Legal

Privacy Policy

How we collect, use, protect, and share your information when you create an account, use the app, and interact with our login flows.

Last updated: December 10, 2025

Quick Summary

We collect account details, bank-connection data, usage signals, and communications you send us.
We use this to run the product, secure accounts, improve features, and meet legal obligations.
We share data with vendors, banks, and regulators as needed, under protection commitments.
You can request access, correction, deletion, or opt out of marketing subject to legal limits.

Account data: name, email, phone number, password/OTP metadata, and verification status.
Identity/KYC: IDs or documents you submit to satisfy regulatory checks.
Bank connections: account identifiers, balances, transaction metadata, and consents provided through supported banks/aggregators.
Usage and device: app interactions, logs, approximate location (from IP), device and browser info for security.
Communications: messages with support, feedback, and marketing preferences.

Provide the service: enable login, bank linking, transfers, bill payments, and AI-powered insights.
Security and fraud defense: detect risky logins, monitor anomalies, and protect accounts.
Comms: send confirmations, product updates, support responses, and consented marketing.
Product improvement: analytics, quality checks on AI responses, and troubleshooting.
Compliance: satisfy legal, regulatory, and audit requirements (e.g., AML/CFT).

Contract: to deliver the app features you request.
Consent: for bank connections, marketing, certain cookies, and optional data sharing.
Legitimate interest: service reliability, security, and improving the experience.
Legal obligation: financial reporting, AML/CFT, and responding to lawful requests.

Service providers: cloud, analytics, customer support, communications, and security vendors under data protection terms.
Banking and payment partners: to process transfers, bill payments, and account linking you initiate.
Regulators and law enforcement: when legally required or to protect against fraud and abuse.
Business changes: as part of a merger, acquisition, or asset transfer with notice where required.

Keep data while your account is active and as needed for service, security, and compliance.
Shorten or de-identify logs where possible; archive records required by finance and AML rules.

Encryption in transit, least-privilege access, audit logging, and environment hardening.
You are responsible for keeping login factors (codes, device access) safe. No system is 100% secure.

Data may be processed outside your country. We use contractual safeguards where required and choose vetted vendors.

Access, correct, or delete your data; withdraw consent; and object to or restrict certain processing.
Opt out of marketing at any time. Some requests may be limited by law or security needs.

We use necessary cookies for login and security, and with consent, analytics to improve the product.
Manage preferences in your browser or device settings; disabling may affect features.

The service is not directed to children under 18 and we do not knowingly collect their data.

We will update this policy when practices change. We will post the new date and, for material updates, provide notice.

Questions or requests? Email hello@eureka.ng.