← Back to Home

Privacy Policy

Last Updated: February 2025

NDPA 2023 Compliance

This Privacy Policy explains how GbamGbam collects, uses, and protects your personal data in compliance with the Nigeria Data Protection Act 2023 (NDPA).

1. Data We Collect

Personal Information

  • Phone Number: For account creation and OTP verification
  • Email Address: Optional, for account recovery and notifications
  • Nostr Public Key: If you link a decentralized identity

Usage Data

  • Transaction history (Esusu, Jobs, KCH)
  • Reputation score and verification status
  • Activity timestamps (login, last action)

Device Information

  • IP address (for security and consent tracking)
  • Device type and browser
  • Location data (approximate, for Nigeria market)

2. Legal Basis for Processing

Under the NDPA 2023, we process your data based on:

  • Consent: You explicitly agree when creating an account
  • Contract: To fulfill our service obligations
  • Legal Obligation: To comply with Nigerian laws
  • Legitimate Interest: For fraud prevention and security

3. How We Use Your Data

  • Provide and operate the GbamGbam platform
  • Facilitate Esusu group transactions and tracking
  • Enable job matching and reputation scoring
  • Send important service notifications
  • Prevent fraud and protect user security
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal data. We may share data only with:

  • Other Users: Phone number/identifier within Esusu groups
  • Payment Providers: Flutterwave for transaction processing
  • SMS/Email Services: Termii and Resend for verification
  • Legal Authorities: When required by Nigerian law

5. Data Security

We implement appropriate security measures including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure storage of sensitive information
  • Access controls and authentication
  • Regular security assessments

6. Your NDPA Rights

Under the NDPA 2023, you have the right to:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Portability: Receive your data in a structured format
  • Right to Object: Object to processing under certain conditions
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at legal@gbamgbam.ng

7. Data Retention

We retain your data for:

  • Active Accounts: While your account is active
  • Inactive Accounts: Up to 12 months after last activity
  • Legal Requirements: As required by Nigerian law

After 12 months of inactivity, you will receive a notification before data deletion.

8. Cookies and Tracking

We use cookies for:

  • Authentication and session management
  • Analytics and platform improvement
  • PWA functionality (service workers)

You can manage cookie preferences in your account settings.

9. Children's Privacy

GbamGbam is not intended for users under 18 years of age. We do not knowingly collect data from children.

10. Data Breaches

In the event of a data breach, we will notify affected users in plain language within 72 hours as required by the NDPA 2023.

11. Cross-Border Transfers

Your data is primarily stored in Nigeria. Any cross-border transfers comply with NDPA requirements and ensure adequate protection.

12. Third-Party Services

We use the following third-party services:

  • Flutterwave: Payment processing (Privacy Policy available)
  • Termii: SMS verification services
  • Resend: Email services

13. Contact Information

For privacy inquiries, contact:

14. Policy Updates

We will notify you of significant changes to this Privacy Policy via email or in-app notification. Continued use after changes constitutes acceptance.