GoTap Privacy Policy

Effective Date: February 4, 2026
Version: 1.1

1. Introduction

TapprX Limited ("GoTap", "We", "Us", or "Our") is committed to protecting the privacy and security of your personal data. This Privacy Policy outlines how we collect, use, store, share, and protect your information when you use our mobile application, website, SoftPOS technology, and related financial services (collectively, the "Services").

GoTap operates as a technology partner to licensed commercial and microfinance banks. By accessing or using our Services, you consent to the data practices described in this policy.

2. Consent

By downloading the GoTap App, signing up as a User or Merchant, or using our SoftPOS services, you explicitly consent to the collection, processing, and storage of your personal data as defined in this Policy. You have the right to withdraw your consent at any time, subject to legal and contractual restrictions (see Section 9).

3. Information We Collect

To provide a secure, compliant, and seamless payment experience, we collect the following categories of data:

3.1. Identity & Verification Data (KYC)

  1. Personal Information: Full Name, Date of Birth, Gender, Email Address, Phone Number.
  2. Government Identifiers: Bank Verification Number (BVN), National Identification Number (NIN), Tax Identification Number (TIN).
  3. Biometric Data: Facial images (for liveness checks) and Fingerprint/FaceID data (for local device authentication).
  4. Merchant Documents: Certificate of Incorporation (CAC), Memorandum of Association, and Director details.

3.2. Transaction & Financial Data

  1. Wallet Data: Wallet balance, funding sources, and withdrawal history.
  2. Transaction Logs: Details of payments made and received, including timestamps, amounts, counterparty details, and payment methods (NFC/QR/Transfer)
  3. Bank Account Details: NUBAN numbers linked for funding or settlement

3.3. Device & Geo-Location Data (Mandatory)

  1. Geo-Location: Precise GPS location (Latitude/Longitude) at the point of every transaction. Note:Collection of this data is mandatory under Central Bank of Nigeria (CBN) regulations for Contactless Payments to prevent fraud and ensure geofencing compliance.
  2. Device Fingerprint: IP address, device model, operating system version, IMEI, and unique device identifiers.

3.4. Usage & Interaction Data

  1. Prompt Banking:Text and Voice commands used within our AI interface (e.g., "Send 5k to David"). These inputs are processed to execute transactions.
  2. App Analytics: Clickstreams, feature usage, and error logs.

4. How We Use Your Information

We use your data for specific, lawful purposes:

  • Service Delivery: To process payments via NFC, QR, and Transfers; to manage your Wallet; and to provide the Merchant Dashboard.
  • Regulatory Compliance: To verify your identity (KYC) against NIBSS and NIMC databases as required by the CBN.
  • Fraud Prevention: To monitor transaction velocity, detect location mismatches, and prevent money laundering (AML) and terrorist financing (CFT).
  • Credit Scoring (GoTap Insight): For Merchants, we analyse transaction history and sales velocity to generate credit scores and facilitate access to loans/overdrafts via our lending partners.
  • Settlement: To instruct our partner banks to settle funds to your designated account.
  • Communication: To send transaction receipts, security alerts (OTPs), and critical service updates.

5. Data Sharing & Disclosure

We do not sell your personal data. We only share data with the following entities under strict data processing agreements:

  • Financial Institutions & Settlement Partners: We share data with licensed commercial banks, microfinance banks, and payment processors that hold customer deposits and facilitate fund settlement on our behalf. This allows us to provide wallet functionality and ensure regulatory compliance.
  • Regulatory Authorities: We are legally obligated to share data with the Central Bank of Nigeria (CBN), Nigeria Inter-Bank Settlement System (NIBSS), and the Nigerian Financial Intelligence Unit (NFIU) for reporting and fraud monitoring.
  • Service Providers: Third-party vendors who provide critical infrastructure (e.g., Cloud Hosting, Identity Verification, SMS Gateways). These partners are bound by confidentiality obligations.
  • Legal Requests: We may disclose data if required by a court order or legal process.

6. Data Retention

In compliance with the Money Laundering (Prohibition) Act and CBN guidelines, we are required to retain transaction and KYC records for a minimum of five (5) years after the termination of the business relationship.

After the retention period expires, data will be securely deleted or anonymised for statistical analysis.

7. Data Security

We employ banking-grade security measures to protect your data:

  • Encryption: Data is encrypted in transit (using TLS 1.2+) and at rest (using AES-256).
  • PCI Standards: Our card handling processes align with PCI-DSS requirements. We do not store raw magnetic stripe data.
  • Access Control: Strict Role-Based Access Control (RBAC) ensures only authorised personnel can access sensitive data.
  • Tokenisation: Sensitive identifiers are tokenised where possible to prevent exposure.

8. International Data Transfers

GoTap operates primarily in Nigeria. However, some of our cloud infrastructure or service providers may be located outside Nigeria. In such cases, we ensure that the transfer complies with the Nigeria Data Protection Act (NDPA) 2023, utilising standard contractual clauses to ensure your data remains protected.

9. Your Rights

Under the Nigeria Data Protection Act, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data (subject to our legal retention obligations outlined in Section 6).
  • Restrict Processing: Request that we limit how we use your data.
  • Portability: Request your data in a structured, machine-readable format.
  • Withdraw Consent: You may withdraw consent for marketing or non-essential processing at any time. Note: Withdrawing consent for mandatory items (like BVN or Location) may result in the inability to use GoTap.

To exercise these rights, contact our Data Protection Officer at: hello@usegotap.com.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance user experience and analyse traffic. You can manage your cookie preferences through your device or browser settings.

11. Updates to This Policy

We may update this Privacy Policy to reflect changes in our technology, legal obligations, or business operations. We will notify you of any material changes via the App or Email. Continued use of GoTap after such updates constitutes acceptance of the new policy.

12. Contact Us

If you have questions regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer

TapprX Limited

54 Marina, Lagos, Nigeria

Email: hello@usegotap.com

Phone: +234 705 416 6523

HomeGoTap for PersonalGoTap for Business