Privacy Policy

We collect information to provide and improve our services. This includes: Personal Information: Name, email address, phone number, date of birth, government-issued ID, and proof of address when you create an account or complete KYC verification. Financial Information: Bank account details, mobile money wallet numbers, transaction history, and payment information necessary to process your transactions. Device & Usage Data: IP address, device type, browser type, operating system, referring URLs, pages visited, and interaction patterns to enhance security and user experience. Communication Data: Records of your correspondence with us through email, chat, or phone for quality assurance and dispute resolution.

We use collected information for the following purposes: • Service Delivery: To process payments, transfers, bill payments, and other financial transactions. • Identity Verification: To comply with KYC/AML regulations and prevent fraud. • Account Management: To maintain your account, manage preferences, and provide customer support. • Security: To detect, prevent, and respond to fraud, unauthorized access, and other illegal activities. • Communication: To send transaction confirmations, security alerts, policy updates, and marketing (with your consent). • Improvement: To analyze usage patterns, improve our platform, and develop new features. • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

We do not sell your personal information. We may share your data with: • Payment Partners: Banks, mobile money operators, and payment processors necessary to complete your transactions. • Regulatory Authorities: Central Bank of Nigeria (CBN), financial regulators, and law enforcement when required by law. • Service Providers: Cloud hosting, analytics, customer support, and security providers under strict data processing agreements. • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We require all third parties to respect the security of your personal data and treat it in accordance with applicable law.

We implement industry-leading security measures to protect your information: • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256). • PCI DSS Compliance: We maintain Level 1 PCI DSS certification for handling card data. • ISO 27001: Our information security management system is ISO 27001 certified. • Access Controls: Role-based access with multi-factor authentication for all internal systems. • Monitoring: 24/7 real-time threat monitoring and intrusion detection systems. • Regular Audits: Annual third-party security assessments and penetration testing.

We retain your personal information for as long as necessary to: • Provide our services and maintain your account. • Comply with legal and regulatory retention requirements (minimum 5 years for financial records). • Resolve disputes and enforce our agreements. When you close your account, we will securely delete or anonymize your data within 90 days, except where retention is required by law.

Depending on your jurisdiction, you may have the following rights: • Access: Request a copy of the personal data we hold about you. • Correction: Request correction of inaccurate or incomplete data. • Deletion: Request deletion of your personal data (subject to legal requirements). • Portability: Request a machine-readable copy of your data. • Objection: Object to certain processing activities, including direct marketing. • Restriction: Request restriction of processing in certain circumstances. To exercise your rights, contact us at privacy@brillipay.com. We will respond within 30 days.

We use cookies and similar technologies for: • Essential Cookies: Required for authentication, security, and core platform functionality. • Analytics Cookies: To understand how our platform is used and improve user experience. • Preference Cookies: To remember your settings, language, and display preferences. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

As a pan-African platform, your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions, to protect your data during international transfers.

BrilliPay services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it immediately.

For privacy-related inquiries or to exercise your rights: Data Protection Officer Email: privacy@brillipay.com Address: 14 Kofo Abayomi Street, Victoria Island, Lagos, Nigeria Phone: +234 800 902 390 (274554) We will acknowledge your request within 48 hours and respond fully within 30 days.