Uverus
Contact us

Privacy policy

Last updated: May 2026

1. Who we are

Uverus Technologies Limited ("Uverus", "we", "us", "our") is a technology company incorporated under the laws of the Federal Republic of Nigeria, with its registered office in Abuja, Nigeria. We build and operate financial and healthcare technology platforms, including Uverus Banking, Uverus Pay, Uverus Payments, and Uverus Health.

For the purposes of data protection law, Uverus Technologies Limited is the data controller for personal information collected through our websites, applications, and services. We are registered with the Nigeria Data Protection Commission (NDPC) as required by the Nigeria Data Protection Act 2023 (NDPA) and its predecessor, the Nigeria Data Protection Regulation 2019 (NDPR).

2. Information we collect

The personal information we collect depends on the product or service you use and how you interact with us. We collect:

  • Account registration data — your full name, email address, phone number, date of birth, and residential address when you create an account with any Uverus product.
  • Identity verification data — for products subject to CBN Know Your Customer (KYC) requirements, we collect government-issued identification numbers including BVN (Bank Verification Number) and NIN (National Identity Number), and may collect copies of identity documents and a biometric photograph.
  • Transaction data — records of payments, transfers, and other financial transactions you conduct through our platforms, including amounts, timestamps, counterparties, and transaction references.
  • Device and usage data — IP addresses, device identifiers, browser type and version, operating system, pages visited, time spent on pages, referral URLs, and crash reports. We collect this automatically when you use our services.
  • Communications — records of messages you send to our support team, responses to surveys, and other correspondence with us.
  • Healthcare data — if you use Uverus Health products, we may collect health-related information including medical records, appointment data, prescription history, and health savings account transactions. This data is subject to heightened protection.

We do not knowingly collect personal information from children under 18 years of age. If you believe a child has provided us with personal information, please contact us immediately at privacy@uverus.com.

3. How we use your information

We use the personal information we collect for the following purposes:

  • To provide and operate our services — creating and managing your account, processing transactions, enabling payments and transfers, and delivering the features of the product you are using.
  • To process transactions — executing payment instructions, maintaining transaction records, facilitating settlement with counterparties and third-party financial institutions.
  • KYC and AML compliance — verifying your identity as required by CBN regulations, screening against sanctions lists and politically exposed persons (PEP) databases, and monitoring transactions for suspicious activity as required by the Money Laundering (Prevention and Prohibition) Act 2022.
  • Fraud detection and prevention — analysing transaction patterns and device signals to identify and prevent unauthorised access, fraud, and other security threats.
  • To improve our services — analysing usage data to understand how our products are used, identify areas for improvement, and develop new features.
  • To communicate with you — sending transaction notifications, security alerts, product updates, and, where you have consented, marketing communications.
  • Legal and regulatory obligations — responding to lawful requests from regulatory and law enforcement authorities, maintaining records as required by applicable law.

4. Legal basis for processing

We rely on the following legal bases for processing your personal information under the NDPA and applicable regulations:

  • Performance of a contract — most processing is necessary to provide the services you have requested. Without this processing, we cannot operate your account or execute your transactions.
  • Legal obligation — KYC, AML, transaction record-keeping, and regulatory reporting are required by CBN regulations, the NDPA, the Money Laundering (Prevention and Prohibition) Act, and other applicable laws. We cannot waive these obligations.
  • Legitimate interests — fraud detection, security monitoring, service improvement, and internal analytics, where these interests are not overridden by your data protection rights.
  • Consent — marketing communications and the use of non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. Sharing your information

We do not sell your personal information. We share it only in the following circumstances:

  • Service providers — third parties who assist us in operating our platforms, including cloud hosting providers, payment processors, identity verification services, and fraud prevention vendors. These parties process data only on our instructions and under data processing agreements.
  • Regulatory and law enforcement bodies — we are required by law to share certain information with the Central Bank of Nigeria (CBN), the Nigeria Data Protection Commission (NDPC), the Economic and Financial Crimes Commission (EFCC), and other authorities when lawfully requested or mandated.
  • Group companies — we may share information with entities within the Uverus group of companies where necessary to provide integrated services, subject to appropriate data sharing agreements.
  • Business transfers — in the event of a merger, acquisition, or sale of substantially all of our assets, your personal information may be transferred to the acquiring entity. We will notify you of any such transfer where required by law.
  • With your consent — we will share your information with third parties where you have explicitly consented to such sharing.

6. Data retention

We retain personal information for as long as necessary to provide our services and comply with our legal obligations. Specific retention periods are:

  • KYC and AML records — retained for a minimum of 5 years after the end of a business relationship, and up to 7 years where required by the EFCC Act or CBN AML/CFT regulations.
  • Transaction records — retained for a minimum of 5 years from the date of each transaction.
  • Account data — retained for the duration of your account and for 5 years after closure, unless a longer period is required by law.
  • Marketing data — retained until you withdraw consent or request deletion, whichever is earlier.
  • Support communications — retained for 2 years from the date of the communication.

After the applicable retention period, personal information is securely deleted or anonymised so that it can no longer be associated with you.

7. Your rights

Under the Nigeria Data Protection Act 2023, you have the following rights regarding your personal information:

  • Right of access — you may request a copy of the personal information we hold about you.
  • Right to correction — you may request that inaccurate or incomplete personal information be corrected.
  • Right to deletion — you may request deletion of your personal information where it is no longer necessary for the purpose for which it was collected. Note that we may be required by law to retain certain information (particularly KYC and transaction records) and cannot delete it in those circumstances.
  • Right to data portability — where processing is based on your consent or a contract, you may request that we provide your data in a structured, commonly used format.
  • Right to withdraw consent — where we rely on consent as the legal basis for processing, you may withdraw it at any time. This does not affect the lawfulness of processing before the withdrawal.
  • Right to object — you may object to processing based on legitimate interests, including processing for direct marketing.
  • Right to lodge a complaint — if you are unsatisfied with how we handle your personal information, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

To exercise any of these rights, contact us at privacy@uverus.com. We will respond within 30 days. We may need to verify your identity before processing your request.

8. International transfers

Our primary operations and data storage are based in Nigeria. However, some of our service providers process data in other countries. Where personal information is transferred outside Nigeria, we ensure appropriate safeguards are in place, including contractual clauses approved by the NDPC, or transfers to countries recognised as providing adequate data protection under Nigerian law.

We do not transfer special category data (including health data) outside Nigeria without explicit consent or a compelling legal basis.

9. Cookies

We use cookies and similar tracking technologies on our websites and applications. A full description of the cookies we use, their purpose, and how to manage them is available in our Cookie policy.

10. Contact

If you have questions, concerns, or requests relating to this policy or your personal information, contact our Data Protection Officer:

Email: privacy@uverus.com
Uverus Technologies Limited, Abuja, Nigeria

If you are not satisfied with our response, you may escalate your complaint to the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.