FustPay Privacy Policy

Last Updated: September 16, 2025 (v1.0)

Data Privacy and Protection

This Privacy Policy (“Policy”) describes your privacy rights regarding FustPay’s (“we,” “us,” or “our”) collection, use, storage, sharing, and protection of your personal information. It applies to the FustPay mobile application, website, and related services (the “Services”). This Policy aims to help you understand how we handle your information and what we do with it.

This Policy does not apply to services not owned or controlled by FustPay, including third-party websites. Our goal is to handle personal data in compliance with applicable laws, including the Nigeria Data Protection Regulation (NDPR). This Policy applies to all systems, operations, and processes within the FustPay environment involving the collection, storage, use, transmission, and disposal of personal information. We respect the privacy of our users (“Users”) and take reasonable steps to protect your information. By using our Services, you consent to the data practices described in this Policy.

1.0 Data Processing

We collect data you provide voluntarily, data from third parties, and data automatically when you use our Services.

1.1 Information You Provide

You may provide personal information when you register for or use our Services, including:

• Personal Identification Details: Name, age, address, email address, phone number, and national identification details (e.g., Bank Verification Number (BVN) and National Identification Number (NIN)) for identity verification and Know Your Customer (KYC) compliance.
• Financial Information: Bank account or card details to process payments and facilitate transactions.
• Contact Information: Phone contacts, only with your explicit consent, to enable peer-to-peer transactions.
• Biometric Data and Images: Photographs or biometric data (e.g., facial geometry scans) for identity verification and KYC compliance. See section 3.0 for details.

To use our Services and create an account, you must provide required information. Without it, some functionalities (e.g., payment processing, KYC verification) may be limited. You may also need to provide additional information when contacting our Support Team (e.g., ID documents to verify your identity if your account is restricted).

1.2 Data Provided by Third Parties

When you log in using third-party services, we may collect personal data from those services:

• Facebook Login: If you log in with Facebook, we may collect your profile image, name, Facebook ID, and, unless you opt out on the Facebook Login screen, additional data like email address, gender, date of birth, friends list, and location. For details, see Facebook’s Data Policy and manage permissions on Facebook’s Apps and Websites page.
• Google Login: If you log in with Google, we collect your name, email address, profile picture, and Google ID. See Google’s Privacy Policy and manage permissions at Google Permissions.
• Other Third Parties: We may obtain data from credit bureaus, fraud prevention agencies, identity verification providers, or public records to comply with regulatory requirements.

1.3 Data Collected Automatically

We automatically collect:

• Transaction Data: Information about your transactions, including amounts, merchant details, device information (e.g., device type, operating system), and location data for fraud prevention and transaction verification.
• Technical and Usage Data: IP addresses, browser types, device identifiers, and analytics data to improve app performance and prevent fraud.
• Log Data: In case of app errors, we collect data such as your device’s IP address, device name, operating system version, app configuration, and usage timestamps.

2.0 Data Protection Principles

We strive to ensure that personal data is:

• Processed in accordance with specific, legitimate, and lawful purposes consented to by you.
• Adequate, accurate, and respects your dignity.
• Stored only for as long as reasonably needed.
• Secured against foreseeable hazards and breaches, such as theft, cyberattacks, or natural damage.

3.0 Facial Scans and Biometric Information

FustPay uses biometric data, such as facial geometry scans extracted from uploaded government-issued identification documents (e.g., BVN, NIN) and photos of your face, to:

• Verify your identity by comparing facial geometry from your ID and uploaded photos.
• Detect and prevent fraud as part of KYC and security processes.

We collect, use, and store biometric data securely. All biometric data and images are encrypted during transmission (using TLS) and storage (using AES-256). We adhere to industry standards and will not sell, lease, or trade biometric data. Biometric data is only disclosed:

• To complete a transaction you authorize.
• As required by law, regulation, or court order.
• With your explicit consent.

We will request your explicit consent via in-app prompts before collecting or processing biometric data. You may revoke consent at any time, though this may limit access to certain features.

4.0 Purposes for Processing Your Personal Data

We process your personal data to:

• Provide Our Services: Enable seamless use of payment processing, transfers, airtime purchases, and bill payments, and address technical issues.
• Customize Your Experience: Tailor content and offers based on your preferences and usage.
• Manage Your Account and Provide Support: Respond to your requests, provide technical support, and communicate service updates or notices about our Terms of Use or this Policy.
• Communicate with You: Send transaction notifications, service updates, or, with your consent, marketing communications via push notifications, email, or in-app chat. To opt out of push notifications, adjust your device settings. To opt out of marketing emails, use the unsubscribe link in the email footer or contact privacy@fustpay.net.
• Research and Analyze Usage: Understand user behavior, improve our Services, and develop new features through statistical analysis.
• Send Marketing Communications: Share information about our products or partners’ offers. Opt out via email unsubscribe links or by contacting privacy@fustpay.net.
• Enforce Terms and Prevent Fraud: Enforce our agreements and detect or prevent fraud, which may involve sharing data with law enforcement if required.
• Comply with Legal Obligations: Process or share data as required by law or regulatory authorities.
• Process Payments: Facilitate payments through third-party payment processors, enabling access to paid features.

5.0 Legal Bases for Processing

We process your personal data under the following legal bases:

• Your Consent: For cookies, biometric data, and marketing communications.
• Contract Performance: To provide and manage your account and Services.
• Legitimate Interests: For fraud prevention, service improvement, and communication about your use of our Services.
• Legal Obligations: To comply with KYC, NDPR, and other regulatory requirements.

6.0 How We Disclose Your Personal Data

We may share your data with:

• Trusted third-party service providers (e.g., payment processors, KYC verification services, fraud prevention agencies) to deliver our Services.
• Regulatory authorities, as required by law for KYC compliance or other legal obligations.
• Hosting, cloud, and IT service providers to support our infrastructure.

Third parties process data only under our instructions and in compliance with applicable laws. We do not share your data for marketing purposes.

7.0 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, remember preferences, and analyze usage. Cookies do not collect personal data and are deleted after your session. Third-party services (e.g., analytics providers) may use cookies to improve their services. You can accept or refuse cookies via your browser settings, but refusing may limit some features.

8.0 Your Rights and Control Over Your Data

Under the NDPR and other applicable laws, you have the right to:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data, subject to legal retention requirements.
• Objection: Object to processing based on legitimate interests.
• Data Portability: Receive or transfer your data in a structured format.
• Withdraw Consent: Revoke consent for data processing, without affecting prior lawful processing.

To exercise these rights, contact our Data Protection Officer at privacy@fustpay.site. If you choose not to provide certain data (e.g., BVN, NIN), you may be unable to use some features. You may also lodge a complaint with a data protection supervisory authority, though we encourage you to contact us first.

9.0 Children's Privacy

Our Services are intended for users 18 and older. We do not knowingly collect data from minors. If we become aware of such data, we will delete it. If you believe we have collected data from a child under 18, contact us at privacy@fustpay.site.

10.0 Data Security

We use industry-standard measures, including TLS encryption for data in transit and AES-256 encryption for data at rest, to protect your data from unauthorized access, disclosure, or loss. We comply with Payment Card Industry Data Security Standards (PCI DSS) for financial data and NDPR for personal data. No transmission or storage method is 100% secure, but we strive to use commercially acceptable protections. Never share your PIN, OTP, or card details via email, SMS, or phone calls.

11.0 International Data Transfers

Your data may be stored or processed outside Nigeria, such as in data centers in the United States. We ensure appropriate safeguards, such as standard contractual clauses, to protect your data in accordance with NDPR and other applicable laws.

12.0 Links to Other Sites

Our Services may contain links to third-party sites not operated by FustPay. We are not responsible for their privacy practices. We recommend reviewing their privacy policies.

13.0 Class Action Waiver

You and FustPay agree that any disputes will be resolved on an individual basis, not as a class, representative, or collective action. No proceeding will be joined or consolidated without the prior written consent of all parties. “Dispute” includes any legal claims related to this Policy, our Services, or your data, as permitted by law.

14.0 Changes to This Privacy Policy

We may update this Policy to reflect changes in our Services or legal requirements. We will revise the “Last Updated” date and provide notice or obtain consent for material changes as required by law. Continued use of our Services after updates indicates your acceptance of the revised Policy.

15.0 Contact Us

For questions, concerns, or to exercise your data rights, contact our Data Protection Officer at privacy@fustpay.site