Legal · NDPR / NDPA / GDPR

Privacy Policy

What we collect on web, iOS, and Android — why we collect it, who we share it with, and how you can see, correct, or delete it. Written in plain language with regulator-grade detail.

Last updated · January 2026 NDPR + GDPR + CCPA aligned App-store review ready

Section 01

Introduction

NairaGig ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it. It applies to our website nairagig.com, our iOS and Android apps, our APIs, and any related service (collectively the "Platform").

We comply with the Nigeria Data Protection Regulation 2019 (NDPR), the Nigeria Data Protection Act 2023 (NDPA), the EU General Data Protection Regulation (GDPR) where applicable, the UK GDPR, the California Consumer Privacy Act (CCPA), and the requirements of the Apple App Store and Google Play.

If you only have time for one section, read 14 (account & data deletion) and 13 (your rights). Everything else is detail.

Section 02

Information we collect

We collect information you provide directly to us, plus a few things we observe automatically.

Information you provide

  • Account credentials — email address, password (hashed), phone number
  • Profile data — name, bio, avatar, skills, portfolio, location, languages
  • Identity verification — government-issued ID, selfie, address proof (for KYC where required)
  • Payment information — card details (tokenised by our processor), bank account, BVN where applicable, transaction history
  • Communications — messages, support tickets, ratings, reviews, dispute statements
  • Marketing preferences — your opt-ins, segments, and subscription state

Information collected automatically

  • Device info — model, OS version, app version, screen size, language, time zone
  • Network info — IP address, ISP, approximate region inferred from IP
  • Usage data — pages and screens visited, features used, session length, click stream
  • Diagnostics — crash logs, performance traces, error messages
  • Cookies, local storage, and SDK identifiers — see Section 15 and our Cookie Policy

Section 03

Mobile app data & SDKs

Our iOS and Android apps include third-party SDKs that help us deliver and improve the service. The table below mirrors what we declare in the Apple App Store Privacy Nutrition Label and the Google Play Data Safety form.

Partner / SDKPurposeData typesLinkage
Firebase / Google AnalyticsCrash reporting, anonymised analytics, A/B testingDevice IDs, IP, app interactionsNot linked to you
Firebase Cloud MessagingPush notification deliveryDevice push tokenLinked to your account
Paystack / FlutterwavePayment processingTokenised card, transaction metadataLinked to your account
Cloudinary / S3Media hosting (profile photos, KYC docs, attachments)Uploaded images & filesLinked to your account
SentryCrash + error monitoringStack traces, device model, OS versionNot linked to you
AWS SES / TwilioEmail & SMS deliveryEmail address, phone number, message subjectLinked to your account

What we DO NOT do: we do not sell your personal information; we do not use third-party advertising SDKs inside the apps; we do not track you across other companies' apps or websites for advertising purposes; and we do not include any undisclosed SDK in shipped builds.

Section 04

Device permissions

The apps request only the permissions strictly required for the features you use:

  • Camera — to capture your KYC documents and profile photo on the screens where this is required. We do not access the camera in the background.
  • Photo library / Storage — to upload attachments to messages, portfolios, and dispute evidence. We only access files you explicitly select.
  • Notifications — to deliver job alerts, messages, payouts, and security warnings. You can disable these at any time in your device settings.
  • Microphone — only when you record an audio message inside a chat. We do not listen in the background.
  • Location — only on screens that explicitly need it (e.g. nearby gigs). We do not collect background location. See Section 6.
  • Contacts — only when you tap "Invite contacts," and only the contacts you select. We never upload your address book in the background.
  • Biometric / Face ID — for optional biometric unlock of the app; the biometric data never leaves your device.

Each permission has a clear, in-context explanation when it's requested. You can revoke any permission at any time in your device settings; some features may then stop working.

Section 05

Push notifications

Push notifications are off by default until you opt in. Once enabled, we send you push notifications for events you have registered for — new messages, job alerts, payouts, security alerts, milestone updates, and (only if you opt in separately) marketing and promotional content.

  • You can change notification preferences in Settings → Notifications inside the app.
  • You can turn off all notifications at the OS level in your device settings.
  • We do not use push tokens to identify you across other apps.
  • Marketing pushes are sent only with your explicit opt-in and include an in-app "stop these" link.

Section 06

Location data

We handle location with the principle of least access:

  • Approximate (IP-based) location — automatically inferred from your IP for fraud prevention, currency selection, and regional content. Not precise.
  • Precise device location — collected only on screens where you ask for nearby gigs or local sponsorship matches, only while the app is in the foreground, and only after you grant permission.
  • No background tracking — we do not track your location while the app is closed or in the background. We do not access "Always Allow" location.

You can withdraw location consent at any time from your device settings. Disabling location may disable the screens that depend on it but will not affect other features.

Section 07

How we use your information

We use the information we collect to:

  • Provide, maintain, and improve the Platform
  • Create and manage your account
  • Verify your identity where required (KYC / AML)
  • Process transactions and route payouts
  • Match clients to freelancers and surface relevant opportunities
  • Send transactional emails / push / SMS (e.g. login codes, payment confirmations)
  • Send marketing emails / push only when you opt in
  • Personalise your experience (saved searches, suggested gigs, language)
  • Monitor and analyse usage to fix bugs and prioritise features
  • Detect, prevent, and respond to fraud, abuse, and security threats
  • Comply with legal obligations and respond to lawful requests

Section 09

Sharing & disclosure

We share your information only in the circumstances described below.

  • With other users — profile information and ratings are visible to others; messages are visible to your conversation partner.
  • With service providers — payment processors, cloud hosting, email and SMS providers, KYC vendors, customer-support tooling. Each is bound by a data-processing agreement.
  • With professional advisers — lawyers, auditors, insurers, on a need-to-know basis.
  • With law enforcement — only in response to a lawful request (subpoena, court order, valid government request) or to protect rights and safety.
  • In a business transfer — if NairaGig is acquired, merged, or reorganised, your data may be part of the transferred assets, subject to this Policy.
  • With your consent — for any other purpose, only when you explicitly authorise it.

We do not sell your personal information. We do not share it with advertisers for cross-context behavioural advertising.

Section 10

Advertising & analytics

We use first-party analytics (event logs we own, not shared with third parties for ad targeting). We do not show third-party advertising inside the apps and do not use the IDFA (Apple) or AAID (Google) for cross-app tracking. If you have opted out of ad tracking at the OS level, your choice is respected.

On the website, we use a small set of analytics cookies described in our Cookie Policy. Marketing cookies are opt-in via the consent banner.

Section 11

Data security

We protect your information using a combination of technical and organisational measures:

  • TLS 1.2+ for all data in transit
  • AES-256 encryption for backups and sensitive at-rest data
  • Role-based access control with least-privilege principles
  • Multi-factor authentication for staff systems
  • Quarterly penetration tests and continuous vulnerability scanning
  • Audit logging of admin actions
  • Incident-response plan with notification to affected users and regulators within 72 hours where required

No method of transmission or storage is 100% secure. While we apply industry standards, we cannot guarantee absolute security. You are responsible for keeping your password confidential and notifying us immediately at security@nairagig.com of any suspected compromise.

Section 12

Data retention

We retain personal data only for as long as we need it:

  • Account data — kept while your account is active. Deleted or anonymised within 30 days of account deletion, subject to the exceptions below.
  • Transaction records — kept for at least 7 years to satisfy Nigerian tax and AML legislation.
  • KYC / identity documents — kept for 5 years after the end of the relationship, per AML rules.
  • Marketing data — until you opt out, plus a short suppression-list retention so we never email you again by mistake.
  • Server logs — typically 90 days, longer where needed for security investigations.
  • Backups — rolling 30-day window; deleted records may persist in backups until the window rotates out.

Section 13

Your rights & choices

Under NDPR, NDPA, GDPR, UK GDPR, and CCPA where applicable, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — ask us to delete your data, subject to legal-hold exceptions.
  • Restriction — ask us to stop processing while a dispute is resolved.
  • Objection — object to processing based on legitimate interests, including direct marketing.
  • Portability — receive a copy of your data in a machine-readable format.
  • Withdraw consent — at any time, where processing relies on consent.
  • Lodge a complaint — with the Nigeria Data Protection Commission (NDPC) or your local supervisory authority.

To exercise any right, email privacy@nairagig.com or use the in-app data-rights form. We respond within 30 days.

Section 14

Account & data deletion

You can delete your NairaGig account and associated personal data at any time:

  • In the iOS / Android app: Settings → Account → Delete account. Confirm with your password. Your account becomes inaccessible immediately and is fully erased within 30 days.
  • On the web: visit nairagig.com/settings/account/delete while logged in.
  • By email: write to privacy@nairagig.com from your registered email address. We will verify and delete within 30 days.

What is deleted: account credentials, profile data, messages, ratings, portfolio entries, marketing preferences, device tokens. What we may keep, anonymised or under legal hold: aggregated analytics, financial transactions (7 years for tax/AML), records subject to an active legal claim, and backups (rotated out within ~30 days).

Section 15

Cookies & tracking

We use cookies and similar storage (local storage, SDK identifiers) to keep you signed in, remember preferences, and measure usage. Full categorisation — strictly necessary, functional, analytics, and marketing — and per-cookie detail are in our Cookie Policy. You can change consent at any time via the "Cookie settings" link in the footer.

Section 16

Third-party services

The Platform may link to or embed third-party services (e.g. payment processors, identity-verification vendors, social-login providers). Their handling of your data is governed by their own privacy policies, not ours. We list the major processors in Section 3 and update this list as it changes.

Section 17

Children's privacy

The Platform is intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If we learn that a child has provided us with personal information, we will delete it as quickly as possible. If you believe a child has provided us with information, email privacy@nairagig.com.

Section 18

International data transfers

We are headquartered in Nigeria but use cloud infrastructure in multiple regions (primarily AWS us-east-1 with cross-region backup in eu-west-1). When we transfer personal data outside Nigeria or the EEA we rely on appropriate safeguards: Standard Contractual Clauses, adequacy decisions, or your explicit consent.

Section 19

Regional disclosures

California (CCPA / CPRA)

California residents have additional rights to know, to delete, to correct, and to opt out of "sales" or "sharing" of personal information for cross-context behavioural advertising. We do not sell or share personal information as defined under CCPA. To exercise rights, contact privacy@nairagig.com.

European Economic Area / United Kingdom

The data controller is NairaGig Limited, Lagos, Nigeria. Our EU/UK representative can be reached at eu-rep@nairagig.com. You may lodge a complaint with your local supervisory authority.

Nigeria

We are registered as a Data Controller of Major Importance under the NDPR/NDPA. Our Data Protection Officer is reachable at dpo@nairagig.com.

Section 20

Changes to this policy

We may update this Policy from time to time. Material changes are communicated via the Platform or your registered email at least 14 days before they take effect. The "Last updated" badge above always shows the current revision date. Continued use of the Platform after the effective date means you accept the updated Policy.

Section 21

Contact us

For privacy questions, data-rights requests, or to escalate concerns:

Primary contact

privacy@nairagig.com
Data Protection Officer
dpo@nairagig.com
EU / UK representative
eu-rep@nairagig.com
Security incidents
security@nairagig.com
Address
NairaGig Limited · Lagos, Nigeria