Who We Are
Paytogeda is a platform that enables group savings, project-based contributions, artisan engagement, and payments. Controller/Operator: Paytogeda Technologies Ltd. (or your operating entity). Registered address: 8, General Gas Junction, Akobo, Ibadan. Data Protection Officer (DPO): Email: info@paytogeda.com.
For EU/UK users, Paytogeda acts as a data controller for account data and a data processor for certain project/workspace data as instructed by project owners.
Scope
This Policy applies to information we collect when you access or use our Services, create an account, make payments, scan QR codes, participate in projects, apply as an artisan, or interact with us. It does not apply to third-party websites, services, or apps that may be linked from our Services.
Data We Collect
Information you provide
- Profile data (e.g., full name, email, phone, address, location, skills, social links).
- Identity & compliance data (e.g., BVN, Account Details) where required by law or our payment partners.
- Project & contribution data (e.g., project titles, descriptions, targets, group links, visibility, bids, votes, comments, ratings).
- Financial interactions (e.g., contributions, withdrawals, virtual account details, transaction references, receipts).
- Support requests, survey responses, and communications with us.
- Content you upload (e.g., profile images, project photos). Images may be stored in cloud storage.
Information collected automatically
- Usage data (e.g., app activity, page views, button taps, feature usage, referral URLs).
- Device & log data (e.g., IP address, device identifiers, browser type, OS, timestamps, error logs).
- Location data (approximate from IP, and precise if you grant permission).
- Cookies and similar technologies (see Cookies).
Information from third parties
- Payment partners (e.g., status of payments, chargebacks, account verifications).
- Authentication providers (e.g., email verification status, password reset events).
- Security and fraud-prevention providers.
How We Use Information
- Provide, maintain, and improve the Services (including group savings, contributions, artisan marketplace, receipts, and QR features).
- Facilitate payments, virtual accounts, and payouts; verify identity; meet KYC/AML obligations.
- Personalize content, show project recommendations, and remember preferences.
- Communicate with you about your account, transactions, security alerts, and updates.
- Monitor, detect, and prevent fraud or abuse; secure accounts and our infrastructure.
- Comply with legal obligations and enforce agreements and policies.
- Conduct analytics, research, and product development.
- With your consent, send marketing communications (you can opt out anytime).
Legal Bases (GDPR/UK GDPR) & Nigerian NDPA
Where applicable, we process your data under the following legal bases:
- Contract: To provide the Services you request.
- Legitimate interests: To secure and improve our Services, prevent fraud, and support customer service, balanced against your rights.
- Consent: For optional features such as marketing emails, precise location, or certain cookies. You may withdraw consent at any time.
- Legal obligation/public interest: To meet financial, tax, KYC/AML, and law-enforcement requirements.
For residents of Nigeria, we align with the Nigerian Data Protection Act (NDPA) 2023 and applicable regulations, including principles of lawfulness, fairness, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality, and accountability.
Payments & Financial Data
Payments on Paytogeda may be facilitated by third-party payment processors and banking partners (e.g., for virtual accounts). Your payment details are processed and stored by such partners according to their own policies. We receive limited information necessary to confirm transactions, prevent fraud, and provide receipts. For payouts and compliance, we may collect identity information as required by law.
Virtual accounts & QR codes: When you create or use virtual accounts or payment QR codes, we may process related identifiers and transaction metadata to route payments and update project records.
Analytics, Ads & Third-Party Services
We may use analytics to understand how the Services are used and to improve them. Third-party providers may set their own cookies. We encourage you to review their policies.
- Cloud & database services (e.g., real-time database, storage, authentication, hosting)
- Payment gateways and banking partners
- Error monitoring and performance tools
- Optional marketing and communication tools (only with consent where required)
How We Protect Your Information
We implement administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit, access controls, secure development practices, and regular reviews. No system is 100% secure; we encourage you to use strong passwords and enable available security features (e.g., 2FA/biometrics).
If we become aware of a data incident that affects your rights and freedoms, we will notify you and regulators as required by applicable law.
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, including providing the Services, complying with legal obligations, resolving disputes, and enforcing agreements. Retention periods vary by data category and applicable law. We may anonymize data for research and analytics.
International Data Transfers
Your data may be transferred to and processed in countries other than your own, where data protection laws may differ. Where required, we implement appropriate safeguards for cross-border transfers (e.g., Standard Contractual Clauses, adequacy decisions) and ensure processors provide adequate protection.
Your Privacy Rights
Depending on your location, you may have the following rights:
- Access, rectify, or update your personal data.
- Delete your data (subject to legal or contractual obligations).
- Object to or restrict certain processing.
- Data portability.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with a supervisory authority.
Nigeria (NDPA): You may raise concerns with the Nigeria Data Protection Commission (NDPC). EU/UK: You may contact your local Data Protection Authority. California: You may exercise rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of certain sharing.
To exercise your rights, please contact us at info@paytogeda.com. We may ask you to verify your identity before responding.
Children’s Privacy
Our Services are not directed to children under the age of 13 (or the relevant age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete such information.
Changes to This Policy
We may update this Policy from time to time. If we make material changes, we will notify you by email, in-app notice, or by posting a prominent notice on our website, and update the “Last updated” date above. Your continued use of the Services after changes become effective signifies your acceptance of the revised Policy.
Contact Us
If you have questions about this Policy or our data practices, contact our Data Protection Officer:
- Email: info@paytogeda.com
- Address: 8, General Gas Junction, Akobo, Ibadan
When contacting us, please do not include sensitive information (e.g., full payment card details) in your message.