Privacy Policy

1. Introduction and Scope

This Privacy Policy ("Policy") is issued by Getnumero Technology Limited, a company incorporated in Nigeria with registration number RC: 7159847, having its registered office in Nigeria ("Numero," "we," "us," "our," or "Company"). This Policy governs the collection, processing, storage, transfer, and protection of personal data and information in connection with our provision of financial technology services, including but not limited to cross-border payment processing, virtual account management, virtual card issuance, financial API services, and related digital financial infrastructure solutions.

By accessing, using, or interacting with our services, including our website located at usenumero.com, mobile applications, application programming interfaces (APIs), and any other digital platforms or services operated by Numero, you acknowledge that you have read, understood, and agree to be bound by the terms and conditions set forth in this Policy. If you do not agree with any provision of this Policy, you must immediately cease using our services and discontinue any further interaction with our platforms.

This Policy applies to all individuals, entities, and organizations that utilize our services, regardless of their geographical location, citizenship, or residency status. Our services are primarily designed to serve African businesses and individuals, with particular focus on Nigerian markets, while maintaining compliance with international data protection standards and regulatory requirements. As we expand our operations to other African countries and international markets, this Policy will be updated to reflect the specific legal and regulatory frameworks applicable to each jurisdiction.

The scope of this Policy encompasses all data processing activities conducted by Numero, including but not limited to customer onboarding and verification processes, transaction processing and monitoring, risk assessment and compliance procedures, customer support and communication activities, product development and improvement initiatives, and any other business operations that involve the collection or processing of personal information.

2. Data Controller and Company Information

Getnumero Technology Limited serves as the primary data controller for all personal data collected, processed, and stored in connection with our services. As the data controller, we are responsible for determining the purposes and means of processing personal data, implementing appropriate technical and organizational measures to ensure data security, and ensuring compliance with applicable data protection laws and regulations in all jurisdictions where we operate.

Our company is duly registered and incorporated under the laws of Nigeria, with registration number RC: 7159847. We operate as a financial technology company providing cross-border payment infrastructure, virtual account solutions, virtual card services, and comprehensive financial APIs designed to facilitate international business operations for African companies and individuals.

In accordance with our commitment to transparency and regulatory compliance, we maintain dedicated data protection and privacy functions within our organization. Our data protection officer and privacy team are responsible for ensuring adherence to this Policy, monitoring compliance with applicable data protection laws, responding to data subject requests, and maintaining ongoing relationships with relevant regulatory authorities in Nigeria and other jurisdictions where we operate or plan to expand our services.

For the purposes of data protection law compliance, we have established appropriate legal entities and operational structures in each jurisdiction where we conduct business activities. These structures ensure that we can effectively manage cross-border data transfers, comply with local data protection requirements, and provide appropriate legal protections for our customers and users in each market.

3. Information We Collect and Process

Our information collection practices are comprehensive and designed to meet the requirements of financial services regulation, anti-money laundering compliance, know-your-customer verification, and risk management obligations. We collect personal data through various channels and interactions, including but not limited to direct customer interactions, automated system processes, third-party integrations, regulatory reporting requirements, and ongoing business relationship management activities.

3.1 Personal Identification Information

We collect comprehensive personal identification information including full legal names as they appear on government-issued identification documents, complete date of birth information, nationality and citizenship details, government-issued identification numbers such as Nigerian National Identity Number (NIN), international passport numbers and details, driver's license information where applicable, and any other official identification documents required for regulatory compliance and customer verification purposes.

3.2 Contact and Communication Information

Contact and communication information encompasses primary and secondary email addresses, primary and alternative telephone numbers including mobile and landline numbers, complete physical address information including street address, city, state or province, postal or ZIP codes, and country of residence. We also collect emergency contact information and alternative contact details to ensure effective communication and service delivery in various circumstances.

3.3 Financial and Business Information

Financial and business information collection includes comprehensive banking relationship details, account numbers and routing information, transaction history and patterns, payment card information where applicable, financial statements and documentation, business registration certificates and details, tax identification numbers and compliance documentation, source of funds information, and any other financial data necessary for regulatory compliance, risk assessment, and service provision.

3.4 Technical and Operational Data

Technical and operational data collection encompasses Internet Protocol (IP) addresses, device identification information, operating system details, browser type and version information, device location data derived from IP address analysis, usage patterns and behavior analytics, system performance metrics, security event logs, error logs and diagnostic information, and any other technical data generated through the use of our digital platforms and services.

3.5 Third-Party Information

We may receive information from third parties including financial institutions such as banks and payment processors, regulatory bodies including the Central Bank of Nigeria and Nigerian Financial Intelligence Unit (NFIU), business partners who refer customers or provide complementary services, and publicly available information sources used for compliance and verification purposes. All third-party information is collected and processed in accordance with applicable data protection laws and regulatory requirements.

4. How We Use Your Information

We use your personal information for multiple legitimate business purposes, each supported by appropriate legal bases as required by applicable data protection laws and regulations. Our primary processing activities are necessary for the performance of contracts entered into with our customers, compliance with legal and regulatory obligations, pursuit of legitimate business interests, and, in limited circumstances, based on explicit consent provided by data subjects.

4.1 Service Provision and Account Management

We use your information to provide, maintain, and improve our financial services including processing cross-border payments and local transfers, creating and managing virtual accounts and virtual cards, providing API access and technical support, verifying your identity and business information, facilitating transactions and managing your account, and delivering customer support and technical assistance. This processing is essential for the provision of our services and cannot be performed without the collection and processing of relevant personal data.

4.2 Compliance and Regulatory Obligations

Legal and regulatory compliance represents a critical legal basis for data processing. As a financial services provider operating in Nigeria and expanding to international markets, we are subject to extensive regulatory requirements including but not limited to the Central Bank of Nigeria regulations, Nigerian Data Protection Regulation (NDPR), anti-money laundering (AML) laws, know-your-customer (KYC) requirements, financial crime prevention obligations, tax compliance requirements, and various other regulatory frameworks applicable to cross-border financial services and international business operations.

4.3 Business Operations and Improvement

Legitimate business interests provide the legal basis for processing activities that are necessary for the effective operation and improvement of our business, including but not limited to fraud detection and prevention, risk assessment and management, business analytics and product development, customer service improvement, security enhancement, and business expansion activities. These interests are carefully balanced against the fundamental rights and freedoms of data subjects, and we implement appropriate safeguards to ensure that legitimate interests do not override individual privacy rights.

4.4 Marketing and Communications

With your explicit consent, we may use your information for marketing purposes including sending promotional emails about new features and services, providing personalized product recommendations, inviting you to participate in surveys and feedback sessions, and sharing relevant industry insights and market updates. You can control your marketing preferences and opt out of marketing communications at any time through your account settings or by contacting our customer support team.

5. Legal Basis for Processing

We process your personal information based on several legal grounds, each carefully considered and implemented to ensure compliance with applicable data protection laws and regulations. Our processing activities are primarily based on contract performance, legal obligations, legitimate business interests, and, in limited circumstances, explicit consent.

5.1 Contract Performance

Contract performance constitutes the primary legal basis for most of our data processing activities. When customers enter into agreements for our financial services, we process personal data to establish and maintain customer accounts, process financial transactions, provide virtual account and virtual card services, deliver API access and technical support, manage customer relationships, and fulfill all contractual obligations arising from our service agreements. This processing is essential for the provision of our services and cannot be performed without the collection and processing of relevant personal data.

5.2 Legal and Regulatory Compliance

We process your information to comply with applicable laws and regulations, including financial services regulations, anti-money laundering laws, know-your-customer requirements, tax compliance obligations, and various other regulatory frameworks applicable to cross-border financial services and international business operations. These legal obligations require us to collect, process, and retain certain information for specified periods to ensure regulatory compliance and maintain our operating licenses.

5.3 Legitimate Business Interests

We process your information for our legitimate business interests, such as fraud prevention, security enhancement, business development, and service improvement, provided these interests do not override your fundamental rights and freedoms. We conduct regular assessments to ensure that our legitimate interests are properly balanced against individual privacy rights and implement appropriate safeguards to protect your interests.

5.4 Consent-Based Processing

For certain processing activities, such as marketing communications, non-essential cookies, and optional service features, we rely on your explicit consent. You can withdraw your consent at any time by updating your preferences in your account settings, contacting our customer support team, or using the unsubscribe mechanisms provided in our communications. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. Information Sharing and Disclosure

Our data sharing practices are governed by strict legal and contractual requirements, ensuring that personal data is only disclosed to third parties when necessary for service provision, required by law or regulation, or explicitly authorized by data subjects. We maintain comprehensive data processing agreements with all third-party service providers, ensuring that they implement appropriate technical and organizational measures to protect personal data and comply with applicable data protection requirements.

6.1 Financial Institution Partnerships

Financial institution partnerships represent a critical component of our service delivery model, requiring the sharing of customer information with banks, payment processors, and other financial service providers to facilitate cross-border payments, virtual account operations, and virtual card services. These relationships are governed by strict contractual obligations, regulatory requirements, and industry standards that ensure the secure and compliant handling of customer data throughout the financial services ecosystem.

6.2 Regulatory and Legal Disclosures

Regulatory and legal disclosure requirements necessitate the sharing of customer information with various governmental and regulatory authorities, including but not limited to the Central Bank of Nigeria, Nigerian Financial Intelligence Unit (NFIU), Lagos State Ministry of Commerce, tax authorities, law enforcement agencies, and other regulatory bodies with jurisdiction over our operations. These disclosures are made in strict accordance with applicable laws and regulations, and we maintain comprehensive records of all regulatory disclosures for compliance and audit purposes.

6.3 Technology and Infrastructure Partners

Technology and infrastructure partnerships involve the sharing of technical and operational data with cloud service providers, security service providers, analytics platforms, and other technology partners essential for the operation and improvement of our digital platforms. These partnerships are carefully managed to ensure that data sharing is limited to the minimum necessary for service provision, and all partners are contractually bound to implement appropriate data protection measures and comply with applicable privacy requirements.

6.4 Business Transfers and Corporate Changes

In the event of a merger, acquisition, sale of assets, or other corporate restructuring, your information may be transferred to the new entity, subject to the same privacy protections outlined in this Policy. We will provide advance notice of any such changes and ensure that appropriate data protection safeguards are maintained throughout the transition process. Any new entity will be bound by the same privacy commitments and obligations as outlined in this Policy.

7. International Data Transfers and Cross-Border Processing

As a company providing cross-border financial services and operating in multiple jurisdictions, international data transfers are an integral component of our business operations. We transfer personal data across international borders to facilitate cross-border payments, comply with regulatory requirements in different jurisdictions, provide customer support and services, and maintain operational infrastructure in various countries. All international data transfers are conducted in strict compliance with applicable data protection laws and regulations, including but not limited to the Nigerian Data Protection Regulation (NDPR), General Data Protection Regulation (GDPR), and other relevant international data protection frameworks.

7.1 Primary Data Processing Operations

Our primary data processing operations are conducted in Nigeria, where we maintain our principal business operations and regulatory compliance framework. However, as we expand our services to other African countries and international markets, we will establish appropriate data processing facilities and legal entities in each jurisdiction to ensure compliance with local data protection requirements and minimize the need for cross-border data transfers. This expansion strategy includes the establishment of regional data centers, local compliance teams, and jurisdictional data processing capabilities.

7.2 Cross-Border Transfer Safeguards

Cross-border data transfers to other international jurisdictions are conducted under appropriate legal safeguards, including but not limited to standard contractual clauses approved by relevant data protection authorities, adequacy decisions for countries with equivalent data protection standards, binding corporate rules for transfers within our corporate group, and additional technical and organizational measures to ensure the security and protection of transferred data. We maintain comprehensive documentation of all international data transfers and regularly review and update our transfer mechanisms to ensure ongoing compliance with evolving data protection requirements.

7.3 Future Expansion and Jurisdictional Compliance

Future expansion to additional African countries and international markets will be accompanied by the establishment of appropriate data protection frameworks, local compliance teams, and jurisdictional data processing capabilities. This expansion strategy includes the development of region-specific privacy policies, local data protection officer appointments, and compliance with local data protection laws and regulations in each new market. We will provide advance notice of any significant changes to our international data transfer practices and ensure that all new jurisdictions are covered by appropriate data protection safeguards and compliance measures.

8. Data Security and Protection Measures

We implement a comprehensive, multi-layered approach to data security that encompasses technical, organizational, and physical security measures designed to protect personal data against unauthorized access, alteration, disclosure, destruction, and other security threats. Our security framework is continuously updated and enhanced to address evolving security threats, technological advancements, and regulatory requirements in all jurisdictions where we operate.

8.1 Technical Security Measures

Technical security measures include end-to-end encryption for data in transit and at rest, multi-factor authentication systems for all user accounts and administrative access, role-based access controls that limit data access to authorized personnel on a need-to-know basis, comprehensive logging and monitoring systems that track all data access and modification activities, and regular security assessments including penetration testing, vulnerability assessments, and security audits conducted by independent third-party security firms.

8.2 Organizational Security Measures

Organizational security measures encompass comprehensive data protection training for all employees, contractors, and third-party service providers, strict access control policies and procedures, regular security awareness programs, incident response and data breach notification procedures, and ongoing monitoring and assessment of security practices and procedures. We maintain a dedicated security team responsible for implementing, monitoring, and continuously improving our security framework.

8.3 Physical Security and Infrastructure

Physical security measures include secure data center facilities with 24/7 monitoring, biometric access controls, environmental controls and monitoring, fire suppression systems, and comprehensive disaster recovery and business continuity planning. Our data centers are located in facilities that meet or exceed industry standards for physical security and environmental protection, ensuring the continuous availability and security of our data processing infrastructure.

9. Data Breach Response and Incident Management

We have established comprehensive procedures and protocols for responding to data breaches and security incidents, ensuring that any unauthorized access, disclosure, alteration, or destruction of personal data is promptly identified, contained, and remediated. Our incident response framework is designed to minimize the impact of security incidents on our customers and to ensure compliance with applicable data breach notification requirements in all jurisdictions where we operate.

9.1 Incident Detection and Assessment

Our security monitoring systems continuously monitor for potential security incidents, including unauthorized access attempts, suspicious network activity, and unusual data access patterns. When a potential incident is detected, our security team immediately conducts a comprehensive assessment to determine the nature, scope, and potential impact of the incident. This assessment includes identifying affected individuals, determining the types of data involved, and assessing the potential risks to data subjects.

9.2 Containment and Remediation

Upon confirming a data breach, we immediately implement containment measures to prevent further unauthorized access or data loss. These measures may include isolating affected systems, revoking compromised credentials, implementing additional security controls, and taking systems offline if necessary. We then proceed with comprehensive remediation efforts, including patching vulnerabilities, strengthening security controls, and implementing additional safeguards to prevent similar incidents in the future.

9.3 Notification and Communication

We are committed to transparent communication with affected individuals and regulatory authorities regarding data breaches. In accordance with applicable laws and regulations, we provide notification to affected individuals within the required timeframe, typically within 72 hours where required by law. We also report significant incidents to relevant regulatory authorities and provide ongoing updates on our remediation efforts and the steps we are taking to prevent future incidents.

10. Data Retention and Disposal Practices

Our data retention practices are designed to balance the need to maintain comprehensive business records with our commitment to data minimization and privacy protection. We retain personal data for periods that are necessary to fulfill the purposes for which the data was collected, comply with legal and regulatory requirements, resolve disputes, enforce our agreements, and maintain the security and integrity of our services. Retention periods are determined based on the type of data, the purpose for which it was collected, applicable legal requirements, and business needs.

10.1 Customer Account and Transaction Records

Customer account information and transaction records are retained for a minimum period of seven years from the date of account closure or last transaction, in accordance with financial services regulations, anti-money laundering requirements, and tax compliance obligations. This retention period ensures that we can fulfill our regulatory reporting obligations, respond to regulatory inquiries, and maintain comprehensive business records for audit and compliance purposes. Identity verification documents and compliance documentation are retained for the same period to support ongoing regulatory compliance and customer verification requirements.

10.2 Technical and Operational Data

Technical and operational data, including system logs, security event records, and performance metrics, are retained for periods ranging from one to three years, depending on the specific type of data and its business value. This retention period allows us to maintain system security, troubleshoot technical issues, analyze performance trends, and respond to security incidents while balancing the need for data minimization and privacy protection.

10.3 Data Disposal and Deletion Procedures

Data disposal and deletion procedures are implemented to ensure that personal data is securely and permanently removed from our systems when retention periods expire or when deletion is requested by data subjects. These procedures include secure deletion of electronic data, physical destruction of hard copy documents, and verification that data has been completely removed from all systems and backup media. We maintain comprehensive records of all data disposal activities for audit and compliance purposes.

11. Your Rights and How to Exercise Them

We recognize and respect the fundamental rights of data subjects regarding their personal data, as established by applicable data protection laws and regulations. These rights include, but are not limited to, the right to access personal data, the right to rectification of inaccurate or incomplete data, the right to erasure of personal data, the right to restrict processing, the right to data portability, the right to object to processing, and the right to withdraw consent where processing is based on consent. We have established comprehensive procedures and dedicated resources to ensure that data subject rights are effectively implemented and that all requests are processed in a timely and compliant manner.

11.1 Right of Access and Information

The right of access allows data subjects to obtain confirmation of whether we process their personal data, access to the personal data we hold about them, and information about the purposes of processing, categories of personal data processed, recipients of data, retention periods, and their rights regarding the data. We provide this information in a clear, transparent, and easily accessible format, typically within thirty days of receiving a valid request. In cases where requests are complex or involve large amounts of data, we may extend this period by up to two additional months, with appropriate notification to the data subject.

11.2 Right to Rectification and Accuracy

The right to rectification enables data subjects to request correction of inaccurate personal data and completion of incomplete data. We have established procedures to verify the accuracy of information provided by data subjects and to promptly correct any inaccuracies identified. This includes regular data quality reviews, customer verification procedures, and mechanisms for customers to update their information through our self-service platforms or by contacting our customer support team.

11.3 Right to Erasure and Data Deletion

The right to erasure, also known as the "right to be forgotten," allows data subjects to request deletion of their personal data in specific circumstances, such as when the data is no longer necessary for the purposes for which it was collected, when consent is withdrawn, or when the data has been unlawfully processed. However, this right is subject to various limitations and exceptions, particularly in the financial services context where we are required to retain certain information for regulatory compliance, legal obligations, and legitimate business interests.

11.4 Right to Data Portability and Objection

The right to data portability allows data subjects to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller. The right to object allows data subjects to object to processing based on legitimate interests or for direct marketing purposes. We have established procedures to handle these requests and will provide appropriate responses within the required timeframes, taking into account the specific circumstances and legal requirements applicable to each request.

12. Cookies and Tracking Technologies

We use various cookies and tracking technologies to enhance the functionality of our services, improve user experience, and provide personalized services. These technologies help us understand how our services are used, identify potential issues, and optimize performance. We are committed to transparency regarding our use of these technologies and provide users with control over their preferences.

12.1 Types of Cookies We Use

Essential cookies are necessary for the basic functionality of our services and cannot be disabled. These include cookies that enable secure authentication, maintain session information, and ensure the security of our platforms. Functional cookies enhance user experience by remembering preferences and settings, while analytics cookies help us understand how our services are used and identify areas for improvement. Marketing cookies are used for targeted advertising and content personalization, but only with explicit user consent.

12.2 Website Analytics and PostHog

We use PostHog analytics to understand how visitors interact with our website and improve our content and user experience. This helps us analyze page views and navigation patterns, understand traffic sources and user behavior, monitor website performance metrics, and identify content engagement opportunities. PostHog analytics cookies are only activated after you provide explicit consent through our cookie banner. You can control these analytics cookies through our cookie consent manager or by contacting our support team.

12.3 Third-Party Services and Analytics

We use third-party services that may set cookies and tracking technologies, including payment processors for secure payment processing and fraud detection, and customer support platforms for help desk and communication services. All third-party services are carefully selected and contractually bound to implement appropriate data protection measures and comply with applicable privacy requirements.

12.4 Managing Cookie Preferences

Users can control cookies through their browser settings, including blocking or deleting cookies, setting preferences for different types of cookies, and using our cookie consent manager to control preferences. We provide clear information about the cookies we use and their purposes, and users can opt out of non-essential cookies while maintaining access to core service functionality. Our cookie consent manager allows users to make informed choices about their privacy preferences.

13. Marketing Communications and Preferences

We may use your information for marketing purposes, but only with your explicit consent and in accordance with applicable laws and regulations. Our marketing communications are designed to provide valuable information about our services, industry insights, and relevant updates while respecting your privacy preferences and giving you full control over the communications you receive.

13.1 Types of Marketing Communications

Marketing communications may include promotional emails about new features and services, personalized product recommendations based on your usage patterns, invitations to participate in surveys and feedback sessions, and relevant industry insights and market updates. We ensure that all marketing communications provide value to recipients and include clear information about how to opt out or modify preferences.

13.2 Managing Marketing Preferences

You can control your marketing preferences through multiple channels, including your account settings, email preferences, and direct contact with our customer support team. You can opt out of specific types of communications, modify the frequency of communications, or completely unsubscribe from marketing communications while maintaining access to essential service notifications. We respect your preferences and ensure that opt-out requests are processed promptly.

13.3 Third-Party Marketing and Advertising

We do not sell, rent, or trade your personal information with third parties for their marketing purposes. Any third-party marketing or advertising that may appear on our platforms is managed through appropriate contractual arrangements and does not involve the sharing of your personal information with advertisers. We maintain strict control over how your information is used and ensure that all marketing activities comply with applicable privacy laws and regulations.

14. Children's Privacy and Age Restrictions

Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children under 18. This restriction is based on the nature of our financial services, which require legal capacity to enter into contracts and comply with regulatory requirements. We have implemented appropriate measures to prevent the collection of personal information from minors.

14.1 Age Verification and Restrictions

During the account creation process, we require users to confirm that they are at least 18 years old and have the legal capacity to enter into binding agreements. We may request additional verification documents to confirm age and identity, particularly for users who appear to be under 18 or when there are concerns about the accuracy of provided information. We reserve the right to refuse service to individuals who cannot provide adequate age verification.

14.2 Parental Rights and Reporting

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@usenumero.com. We will investigate the matter promptly and take appropriate action to remove any personal information collected from minors. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly and implement additional safeguards to prevent future occurrences.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors that affect how we collect, use, and protect your personal information. We are committed to transparency regarding any changes to this Policy and will provide appropriate notice to ensure that you are informed of any modifications that may affect your rights or our obligations.

15.1 Notification of Changes

When we make changes to this Privacy Policy, we will update the "Last updated" date at the top of this Policy and provide notice of significant changes through multiple channels, including email notifications, in-app notifications, and prominent announcements on our website and mobile applications. For material changes that significantly affect your rights or our obligations, we will provide advance notice and may require explicit consent where required by applicable law.

15.2 Continued Use and Acceptance

Your continued use of our services after any changes to this Privacy Policy indicates your acceptance of the updated terms. If you do not agree with any changes to this Policy, you must immediately cease using our services and discontinue any further interaction with our platforms. We encourage you to review this Policy regularly to stay informed about how we protect your personal information and any changes that may affect your privacy rights.

16. Contact Us and Regulatory Compliance

We maintain multiple channels for data subjects to exercise their rights, submit privacy-related inquiries, and raise concerns about our data processing practices. Our primary contact point for privacy matters is our dedicated privacy team, which can be reached through various communication channels including email, postal mail, and our customer support platforms. We are committed to responding to all privacy-related inquiries and requests in a timely, professional, and compliant manner.

16.1 General Privacy Inquiries

For general privacy inquiries and data subject rights requests, individuals can contact us at support@usenumero.com, which serves as our primary customer support channel. This email address is monitored by our customer support team, which has been trained to handle privacy-related inquiries and to escalate complex privacy matters to our dedicated privacy team. We aim to respond to all general privacy inquiries within twenty-four hours during business days.

16.2 Privacy Officer and Complex Matters

For complex privacy matters, data subject rights requests, and regulatory compliance inquiries, we have established a dedicated privacy officer function that can be reached at privacy@usenumero.com. This dedicated channel ensures that complex privacy matters receive appropriate attention and expertise, and that all requests are processed in accordance with applicable legal requirements and regulatory standards. We aim to respond to all privacy officer inquiries within forty-eight hours during business days.

16.3 Regulatory Authorities and Compliance

In addition to our internal privacy functions, we maintain relationships with relevant data protection authorities and regulatory bodies in all jurisdictions where we operate. In Nigeria, we work with the National Information Technology Development Agency (NITDA) and other relevant regulatory bodies to ensure compliance with the Nigerian Data Protection Regulation (NDPR) and other applicable data protection requirements. As we expand our operations to other jurisdictions, we will establish appropriate relationships with local data protection authorities to ensure compliance with applicable requirements.