Privacy Policy

Privacy Policy for biplify.com

Last Updated: June 29, 2025

1. Introduction

Welcome to biplify.com, operated by [Your Company Name, e.g., Biplify Technologies Inc.] ("biplify.com," "we," "us," or "our"). We are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website, mobile applications, and other services (collectively, our "Services").

Given the nature of our fintech services, we handle sensitive financial information. We understand the importance of safeguarding your data and are committed to complying with all applicable data protection laws, including the General Data Protection Regulation (GDPR) for our users in the European Union and European Economic Area, and other relevant privacy laws globally.

Please read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it. By accessing or using our Services, you agree to the collection and use of information in accordance with this policy.

2. Data Controller Contact Information

For the purposes of the GDPR, the data controller responsible for your personal data is:

[Your Company Name] [Your Company Address] [Your Company Email Address, e.g., privacy@biplify.com] [Your Company Phone Number (optional)]

Data Protection Officer (DPO): [If you have a DPO, provide their name or contact information here, e.g., Name/Title, Email: dpo@biplify.com. If not required, state: "A Data Protection Officer (DPO) has not been appointed for Biplify.com as we do not meet the criteria for mandatory appointment under Article 37 of the GDPR. However, all data privacy inquiries can be directed to [Your Company Email Address]."]

3. What Personal Data Do We Collect?

We collect various types of personal data to provide and improve our Services to you. The types of data we collect depend on how you interact with our Services and the specific services you use.

a. Data You Provide to Us Directly:

  • Identity Data: Full name, date of birth, gender, nationality, national identification numbers (e.g., NIN, Passport, Driver's License), utility bills for address verification.

  • Contact Data: Email address, postal address, phone number.

  • Financial Data: Bank account numbers, sort codes, credit/debit card details, payment transaction history, investment portfolio details, income information, salary slips, tax IDs.

  • Biometric Data: [If you use facial recognition, fingerprint scans for authentication, explicitly state this and describe its purpose, e.g., "Facial scan data for identity verification and secure login."].

  • Profile Data: Username, password, security questions, preferences, feedback, survey responses.

  • Communication Data: Records of your correspondence with us (e.g., via email, chat, phone calls).

  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties, and your communication preferences.

b. Data We Collect Automatically (via Cookies and Tracking Technologies): When you visit our website or use our mobile app, we may automatically collect certain information about your device, Browse actions, and patterns. This includes:

  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device type, device identifiers.

  • Usage Data: Information about how you use our website and Services, including pages viewed, time spent on pages, clickstream data, access times and dates, and unique device identifiers.

  • Location Data: [If you collect location data, state whether it's precise (GPS) or approximate (IP-based) and for what purpose, e.g., "Precise location data (with your explicit consent) for fraud prevention and local service delivery."].

For more details on how we use cookies and similar technologies, please refer to our [Link to your Cookie Policy].

c. Data We Receive from Third Parties: We may receive personal data about you from various third parties, including:

  • Identity Verification/KYC/AML Providers: [Name of providers, e.g., "Onfido," "VerifyMe"] to verify your identity and comply with anti-money laundering regulations.

  • Credit Reference Agencies: [Name of agencies, e.g., "Experian," "TransUnion"] for creditworthiness assessments.

  • Payment Processors: [Name of providers, e.g., "Stripe," "Paystack"] to process your transactions.

  • Service Providers: Analytics providers, advertising networks, search information providers.

  • Publicly Available Sources: Government registries, public databases.

4. How We Use Your Personal Data and Our Lawful Bases

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances and for the following purposes:

Purpose of Processing

Types of Data Involved

Lawful Basis for Processing (GDPR)

To Provide and Maintain Our Services: Managing your account, processing transactions, sending transaction notifications, facilitating payments, delivering requested financial products/services.

Identity, Contact, Financial, Profile, Usage

Performance of a contract with you.

To Verify Your Identity and Comply with Legal Obligations (KYC/AML): Preventing fraud, money laundering, and other financial crimes, fulfilling regulatory reporting requirements.

Identity, Contact, Financial, Biometric (if applicable)

Compliance with a legal obligation (e.g., anti-money laundering laws).

To Improve Our Services: Analyzing usage patterns, troubleshooting, data analysis, testing, research, statistical purposes, and product development.

Usage, Technical, Profile (often aggregated or anonymized)

Legitimate Interests (improving our services and user experience, running our business).

To Manage Our Relationship with You: Notifying you about changes to our terms or Privacy Policy, responding to your inquiries, customer support.

Identity, Contact, Profile, Communication

Performance of a contract with you; Compliance with a legal obligation; Legitimate Interests (keeping our records updated, responding to user queries).

For Security and Fraud Prevention: Detecting and preventing fraudulent activities, unauthorized access, cyber threats, and ensuring the security and integrity of our financial systems.

All categories of data may be used for security purposes.

Legitimate Interests (protecting our business and users from fraud and cyber threats); Compliance with a legal obligation.

To Deliver Relevant Marketing and Advertisements: Sending you information about products, services, or promotions that may be of interest to you, based on your preferences.

Contact, Profile, Usage, Marketing & Communications

Consent (where required by law, especially for direct marketing); Legitimate Interests (to develop our services and grow our business).

To Administer and Protect Our Business: Data analysis, testing, system maintenance, support, hosting of data, reporting.

Technical, Usage, Profile

Legitimate Interests (for running our business, provision of administration and IT services, network security, preventing fraud); Compliance with a legal obligation.

To Assess Your Creditworthiness (if applicable): Evaluating your eligibility for certain financial products or services.

Financial, Identity, Contact

Performance of a contract (pre-contractual steps); Legitimate Interests (assessing risk before providing financial services).

Automated Decision-Making/Profiling (if applicable): [If you use automated decision-making or profiling that produces legal or similarly significant effects on individuals (e.g., for credit scoring, fraud detection), you MUST describe this here.]

[Specify types of data used, e.g., Financial, Transaction, Identity, Usage]

Necessary for entering into, or performance of, a contract between you and us; Based on your explicit consent; Authorized by Union or Member State law to which we are subject and which lays down suitable measures to safeguard your rights.

Export to Sheets

5. How We Share Your Personal Data

We may share your personal data with the following categories of recipients:

  • Internal Third Parties: Other companies within our corporate group acting as joint controllers or processors, providing IT and system administration services, or undertaking reporting.

  • External Third-Party Service Providers:

    • Payment Processors: To facilitate transactions.

    • Identity Verification & KYC/AML Providers: To fulfill regulatory requirements.

    • Credit Reference Agencies: To assess creditworthiness (if applicable).

    • Cloud Hosting Providers: For data storage and infrastructure.

    • Analytics Providers: To understand website and app usage (e.g., Google Analytics).

    • Marketing and Advertising Partners: To deliver relevant ads and measure campaign performance.

    • Customer Support Platforms: To manage and respond to your inquiries.

    • Professional Advisers: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.

  • Regulators and Other Authorities: If required by law or in good faith belief that such action is necessary to comply with a legal obligation, protect our rights or property, or prevent harm.

  • Third Parties for Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity.

  • With Your Consent: We may share your personal data with third parties when you have given us explicit consent to do so.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. International Data Transfers

As we operate globally, your personal data may be transferred to, stored, and processed in countries outside of your own country of residence, including countries outside the European Economic Area (EEA), which may have different data protection laws than your country.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe (e.g., Standard Contractual Clauses).

  • Where providers are based in the US, we may transfer data to them if they are part of the Data Privacy Framework (previously Privacy Shield), which requires them to provide similar protection to personal data shared between the Europe and the US.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

7. Data Security

We have implemented robust technical and organizational security measures to protect your personal data from unauthorized access, accidental loss, disclosure, alteration, or destruction. These measures include:

  • Encryption: Data encryption both in transit (using TLS/SSL) and at rest (for stored sensitive data).

  • Access Controls: Strict access controls and authentication mechanisms to limit access to personal data to authorized personnel only.

  • Regular Security Audits and Penetration Testing: To identify and address potential vulnerabilities.

  • Firewalls and Intrusion Detection Systems: To protect our networks.

  • Data Minimization: Only collecting and retaining data that is essential.

  • Employee Training: Regular training for our staff on data protection and security best practices.

  • Incident Response Plan: A clear plan for detecting, responding to, and recovering from security incidents.

Despite these measures, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

8. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For example, by law, we have to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for [e.g., five to seven years] after they cease being customers for tax, anti-money laundering, and regulatory purposes.

9. Your Data Protection Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • The Right to Be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy serves to fulfill this right.

  • The Right of Access: You have the right to request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

  • The Right to Rectification: You have the right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

  • The Right to Erasure ("Right to Be Forgotten"): You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. This right is not absolute and may be subject to legal and regulatory obligations, especially in a fintech context where data retention is often legally mandated.

  • The Right to Restrict Processing: You have the right to request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in certain scenarios (e.g., if you want us to establish its accuracy or the reason for processing it).

  • The Right to Data Portability: You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

  • The Right to Object: You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.

  • Rights in Relation to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where the decision is necessary for entering into, or performance of, a contract, or is authorised by law, or is based on your explicit consent. [If you use such processes, you must provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.]

  • The Right to Withdraw Consent: Where we are relying on consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

To exercise any of these rights, please contact us at [Your Company Email Address, e.g., privacy@biplify.com]. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Complaints: You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues. For users in the UK, this is the Information Commissioner's Office (ICO) (www.ico.org.uk). For users in other EU member states, please find your local data protection authority [here: link to list of EU DPAs, e.g., https://edpb.europa.eu/about-edpb/about-edpb/members_en]. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

10. Third-Party Websites

Our Services may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11. Children's Privacy

Our Services are not intended for use by individuals under the age of [e.g., 18 or 16, depending on your target audience and local laws]. We do not knowingly collect personally identifiable information from anyone under the age of [e.g., 18 or 16]. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under the age of [e.g., 18 or 16] without verification of parental consent, we take steps to remove that information from our servers.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data protection practices, please contact us:

  • By email: support@biplify.com

  • By visiting this page on our website: https://biplify.com/