Privacy Policy

Effective Date: Feb 14, 2024 | Last Updated: March 20, 2025

Table of Contents

1. Introduction

Welcome to Geotopup Technology Solutions ("Geotopup," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products, services, and websites.

This Privacy Policy applies to all our products and services, including:

  • Geotopup Wallet - Bills payment and virtual USD card services
  • Tradewyre - Cryptocurrency trading platform
  • Social Boosta - Social media growth and management tool
  • OneRoam - eSIM, flight booking, and hotel booking platform
  • Inspiral Stories - Audio storytelling and world history platform
  • Fitly - Personal workout and fitness coaching application

We comply with the Nigerian Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act (NDPA) 2023, and other applicable data protection laws. By using our services, you consent to the practices described in this Privacy Policy.

Important: Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you voluntarily provide to us when you:

  • Register for an account
  • Use our services or products
  • Make transactions or payments
  • Contact customer support
  • Subscribe to newsletters or marketing communications
  • Participate in surveys or promotions

Personal information may include:

  • Identity Information: Full name, date of birth, gender, photograph, and government-issued identification documents (NIN, BVN, passport, driver's license)
  • Contact Information: Email address, phone number, physical address
  • Financial Information: Bank account details, payment card information, transaction history, cryptocurrency wallet addresses
  • Account Credentials: Username, password, security questions and answers
  • Biometric Data: Facial recognition data for identity verification (where applicable and with explicit consent)
  • Health and Fitness Data: Weight, height, fitness goals, workout history (for Fitly)
  • Travel Information: Passport details, travel preferences, booking history (for OneRoam)

2.2 Information Collected Automatically

When you use our services, we automatically collect certain information, including:

  • Device Information: Device type, operating system, unique device identifiers, mobile network information
  • Usage Data: Pages or features accessed, time spent on pages, click data, app interactions
  • Location Data: IP address, GPS location (with your permission), timezone
  • Technical Data: Browser type, internet service provider, referring/exit pages, timestamps
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Social media platforms (when you connect your accounts)
  • Identity verification services and KYC providers
  • Payment processors and financial institutions
  • Marketing and analytics partners
  • Publicly available databases and government records
  • Third-party APIs integrated with our services

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 To Provide and Maintain Services

  • Create and manage user accounts
  • Process transactions and payments
  • Deliver requested products and services
  • Provide customer support and respond to inquiries
  • Send service-related notifications and updates

3.2 To Ensure Security and Prevent Fraud

  • Verify user identity and conduct Know Your Customer (KYC) checks
  • Detect, prevent, and investigate fraud, money laundering, and other illegal activities
  • Comply with Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations
  • Monitor and analyze security threats
  • Enforce our Terms of Service and other agreements

3.3 To Improve Our Services

  • Analyze usage patterns and user behavior
  • Conduct research and development
  • Test new features and improvements
  • Personalize user experience
  • Generate aggregated analytics and statistics

3.4 For Marketing and Communication

  • Send promotional materials, newsletters, and marketing communications (with your consent)
  • Inform you about new products, features, and offers
  • Conduct surveys and request feedback
  • Manage contests, promotions, and rewards programs

3.5 For Legal and Regulatory Compliance

  • Comply with Nigerian laws and regulations (NDPR, NDPA, EFCC Act, Money Laundering Act)
  • Respond to legal requests, court orders, and government inquiries
  • Protect our legal rights and interests
  • Cooperate with law enforcement and regulatory authorities
  • Report suspicious activities to relevant authorities

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Payment processors and financial institutions
  • Cloud hosting and infrastructure providers
  • Identity verification and KYC service providers
  • Customer support platforms
  • Analytics and marketing service providers
  • Email and SMS communication services

These service providers are bound by contractual obligations to keep your information confidential and use it only for the purposes we specify.

4.2 Legal and Regulatory Authorities

We may disclose your information to:

  • Nigerian Data Protection Commission (NDPC)
  • Economic and Financial Crimes Commission (EFCC)
  • Central Bank of Nigeria (CBN)
  • Securities and Exchange Commission (SEC)
  • Law enforcement agencies
  • Courts and government bodies

4.3 Business Transfers

If we undergo a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

4.5 Aggregated and Anonymized Data

We may share aggregated or anonymized data that does not directly identify you for research, marketing, or other purposes.

5. Data Security

We implement robust security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction:

Technical Security Measures

  • Encryption: All sensitive data is encrypted in transit (using SSL/TLS) and at rest (using AES-256 encryption)
  • Secure Authentication: Multi-factor authentication (MFA), biometric authentication, and strong password requirements
  • Firewalls and Intrusion Detection: Advanced firewall protection and real-time intrusion detection systems
  • Regular Security Audits: Periodic security assessments and vulnerability testing
  • Secure Data Centers: Data stored in ISO 27001 certified facilities

Organizational Security Measures

  • Access controls limiting employee access to personal data on a need-to-know basis
  • Employee training on data protection and security best practices
  • Confidentiality agreements with all employees and contractors
  • Incident response procedures for data breaches

Important: While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods

  • Active Accounts: Personal data is retained for the duration of your active account
  • Inactive Accounts: Data may be retained for up to 3 years after account inactivity for compliance purposes
  • Financial Records: Transaction data retained for 7 years as required by Nigerian financial regulations
  • KYC/AML Records: Identity verification data retained for 5 years after account closure as required by law
  • Marketing Data: Retained until you unsubscribe or request deletion

After the retention period expires, we will securely delete or anonymize your personal information.

7. Your Rights Under NDPR

Under the Nigerian Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA), you have the following rights:

7.1 Right to Access

You have the right to request access to the personal information we hold about you.

7.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal information.

7.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal information, subject to legal and regulatory obligations.

7.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances.

7.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format.

7.6 Right to Object

You have the right to object to the processing of your personal information for marketing purposes or on grounds relating to your particular situation.

7.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Nigerian Data Protection Commission (NDPC) if you believe your data protection rights have been violated.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the contact information provided in Section 13. We will respond to your request within 30 days as required by NDPR.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance user experience and collect information about how our services are used.

Types of Cookies We Use

  • Essential Cookies: Necessary for the operation of our services
  • Performance Cookies: Help us understand how visitors interact with our services
  • Functionality Cookies: Enable personalized features and preferences
  • Marketing Cookies: Used to deliver relevant advertisements

Managing Cookies

You can control and manage cookies through your browser settings. However, disabling certain cookies may affect the functionality of our services.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If we discover that we have collected personal information from a child under 18 without proper parental consent, we will take steps to delete that information immediately.

If you believe we have collected information from a child under 18, please contact us immediately at privacy@geotopup.com.

10. International Data Transfers

Your personal information may be transferred to and processed in countries outside Nigeria, including countries that may not have the same level of data protection laws as Nigeria.

When we transfer your information internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by data protection authorities
  • Transfers to countries with adequate data protection laws
  • Binding corporate rules for intra-group transfers
  • Your explicit consent where required

11. Third-Party Services

Our services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party services before providing your personal information.

Third-Party Integrations

We integrate with various third-party services to enhance functionality:

  • Payment gateways (Paystack, Flutterwave, Stripe)
  • Social media platforms (Facebook, Twitter, Instagram, LinkedIn)
  • Cloud service providers (AWS, Google Cloud)
  • Analytics providers (Google Analytics, Firebase)
  • Cryptocurrency exchanges and blockchain networks

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.

When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email or through our services
  • Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer

Geotopup Technology Solutions

Email: privacy@geotopup.com

Email (General): hello@geotopup.com

Phone: +234 808 035 7062

Address: No 10 Aare Avenue, Bodija, Ibadan, Oyo State, Nigeria

Website: https://geotopuptechnologysolutions.com

Acknowledgment: By using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.