Contents
1. Introduction 2. Data we collect 3. How we use your data 4. Legal basis 5. Data sharing 6. Data security 7. Data retention 8. Your rights 9. Cookies & tracking 10. Third-party links 11. Children's privacy 12. Changes to this policy 13. Contact & complaints
Your privacy matters to us. This policy explains what personal data we collect, why we collect it, how we protect it, and the choices you have. We only collect what we need to provide you with the best bill payment experience.

1 Introduction

Billsaver Technologies Limited ("Billsaver," "we," "us," "our") is committed to protecting the privacy and personal data of all users of our Platform. This Privacy Policy explains how we collect, process, store, and protect personal data in connection with your use of our mobile application, website (billsaver.ng), and related services.

This policy is prepared in compliance with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), the Central Bank of Nigeria Consumer Protection Framework, and other applicable Nigerian laws.

By using Billsaver, you consent to the collection and use of your personal data as described in this policy. If you do not agree, please discontinue use of the Platform.

2 Data We Collect

2.1 Data you provide directly

Data typeExamplesWhen collected
Identity dataFull name, date of birth, NIN, BVN (for KYC)Registration / verification
Contact dataPhone number, email addressRegistration
Financial dataBank account number, card details (tokenized)Wallet funding / withdrawal
Transaction dataAmount, service type, recipient number, timestampEvery transaction
Support dataMessages, complaint details, call recordingsCustomer support interactions

2.2 Data collected automatically

  • Device information (model, OS version, device ID);
  • IP address and approximate location (city/state level);
  • App usage data (screens visited, features used, session duration);
  • Crash reports and performance data;
  • Push notification preferences and delivery data.

2.3 Data from third parties

We may receive identity verification data from licensed KYC providers, fraud detection data from security partners, and network confirmation data from telecoms operators to verify transactions.

3 How We Use Your Data

We use your personal data for the following purposes:

  • To deliver our services — processing bill payments, delivering tokens and confirmations, and crediting cashback to your wallet;
  • To verify your identity — KYC compliance as required by CBN regulations;
  • To process payments — securely facilitating transactions with financial institutions;
  • To prevent fraud — detecting, investigating, and preventing fraudulent transactions and account misuse;
  • To communicate with you — transaction notifications, support responses, and service updates;
  • To improve our platform — analysing usage patterns to enhance features and performance;
  • To comply with legal obligations — regulatory reporting to CBN, EFCC, and other authorities as required by law;
  • To send marketing communications — promotional offers and cashback updates, with your consent.

4 Legal Basis for Processing

Under the Nigeria Data Protection Act 2023, we process your personal data based on one or more of the following lawful bases:

  • Contractual necessity — processing required to deliver our services to you;
  • Legal obligation — compliance with CBN, NDPR, AML/CFT, and other regulatory requirements;
  • Legitimate interests — fraud prevention, security, and platform improvement;
  • Consent — marketing communications and non-essential cookies (you may withdraw at any time).

5 Data Sharing

We do not sell your personal data. We share your data only in the following circumstances:

  • Service providers — payment processors, identity verification providers, cloud hosting providers, and customer support platforms, all bound by data processing agreements;
  • Network operators — telecom companies and DISCOs, as necessary to complete your transactions;
  • Regulatory authorities — CBN, EFCC, NFIU, and other authorities where disclosure is required by law;
  • Law enforcement — where required by valid court order or lawful request;
  • Business transfers — in the event of a merger, acquisition, or sale of assets, subject to confidentiality protections and notification to you.

All third-party processors are contractually required to handle your data in compliance with the NDPA 2023 and our security standards.

6 Data Security

We implement industry-standard technical and organizational security measures to protect your personal data, including:

  • AES-256 encryption for data at rest;
  • TLS 1.3 encryption for all data in transit;
  • Tokenization of payment card details — we never store raw card numbers;
  • Multi-factor authentication for account access;
  • Regular penetration testing and security audits;
  • Role-based access controls for staff accessing personal data;
  • Incident response procedures in compliance with NDPA notification requirements.

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach.

7 Data Retention

We retain your personal data for as long as necessary to provide our services and comply with our legal obligations:

  • Account data — retained for the duration of your account plus 5 years after closure, in line with CBN record-keeping requirements;
  • Transaction records — retained for 7 years as required by Nigerian financial regulations;
  • KYC documents — retained for 5 years from the last transaction, per AML/CFT regulations;
  • Marketing data — retained until you withdraw consent or unsubscribe;
  • Support records — retained for 3 years from the date of resolution.

After retention periods expire, data is securely deleted or anonymized.

8 Your Rights

Under the Nigeria Data Protection Act 2023, you have the following rights regarding your personal data:

Right of access
Request a copy of the personal data we hold about you.
Right to rectification
Ask us to correct inaccurate or incomplete data.
Right to erasure
Request deletion of your data, subject to legal retention obligations.
Right to object
Object to processing based on legitimate interests or for direct marketing.
Right to portability
Receive your data in a structured, machine-readable format.
Right to withdraw consent
Withdraw consent for marketing or non-essential processing at any time.

To exercise any of these rights, contact our Data Protection Officer at privacy@billsaver.ng. We will respond within 30 days. Some rights may be limited where we are required to retain data by law.

9 Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your experience. We use:

  • Essential cookies — required for the website to function (cannot be disabled);
  • Analytics cookies — to understand how visitors use our website (with your consent);
  • Marketing cookies — to show you relevant advertisements (with your consent).

You can manage your cookie preferences at any time through the cookie settings on our website or your browser settings. Note that disabling certain cookies may affect website functionality.

10 Third-Party Links

Our Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit. This Policy applies only to data collected by Billsaver.

11 Children's Privacy

Billsaver's services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16 without verified parental consent. If we become aware that we have collected data from a child under 16 without consent, we will delete it promptly. If you believe we have inadvertently collected such data, please contact privacy@billsaver.ng.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via in-app notification and/or email at least 14 days before the changes take effect. We encourage you to review this Policy periodically. The "Last updated" date at the top of this page reflects the most recent revision.

13 Contact & Complaints

If you have questions about this Privacy Policy or our data practices, please contact our Data Protection Officer:

  • Email: privacy@billsaver.ng
  • Post: Data Protection Officer, Billsaver Technologies Limited, [Address], Lagos, Nigeria

If you are unsatisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at www.ndpc.gov.ng.