Midupay Privacy Notice
Last Updated: July 17, 2025
Introduction
Welcome to Midupay. This Privacy Notice explains how Midupay (“we,” “us,” or “our”), as the data controller, collects, uses, discloses, and protects your personal data when you use our payment processing services, mobile app, website, or any related features (collectively, the “Services”). We are committed to protecting your privacy and handling your data in accordance with applicable laws, including the Nigeria Data Protection Act 2023 (NDPA), the General Data Protection Regulation (GDPR) where applicable, the California Consumer Privacy Act (CCPA), and other relevant data protection regulations.
Our contact details as the data controller are: Midupay Privacy Team, Email: contact@midupay.com.
By using our Services, you consent to the practices described in this Privacy Notice. If you do not agree, please do not use the Services. Providing your personal data is necessary for us to provide the Services (e.g., processing payments); failure to provide it may result in inability to use certain features.
Information We Collect
We collect various types of personal data to provide and improve our Services. Personal data means any information relating to an identified or identifiable natural person.
– Personal Information: This includes data that can identify you, such as your name, email address, phone number, billing address, and government-issued identification for verification purposes in financial transactions.
– Financial Information: Transaction details, payment history, wallet balances, and payment method details (e.g., credit/debit card numbers, bank account information) to facilitate payments and transfers.
– Device and Usage Information: IP address, browser type, device identifiers, operating system, app usage data, and location data (if enabled).
– Cookies and Tracking Data: Information from cookies, web beacons, and similar technologies about your interactions with our Services, such as pages visited and time spent.
– Third-Party Information: Data from partners, such as banks or payment processors, to verify transactions or comply with anti-fraud measures.
We only collect information that is necessary for providing our Services or as required by law. Data is sourced directly from you, automatically through our Services, or from third parties as described.
How We Collect Information
– Directly from You: When you register an account, make a payment, update your profile, or contact support.
– Automatically: Through cookies, logs, and analytics tools when you interact with our app or website.
– From Third Parties: From financial institutions, service providers, or public sources for verification and compliance.
Lawful Basis for Processing
We process your personal data based on one or more of the following lawful bases under the NDPA and other applicable laws:
– Your consent (e.g., for marketing or optional features).
– Performance of a contract (e.g., processing payments).
– Compliance with legal obligations (e.g., anti-money laundering regulations).
– Legitimate interests (e.g., fraud prevention, service improvement), provided these do not override your rights.
How We Use Your Information
We use your personal data to:
– Process payments, transfers, and transactions efficiently.
– Verify your identity and prevent fraud, money laundering, or other illegal activities.
– Provide customer support and respond to inquiries.
– Improve our Services through analytics and personalization.
– Process de-identified transactional information using third-party AI services, for AI-driven analysis and service optimization. We do not send personal information to these services; all data is de-identified before processing to ensure anonymity.
– Comply with legal obligations, such as tax reporting or regulatory requirements.
– Send marketing communications (with your consent, where required).
Sharing of Information
We may share your personal data with:
– Service Providers: Third-party vendors for payment processing (e.g., banks, card networks), hosting, analytics, and security.
– AI Service Providers: We share de-identified transactional information with third-party AI providers, for processing and analysis as described above. No personal information is shared; data is anonymized prior to transfer.
– Legal and Regulatory Authorities: To comply with laws, subpoenas, or audits, including the Nigeria Data Protection Commission (NDPC).
– Business Partners: For joint services or in the event of a merger/acquisition.
We do not sell your personal data to third parties. All sharing is limited to what is necessary and protected by appropriate contracts.
Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this Notice, or as required by law (e.g., 7 years for financial records under Nigerian regulations). After this period, data is securely deleted or anonymized.
Data Security
We implement industry-standard security measures, including encryption, firewalls, access controls, and regular audits, to protect your data from unauthorized access, loss, or misuse. Payment information is handled in compliance with PCI DSS standards and NDPA requirements. In the event of a data breach, we will notify affected individuals and the NDPC within 72 hours where required.
However, no system is completely secure, and we cannot guarantee absolute security.
Your Rights
Under the NDPA and other applicable laws, you have the following rights regarding your personal data:
– Right to access: Obtain confirmation of processing and a copy of your data.
– Right to rectification: Correct inaccurate or incomplete data.
– Right to erasure (“right to be forgotten”): Delete your data in certain circumstances.
– Right to restriction: Limit processing under specific conditions.
– Right to object: Oppose processing based on legitimate interests or for direct marketing.
– Right to data portability: Receive your data in a structured format and transfer it to another controller.
– Right to withdraw consent: At any time, without affecting prior processing.
– Right not to be subject to automated decision-making: Including profiling, unless necessary for the contract or consented to.
To exercise these rights, contact us at privacy@midupay.com. We will respond within 30 days (extendable under NDPA). You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at [NDPC contact details].
Cookies and Tracking Technologies
We use cookies for functionality, analytics, and advertising. You can manage preferences via your browser settings. For more details, see our Cookie Policy.
International Data Transfers
Your data may be transferred to and processed outside Nigeria, such as to the United States (e.g., for AI processing with xAI). We ensure such transfers comply with NDPA requirements through safeguards like Standard Contractual Clauses, binding corporate rules, or adequacy decisions by the NDPC.
Contact Us
For questions, concerns, or to exercise your rights, email us at contact@midupay.com