Section 01
Introduction
NairaGig ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it. It applies to our website nairagig.com, our iOS and Android apps, our APIs, and any related service (collectively the "Platform").
We comply with the Nigeria Data Protection Regulation 2019 (NDPR), the Nigeria Data Protection Act 2023 (NDPA), the EU General Data Protection Regulation (GDPR) where applicable, the UK GDPR, the California Consumer Privacy Act (CCPA), and the requirements of the Apple App Store and Google Play.
Section 02
Information we collect
We collect information you provide directly to us, plus a few things we observe automatically.
Information you provide
- Account credentials — email address, password (hashed), phone number
- Profile data — name, bio, avatar, skills, portfolio, location, languages
- Identity verification — government-issued ID, selfie, address proof (for KYC where required)
- Payment information — card details (tokenised by our processor), bank account, BVN where applicable, transaction history
- Communications — messages, support tickets, ratings, reviews, dispute statements
- Marketing preferences — your opt-ins, segments, and subscription state
Information collected automatically
- Device info — model, OS version, app version, screen size, language, time zone
- Network info — IP address, ISP, approximate region inferred from IP
- Usage data — pages and screens visited, features used, session length, click stream
- Diagnostics — crash logs, performance traces, error messages
- Cookies, local storage, and SDK identifiers — see Section 15 and our Cookie Policy
Section 03
Mobile app data & SDKs
Our iOS and Android apps include third-party SDKs that help us deliver and improve the service. The table below mirrors what we declare in the Apple App Store Privacy Nutrition Label and the Google Play Data Safety form.
| Partner / SDK | Purpose | Data types | Linkage |
|---|---|---|---|
| Firebase / Google Analytics | Crash reporting, anonymised analytics, A/B testing | Device IDs, IP, app interactions | Not linked to you |
| Firebase Cloud Messaging | Push notification delivery | Device push token | Linked to your account |
| Paystack / Flutterwave | Payment processing | Tokenised card, transaction metadata | Linked to your account |
| Cloudinary / S3 | Media hosting (profile photos, KYC docs, attachments) | Uploaded images & files | Linked to your account |
| Sentry | Crash + error monitoring | Stack traces, device model, OS version | Not linked to you |
| AWS SES / Twilio | Email & SMS delivery | Email address, phone number, message subject | Linked to your account |
What we DO NOT do: we do not sell your personal information; we do not use third-party advertising SDKs inside the apps; we do not track you across other companies' apps or websites for advertising purposes; and we do not include any undisclosed SDK in shipped builds.
Section 04
Device permissions
The apps request only the permissions strictly required for the features you use:
- Camera — to capture your KYC documents and profile photo on the screens where this is required. We do not access the camera in the background.
- Photo library / Storage — to upload attachments to messages, portfolios, and dispute evidence. We only access files you explicitly select.
- Notifications — to deliver job alerts, messages, payouts, and security warnings. You can disable these at any time in your device settings.
- Microphone — only when you record an audio message inside a chat. We do not listen in the background.
- Location — only on screens that explicitly need it (e.g. nearby gigs). We do not collect background location. See Section 6.
- Contacts — only when you tap "Invite contacts," and only the contacts you select. We never upload your address book in the background.
- Biometric / Face ID — for optional biometric unlock of the app; the biometric data never leaves your device.
Each permission has a clear, in-context explanation when it's requested. You can revoke any permission at any time in your device settings; some features may then stop working.
Section 05
Push notifications
Push notifications are off by default until you opt in. Once enabled, we send you push notifications for events you have registered for — new messages, job alerts, payouts, security alerts, milestone updates, and (only if you opt in separately) marketing and promotional content.
- You can change notification preferences in Settings → Notifications inside the app.
- You can turn off all notifications at the OS level in your device settings.
- We do not use push tokens to identify you across other apps.
- Marketing pushes are sent only with your explicit opt-in and include an in-app "stop these" link.
Section 06
Location data
We handle location with the principle of least access:
- Approximate (IP-based) location — automatically inferred from your IP for fraud prevention, currency selection, and regional content. Not precise.
- Precise device location — collected only on screens where you ask for nearby gigs or local sponsorship matches, only while the app is in the foreground, and only after you grant permission.
- No background tracking — we do not track your location while the app is closed or in the background. We do not access "Always Allow" location.
You can withdraw location consent at any time from your device settings. Disabling location may disable the screens that depend on it but will not affect other features.
Section 07
How we use your information
We use the information we collect to:
- Provide, maintain, and improve the Platform
- Create and manage your account
- Verify your identity where required (KYC / AML)
- Process transactions and route payouts
- Match clients to freelancers and surface relevant opportunities
- Send transactional emails / push / SMS (e.g. login codes, payment confirmations)
- Send marketing emails / push only when you opt in
- Personalise your experience (saved searches, suggested gigs, language)
- Monitor and analyse usage to fix bugs and prioritise features
- Detect, prevent, and respond to fraud, abuse, and security threats
- Comply with legal obligations and respond to lawful requests
Section 08
Legal basis (NDPR / GDPR)
Where data-protection law requires a legal basis, we rely on:
- Performance of a contract — to provide the Platform you signed up for.
- Legitimate interests — for fraud prevention, security, product analytics, and protecting our rights, balanced against your interests.
- Consent — for marketing communications, precise location, optional cookies, and other clearly opt-in features. You can withdraw consent at any time.
- Legal obligation — to comply with tax, AML/KYC, and other statutory requirements.
- Vital interest — to protect life or physical safety in rare emergency situations.
Section 10
Advertising & analytics
We use first-party analytics (event logs we own, not shared with third parties for ad targeting). We do not show third-party advertising inside the apps and do not use the IDFA (Apple) or AAID (Google) for cross-app tracking. If you have opted out of ad tracking at the OS level, your choice is respected.
On the website, we use a small set of analytics cookies described in our Cookie Policy. Marketing cookies are opt-in via the consent banner.
Section 11
Data security
We protect your information using a combination of technical and organisational measures:
- TLS 1.2+ for all data in transit
- AES-256 encryption for backups and sensitive at-rest data
- Role-based access control with least-privilege principles
- Multi-factor authentication for staff systems
- Quarterly penetration tests and continuous vulnerability scanning
- Audit logging of admin actions
- Incident-response plan with notification to affected users and regulators within 72 hours where required
No method of transmission or storage is 100% secure. While we apply industry standards, we cannot guarantee absolute security. You are responsible for keeping your password confidential and notifying us immediately at security@nairagig.com of any suspected compromise.
Section 12
Data retention
We retain personal data only for as long as we need it:
- Account data — kept while your account is active. Deleted or anonymised within 30 days of account deletion, subject to the exceptions below.
- Transaction records — kept for at least 7 years to satisfy Nigerian tax and AML legislation.
- KYC / identity documents — kept for 5 years after the end of the relationship, per AML rules.
- Marketing data — until you opt out, plus a short suppression-list retention so we never email you again by mistake.
- Server logs — typically 90 days, longer where needed for security investigations.
- Backups — rolling 30-day window; deleted records may persist in backups until the window rotates out.
Section 13
Your rights & choices
Under NDPR, NDPA, GDPR, UK GDPR, and CCPA where applicable, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure ("right to be forgotten") — ask us to delete your data, subject to legal-hold exceptions.
- Restriction — ask us to stop processing while a dispute is resolved.
- Objection — object to processing based on legitimate interests, including direct marketing.
- Portability — receive a copy of your data in a machine-readable format.
- Withdraw consent — at any time, where processing relies on consent.
- Lodge a complaint — with the Nigeria Data Protection Commission (NDPC) or your local supervisory authority.
To exercise any right, email privacy@nairagig.com or use the in-app data-rights form. We respond within 30 days.
Section 14
Account & data deletion
You can delete your NairaGig account and associated personal data at any time:
- In the iOS / Android app: Settings → Account → Delete account. Confirm with your password. Your account becomes inaccessible immediately and is fully erased within 30 days.
- On the web: visit nairagig.com/settings/account/delete while logged in.
- By email: write to privacy@nairagig.com from your registered email address. We will verify and delete within 30 days.
What is deleted: account credentials, profile data, messages, ratings, portfolio entries, marketing preferences, device tokens. What we may keep, anonymised or under legal hold: aggregated analytics, financial transactions (7 years for tax/AML), records subject to an active legal claim, and backups (rotated out within ~30 days).
Section 16
Third-party services
The Platform may link to or embed third-party services (e.g. payment processors, identity-verification vendors, social-login providers). Their handling of your data is governed by their own privacy policies, not ours. We list the major processors in Section 3 and update this list as it changes.
Section 17
Children's privacy
The Platform is intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If we learn that a child has provided us with personal information, we will delete it as quickly as possible. If you believe a child has provided us with information, email privacy@nairagig.com.
Section 18
International data transfers
We are headquartered in Nigeria but use cloud infrastructure in multiple regions (primarily AWS us-east-1 with cross-region backup in eu-west-1). When we transfer personal data outside Nigeria or the EEA we rely on appropriate safeguards: Standard Contractual Clauses, adequacy decisions, or your explicit consent.
Section 19
Regional disclosures
California (CCPA / CPRA)
California residents have additional rights to know, to delete, to correct, and to opt out of "sales" or "sharing" of personal information for cross-context behavioural advertising. We do not sell or share personal information as defined under CCPA. To exercise rights, contact privacy@nairagig.com.
European Economic Area / United Kingdom
The data controller is NairaGig Limited, Lagos, Nigeria. Our EU/UK representative can be reached at eu-rep@nairagig.com. You may lodge a complaint with your local supervisory authority.
Nigeria
We are registered as a Data Controller of Major Importance under the NDPR/NDPA. Our Data Protection Officer is reachable at dpo@nairagig.com.
Section 20
Changes to this policy
We may update this Policy from time to time. Material changes are communicated via the Platform or your registered email at least 14 days before they take effect. The "Last updated" badge above always shows the current revision date. Continued use of the Platform after the effective date means you accept the updated Policy.
Section 21
Contact us
For privacy questions, data-rights requests, or to escalate concerns:
Primary contact
privacy@nairagig.com- Data Protection Officer
- dpo@nairagig.com
- EU / UK representative
- eu-rep@nairagig.com
- Security incidents
- security@nairagig.com
- Address
- NairaGig Limited · Lagos, Nigeria