Privacy Policy
StitchPay (“we”, “our”, “us”) is committed to protecting the privacy and personal data of all users of our platform. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act (NDPA) 2023, and other applicable data protection laws.
Effective Date: March 2026
Last Updated: March 2026
1. Data Controller
StitchPay is the data controller responsible for your personal data. For questions about this policy or your data rights, contact us at:
- Email: admin@stitchpay.app
- Address: F1 19, New Horizon One Estate, Ikate, Lekki, Lagos, Nigeria
2. Information We Collect
2.1 Business Information (KYB)
When a fashion house registers on StitchPay, we collect:
- Business name and registration number (CAC BN/RC)
- Tax Identification Number (TIN)
- Business address and proof of address
- Director/owner identification (NIN, passport, voter's card)
- Bank Verification Number (BVN) of directors
- Bank account details and statements
- Memorandum and Articles of Association
- Board resolutions and shareholder information
2.2 Staff Information
For staff accounts (CEO, Accountant, Production Manager, Sales Rep), we collect:
- Full name
- Email address
- Phone number
- Role and access permissions
- Login credentials (passwords are stored in hashed form)
2.3 Tailor Information
For tailors registered on the platform, we collect:
- Full name
- Phone number and email address
- Bank name, account number, and bank code
- Personal Identification Number (PIN) for platform access
- Work history (jobs logged, approvals, payroll records)
- Payment history and bank verification data
2.4 Transaction Information
We collect and retain records of:
- Payroll calculations and disbursements
- Wallet funding transactions
- Payment transfers to tailors
- Transaction fees and references
- Work orders and customer details
2.5 Technical Information
We automatically collect:
- IP address and browser type
- Device information
- Usage data and access logs
- Cookies and similar tracking technologies
3. How We Use Your Information
We use the information collected for the following purposes:
Service Delivery:
- Processing payroll calculations and disbursements
- Verifying bank account details before payment
- Managing work orders, task tracking, and approvals
- Generating reports and analytics for business owners
Compliance and Security:
- Know Your Business (KYB) verification
- Anti-money laundering (AML) and counter-terrorism financing (CTF) compliance
- Fraud prevention and detection
- Audit logging and accountability
Communication:
- Email notifications (payment receipts, work approvals, payroll alerts)
- Service updates and announcements
- Customer support
Platform Improvement:
- Analysing usage patterns to improve features
- Generating anonymised, aggregated industry insights
4. Legal Basis for Processing
We process your personal data based on:
- Contractual necessity: Processing is necessary to provide the StitchPay service as agreed in our Terms of Service.
- Legal obligation: We are required to collect certain information under CBN regulations, AML laws, and tax reporting requirements.
- Legitimate interest: We process data for fraud prevention, platform security, and service improvement.
- Consent: Where required, we obtain your explicit consent before processing sensitive data.
5. Data Sharing
We share your data only in the following circumstances:
5.1 Payment Partners
- Kuda Microfinance Bank: For virtual account creation, fund transfers, and payment processing.
- Paystack: For bank account verification (name enquiry).
5.2 Service Providers
- Supabase: Database hosting and storage.
- Vercel: Application hosting.
- Resend: Email delivery service.
5.3 Legal Requirements
We may disclose your data when required by:
- Court orders or legal proceedings
- Regulatory requests from the Central Bank of Nigeria (CBN)
- Law enforcement agencies investigating financial crimes
- Nigeria Financial Intelligence Unit (NFIU) requests
5.4 We Never
- Sell your personal data to third parties
- Share your data for advertising purposes
- Provide your data to unrelated businesses
6. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| KYB documents | Duration of account + 6 years |
| Transaction records | 6 years (CBN requirement) |
| Payroll records | 6 years |
| Audit logs | 5 years |
| Staff/tailor profiles | Duration of account + 1 year |
| Technical logs | 12 months |
After the retention period, data is securely deleted or anonymised.
7. Data Security
We implement appropriate technical and organisational measures to protect your data:
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest.
- Access Control: Role-based access ensures users only see data relevant to their role.
- Authentication: Secure login with password protection and PIN-based access for tailors.
- Audit Logging: All significant actions are logged with actor identity and timestamp.
- Infrastructure: Hosted on enterprise-grade platforms (Supabase, Vercel) with industry-standard security certifications.
8. Your Rights
Under the NDPA 2023, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your data (subject to legal retention requirements).
- Restriction: Request limitation of processing in certain circumstances.
- Portability: Receive your data in a structured, commonly used format.
- Objection: Object to processing based on legitimate interest.
- Withdraw Consent: Where processing is based on consent, withdraw at any time.
To exercise these rights, contact us at privacy@stitchpay.app. We will respond within 30 days.
9. Cross-Border Data Transfers
Your data may be processed by service providers located outside Nigeria. Where this occurs, we ensure adequate safeguards are in place through:
- Standard contractual clauses
- Service provider compliance with equivalent data protection standards
- Verification that the receiving jurisdiction provides adequate protection
10. Cookies
StitchPay uses essential cookies and local storage for:
- Authentication and session management
- User preferences (e.g., dark mode)
- Platform functionality
We do not use advertising or tracking cookies.
11. Children's Data
StitchPay is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. Material changes will be communicated via email to registered users.
13. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
Nigeria Data Protection Commission (NDPC)
Website: https://ndpc.gov.ng
Email: info@ndpc.gov.ng
Contact Us
For any questions about this Privacy Policy or your personal data:
StitchPay
Email: privacy@stitchpay.app
Website: https://stitchpay.app