Smipay
Menu
Privacy Policy Banner

Privacy Policy

Last updated: Febuary 26, 2026

Smipay ("we", "our", "us") is committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your data when you use the Smipay mobile app, website, and related services ("Services").

By using Smipay, you agree to the practices described in this Privacy Policy.

Information We Collect

We collect information in order to create and secure your account, process transactions, improve Smipay, meet legal obligations, and keep your experience safe. The categories below describe what we collect when you use the app or website.

1. Personal Information

  • Full name and contact details (email address, phone number)
  • Date of birth and residential / billing address where required
  • Identity information for KYC/AML purposes (such as BVN, NIN, ID card details) where required by law or our partners
  • Account login details (hashed passwords, security settings)

2. Transaction Information

  • Payment history
  • Electricity meter details
  • Airtime and data purchase details
  • Cable subscription details

3. Device & Technical Information

  • IP address
  • Device model
  • Operating system
  • App version and performance data
  • Browser type (for web access)
  • Mobile network provider
  • Device identifiers and diagnostic information (such as device IDs or crash logs) used to secure your account, prevent fraud, and improve stability

4. Contacts & Address Book (Mobile App)

  • With your explicit permission, the Smipay mobile app may access the contacts stored on your device.
  • We use this only to help you find people you know on Smipay (for example, to send money, share referral codes, or invite friends).
  • You can control this permission at any time through your device settings. If you turn it off, Smipay will no longer be able to read your contacts.
  • We do not use your address book to spam your contacts, and we do not sell or rent your contact list to third parties.

5. Cookies and Tracking Technologies

We use cookies, pixels, and analytics tools to understand usage patterns, maintain security, and improve our platform. These technologies may collect anonymized or pseudonymized identifiers. You can control cookies through your browser settings. See our Cookies Policy for more details.

How We Use Your Information

Smipay uses your information to:

  • Create and manage your account
  • Process payments and provide services
  • Verify your identity and comply with KYC/AML regulations
  • Improve app performance and user experience
  • Personalize your dashboard and recommendations
  • Respond to customer support inquiries
  • Prevent fraud, unauthorized activity, or misuse
  • Communicate updates, product changes, and important service notices
  • Where permitted, send you marketing messages about new features, rewards, or promotions you can benefit from (you can opt out at any time).

Legal Basis for Processing

We only process your personal data where we have a valid legal basis to do so under the Nigeria Data Protection Regulation (NDPR) and any other applicable laws. Depending on the context, this may include:

  • Contractual necessity – to provide the Smipay services you sign up for (for example, processing transactions or maintaining your account).
  • Legal obligations – to comply with KYC/AML regulations, tax, anti‑fraud, and other regulatory requirements.
  • Legitimate interests – to secure our platform, prevent fraud, improve our products, and protect Smipay, our users, and the public, provided these interests are not overridden by your rights and freedoms.
  • Your consent – for specific optional features such as accessing your contacts, sending certain marketing communications, or using cookies beyond what is strictly necessary. Where we rely on consent, you can withdraw it at any time.

How We Share Your Information

We may share your information with:

1. Third-Party Service Providers

We rely on carefully selected partners to help us deliver Smipay. This may include:

  • Payment processors
  • Banks and financial institutions
  • Utility providers (electricity, cable, telecoms)
  • Identity verification services
  • Analytics and security providers

These providers only receive the data needed to perform their duties. They are required to:

  • Use your information only in line with our documented instructions
  • Keep your information confidential and implement appropriate security safeguards
  • Comply with applicable data‑protection laws and contractual obligations

2. Regulatory Authorities

We may disclose information if required by:

  • Law enforcement
  • Courts
  • Financial regulators
  • Anti-fraud agencies

3. Business Transfers

If Smipay undergoes a merger, acquisition, investment, restructuring, or sale of assets, your information may be transferred as part of that transaction. In such cases we will ensure that:

  • Any new organisation takes on the same or equivalent privacy obligations
  • You are informed of any material changes where required by law

How We Protect Your Information

We use a combination of technical and organisational measures to protect your data, including:

  • Encryption of data in transit and at rest where appropriate
  • Secure data storage and regular backups
  • Firewalls and network security controls
  • Multi-factor authentication for sensitive operations
  • Strict access controls based on job role and need‑to‑know
  • Logging and monitoring of critical systems to detect suspicious activity
  • Staff training and internal policies on data protection and confidentiality

While we strive to protect your data, no system is completely secure. Users must also keep their login details confidential.

Account Deletion and Data Erasure

You can request that your Smipay account be closed and your personal data deleted:

  • From within the app (where available) by navigating to Settings > Account > Delete account, or
  • By sending an email from your registered email address to support@smipay.com with the subject line "Account deletion request".

We may ask you to verify your identity before processing deletion requests. Once confirmed, we will deactivate your account and permanently delete or anonymize personal data that we are not legally required to retain (for example, records needed for anti‑money‑laundering, tax, or regulatory purposes). Where we must retain limited information, we will restrict its use to compliance and audit purposes only.

Data Retention

We retain your information only as long as necessary for:

  • Providing services
  • Fulfilling legal obligations
  • Resolving disputes
  • Detecting fraud

For example, transaction records may be kept for several years to comply with financial‑services regulations, while certain technical logs may be retained for shorter periods for security and troubleshooting. After the relevant retention period expires, your data is securely deleted or irreversibly anonymized.

Your Rights

Under the Nigeria Data Protection Regulation, you have the right to:

  • Access your personal data
  • Update or correct your information
  • Request data deletion
  • Withdraw consent
  • Restrict processing
  • Object to certain types of processing
  • Request data portability

To exercise any of these rights, please contact us via support@smipay.com. We will respond to verified requests within a reasonable period and in line with NDPR and any other applicable regulations.

We may need to verify your identity before acting on your request to protect your account. Where we cannot fully comply with a request (for example, because we must retain some records for legal reasons), we will explain this clearly.

Children's Privacy

Smipay does not knowingly collect information from individuals under 18 years old. If we discover such data, it will be deleted immediately.

International Transfers

If your data is transferred outside Nigeria (for example, where our service providers or cloud infrastructure are located in another country), Smipay ensures that appropriate safeguards are in place in accordance with NDPR requirements. These may include:

  • Contractual clauses that require equivalent data‑protection standards
  • Transfers to countries that have been recognised as providing adequate protection
  • Additional technical and organisational measures to keep your data secure

Updates to This Policy

We may update this policy occasionally to reflect changes in our services, legal requirements, or how we handle your data. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Post the revised policy in the app and/or on our website
  • Where appropriate, notify you via in‑app message, email, or other prominent notice

Continued use of Smipay after such changes become effective means you accept the updated policy.

Contact Information

For questions or support, contact us at:

  • Email: support@smipay.com
  • Phone: +234 816 876 7809
  • Address: The Knowledge Hub, Oke Ado, Ibadan. Oyo, Nigeria