Privacy Policy

1 Introduction

GiftyView ("we", "our", or "us") operates a mobile application and website that enables users in Nigeria and West Africa to trade gift cards, pay utility bills, and manage a digital wallet. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.

By creating an account or using GiftyView, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2 Information We Collect

We collect information you provide directly and information generated by your use of our services:

• Identity Information: Full name, date of birth, and government-issued ID (for KYC verification at higher account levels)
• Contact Information: Email address and mobile phone number
• Financial Information: Bank account details (for withdrawals), Bank Verification Number (BVN) for identity verification, wallet transaction history
• Gift Card Information: Images of gift cards you submit for sale, card codes (stored encrypted), brand and denomination details
• Profile Information: Profile photo, preferred currency, language settings
• Device & Technical Data: Device type, operating system, IP address, app version, device identifiers for push notifications
• Usage Data: Features accessed, transaction timestamps, search queries within the app, in-app behavior analytics
• Security Data: Encrypted transaction PIN hash, 2FA configuration (never stored in plain text), biometric authentication tokens (device-bound only)

3 How We Use Your Information

We use your personal information for the following purposes:

• Account Management: Creating and maintaining your account, verifying your identity, and authenticating your access
• Service Delivery: Processing gift card trades, bill payments, wallet funding, and withdrawals
• KYC & Compliance: Verifying your identity using BVN to comply with CBN (Central Bank of Nigeria) regulations and prevent fraud
• Communications: Sending transaction receipts, OTPs, security alerts, account notifications, and (with your consent) promotional offers
• Customer Support: Responding to your inquiries and resolving disputes
• Security & Fraud Prevention: Detecting, investigating, and preventing fraudulent transactions and unauthorized account access
• Product Improvement: Analyzing usage patterns to improve our app features and user experience
• Legal Obligations: Complying with applicable Nigerian laws, CBN regulations, and court orders

4 Information Sharing and Disclosure

We do not sell your personal data. We share information only in the following circumstances:

• Payment Processors: Paystack and Flutterwave receive your bank details and transaction amounts to process wallet funding and withdrawals. These providers are PCI-DSS compliant and governed by their own privacy policies.
• Bill Payment Providers: Reloadly and VTPass receive your beneficiary details (phone number, meter number, smart card number) to provision utility services.
• KYC Partners: Mono and Paystack Identity receive your BVN for identity verification as required by Nigerian financial regulations.
• Cloud Infrastructure: AWS stores encrypted data on servers in the EU West region. All data is encrypted at rest using AES-256 and in transit using TLS 1.2+.
• Email & SMS Providers: SendGrid (email) and Termii (SMS) are used solely for transactional communications — never for data mining.
• Legal Requirements: We may disclose your information if required by law, court order, or regulatory authority including CBN, EFCC, or NDPC.
• Business Transfers: If GiftyView is acquired or merges with another entity, your data may be transferred as part of that transaction. You will be notified in advance.

5 Data Security

We implement industry-standard security measures to protect your personal information:

• All passwords and PINs are hashed using bcrypt — we can never see your plaintext password
• Gift card codes are encrypted at rest using AES-256-GCM with keys managed by AWS KMS
• All API communication uses HTTPS with TLS 1.2 or higher
• Our database servers are not publicly accessible — only accessible from within our private cloud network
• We maintain detailed access logs and audit trails for all administrative actions
• Two-factor authentication is available and encouraged for all user accounts
• We undergo regular security audits and penetration testing

6 Data Retention

We retain your personal data for as long as your account is active. After account deletion:

• Transaction records are retained for 5 years as required by CBN regulations for financial institutions
• KYC documents (ID copies, selfies) are retained for 5 years post-account closure per AML regulations
• Gift card images are retained for 90 days post-review then archived for 1 additional year
• Profile data (name, email, phone) is deleted within 30 days of account closure unless legally required otherwise
• Communication logs (support tickets, emails) are retained for 2 years

7 Your Rights

Under the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act 2023, you have the following rights:

• Right of Access: Request a copy of all personal data we hold about you
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Deletion: Request deletion of your personal data (subject to legal retention obligations)
• Right to Object: Object to the processing of your data for marketing purposes at any time
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Withdraw Consent: Withdraw consent for any data processing based on consent without affecting the lawfulness of prior processing

To exercise any of these rights, contact our Data Protection Officer at privacy@giftyview.com with your full name and registered email. We will respond within 30 days.

8 Cookies and Tracking

Our website uses cookies and similar tracking technologies to improve your experience:

• Essential Cookies: Required for the website to function (authentication sessions, theme preference). Cannot be disabled.
• Analytics Cookies: Help us understand how visitors use our website (page views, user journeys). You can opt out.
• Marketing Cookies: Used to show relevant advertisements. You can opt out at any time.

The GiftyView mobile app does not use browser cookies. App analytics are collected through Firebase Analytics. You can opt out of analytics collection in your app settings under Profile → Privacy.

9 Children's Privacy

GiftyView's services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we discover that a user under 18 has created an account, we will immediately suspend the account and delete the associated data. If you believe a minor has registered, contact us at privacy@giftyview.com.

10 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Send an in-app notification to all registered users
• Email registered users at least 7 days before major changes take effect

Your continued use of GiftyView after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

11 Contact Our Data Protection Officer

For all privacy-related inquiries, requests, or concerns, contact our Data Protection Officer:

• Email: privacy@giftyview.com
• General Support: support@giftyview.com
• Security Issues: security@giftyview.com
• Response Time: Within 5 business days for general inquiries; within 30 days for formal data requests