-readable transmission configurations.
  • Right to Rectification: Challenge missing details or direct immediate corrections to faulty record attributes.
  • Right to Erasure ("Right to be Forgotten"): Request data purging where no superseding regulatory retention requirements override the request.
  • Right to Object & Restrict Processing: Request restrictions on specific profiling procedures or restrict secondary messaging operations.

8. Contact Our Data Protection Officer (DPO)

For exercises of your data subject privileges, reporting perceived vulnerabilities, or clarifying processing conditions, file an itemized inquiry directly via email: privacy@paykudy.com.

By utilizing the Paykudy ecosystem, you acknowledge you have reviewed the processing parameters detailed in this Privacy Policy framework.

Return to Home