Privacy Policy

Myraba Technologies Ltd is a Nigerian fintech company headquartered in Lagos, Nigeria. We operate the Myraba digital wallet platform, which provides peer-to-peer money transfers, savings products, thrift group management, gift transfers, bill payments, and related financial services to individuals and small businesses in Nigeria.

For all data protection enquiries, contact us at hello@myraba.com.

We collect the following categories of personal data:

• Identity data: Full legal name, date of birth, gender, and profile photograph.
• Contact data: Mobile phone number, email address, and home or business address.
• Verification data: Masked BVN or NIN submitted for KYC. The full number is transmitted directly to our licensed verification partner (Dojah) and is never stored by Myraba. We store only the masked reference and the verification outcome.
• Financial data: Wallet balance, transaction history, savings pots, thrift group participation, vault positions, gift transaction records, and bill payment history.
• Account credentials: Hashed password (we never store your plain-text password), MyrabaTag (your unique in-app handle), and staff ID where applicable.
• Device and technical data: Device model, operating system version, app version, IP address, network type, and approximate location (city-level only, derived from IP).
• Usage data: Features accessed, screens viewed, actions taken within the app, and timestamps of activity.
• Communications data: Messages sent via our in-app support channel, and any correspondence you send us by email.
• Business data (if applicable): Business name, business handle, payment link configurations, and payroll recipient details.
• Referral data: Your referral code and the referral code of the person who invited you, if any.

We collect your information in the following ways:

• Directly from you: When you register, complete KYC, update your profile, initiate transactions, or contact support.
• Automatically: Through the app as you use our Services — transaction data, device data, and usage logs are generated and collected automatically.
• From third parties: KYC outcome data from Dojah; payment status data from Flutterwave; bill payment confirmations from VTpass.
• From other users: When another Myraba user sends you money, creates an IOU with your handle, adds you to a bill split, or includes you in a thrift group.

We use your personal data for the following purposes:

• To create, maintain, and secure your Myraba account and wallet.
• To process transfers, bill payments, thrift contributions, gift transactions, vault deposits and withdrawals, and all other transactions you initiate.
• To verify your identity in compliance with CBN Know-Your-Customer (KYC) and Anti-Money Laundering (AML) requirements.
• To apply AML transaction monitoring, detect fraud, and prevent unauthorized access to your account.
• To deliver one-time passwords (OTPs), account alerts, transaction confirmations, and security notifications.
• To calculate and credit overnight interest, round-up savings releases, and referral rewards.
• To operate thrift group mechanics including contribution scheduling, payout sequencing, and default resolution.
• To provide customer support and respond to enquiries and disputes.
• To enforce our Terms of Service and take action against prohibited or fraudulent accounts.
• To comply with our legal obligations under the Companies and Allied Matters Act, the Money Laundering (Prevention and Prohibition) Act 2022, and applicable CBN regulations.
• To share legally required reports with the CBN, EFCC, NFIU, or other regulatory bodies when obligated to do so.
• To improve our Services using aggregated, anonymised analytics — we never use individually identifiable data for analytics without a separate lawful basis.
• To send you in-app product updates, feature announcements, and promotional messages — you may opt out of marketing communications at any time in your profile settings.

We process your personal data on the following legal bases under the Nigeria Data Protection Act 2023 (NDPA):

• Contract performance: Processing necessary to provide the Services you have agreed to use.
• Legal obligation: KYC, AML reporting, and regulatory record-keeping required by Nigerian financial law.
• Legitimate interests: Fraud prevention, security monitoring, product improvement, and customer support.
• Consent: Marketing communications, optional analytics features, and any processing for which we explicitly request your consent. You may withdraw consent at any time.

We do not sell your personal data to any third party. We share it only in the following circumstances:

• Flutterwave: For processing external card funding and payment link payments.
• Dojah: For BVN and NIN identity verification. Only the data strictly necessary for verification is transmitted.
• VTpass: For processing airtime, data, electricity, cable, and betting bill payments.
• Resend: For delivering transactional emails including OTPs and account notifications.
• Cloudinary: For hosting and serving your profile photograph.
• Railway: Our cloud infrastructure provider on whose servers the Myraba backend and database operate.
• Regulatory authorities: The CBN, EFCC, NFIU, NDIC, or any other authority when we are legally required to report or disclose information.
• Law enforcement: When required by a valid court order, subpoena, or equivalent legal process under Nigerian law.
• Other Myraba users: Your MyrabaTag, display name, and profile photo are visible to other users when they search for you or when you are a party to a shared transaction (thrift group, bill split, IOU, gift).

All third-party service providers are subject to data processing agreements that prohibit them from using your data for any purpose other than fulfilling their service to Myraba.

Your data is stored on PostgreSQL databases hosted on Railway infrastructure (EU region). Profile images are hosted on Cloudinary (globally distributed CDN). All data in transit between your device and our servers is encrypted using TLS 1.2 or higher. Sensitive fields such as account numbers and OTP codes are encrypted at rest using AES-256.

Passwords are hashed using BCrypt and are never stored in recoverable form. Full BVN and NIN numbers are never stored by Myraba at any point.

We operate JWT-based stateless authentication with 24-hour token expiry. Failed login attempts trigger progressive delays. Suspicious activity triggers automatic account review.

Despite these measures, no digital system is 100% secure. In the event of a data breach that is likely to affect your rights, we will notify you and the relevant Nigerian regulatory authority within the timeframe required by the NDPA 2023.

We retain your personal data for as long as your account is active. After account closure, we retain records for a minimum of 7 years to comply with Nigerian financial regulations, including the Companies and Allied Matters Act and CBN record-keeping requirements.

Transaction logs and AML monitoring records are retained for 5 years from the date of the relevant transaction. OTP records are deleted within 24 hours of use or expiry. Support chat messages are retained for 2 years.

Under the Nigeria Data Protection Act 2023, you have the following rights:

• Right of access: Request a copy of all personal data we hold about you.
• Right to rectification: Ask us to correct any inaccurate or incomplete data.
• Right to erasure: Request deletion of your account and personal data. Note that we may be required to retain certain records by law even after deletion of your account.
• Right to data portability: Receive your transaction history in a structured, machine-readable format (CSV or JSON).
• Right to restrict processing: Ask us to pause processing of your data while a dispute or complaint is being resolved.
• Right to object: Object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent: Where we process data on the basis of consent, you may withdraw that consent at any time without affecting prior processing.
• Right to lodge a complaint: You may lodge a complaint with the National Information Technology Development Agency (NITDA) as Nigeria’s data protection authority.

To exercise any of these rights, send a written request to hello@myraba.com. We will acknowledge your request within 5 business days and respond in full within 30 days.

Myraba is strictly intended for persons aged 18 and above. We do not knowingly collect personal data from minors. Registration requires confirmation that you are 18 or older.

If you believe that a person under 18 has created a Myraba account, please contact us immediately at hello@myraba.com. We will investigate and, if confirmed, delete the account and all associated data promptly.

The Myraba mobile app does not use browser cookies. Our website (myraba.com) uses only strictly necessary technical cookies for security and navigation — no advertising trackers, no third-party analytics pixels, and no cross-site tracking technologies are used on our website.

We do not participate in any behavioural advertising or retargeting programmes. We do not share website visitor data with advertising platforms.

With your permission, the Myraba app may send you push notifications for transaction alerts, thrift group updates, and product announcements. You may withdraw permission for push notifications at any time through your device settings without affecting your ability to use the app.

Your data is primarily stored within the EU (Railway infrastructure). Some service providers — including Cloudinary (US-based CDN), Dojah, and Resend — may process your data outside Nigeria. Where this occurs, we ensure that appropriate safeguards are in place, including contractual clauses consistent with the requirements of the NDPA 2023 and the Nigeria Data Protection Regulation.

Certain decisions in the Myraba platform are made in a fully or partially automated way, including:

• AML transaction monitoring that may flag or temporarily hold a transaction pending manual review.
• Account suspension triggered by automated fraud detection rules.
• Thrift default classification based on missed contribution thresholds.

You have the right to request human review of any automated decision that significantly affects you. Contact us at hello@myraba.com to request a manual review.

The Myraba app may contain links to third-party websites or services (e.g., the Google Play Store, external bill payment portals). We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party service you use.

You are responsible for keeping your login credentials, PIN, and device secure. Do not share your password or OTP with anyone — Myraba staff will never ask for your password or OTP. If you believe your account has been compromised, contact us immediately at hello@myraba.com and change your password immediately.

We may send you in-app notifications and email messages about new features, promotions, and product updates. You may opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email or by contacting us at hello@myraba.com. Opting out of marketing does not affect transactional communications such as OTPs and transaction confirmations.

We may use aggregated, anonymised data derived from your activity (for example, platform-wide transaction volumes, feature usage rates) for research, reporting, and product improvement purposes. This data cannot be used to identify you individually and is not subject to this Privacy Policy.

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or best practices. When we make material changes, we will notify you through the app and update the “Effective date” at the top of this page. The updated policy will take effect 14 days after we notify you. Your continued use of our Services after the effective date constitutes acceptance of the revised policy.

We encourage you to review this policy periodically. Previous versions are available upon request.

If you have any questions, concerns, or complaints about this Privacy Policy or the way we handle your personal data, please contact us:

• Email: hello@myraba.com
• Company: Myraba Technologies Ltd
• Address: Lagos, Nigeria

If you are not satisfied with our response, you have the right to escalate your complaint to the National Information Technology Development Agency (NITDA) at nitda.gov.ng.