Privacy Policy

1. Introduction

Lemu Limited ("we", "our", or "us") operates the Lemu mobile application (the "App") that provides digital wallet services, financial transactions, airtime and data purchases, and related financial services (collectively, the "Services").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

2. Information We Collect

2.1 Personal Information

• Name, email address, phone number
• Bank Verification Number (BVN) and National Identification Number (NIN)
• Date of birth and address
• Government-issued identification documents
• Business registration documents (for business accounts)

2.2 Biometric Data

• Face Images and Video: We capture your facial images through your device camera for identity verification (KYC) and biometric authentication. These images are processed to create biometric templates for secure access to your account.
• Biometric Templates: Mathematical representations of your facial features used for authentication purposes.

2.3 Camera and Media Access

• QR Code Scanning: Camera access to scan QR codes for payments and transfers
• Document Capture: Photos of identification documents for verification
• NFC Data: Information from NFC-enabled cards and devices for contactless payments
• Audio (when applicable): Audio may be recorded when capturing video for verification purposes

2.4 Contact Information

• Device Contacts: Names and phone numbers from your device contact list when you choose to send airtime, data, or make transfers to contacts. This information is only accessed when you explicitly select a contact and is not automatically uploaded to our servers.

2.5 Financial Information

• Account balances and transaction history
• Payment methods and beneficiary information
• Transaction patterns and spending behavior
• Wallet addresses and account numbers

2.6 Device and Usage Information

• Device model, operating system, and version
• Unique device identifiers
• IP address and location data
• App usage patterns and crash reports
• Login and access logs

2.7 Authentication Data

• Login credentials (email/phone and password)
• Transaction PINs and lock screen PINs
• Security questions and answers
• Two-factor authentication tokens

3. How We Use Your Information

• Account Management: Create and maintain your account, verify your identity, and provide customer support
• Transaction Processing: Execute financial transactions, transfers, airtime and data purchases
• Identity Verification: Comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations
• Security: Protect against fraud, unauthorized access, and other illegal activities
• Communication: Send transaction notifications, security alerts, and service updates
• Service Improvement: Analyze usage patterns to improve our services and develop new features
• Regulatory Compliance: Meet legal and regulatory requirements for financial services
• Marketing: Send promotional content and offers (with your consent)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To provide the services you've requested and fulfill our contractual obligations
• Legal Compliance: To comply with Nigerian financial regulations, CBN guidelines, and international standards
• Consent: When you explicitly grant permission for specific data processing activities (e.g., camera access, contact access)
• Legitimate Interest: For fraud prevention, security, and service improvement purposes

5. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described below:

5.1 Service Providers

• Banking partners and financial institutions
• Payment processors and gateway providers
• Identity verification and KYC service providers
• Cloud storage and hosting providers
• Customer support and communication platforms

5.2 Legal Requirements

• Regulatory authorities (Central Bank of Nigeria, EFCC, etc.)
• Law enforcement agencies when required by law
• Courts and legal proceedings
• Tax authorities for tax compliance purposes

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Retention

• Transaction Records: Retained for a minimum of 5 years as required by Nigerian financial regulations
• Biometric Data: Face images are deleted within 30 days after biometric template extraction. Templates are retained for the duration of your account
• Identity Documents: Retained for the life of the account plus 5 years after closure
• Account Information: Retained until account deletion, then archived for regulatory periods
• Device and Usage Data: Retained for up to 2 years for analytics and improvement purposes

7. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Access Controls: Strict access controls and multi-factor authentication for all systems
• Regular Audits: Regular security audits and penetration testing
• Data Minimization: We only collect and process data necessary for service provision
• Secure Storage: Biometric data and sensitive information stored in secure, compliant data centers
• Staff Training: Regular security and privacy training for all personnel

8. Your Rights and Choices

You have the following rights regarding your personal data:

8.1 Access and Control

• View and update your personal information in the app settings
• Download a copy of your data
• Request correction of inaccurate information

8.2 Consent Management

• Withdraw camera permission through device settings (may limit QR scanning and face verification)
• Withdraw contacts permission through device settings (may limit contact selection for transfers)
• Opt out of marketing communications
• Disable biometric authentication (PIN authentication will be required)

8.3 Account Deletion

• Request complete account deletion through the app or by contacting support
• Data will be deleted within 30 days, except for information required for regulatory compliance

9. International Data Transfers

Your data may be transferred to and processed in countries outside Nigeria where our service providers operate. We ensure appropriate safeguards are in place through:

• Data processing agreements with adequate security measures
• Compliance with international data protection standards
• Regular monitoring of service provider security practices

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

11. Third-Party Services

Our app may contain links to third-party websites or integrate with third-party services. This privacy policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services you access.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes through the app or via email. Your continued use of the service after such notification constitutes acceptance of the updated policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

14. Governing Law

This privacy policy is governed by the laws of the Federal Republic of Nigeria. Any disputes arising from this policy will be subject to the jurisdiction of Nigerian courts.