Security and compliance by design
Consent-driven verification, role-scoped access, masked PII, audit logs and data protection controls for sensitive identity workflows.
Consent on every lookup
No verification runs without recorded customer consent captured, timestamped and auditable.
Encryption everywhere
TLS 1.3 in transit, AES-256 at rest. Transaction PINs and 2FA protect every wallet debit.
Masked PII by default
NINs, BVNs and phone numbers are masked in dashboards, receipts and logs. Full data only where strictly required.
Immutable audit trails
Every sensitive-data access, admin action and settlement is logged and retained for 7 years.
Fraud monitoring
Duplicate-face detection, velocity checks, IP allowlisting and device anomaly alerts run continuously.
Least-privilege access
Role-based access for users, agents, merchants, processors and admins nobody sees more than they need.
Data handling commitments
• Data is sourced only from official registries (NIMC, NIBSS, CAC, FIRS) through licensed channels.
• Verification results are cached only within provider-approved TTLs and never resold.
• Customers can request data deletion in line with NDPR; disputes are handled through our in-app support with defined SLAs.
• Incident response: suspected breaches are contained, investigated and disclosed per regulatory timelines.