Last Updated: January 2025

Privacy Policy

Your privacy is sacred. This policy explains how we collect, use, protect, and respect your personal and financial data.

The TL;DR

Bank-Level Security

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Zero plaintext storage of sensitive info.

Zero Data Selling

We will NEVER sell your data to third parties. Your financial info is yours alone.

Minimal Data Collection

We only collect what's necessary to provide our service. No tracking, no profiling, no creepiness.

You're in Control

Export your data anytime. Delete your account anytime. Full transparency, full control.

1. Information We Collect

Account Information

  • Name, email address, phone number (for account creation)
  • Password (hashed with bcrypt, never stored in plaintext)
  • Profile photo (optional, stored securely)

Financial Information

  • Bank account names and balances (you enter manually, we don't store credentials)
  • Transaction data (income, expenses, categories)
  • Budget allocations and goals
  • Ajo group details (names, members, payment history)
  • Income stream data and performance metrics

Usage Data

  • Pages visited, features used (to improve product)
  • Device type, browser, operating system (for compatibility)
  • IP address (for security and fraud prevention)

IMPORTANT: We do NOT store your bank login credentials. We do NOT automatically connect to your bank accounts. You manually enter transactions.

2. How We Use Your Information

We use your data ONLY to provide and improve Nalo Finance services:

  • Provide core features: Budgeting, tracking, Ajo groups, tax calculations, income analysis
  • AI recommendations: Personalized financial insights (processed locally or via encrypted APIs)
  • Customer support: Respond to inquiries, troubleshoot issues
  • Security: Detect fraud, prevent unauthorized access
  • Product improvements: Analyze usage patterns (anonymized) to build better features
  • Communications: Send important updates, security alerts, feature announcements (you can opt out)

WE WILL NEVER: Sell your data to third parties • Use your data for advertising • Share financial details without consent • Track you across other websites

3. Data Security

We take security extremely seriously. Here's how we protect your data:

  • Encryption in transit: All data transmitted via TLS 1.3 (bank-grade encryption)
  • Encryption at rest: Database encrypted with AES-256
  • Password security: Hashed with bcrypt (industry standard), salted, never reversible
  • Access controls: Role-based permissions, principle of least privilege
  • Regular audits: Quarterly security reviews and penetration testing
  • Backups: Daily encrypted backups, stored in separate locations
  • Monitoring: 24/7 intrusion detection and alerting

4. Data Sharing & Third Parties

We share your data in ONLY these limited circumstances:

Service Providers

We work with trusted third parties to operate Nalo:

  • Cloud hosting: AWS Nigeria (data stored in Nigerian data centers when possible)
  • Email service: For transactional emails (account verification, password resets)
  • Payment processor: For Premium subscriptions (Paystack - PCI DSS compliant)

All third parties are bound by strict data protection agreements.

Legal Requirements

We may disclose data if required by Nigerian law, court order, or to protect our rights and safety. We will notify you unless prohibited by law.

Business Transfers

If Nalo is acquired or merged, your data may transfer to the new entity. You'll be notified and can delete your account if you disagree.

5. Your Rights & Control

You have full control over your data:

  • Access: View all data we have about you (Settings → Privacy → Download Data)
  • Export: Download your data in CSV/JSON format anytime
  • Correction: Update inaccurate information in your account settings
  • Deletion: Delete your account and all data (Settings → Account → Delete Account)
  • Opt-out: Unsubscribe from marketing emails (Settings → Notifications)
  • Portability: Take your data to another service

To exercise these rights, email privacy@nalofinance.com or use in-app settings.

6. Data Retention

  • Active accounts: Data retained as long as your account is active
  • Deleted accounts: Data permanently deleted within 30 days (except records required by law)
  • Backups: Deleted data removed from backups within 90 days
  • Legal holds: Data may be retained longer if required by law or for dispute resolution

7. Cookies & Tracking

We use minimal cookies:

  • Essential cookies: Keep you logged in, remember preferences (required for service)
  • Analytics cookies: Understand how users interact with Nalo (anonymized, can be disabled)

We do NOT use advertising cookies or third-party tracking.

8. Children's Privacy

Nalo Finance is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has created an account, please contact us immediately at privacy@nalofinance.com.

9. Changes to This Policy

We may update this policy as Nalo evolves. When we make material changes:

  • We'll notify you via email and in-app notification
  • We'll update the "Last Updated" date at the top
  • You'll have 30 days to review changes before they take effect
  • Continued use after 30 days means you accept the new policy

10. Contact Us

Questions about privacy? We're here to help:

Privacy Team:privacy@nalofinance.com

General Inquiries:hello@nalofinance.com

Your Privacy is Our Priority

Start using Nalo with confidence. Your financial data is secure, private, and under your control.