Legal

Privacy Policy

Last updated: May 2026

1. Introduction

Bridgenetic Modern Payment Infrastructure ("Bridgenetic," "we," "our," or "us") is committed to protecting the privacy and security of your personal and business information. This Privacy Policy explains how we collect, use, store, share, and protect information when you access or use our payment infrastructure platform, APIs, website, and related services (collectively, the "Services").

This policy is drafted in compliance with the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act (NDPA) 2023, and other applicable data protection laws. By using our Services, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

When you register for an account, complete KYC verification, or use our Services, we may collect:

  • Business Information: Business name, registration number (CAC), business type, category, address, and contact details.
  • Personal Information: Full name, email address, phone number, date of birth, Bank Verification Number (BVN), and government-issued identification documents.
  • Financial Information: Bank account details, transaction history, wallet balances, and payment records.
  • Technical Information: API keys, webhook URLs, integration configurations, and developer credentials.

2.2 Information Collected Automatically

When you interact with our platform, we automatically collect:

  • Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Usage Data: Pages visited, features used, API calls made, timestamps, session duration, and navigation patterns.
  • Transaction Data: Payment amounts, transaction references, payer information, provider responses, and settlement details.
  • Log Data: API request/response logs, webhook delivery records, error logs, and system events.

2.3 Information from Third Parties

We may receive information from:

  • Payment providers and banking partners (transaction confirmations, account verification).
  • Identity verification services (KYC validation results).
  • Regulatory bodies and law enforcement agencies (as required by law).

3. How We Use Your Information

We process your information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our payment infrastructure services, process transactions, and manage your merchant account.
  • Identity Verification: To comply with KYC/AML regulations, verify your identity, and prevent fraud.
  • Communication: To send transaction notifications, service updates, security alerts, and respond to your inquiries.
  • Security: To detect, prevent, and investigate fraud, unauthorized access, and other illegal activities.
  • Compliance: To comply with legal obligations, regulatory requirements, and respond to lawful requests from authorities.
  • Analytics: To analyze usage patterns, generate reports, and improve platform performance and user experience.
  • Support: To provide customer support, troubleshoot issues, and resolve disputes.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under the NDPA 2023:

  • Consent: Where you have given explicit consent for specific processing activities.
  • Contractual Necessity: Where processing is necessary to perform our obligations under the Terms of Service.
  • Legal Obligation: Where processing is required to comply with applicable laws and regulations (CBN directives, AML/CFT requirements).
  • Legitimate Interest: Where processing is necessary for our legitimate business interests, provided such interests do not override your fundamental rights.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

  • Banking Partners: To facilitate virtual account creation, payment processing, and fund settlements (e.g., Sterling Bank, Wema Bank).
  • Payment Providers: To process transactions and verify payment status through our integrated provider network.
  • Identity Verification Services: To validate KYC documents and perform background checks as required by regulation.
  • Regulatory Authorities: When required by law, court order, or regulatory directive (CBN, NDPC, EFCC, or other competent authorities).
  • Service Providers: Trusted third-party vendors who assist in operating our platform (hosting, email delivery, analytics), bound by strict confidentiality agreements.
  • Legal Proceedings: When necessary to establish, exercise, or defend legal claims.

6. Data Security

We implement robust technical and organizational measures to protect your information, including:

  • End-to-end encryption for data in transit (TLS 1.2+) and at rest (AES-256).
  • Secure API authentication using Bearer tokens with scoped permissions.
  • Regular security audits, penetration testing, and vulnerability assessments.
  • Access controls with role-based permissions and multi-factor authentication for administrative access.
  • Automated monitoring and alerting for suspicious activities and unauthorized access attempts.
  • Secure data centers with physical security controls and redundancy.

While we employ industry-standard security measures, no system is completely immune to breaches. In the event of a data breach that poses a risk to your rights, we will notify you and the Nigeria Data Protection Commission (NDPC) within 72 hours as required by law.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, and resolve disputes. Specifically:

  • Account Data: Retained for the duration of your account and for 6 years after closure (as required by CBN regulations).
  • Transaction Records: Retained for a minimum of 6 years in compliance with financial record-keeping requirements.
  • KYC Documents: Retained for 5 years after the business relationship ends, as mandated by AML/CFT regulations.
  • API Logs: Retained for 90 days for debugging and security purposes, then archived or deleted.
  • Marketing Data: Retained until you withdraw consent or unsubscribe.

8. Your Rights

Under the NDPA 2023 and NDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restrict Processing: Request limitation of how we process your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Withdraw previously given consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact our Data Protection Officer at the address provided below. We will respond to your request within 30 days.

9. Cookies and Tracking Technologies

We use essential cookies and similar technologies to:

  • Maintain your session and authentication state.
  • Remember your preferences and settings.
  • Ensure platform security and prevent fraud.
  • Analyze platform usage and performance.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

10. International Data Transfers

Your data is primarily stored and processed within Nigeria. Where data transfer outside Nigeria is necessary (e.g., cloud infrastructure, third-party services), we ensure adequate safeguards are in place through contractual clauses, data processing agreements, and compliance with NDPA cross-border transfer requirements.

11. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email or prominent notice on our platform at least 14 days before taking effect. The "Last Updated" date at the bottom indicates when this policy was last revised.

13. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this policy and applicable data protection laws. For any privacy-related inquiries, requests, or complaints, please contact:

If you are unsatisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).

Last updated: May 2026