Back to Home
Legal

Privacy Policy

Last updated: February 26, 2026 · Effective: February 26, 2026

1. Introduction

GreenfinityOne ("Greenfinity," "we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect information obtained from users ("you" or "User") of the GreenfinityOne mobile application and related services (collectively, the "Platform").

This Policy is issued in compliance with the Nigeria Data Protection Act (NDPA) 2023, the Nigeria Data Protection Regulation (NDPR) 2019, the Central Bank of Nigeria (CBN) Consumer Protection Framework, the Cybercrimes (Prohibition, Prevention etc.) Act 2015, and other applicable data protection laws and regulations.

By accessing or using the Platform, you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy. If you do not agree with this Policy, please discontinue use of the Platform immediately.

2. Data Controller

The Data Controller responsible for your personal data is:

Greenfinity Integrated Limited
Registered in the Federal Republic of Nigeria
Email: privacy@greenfinityone.com
Data Protection Officer (DPO): dpo@greenfinityone.com

3. Personal Data We Collect

We collect personal data in several categories tailored to your engagement with the Platform:

3.1 Identity and Contact Information

  • Full legal name (as it appears on government-issued identification)
  • Date of birth
  • Gender
  • Email address and phone number
  • Residential and/or business address
  • Nationality and country of residence
  • Next-of-kin details (name, relationship, contact information)

3.2 Government Identification Data

  • National Identification Number (NIN)
  • Bank Verification Number (BVN)
  • International passport number (for Diaspora users)
  • Driver's license number
  • Voter's card number
  • Scanned or photographed copies of the above documents

3.3 Biometric Data

  • Facial photographs (selfies for KYC liveness verification)
  • Biometric data derived from facial recognition checks during identity verification

3.4 Financial Information

  • Bank account details (account number, bank name, account holder name)
  • Transaction history on the Platform (loan applications, repayments, disbursements)
  • Income and employment information (where provided for creditworthiness assessment)
  • Credit history and score (where obtained from licensed credit bureaus with your consent)

3.5 Technical and Device Data

  • Device type, model, operating system, and version
  • Unique device identifiers (IMEI, advertising ID)
  • IP address
  • Browser type and version (for web-based access)
  • App version and crash logs
  • Push notification tokens

3.6 Location Data

  • Approximate location derived from IP address (for localized service and security purposes)

3.7 Communications Data

  • In-app messages and support tickets
  • Email correspondence with our support team
  • Push notification delivery and read receipts

4. Legal Bases for Processing

We process your personal data on the following legal bases, as recognized under the NDPA 2023 and NDPR 2019:

Legal BasisPurpose
ConsentKYC verification, biometric processing, marketing communications, location data collection
Contract PerformanceProcessing loan applications, disbursing funds, managing repayments
Legal ObligationAML/CFT compliance, CBN reporting, tax obligations, law enforcement requests
Legitimate InterestFraud prevention, platform security, service improvement, analytics
Vital InterestEmergency contact notification in cases involving user safety

5. How We Use Your Data

We use your personal data for the following purposes:

  1. Account Registration and KYC: To create and verify your account, confirm your identity using government-issued IDs, NIN, and BVN, and satisfy regulatory Know Your Customer requirements.
  2. Service Delivery: To process loan applications, manage accounts, and disburse funds securely.
  3. Creditworthiness Assessment: To evaluate your eligibility for credit products using the information you provide and, where applicable, data obtained from licensed credit bureaus.
  4. AML/CFT Compliance: To monitor transactions for suspicious activity, file Suspicious Transaction Reports (STRs) and Currency Transaction Reports (CTRs) with the Nigerian Financial Intelligence Unit (NFIU) as required by law.
  5. Communication: To send transactional notifications (loan status updates, repayment reminders), service announcements, and, with your consent, promotional communications.
  6. Platform Security: To detect and prevent fraud, unauthorized access, and other security threats.
  7. Legal Compliance: To comply with applicable Nigerian laws, regulations, court orders, and lawful requests from regulatory bodies.
  8. Service Improvement: To analyze usage patterns, identify bugs, and improve the Platform's functionality and user experience.

6. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

6.1 Regulatory and Government Bodies

  • Central Bank of Nigeria (CBN) — as required for license compliance and reporting
  • Nigerian Financial Intelligence Unit (NFIU) — for STR/CTR filing under the Money Laundering (Prohibition) Act
  • National Identity Management Commission (NIMC) — for NIN verification
  • Licensed Credit Bureaus — for creditworthiness checks (with your consent)
  • Law enforcement agencies — in response to valid legal process

6.2 Service Providers

  • Cloud hosting and infrastructure providers
  • Payment processing partners
  • KYC/identity verification services
  • Push notification and email delivery services
  • Analytics and crash reporting tools

All third-party service providers are contractually bound to process your data only as instructed by us and to maintain appropriate security measures. We conduct due diligence on all processors in accordance with the NDPA 2023.

6.3 Cross-Border Data Transfers

Where your personal data is transferred outside of Nigeria (for example, to cloud infrastructure located in other jurisdictions), we ensure that adequate safeguards are in place, including:

  • Adequacy determinations by the Nigeria Data Protection Commission (NDPC)
  • Standard contractual clauses or binding corporate rules
  • Ensuring the recipient jurisdiction provides an adequate level of data protection

7. Data Retention

We retain your personal data for the following periods:

Data CategoryRetention Period
Account and identity dataDuration of account + 7 years after closure (per CBN requirements)
Transaction records7 years from transaction date (per Money Laundering Act)
KYC/AML documents7 years from end of business relationship
Communication records3 years from date of communication
Technical/device data2 years from collection
Marketing consent recordsDuration of consent + 1 year

After the applicable retention period, data is securely deleted or irreversibly anonymized.

8. Data Security

We implement industry-standard technical and organizational security measures to protect your personal data, including:

  • Encryption: AES-256 encryption for data at rest; TLS 1.2+ for data in transit
  • Access Control: Role-based access control (RBAC) with the principle of least privilege
  • Authentication: Multi-factor authentication (MFA) for administrative and agent accounts
  • Monitoring: Real-time intrusion detection, anomaly monitoring, and audit logging
  • Certificate Pinning: Mobile app uses SSL certificate pinning to prevent MITM attacks
  • Regular Audits: Periodic security assessments and penetration testing
  • Incident Response: Documented data breach response procedure with notification to affected individuals and the NDPC within 72 hours of discovery

9. Your Rights

Under the NDPA 2023 and NDPR 2019, you have the following rights with respect to your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Account Deletion): You may request deletion of your account directly through the Platform's settings. Please note that account deletion is subject to the following conditions:
    • No Active Liabilities: You must have no outstanding loans or unsettled financial obligations to Greenfinity Integrated Limited.
    • Regulatory Retention: In compliance with the Money Laundering (Prohibition) Act and CBN regulations, we are legally required to retain transaction records and KYC data for a period of 7 years even after account closure. Such data will be securely archived and not used for any regular processing.
  • Right to Restrict Processing: You may request that we limit the processing of your data under certain circumstances.
  • Right to Data Portability: You may request that your data be provided in a structured, commonly used, machine-readable format.
  • Right to Object: You may object to processing based on legitimate interest or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact our Data Protection Officer at dpo@greenfinityone.com. We will respond to your request within 30 days.

10. Cookies and Tracking Technologies

Our web-based services may use cookies and similar technologies for essential functionality, security, and analytics. You can manage your cookie preferences through your browser settings. Please refer to our Cookie Policy for full details.

11. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we discover that a minor has provided personal data, we will delete it promptly. If you believe a minor has used our Platform, please contact us at privacy@greenfinityone.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, regulatory requirements, or applicable law. Significant changes will be communicated via in-app notification and/or email. The "Last updated" date at the top of this page reflects the most recent revision.

Continued use of the Platform after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Complaints

If you are dissatisfied with how we handle your personal data, you may lodge a complaint with:

14. Contact Us

For questions or concerns regarding this Privacy Policy, please contact:

Greenfinity Integrated Limited
Email: privacy@greenfinityone.com
Data Protection Officer: dpo@greenfinityone.com