Privacy Policy

1. Introduction

This is WayaCredit(“we”, “our”, or “us”), who take our User’s personal information as high priority. This Privacy Policy is provided in accordance with the Nigeria Data Protection Regulation (NDPR) 2019 issued by the National Information Technology Development Agency (NITDA) and explains your privacy rights, particularly regarding how we collect, process, retain, share and protect your Personal Data when you use our mobile application and related services.

Please read this Privacy Policy carefully before accessing or using the service. And by accessing or using our services, you agree to the collection and use of your data as described herein.

2. Types of Data Collected

2.1 Data Provided Directly by You

When you register to use the services offered on our digital platform, we will collect the following Personal Data as necessary to offer and fulfil the service you request:

- Full name, gender, date of birth, marital status

- Email address and phone number

- Bank account information, BVN, identification details

- Emergency contacts (names, relationship, and phone numbers)

- Information submitted during loan applications and customer support

2.2 Data Collected while using the Service(with Consent)

With your explicit consent, we may collect the following data when you use our services. The collected data will be encrypted and uploaded to our server (https://api.wayacreditng.com/)

-Approximate Location

In order to (i) analyze and establish a credit scoring model for You based on the location information, and (ii) avoid unnecessary trouble and impact on customer service when the user's device is lost or stolen, We may collect the approximate location information of Your device. The collected data will be encrypted and securely stored at (https://api.wayacreditng.com/), used solely for risk assessment and loan service matching purposes, and will not be utilized for unrelated purposes or shared with unauthorized third parties without permission.

-Camera

To comply with Know Your Customer (KYC) requirements and prevent fraudulent identity claims, We may access Your device's camera to perform real-time facial recognition or capture identification documents. This helps verify that the applicant is the true owner of the identity being submitted and reduces impersonation risks.The collected data will be encrypted and securely stored at (https://api.wayacreditng.com/), used solely for risk assessment and loan service matching purposes, and will not be utilized for unrelated purposes or shared with unauthorized third parties without permission.

-Photos and Videos

As part of our identity verification and compliance procedures, We may request access to Your photos and videos to allow You to upload required documents or evidence such as ID cards, selfies, or statements. These files help us validate Your identity, comply with regulatory obligations, and ensure transaction security.The collected data will be encrypted and securely stored at (https://api.wayacreditng.com/), used solely for risk assessment and loan service matching purposes, and will not be utilized for unrelated purposes or shared with unauthorized third parties without permission.

-Mobile Devices

We collect specific information about Your mobile device, including but not limited to device name, model, operating system, region and language settings, device identification code, device hardware and software information, status usage habits, Phone Count, battery level, Active Modem Count, Active SubscriptionInfo Count, screen brightness, gyroscope. This allows us to verify that Your device is secure, unmodified by malicious third-party software , and suitable for financial transactions, thereby reducing fraud risks.The collected data will be encrypted and securely stored at (https://api.wayacreditng.com/), used solely for risk assessment and loan service matching purposes, and will not be utilized for unrelated purposes or shared with unauthorized third parties without permission.

-Installed APP List

To enhance risk management capabilities and ensure the security and compliance of loan services, we may collect a list of applications installed on your device, but only after obtaining your explicit consent. By analyzing this application information, we can identify potential high-risk behaviors, such as apps related to gambling, illegal lending, or virtual currency trading, which may indicate a higher credit risk. This information allows the platform to optimize the risk assessment model and adjust risk control strategies in a timely manner, effectively reducing the risk of default.The application information we may collect includes: application name, package name, installation and update dates, version number, whether it is a system application, application label, and application location.The collected data will be encrypted and securely stored at (https://api.wayacreditng.com/), used solely for risk assessment and loan service matching purposes, and will not be utilized for unrelated purposes or shared with unauthorized third parties without permission.

-Storage

We will only process documents or files that you explicitly select and choose to upload (e.g., ID images, utility bills, or supporting documents). This ensures that you remain in full control over the information shared with us and ensures smooth operation of document submission and enhances Your overall user experience.The collected data will be encrypted and securely stored at (https://api.wayacreditng.com/), used solely for risk assessment and loan service matching purposes, and will not be utilized for unrelated purposes or shared with unauthorized third parties without permission.

2.3 Data collected from Third-Parties:

If You decide to grant us access to a Third-Party’s Service, for example, a Third-Party Social Media Service, We may collect with your consent, Your Personal Data that is already associated with Your Third-Party Service’s account, such as Your name, Your email address and Your activities .

You will also have the option of sharing additional information with the Company through Your Third-Party Service’s account. If You choose to provide such information and Personal Data, during registration or otherwise, You are giving the Company permission to use, share, and store it in a manner consistent with this Privacy Policy.

We may receive additional information about you that is publicly or commercially available and combine that with the information we have collected or received about you in in other ways.

By default, the above permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by You at any time. In order to revoke these permissions, You may refer to the device settings or contact Us for support at the contact details provided therein.

The exact procedure for controlling app permissions may be dependent on the User's device and software.Please note that the revoking of such permissions might impact the proper functioning of the Application.

3. Use of Your Personal Data

3.1 We may use Your Data for the following purpose:

- To verify Your identity and assess Your creditworthiness;

- To provide You with information, products or services you request from us and to maintain our Service, including to know the usage of our Service, and to improve our services and Your customer experience;

-To manage risk, fraud and abuse of our services and prevent You from fraud (by developing and adopting measures of verifying your identity). Our risk and fraud tools use personal data, device information and geolocation from our Platform that offers services to help detect and prevent fraud and abuse of the services;

- To communicate with you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation;

- To comply with our legal and regulatory obligations and to enforce the terms of our sites and services, including to comply with all applicable laws and regulations;

-To manage Your requests to Us

We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our service users is among the assets transferred.

3.2 We may share your data:

- With third-party service providers: We may share Your information with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with services, verify your identity, assist in processing transactions, send you advertisements for our products and services, or provide customer support. We make double sure that these companies have compliant, legal measures in place to ensure the security and confidentiality of your Personal Data. These providers may process Your Personal Data in accordance with their own Privacy Policies. We strongly advise You to review their respective privacy policies to understand how Your data may be collected and used by them:

Appsflyer: https://www.appsflyer.com/legal/privacy-policy/

Firebase: https://firebase.google.com/support/privacy

Google Play: https://policies.google.com/privacy

Play-Services-Location: https://policies.google.com/privacy;

- With affiliates or subsidiaries: We may share Your Personal Data with Our affiliates or subsidiaries where necessary to support the delivery of services you request and implement risk management systems to prevent potentially farudulent or unlawful activity, and ensure the operational continuity and efficiency of Our platform. Any such sharing will be subject to strict data protection obligations and We will require these entities to comply with the terms of this Privacy Policy or equivalent data protection standards;

- For business transfers: In the event of a merger, acquisition, corporate restructuring, sale of assets, or financing transaction, we may disclose or transfer your personal data as part of the due diligence process or in connection with the completion of such transaction. If such a transfer occurs, we will ensure that the recipient continues to safeguard your data in a manner consistent with this Privacy Policy and applicable laws and regulations;

- With government authorities if required by law or other third parties pursuant to a court order or requirement applicable to Us or an affilicated entity;

Rest assured that We do not sell Your Personal Data.

4. Data Retention

We will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. You have the right to request deletion of the data we have collected about you. However, we will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

5. Legal Basis for Processing Personal Data

We process your personal data in accordance with the Nigeria Data Protection Regulation (NDPR) and other applicable data protection laws. The legal bases for processing your data include:

-Consent: We process certain categories of Personal Data based on your freely given, specific, informed, and unambiguous consent. You may withdraw your consent at any time, though doing so may affect the availability or functionality of certain services.

-Performance of a contract: Processing is necessary for the performance of the contract to which you are a party — for example, when:

·You apply for a loan and we assess your creditworthiness;

·We communicate with you regarding loan disbursement, repayment, or account issues.

- Compliance with legal obligations: We process certain personal data to comply with legal and regulatory obligations under applicable financial services laws, including but not limited to:

·Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements;

·Reporting obligations to regulatory authorities;

·Responding to lawful requests from law enforcement agencies.

- Legitimate interests: We process personal data where it is necessary for our legitimate interests or those of a third party, provided such interests are not overridden by your rights and freedoms. These interests include:

·Fraud detection and prevention;

·Network and information security;

·Product improvement and analytics;

·Customer service and communication.

6. Data Security

We prioritize Your security and consistently work to protect Your Personal Data from unauthorized or accidental access.

-Security: We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration.

·All the data collected will be encrypted and securely transmitted to our servers using SSL (Secure Sockets Layer) protocols, and securely stored. Your data will not be shared with any third parties without your explicit permission.

·Access to this information is strictly limited to authorized staff, agents, and contractors who have signed confidentiality agreements and are contractually bound to maintain the security and confidentiality of your data.

·Internal data protection and cybersecurity trainings for all employees are conducted periodically, especially those with access to customer data. These trainings are designed to raise awareness of data privacy obligations, strengthen security practices, and reduce risks of human error or insider threats.

-Confidentiality: Your Personal Data is regarded as confidential and will not be divulged to any third party, except under circumstances as follows:

·Business transactions: If our Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

·Law enforcement: We may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

You have the right to request sight of, and copies of any and all information we keep on you, if such requests are made in compliance with the Freedom of Information Act and other relevant enactments.

While we are dedicated to securing our systems and services and safeguarding the information entrusted to us, your role in fulfilling confidentiality duties includes, but is not limited to, adopting and enforcing appropriate security measures such as securing and maintaining the privacy of your password(s) and account/profile registration information, adherence with physical security protocols on our premises, verifying that the Personal Data we maintain of you is accurate and current.

7. International Data Transfers

Your personal data may be processed in locations where the Company or its service providers operate. As a result, your information may be transferred to and stored on servers located in jurisdictions outside your state, province, or country, where data protection laws may be different from those in your own jurisdiction.

By submitting your information and consenting to this Privacy Policy, you acknowledge and agree to such cross-border transfers of your personal data.

The Company will take all reasonably necessary measures to ensure that your data is handled securely and in compliance with this Privacy Policy. We will not transfer your personal data to any third country or organization unless appropriate safeguards are in place, including contractual, technical, and organizational measures to protect the confidentiality and integrity of your data.

8. Your Rights

You may at any time request:

-Confirmation that we hold your personal information and access to Your Personal Data: this enables You to receive a copy of the Personal Data we hold about You and to check that we are lawfully processing it.

-The identities or categories of third parties to whom we have disclosed your personal information; or

-That we correct any personal information that is incomplete, misleading, inaccurate, excessive or out of date: this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

-That we erase any Personal Data: this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

-Objection to processing: thise enables you to object at any time to the processing of your Personal Data if we process it based on our legitimate interests. Our privacy notice informs you when we rely on legitimate interests to process your Personal Data. In these cases, we will stop processing your Personal Data unless we can demonstrate compelling legitimate reasons for continuing the processing. We may reject your request if the processing of your Personal Data is needed to establish, exercise or defend legal claims. You have the right to object at any time if we process your Personal Data for direct marketing purposes. In such cases, we will stop processing your Personal Data when we receive your objection.

-Restriction of processing: this enables you to ask us to suspend the processing of your personal data in the following scenarios If you want us to establish the data’s accuracy:

·Where our use of the data is unlawful but you do not want us to erase it;

·Where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it

Requests may be made in writing to support@wayacreditng.com

9. Use by Children

We do not collect data from individuals under 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us.

If we become aware that we have collected Personal Data from anyone under the age of 18 without verification of parental consent, we will take steps to remove that information from our servers.

If you believe that we might have information from or about someone under the age of 18, please contact us using the information provided in the “Contact Us” section below.

10. Changes to This Privacy Policy

We may review and update this policy periodically and when there is any substantial change to business or regulatory requirements. The revised Privacy Policy will be effective as of the published updated date. You will be notified of material changes via the app or email. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If You have any questions about this Privacy Policy, You can contact Us:

By email: support@wayacreditng.com