Legal

Privacy Policy

Effective Date: 17th February 2026  |  Last Updated: 1st March 2026

1. Introduction and Identity of Data Controller

Amrili Digital Services Limited ("the Company," "we," "us," or "our") is the data controller responsible for your personal information. We are incorporated in Nigeria (RC: 9339018) with our registered office at 006, Inuwa Dahiru Road, Makarahuta, Azare, Bauchi State, Nigeria.

This Privacy Policy explains how we collect, use, store, protect, and share your personal data when you visit our website, use our platforms, or engage our services. It is written in compliance with the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation (NDPR).

2. Data We Collect

We collect the following categories of personal data:

  • Identity Data: Full name, date of birth, government-issued ID details (for KYC verification of marketplace sellers and users above transaction thresholds).
  • Contact Data: Email address, phone number, physical address.
  • Account Data: Username, password (stored in hashed form), account preferences and settings.
  • Transaction Data: Records of purchases, sales, payments, and refunds processed through our platforms.
  • Technical Data: IP address, browser type and version, device identifiers, pages visited, time spent on pages, referral source.
  • Communications Data: Records of emails, messages, or support tickets you send to us.
  • Business Data (Sellers): CAC registration documents, business address, bank account details (for disbursement), product listings.

3. How We Collect Your Data

  • Directly from you: When you register an account, complete a purchase, submit a contact form, onboard as a marketplace seller, or communicate with us.
  • Automatically: Through cookies and similar tracking technologies when you visit our website or use our applications.
  • From third parties: Identity verification data from KYC service providers; payment verification data from payment gateway providers.

4. Legal Basis for Processing

We process your personal data on the following legal bases as provided under the NDPA 2023:

  • Contract performance: To deliver the services you have requested or entered into an agreement for.
  • Legal obligation: To comply with our AML/CFT, KYC, and record-keeping obligations under Nigerian law.
  • Legitimate interests: To operate, improve, and secure our platforms; to detect and prevent fraud.
  • Consent: For marketing communications, where you have opted in. You may withdraw consent at any time.

5. How We Use Your Data

  • To create and manage your account and provide you with our services.
  • To process transactions and facilitate payments through licensed payment gateways.
  • To verify your identity (KYC) as required for regulatory compliance and platform integrity.
  • To detect, prevent, and investigate fraud, money laundering, and other illegal activities.
  • To communicate with you about your account, transactions, and service updates.
  • To respond to your inquiries and provide customer support.
  • To analyze platform usage and improve our products and services.
  • To comply with our legal and regulatory obligations.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data with the following categories of recipients:

  • Licensed payment processors (e.g., Paystack, OPay) for transaction processing — governed by their own privacy policies and regulatory frameworks.
  • KYC and identity verification providers for user and seller verification.
  • Utility service providers (e.g., VTpass) for bill payment services you initiate.
  • Cloud and infrastructure providers for data hosting and processing, under data processing agreements.
  • Law enforcement, regulators, and government bodies (including NFIU, EFCC, and CBN) where required by law, court order, or regulatory obligation.
  • Professional advisers (lawyers, accountants) where necessary and under confidentiality obligations.

7. Data Retention

We retain personal data for the following periods:

  • Account and transaction records: Minimum of 5 years from the date of last activity or account closure, in accordance with AML/CFT record-keeping requirements under the Money Laundering (Prevention and Prohibition) Act 2022.
  • KYC documents: Minimum of 5 years from the date of verification.
  • Website analytics data: Up to 24 months, in anonymized or aggregated form thereafter.
  • Marketing communications data: Until you withdraw consent or request deletion.

8. Cookies

Our website uses cookies — small text files stored on your device — to enhance your experience and analyze site traffic. We use:

  • Essential cookies: Required for the website to function. Cannot be disabled.
  • Analytics cookies: Help us understand how visitors use our site. You may opt out via your browser settings.

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These include:

  • Encrypted data transmission (HTTPS/TLS).
  • Hashed storage of passwords — we never store passwords in plain text.
  • Access controls limiting data access to authorized personnel only.
  • Regular review of our security practices.

No method of transmission or storage is 100% secure. We will notify you of any data breach that is likely to result in significant risk to your rights, as required by law.

10. Your Rights

Under the Nigeria Data Protection Act 2023, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data, subject to our legal retention obligations.
  • Right to restriction: Request that we restrict processing of your data in certain circumstances.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

11. Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

12. International Data Transfers

Our primary operations are in Nigeria. Where data is processed by third-party providers outside Nigeria, we ensure appropriate safeguards are in place consistent with NDPA requirements, including contractual protections with data processors.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users and will be reflected in the "Last Updated" date at the top of this page. Continued use of our services after an update constitutes acceptance of the revised policy.

14. Contact Us

For privacy-related inquiries, requests, or complaints, contact our Data Protection contact at:

  • Company: Amrili Digital Services Limited
  • Email: [email protected]
  • Phone: +234 808 779 8514
  • Address: 006, Inuwa Dahiru Road, Makarahuta, Azare, Bauchi State, Nigeria

If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).