Privacy Policy

Staff Pay ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payroll and payment automation platform, including the website and, when available, native mobile apps that connect to the same account.

Who we serve. Staff Pay serves businesses, households, and individuals. Automate recurring bank payments with the same schedules and Quick Transfers. Payroll and employer-related payments are central to the product; other lawful uses of the same features are described in our Terms of Service.

By using Staff Pay, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

We use the information we collect to:

• Provide, maintain, and improve our payroll and payment automation services
• Process payments and transactions
• Conduct identity verification (KYC) and comply with CBN, AML/CFT, and other regulatory requirements
• Send you service-related communications
• Respond to your inquiries and provide customer support
• Detect, prevent, and address technical issues, fraud, and money laundering
• Comply with legal obligations and enforce our terms
• Analyze usage patterns to improve user experience

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party service providers who assist in operating our platform (e.g., payment processors, KYC/identity verification providers, cloud hosting)
• Regulators and Law Enforcement: With the Central Bank of Nigeria (CBN), Nigeria Financial Intelligence Unit (NFIU), law enforcement, or other authorities when required by law or to prevent fraud, money laundering, or terrorism financing
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share your information

Funding identifiers and partner events. When you fund your wallet using a dedicated virtual account (NUBAN) from our payment partner, we receive automated signals (for example assignment or reassignment events) that may include account numbers and bank metadata. We use that data to show current funding instructions in your dashboard, send in-app and email notices when details change, and retain limited internal records for fraud prevention, reconciliation, and support. We intentionally do not surface superseded account numbers in the product UI to reduce confusion; you should always follow the live details in the app and any official notices we send you.

We implement industry-standard security measures to protect your information, including:

• 256-bit SSL encryption for data in transit
• Encryption at rest for stored data
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Secure data centers with physical security measures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Under the Nigeria Data Protection Act 2023 (NDPA) and applicable regulations, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Restriction: Request limitation of processing
• Portability: Receive your data in a structured format
• Objection: Object to processing of your data

To exercise these rights, please contact us at hello.staffpay@gmail.com.

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

Account closure: When you close your account (via Deactivate or Permanently Delete in Settings), we will delete or anonymize your personal information within 30 days. You may permanently delete your account and all associated data at any time from Dashboard → Settings → Permanently Delete Account.

System data: Application logs and notifications are retained for 3 months, then automatically deleted. Cookie and consent preferences are logged for compliance and retained as required by law.

KYC and compliance data: Identity verification records and AML/CFT documentation are retained as required by CBN regulations and Nigerian law (typically up to at least 5 years after the end of the business relationship).

Where Nigerian law, tax regulations, or financial regulations require longer retention, we retain data in accordance with those requirements.

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and assist with marketing efforts. You can control cookie preferences through your browser settings.

For more information, please see our Cookie Policy.

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have any questions about this Privacy Policy or our data practices, please contact us: