Privacy Policy

harrenapay is operated by Harrena Africa Synergy LTD, a company incorporated in Nigeria. We provide escrow, payouts, wallets, payment links, and related payment workflow software to businesses and individuals across Africa. We are not a bank and do not hold customer deposits. harrenapay operates under a sub-license with VFD MFB, which is CBN-licensed.

For the purposes of the Nigeria Data Protection Act (NDPA) 2023, the EU and UK GDPR where applicable, and similar laws across the markets we operate in, Harrena Africa Synergy LTD is the data controller of personal data processed through harrenapay.

We collect the following categories of personal data:

• Account data: name, email, phone number, password hash, business name, role, and team membership.
• KYC and KYB data: government-issued ID, BVN, NIN, selfie or liveness photo, proof of address, certificate of incorporation, directors and beneficial owners, and supporting documents required by regulation.
• Transaction data: escrow records, payouts, payment links, invoices, beneficiary bank or card details (masked), amounts, currencies, references, and counterparties.
• Communications: messages you send to support, dispute evidence, and email or in-app notifications we send to you.
• Device and usage data: IP address, browser, operating system, device identifiers, pages viewed, API call logs, and security events.
• Cookies and similar technologies: see Section 10.

• Operate the platform: create accounts, hold funds in escrow, release funds, run payouts, and provide dashboards and APIs.
• Verify identity and prevent fraud, money laundering, and terrorist financing.
• Comply with applicable financial, tax, and reporting obligations.
• Communicate with you about your account, transactions, disputes, and security events.
• Provide customer support and resolve disputes.
• Improve the product, monitor uptime, debug issues, and run analytics in aggregate or pseudonymous form.
• Send service updates and, where you have opted in, product news.

Depending on the activity, we rely on one of the following legal bases:

• Contract: to provide the services you have signed up for.
• Legal obligation: KYC, AML, tax, and regulatory reporting requirements.
• Legitimate interest: fraud prevention, network and information security, product improvement.
• Consent: optional marketing communications and non-essential cookies. You can withdraw consent at any time.

We share personal data with the following categories of recipients:

• VFD MFB: our CBN-licensed sub-licensing partner, for bank transfers, payouts, and settlement.
• Identity verification providers: to verify BVN, NIN, government IDs, and business registration.
• Cloud and infrastructure providers: hosting, database, email, observability, and analytics vendors operating under written data processing agreements.
• Regulators and law enforcement: where we are legally required to disclose, including the Central Bank of Nigeria, NFIU, EFCC, NDPC, and courts of competent jurisdiction.
• Professional advisers: auditors, lawyers, and accountants under confidentiality obligations.
• Counterparties to your transactions: limited information needed to complete a transfer or release escrow (for example, recipient name shown to the payer).

We do not sell personal information.

Some of our processors store or process data outside Nigeria. Where this happens, we rely on adequacy decisions, standard contractual clauses, or other safeguards required by the NDPA and equivalent laws to keep your data protected to the same standard.

We retain transaction, KYC, KYB, and AML records for at least 7 years after account closure, as required by Nigerian financial regulations. Other data is kept only as long as needed for the purpose it was collected for, after which it is deleted or anonymised.

Data is encrypted in transit using TLS and at rest using industry-standard algorithms. Access to production systems is restricted by role, protected by multi-factor authentication, and continuously audited. Card data is handled within a PCI-DSS Level 1 environment and never touches our servers in raw form.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately from your dashboard.

Subject to applicable law, you have the right to:

• Access a copy of your personal data.
• Correct inaccurate or incomplete data.
• Request deletion, subject to our legal retention obligations.
• Object to or restrict certain processing.
• Receive your data in a portable format.
• Withdraw consent for optional processing.
• Lodge a complaint with the Nigeria Data Protection Commission (NDPC) or your local supervisory authority.

Submit any rights request from your account settings in the app. An admin will respond in-app within 30 days.

We use strictly necessary cookies to keep you signed in and to secure the session. We may use analytics cookies to understand how the product is used and where it can be improved. You can disable non-essential cookies through your browser settings without losing access to core functionality.

harrenapay is not directed to anyone under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact us and we will delete it.

We may update this policy from time to time. Material changes will be notified by email or in-app at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

For privacy questions, data requests, or to contact our Data Protection Officer, reach us from your dashboard. All legal and support requests are handled in-app so they stay tied to your account.

Controller: Harrena Africa Synergy LTD. You can also lodge a complaint with the Nigeria Data Protection Commission at ndpc.gov.ng.