Legal

Privacy Policy

How Kova collects, uses, and protects your personal data.

Last Updated: 11 March 2026

Introduction

Kova Technologies Ltd ("Kova", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our mobile application, website (kova.finance), and related services (collectively, the "Services"). By creating an account or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services. This policy is governed by the Nigeria Data Protection Act 2023 (NDPA) and any applicable regulations issued by the Nigeria Data Protection Commission (NDPC).

Data Controller

Kova Technologies Ltd is the Data Controller responsible for your personal data. Contact our Data Protection Officer: Email: dpo@kova.finance Address: Lagos, Nigeria For general inquiries: hello@kova.finance

What Data We Collect

Account Registration

Full name, email address, phone number, date of birth, and encrypted password.

Identity Verification (KYC)

Three tiers ranging from basic BVN verification to enhanced biometric data and source-of-funds documentation. We verify your identity through licensed KYC providers to comply with regulatory requirements.

Financial Data

Bank details, transaction records, contribution history, wallet balances, and payment receipts.

Device & Usage Data

Device specifications, IP address, app activity logs, and crash reports to improve our Services.

Communications

Support requests, feedback you submit, and your engagement with marketing communications.

How We Use Your Data

Contract Performance:Managing your account, processing transactions, and providing core Services.
Legal Obligations:KYC/AML compliance and reporting obligations under Nigerian law.
Legitimate Interest:Fraud prevention, security monitoring, and service improvement.
Consent:Marketing communications — only when you have opted in.

Group Data Visibility

When you participate in a Group on Kova, certain information is visible to other group members to enable transparency and trust.

Visible to Group Members

Your registered name, contribution tier and role, contribution amounts and history, voting and approval activity, and group join and activity dates.

Always Private

Banking credentials, government IDs, and KYC documents are never shared. Your contact information (unless voluntarily shared), activity in other groups, overall financial position, and device or location data remain strictly private.

Third-Party Data Sharing

We share your data only with operational partners necessary to provide our Services: • Payment processors — to facilitate bank transfers and USSD payments • Identity verification providers — to complete KYC requirements • Cloud infrastructure providers — to host and secure the platform We do not sell your personal data. Law enforcement and regulatory bodies may receive data only when legally required.

Data Security

We implement industry-standard safeguards to protect your data: • TLS/SSL encryption for all data in transit • Encryption at rest for sensitive personal and financial data • Tokenization of financial information • Role-based access controls limiting internal data access • Multi-factor authentication for privileged systems • Regular security audits and penetration testing Despite these measures, no system is completely secure. We encourage you to protect your account credentials and notify us immediately at support@kova.finance of any suspected unauthorized access.

Data Retention

Data TypeRetention PeriodReason
Account, KYC & Financial DataAccount lifetime + 6 yearsRegulatory compliance
Group Activity RecordsAccount lifetime + 6 yearsDispute resolution
Device & Usage Data24 monthsProduct improvement
Support Records3 yearsQuality assurance

Your Rights

Under the NDPA 2023 (Part VI), you have the following rights regarding your personal data:

Access:Request a copy of the personal data we hold about you.
Rectification:Request correction of inaccurate or incomplete data.
Erasure:Request deletion of your data where we have no legal basis to retain it.
Data Portability:Receive your data in a structured, machine-readable format.
Restriction:Request that we limit how we process your data in certain circumstances.
Withdraw Consent:Opt out of marketing communications at any time through app settings.
Human Review:Request human review of significant automated decisions affecting your account.

We will respond to requests within 30 days (60 days for complex requests). To exercise your rights, contact dpo@kova.finance. You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).

Additional Protections

Children

Our Services are not directed at individuals under 18 years old. If we discover we have inadvertently collected data from a minor, we will delete it promptly.

Cross-Border Transfers

Where personal data is transferred outside Nigeria, we ensure appropriate safeguards are in place through Standard Contractual Clauses or equivalent protections.

Cookies

Essential cookies are required for the Services to function. Analytics cookies are only used with your consent. You can manage your cookie preferences at any time.

Breach Notification

In the event of a data breach, we will notify the NDPC within 72 hours and inform affected users about any material impacts to their data.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you with at least 30 days' notice via email or in-app notification. The current version is always available at kova.finance/privacy. Last Updated: 11 March 2026

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us: Data Protection Officer: dpo@kova.finance General Inquiries: hello@kova.finance Address: Lagos, Nigeria Regulator: Nigeria Data Protection Commission (NDPC)