Kova Technologies Ltd ("Kova," "we," "our," or "us") is a Nigerian fintech company building infrastructure for collective finance. Our platform enables groups of people to pool funds into shared virtual wallets, track contributions, and make collective payments.
This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the Kova mobile application, website, and related services (collectively, the "Services"). It applies to all users, including group organizers, group members, and website visitors.
We are committed to protecting your privacy and processing your data in compliance with the Nigeria Data Protection Act (NDPA) 2023, the Nigeria Data Protection Regulation (NDPR), and other applicable data protection laws.
By creating a Kova account or using our Services, you acknowledge that you have read and understood this Privacy Policy.
Kova Technologies Ltd is the Data Controller responsible for your personal data. We are registered under the Companies and Allied Matters Act (CAMA) 2020.
Data Controller
Kova Technologies Ltd
dpo@kova.finance
Registered Address
32 Sanusi Adekunle, Greenfields Estate, Lagos, Nigeria
Website
kova.finance
We collect different categories of data depending on how you interact with our Services. We adhere to the principle of data minimisation — we only collect data that is necessary for the specific purpose.
Full name
Email address
Phone number
Date of birth
Password (stored in encrypted form only)
To comply with Central Bank of Nigeria (CBN) regulations and Anti-Money Laundering (AML) requirements, we collect identity verification data through licensed KYC verification providers.
Tier
Data collected
Purpose
Tier 1
BVN, basic identity confirmation
Basic verification with limited transaction caps
Tier 2
Government-issued ID (NIN, driver's licence, passport), proof of address, selfie
Enhanced verification for higher limits
Tier 3
Source of funds documentation, enhanced biometric verification
Verification for premium users and high-value groups
Bank account details (account name, account number, bank name)
Transaction records (amounts, dates, recipient details, payment method)
Contribution history within groups
Wallet balances and fund movement records
Payment confirmation receipts
Device type, operating system, and version
IP address and approximate location (city/region level)
App usage patterns (features accessed, session duration)
Push notification interaction data
Crash reports and performance data
Support requests and correspondence
Feedback and survey responses
Email engagement data for marketing you've opted into
We process your personal data only for specified, legitimate purposes.
Processing Activity
Purpose
Lawful Basis
Creating and managing your account
Providing access to the Services
Performance of a contract
Processing contributions and disbursements
Facilitating group financial transactions
Performance of a contract
Verifying your identity
KYC/AML compliance under CBN regulations
Legal obligation
Displaying your contribution status to group members
Enabling transparent group financial management
Performance of a contract; Legitimate interest
Sending transaction confirmations and reminders
Keeping you informed about group activity
Performance of a contract
Monitoring for fraud and suspicious activity
Protecting you and other users
Legal obligation; Legitimate interest
Sending marketing communications
Informing you about new features and promotions
Consent
Analysing usage patterns
Improving the Services
Legitimate interest
Complying with legal requirements
Meeting obligations under Nigerian law
Legal obligation
Important: Transparency is a core feature of Kova. When you join a group, certain information about you is visible to other group members by design. This section explains exactly what is shared and what remains private.
Your name (as registered on Kova)
Your contribution tier/role within the group
Whether you have contributed and the amount
Your approval or vote on payout requests
Your activity within the group (joining date, contribution dates)
Your bank account details, BVN, or government-issued ID
Your KYC verification documents
Your phone number or email address (unless you choose to share)
Your activity in other groups
Your overall wallet balance or financial position outside the group
Your device information or location data
By joining a group on Kova, you consent to the sharing of the information described in Section 5.1 with other members of that group. This is essential to how the Services work — it eliminates the need for one person to manually track and report contributions.
You may leave a group at any time. Upon leaving, your historical contribution data remains visible for record-keeping and transparency, but no new data will be shared with the group.
We do not sell your personal data. We share your data only with the third-party service providers necessary to operate the Services.
Partner Category
Function
Data Shared
Licensed Payment Processors
Payment processing, virtual accounts, contributions, disbursement
Name, bank account details, transaction amounts, email
Identity Verification Providers
KYC verification and identity checks
Name, BVN, government-issued ID, biometric data
Cloud Infrastructure Providers
Data storage, hosting, push notifications
All data (encrypted at rest and in transit)
The specific partners we use may change as our Services develop. An up-to-date list is available on request at dpo@kova.finance.
We may also share data with law enforcement, regulatory authorities (including the CBN, NFIU, and NDPC), or courts when required by law.
We implement appropriate technical and organisational measures to protect your personal data, in accordance with Section 39 of the NDPA 2023.
End-to-end encryption for data in transit (TLS/SSL)
Encryption at rest for stored personal and financial data
Tokenisation of sensitive financial information
Role-based access controls
Multi-factor authentication for internal systems
Automated fraud and anomaly monitoring
Regular security audits and vulnerability assessments
Staff data protection training
While we take all reasonable precautions, no method of electronic transmission or storage is completely secure.
We retain your data only as long as necessary to fulfil its purpose, or as required by law.
Data Category
Retention Period
Reason
Account registration data
Account duration + 6 years
CBN record-keeping; legal claims
KYC/identity verification
Account duration + 6 years
CBN KYC/AML regulations
Transaction and financial data
Account duration + 6 years
CBN regulations; tax/audit
Group activity data
Account duration + 6 years
Regulatory; dispute resolution
Device and usage data
24 months
Product improvement; security
Marketing consent records
Consent duration + 2 years
Demonstrating valid consent
Support correspondence
3 years from resolution
Quality assurance; disputes
When data reaches the end of its retention period, it is securely deleted or anonymised.
Under Part VI of the NDPA 2023, you have the following rights. Exercise them by contacting dpo@kova.finance.
Right to be Informed — Know what data we process, why, how, and for how long.
Right of Access — Obtain a copy of the personal data we hold about you.
Right to Rectification — Request correction of inaccurate or incomplete data.
Right to Erasure — Request deletion of your data (subject to legal retention requirements).
Right to Restrict Processing — Temporarily limit data use under certain conditions.
Right to Data Portability — Receive your data in a structured, machine-readable format.
Right to Object — Object to processing based on legitimate interest. Absolute right to object to direct marketing.
Right to Withdraw Consent — Withdraw consent at any time (doesn't affect prior processing).
Right to Lodge a Complaint — Complain to the Nigeria Data Protection Commission (NDPC).
We respond to all valid requests within 30 days. Complex cases may take up to 60 days with notice.
Certain rights may be limited where we have a legal obligation to retain data (e.g., CBN requirements) or where exercising a right would adversely affect other group members' rights.
Where we rely on consent (such as marketing communications), we obtain it through a clear, affirmative action. Silence, pre-ticked boxes, or inactivity do not constitute valid consent.
You may withdraw consent at any time by contacting dpo@kova.finance or using the unsubscribe mechanism in marketing communications.
Our Services are not directed at children under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have, we will delete it promptly. Contact dpo@kova.finance if you believe a child has provided us with personal data.
Our infrastructure may involve the storage or processing of your data outside Nigeria. Where this occurs, we ensure adequate protection through:
Transferring data only to jurisdictions with adequate data protection (as determined by the NDPC)
Implementing Standard Contractual Clauses (SCCs) with NDPA-compliant obligations
Ensuring all international partners implement appropriate security measures
Our website and app may use cookies and similar technologies:
Essential cookies — Required for basic operation (authentication, security). No consent required.
Analytics cookies — Help us understand usage patterns. Used only with your consent.
We do not use advertising or third-party tracking cookies. Manage preferences through your browser settings
In the event of a personal data breach likely to result in high risk to your rights, we will:
Notify the NDPC without undue delay (within 72 hours where feasible)
Notify affected users with a description of the breach, likely consequences, and remedial measures
Document the breach and remedial actions for regulatory review
Kova may use automated systems for fraud detection and transaction monitoring. Where automated processing produces a decision that significantly affects you (such as restricting your account), you have the right to request human review. Contact dpo@kova.finance.
If you have questions, wish to exercise your rights, or have a complaint:
Data Protection
dpo@kova.finance
General Enquiries
hello@kova.finance
Address
32 Sanusi Adekunle, Greenfields Estate, Lagos, Nigeria
If unsatisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).