NILLAR
Data Protection

Privacy Policy

We are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use NillarPay.

Effective Date: June 2026|Governed by Nigerian Law|Product: NillarPay

Table of Contents

  1. 01Who We Are
  2. 02Information We Collect
  3. 03Purpose of Processing
  4. 04Legal Basis (NDPA)
  5. 05Sharing Your Information
  6. 06Data Retention
  7. 07Cross-Border Data Transfers
  8. 08Security Safeguards
  9. 09Cookies and Tracking
  10. 10Children's Privacy
  11. 11Your Rights Under NDPA
  12. 12Privacy Contact

1. Who We Are

Nillar Technology Limited ("Nillar", "we", "us", or "our") is a technology company incorporated in Nigeria (RC Number: RC 9432737), operating the NillarPay platform at pay.nillar.com.

For the purposes of the Nigeria Data Protection Act (NDPA) 2023, Nillar Technology Limited is the Data Controller responsible for your personal data. We are committed to processing your data lawfully, fairly, and transparently in accordance with the NDPA and other applicable Nigerian laws.

2. Information We Collect

2.1 Information You Provide to Us

  • Identity information: Full legal name, date of birth, gender.
  • Contact information: Phone number, email address, residential address.
  • Identity verification: Bank Verification Number (BVN), National Identification Number (NIN), Government-issued ID (passport, driver's licence, voter's card), selfie/photo.
  • Financial information: Bank account details, wallet transaction history, beneficiary account numbers.
  • Agent/referral information: If you are an agent or referred by someone, we collect relevant onboarding details.

2.2 Information We Collect Automatically

  • Device information: Device type, operating system, device ID, mobile network information.
  • Usage data: Pages visited, features used, transaction timestamps, click patterns.
  • Location data: General location derived from IP address or, with your consent, GPS location.
  • Log data: IP address, access times, error logs, crash reports.

2.3 Information from Third Parties

  • Identity verification providers: Data returned from BVN and NIN verification via NIBSS and NIMC.
  • Banking partners: Account status, transaction confirmations, and AML-related flags from our licensed banking partners (e.g., Anchor).
  • Fraud detection services: Risk signals from third-party fraud prevention tools.

3. Purpose of Processing

We use your personal data for the following purposes:

  • Account creation and management: To create, verify, and manage your NillarPay account.
  • KYC and identity verification: To comply with CBN KYC regulations and verify your identity.
  • Service delivery: To process payments, transfers, airtime purchases, bill payments, and other wallet transactions.
  • AML/CFT compliance: To monitor transactions for suspicious activity and comply with anti-money laundering laws.
  • Customer support: To respond to your queries, complaints, and disputes.
  • Fraud prevention: To detect, investigate, and prevent fraudulent activity.
  • Security: To protect your account and our platform from unauthorised access.
  • Legal compliance: To comply with regulatory obligations, respond to lawful requests from authorities, and enforce our Terms.
  • Communications: To send you transaction notifications, security alerts, and product updates.
  • Service improvement: To analyse usage patterns and improve NillarPay features.
  • Referral programme management: To track referrals and distribute referral rewards.

5. Sharing Your Information

We do not sell your personal data to third parties. We may share your information in the following circumstances:

5.1 Banking Partners

We share your identity and transaction data with our licensed banking partners (currently including Anchor) to facilitate wallet creation, fund holding, and payment processing. These partners are bound by applicable banking regulations and data protection obligations.

5.2 Regulatory and Government Authorities

We may share your data with the CBN, EFCC, NFIU, NIMC, NIBSS, Nigeria Police, or other lawful authorities when required by law, court order, or as necessary to prevent financial crime.

5.3 Identity Verification Providers

To perform KYC, we share your BVN, NIN, and biometric data with government-approved verification providers under strict data processing agreements.

5.4 Technology Service Providers

We engage technology vendors (cloud hosting, analytics, customer support) who process data strictly on our behalf under Data Processing Agreements (DPAs) in line with NDPA requirements.

5.5 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to applicable data protection law.

6. Data Retention Policy

We retain your personal data for as long as necessary to fulfil the purposes outlined in this Policy and to comply with legal obligations. Our standard retention periods are:

  • Account and KYC data: 5 (five) years after account closure, in compliance with CBN and AML regulations.
  • Transaction records: 5 (five) years from the date of each transaction.
  • Customer support records: 3 (three) years from the date of the interaction.
  • Marketing consent records: Until consent is withdrawn plus 1 (one) year.
  • Audit logs: 7 (seven) years for compliance with financial regulations.

After the applicable retention period, we will securely delete or anonymise your personal data so it can no longer be linked to you.

7. Cross-Border Data Transfers

Your personal data is primarily processed and stored in Nigeria. However, some of our technology service providers may process data outside Nigeria. Where we transfer your personal data internationally, we ensure:

  • The transfer is to a country with an adequate level of data protection as recognised under the NDPA.
  • We have implemented appropriate safeguards such as Standard Contractual Clauses (SCCs) or Data Processing Agreements.
  • The transfer is necessary for the performance of our contract with you or is required by law.
We do not transfer your BVN, NIN, or government-issued ID data outside Nigeria except where strictly required by law or with your explicit consent.

8. Security Safeguards

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure:

  • Encryption: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption.
  • Access controls: Strict role-based access controls ensure that only authorised personnel can access personal data.
  • Multi-factor authentication: Our internal systems require MFA for staff access.
  • Regular security audits: We conduct regular vulnerability assessments and penetration testing.
  • Secure storage: KYC documents and biometric data are stored in secured, access-controlled environments.
  • Incident response: We maintain a data breach incident response plan and will notify you and the Nigeria Data Protection Commission (NDPC) in the event of a breach as required by the NDPA.
Despite our safeguards, no internet-based system is 100% secure. You are responsible for keeping your account credentials confidential. We will NEVER ask for your PIN or password.

9. Cookies and Tracking Technologies

Our website (pay.nillar.com) uses cookies and similar tracking technologies to improve your experience. Please see our full Cookie Policy for detailed information. In summary:

  • Essential cookies: Required for the website to function — cannot be disabled.
  • Analytics cookies: Help us understand how you use our website — requires your consent.
  • Preference cookies: Remember your settings — requires your consent.

You can manage your cookie preferences through the cookie consent banner on our website or your browser settings.

10. Children's Privacy

NillarPay is not directed at, and does not knowingly collect personal data from, individuals under the age of 18 years. Our Services require users to be at least 18 years old, and we use BVN/NIN verification to confirm age eligibility.

If we discover that we have inadvertently collected personal data from a person under 18, we will promptly delete such data and close the associated account. If you are a parent or guardian and believe we may have collected data about your child, please contact us immediately at privacy@nillar.com.

11. Your Rights Under the NDPA

As a data subject under the Nigeria Data Protection Act (NDPA) 2023, you have the following rights. To exercise any of these rights, please contact our Data Protection Officer at privacy@nillar.com. We will respond within 30 days.

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Ask us to correct inaccurate or incomplete data.
  • Right to Erasure ('Right to be Forgotten'): Request deletion of your data, subject to legal retention obligations.
  • Right to Restrict Processing: Ask us to limit how we use your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Where we rely on consent, withdraw it at any time without affecting prior processing.
  • Right to Lodge a Complaint: File a complaint with the Nigeria Data Protection Commission (NDPC) if you are unsatisfied with our response.
Nigeria Data Protection Commission (NDPC): Website: ndpc.gov.ng | Email: info@ndpc.gov.ng

12. Privacy Contact Information

For any privacy-related questions, requests, or complaints, please contact our Data Protection Officer:

Data Protection Officer — Nillar Technology Limited

Email (DPO): privacy@nillar.com

General Support: support@nillar.com

Address: Kano, Nigeria, Lagos, Nigeria

RC Number: RC 9432737

All Legal DocumentsBack to NillarPay →