Privacy Policy

Delight Mobile Application

Effective Date: December 2025

This Privacy Policy explains how Delight Tech Lab Limited ("Delight", "we", "our", or "us") collects, uses, stores, shares, and protects your personal information when you use the Delight mobile application, website, or any associated services.

By downloading, registering, funding a wallet, creating a budget, enabling locks or limits, or using any Delight service, you consent to the practices described in this Privacy Policy.

1. Who We Are

Company Name:
Delight Tech Lab Limited
RC Number:
7086717
Registered Address:
3 Olorundaba Street, Dopemu, Lagos, Nigeria
Support Email:
support@delightfinance.ai
Data Protection Officer:
dpo@delightfinance.ai

We operate Delight, a personal financial management platform offering budgeting tools, automated payments, spending controls, budget locks and limits, and digital wallet functions. We are not a bank and do not hold deposits; all wallet balances are maintained by licensed financial institutions.

Our Service Providers

We deliver our services through licensed financial institutions and authorised third-party processors:

  • Sterling Bank Plc via Embedly API — Primary banking and payment infrastructure
  • Paystack — Secondary payment processor (wallet funding, DVAs, verification)
  • VTpass — Bill payment aggregator (airtime, data, utilities, TV subscriptions)
  • Convex — Serverless backend storage and processing
  • Clerk — Authentication and identity management
  • Sendchamp — Email notifications
  • Expo Notifications — Mobile push notification delivery
  • Sentry — Error tracking and performance monitoring

Regulatory Compliance

We are committed to protecting your personal information in compliance with:

  • The Nigeria Data Protection Act 2023 (NDPA) and Nigeria Data Protection Regulation (NDPR)
  • Central Bank of Nigeria (CBN) KYC/AML Regulations
  • Other applicable Nigerian laws and regulations

2. Information We Collect

We collect only information strictly required to operate the Delight platform safely and lawfully.

a. Personal Information You Provide

Identity & KYC Data:

  • Bank Verification Number (BVN) and National Identification Number (NIN)
  • Date of birth and gender
  • Government-issued identification documents (passport, driver's license, national ID)
  • Selfie photographs for identity verification
  • Verification timestamps and status

Account Information:

  • Full name, phone number, and email address
  • Username and profile image
  • Transaction PIN (stored as cryptographic hash only)

Financial Data:

  • Wallet balance and complete transaction history
  • Budget configurations, allocations, and spending patterns
  • Lock and limit configurations, including commitment notes
  • Automation schedules and execution history
  • Bill payment history and saved recipients
  • Linked bank account details and Dedicated Virtual Account (DVA) information

Security Credentials:

  • Login credentials managed by Clerk
  • Multi-factor authentication data
  • App lock and biometric authentication preferences

b. Information Automatically Collected

  • Device information (model, operating system, platform, app version)
  • Session logs, login attempts, and usage analytics
  • Error logs and crash reports
  • In-app navigation events, features used, and screen views
  • Notification interactions and delivery status
  • Budget activity, spending events, lock/limit triggers, and penalty records

c. Information from Third Parties

  • Embedly (Sterling Bank): KYC confirmation, bank account validation, transfer results, balance reports
  • Paystack: DVA details, verification results, webhook event data
  • VTpass: Service verification (meter/smartcard number validation), bill payment results
  • Clerk: Authentication status and registration metadata

d. Biometric Data

We support biometric authentication (Face ID, fingerprint) for app access and transaction approval. Biometric data is processed and stored solely on your device using your device's secure enclave (iOS Keychain/Android Keystore). We do not have access to, transmit, or store your biometric data on our servers.

e. Device Contacts

With your explicit permission, we access your device contacts to facilitate quick recipient selection for transfers and bill payments (such as airtime purchases). Contact data is used locally and is not stored on our servers or shared with third parties.

3. How We Use Your Information

a. Core Financial Services

  • Create and manage your digital wallet account
  • Process wallet funding, withdrawals, and transfers
  • Provide Dedicated Virtual Accounts (DVAs)
  • Execute transactions through our payment partners
  • Process bill payments through VTpass

b. Budgeting, Locks & Limits

  • Create, enforce, and monitor budget allocations and spending restrictions
  • Process and enforce budget locks (timed, manual, and recurring)
  • Apply early unlock penalties with your explicit consent
  • Enforce spending limits and calculate violation penalties
  • Store commitment notes you create when locking funds
  • Enable budget sharing with other users you designate

c. Automations & Recurring Transactions

  • Schedule and execute recurring transfers and bill payments
  • Validate balance, approval settings, and recipient details
  • Send reminders and notifications for scheduled payments
  • Process leftover fund strategies at budget period end

d. Identity Verification (KYC) & Security

  • Verify your identity using BVN, NIN, and government-issued identification
  • Process selfie verification for identity confirmation
  • Prevent fraud, money laundering, and terrorist financing
  • Maintain regulatory compliance with CBN requirements

e. Communications & Notifications

  • Push notifications via Expo (transaction alerts, approval requests, limit violations)
  • Email notifications via Sendchamp (confirmations, alerts)
  • In-app messages (budget thresholds, lock status, system updates)

f. Analytics & Platform Improvement

  • Monitor performance and detect bugs via Sentry
  • Improve budgeting algorithms and user experience
  • Analyse usage trends to enhance features
  • Maintain app reliability and security

We do not sell or rent your personal data.

4. Legal Basis for Processing

We process your data under the following lawful bases as permitted by the NDPA and NDPR:

  • Consent — Provided when you register, grant specific permissions, or enable features like budget locks
  • Contractual Necessity — Required to provide financial services you have requested
  • Legal Obligations — NDPA/NDPR, CBN regulations, AML/KYC laws, tax requirements
  • Legitimate Interests — Fraud prevention, security, and service improvement

5. Sharing Your Information

We share data only as required for service delivery and legal compliance. All third-party processors are bound by confidentiality and data protection obligations.

a. Payment Processors

  • Embedly (Sterling Bank): Identity verification, transfers, reconciliations, KYC processing
  • Paystack: DVA provisioning, transfers, verification, webhook events

b. Bill Payment Provider

  • VTpass: Customer verification (phone, smartcard, meter numbers), service fulfilment

c. Technology & Communication Providers

  • Convex: Secure backend storage and processing of all user data
  • Clerk: Authentication and session management
  • Sendchamp: Email delivery
  • Expo: Push notification delivery
  • Sentry: Error tracking and crash reporting

d. Regulators & Law Enforcement

We may disclose your information to the following authorities as required by law:

  • Central Bank of Nigeria (CBN)
  • Nigeria Financial Intelligence Unit (NFIU)
  • Economic and Financial Crimes Commission (EFCC)
  • Nigeria Data Protection Commission (NDPC)
  • Other government agencies as required by applicable law

6. Cross-Border Data Transfers

Some of our service providers process data outside Nigeria. Specifically:

  • Convex (backend infrastructure) — United States
  • Clerk (authentication services) — United States
  • Sentry (error tracking) — United States

Where we transfer personal data outside Nigeria, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by relevant data protection authorities. These transfers are conducted in compliance with the NDPA requirements for cross-border data transfers.

7. Data Retention

We retain your information for the periods necessary to fulfil the purposes outlined in this Privacy Policy, subject to legal requirements:

Data TypeRetention Period
Transaction records7 years (CBN requirement)
KYC/Identity documents7 years after account closure
Account informationDuration of account plus 7 years
Usage analytics/logs2 years
Marketing preferencesUntil consent is withdrawn
Audit logs7 years (regulatory compliance)

When retention periods expire, data is securely deleted or permanently anonymised.

8. Your Rights

Under the Nigeria Data Protection Act 2023 (NDPA) and NDPR, you have the following rights regarding your personal information:

  • Right of Access: You have the right to obtain confirmation of whether we process your personal data, access to that data, and information about how we process it.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information we hold about you.
  • Right to Erasure: You have the right, in certain circumstances, to request deletion of your personal information. Please note that some data must be retained for regulatory compliance (e.g., transaction records for 7 years).
  • Right to Restriction: You have the right to request that we limit how we process your personal information in certain circumstances.
  • Right to Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: You have the right to object to processing based on legitimate interests. You can object to marketing communications at any time.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact our Data Protection Officer at dpo@delightfinance.ai. We will respond to your request within 30 days.

If you are unsatisfied with our response, you may file a complaint with the Nigeria Data Protection Commission (NDPC).

9. Data Security

We implement industry-standard security measures to protect your personal information:

Technical Safeguards:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Transaction PIN hashed using Argon2id algorithm with per-user cryptographic salt
  • Session tokens stored in device secure storage (iOS Keychain/Android Keystore)
  • Secure API handling with authentication requirements

Organisational Safeguards:

  • Access controls and role-based permissions
  • Continuous monitoring for anomalies
  • Regular security assessments
  • Staff training on data protection practices

Your Responsibilities: You are responsible for keeping your devices secure, protecting your login credentials and transaction PIN, and enabling device-level security features such as screen lock and biometric authentication.

10. Cookies & Tracking Technologies

We use cookies and similar technologies for:

  • Authentication and session management
  • Performance analytics and error tracking
  • User preference storage

You may disable cookies in your browser settings, but this may affect some functionality of our services.

11. Third-Party Links

The App may contain links to external websites or services operated by third parties. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party services before providing your personal information.

12. Marketing & Communications

  • We send promotional messages only with your opt-in consent
  • You may unsubscribe from marketing communications at any time
  • Transactional notifications (transaction alerts, security alerts, approval requests) cannot be disabled as they are essential to the service

13. Children's Privacy

Delight is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected information from a minor, please contact us at dpo@delightfinance.ai and we will take steps to delete such information.

14. Changes to This Policy

We may modify this Privacy Policy from time to time to reflect:

  • New or changed regulatory requirements
  • New features or changes to existing services
  • Updates to our data processors
  • Improvements to our security practices

Material changes will be notified via in-app notification or email. The updated policy will indicate the effective date. Continued use of Delight after changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

For questions, concerns, or to exercise your data protection rights, contact us at:

Delight Tech Lab Limited

3 Olorundaba Street, Dopemu, Lagos, Nigeria

General Support: support@delightfinance.ai

Data Protection Officer: dpo@delightfinance.ai

Website: https://delightfinance.ai

16. Consent Acknowledgment

By using Delight, you confirm that:

  • You have read and understood this Privacy Policy
  • You agree to the collection, use, and processing of your personal data as described herein
  • You understand your rights, the data retention periods, and the lawful basis for processing
  • You acknowledge that some of your data may be transferred outside Nigeria with appropriate safeguards
  • You understand that certain data must be retained for regulatory compliance even after account closure

— End of Privacy Policy —