BettaLyfe
Privacy Policy

Nigeria Data Protection Act 2023 Compliant

Last Updated: 1st June 2026 | Version 2.0

4c Idowu Martins Street, Victoria Island, Lagos, Nigeria

1. Introduction

BettaLyfe Digital Services Limited (BettaLyfe, we, us, or our), incorporated in Nigeria under CAMA 2020, is committed to protecting the privacy and personal data of all users of the BettaLyfe platform, mobile application, and website (the Platform).

This Privacy Policy explains how we collect, use, store, share, and protect your personal data under the Nigeria Data Protection Act 2023 (NDPA) and all applicable Nigerian laws. BettaLyfe is registered with the NDPC as a Data Controller of Major Importance (DCPMI). By using the Platform you confirm that you have read and accepted this Policy.

2. Data Controller Details

Field	Details
Company Name	BettaLyfe Digital Services Limited
Address	4c Idowu Martins Street, Victoria Island, Lagos, Nigeria
Privacy Email	privacy@bettalyfe.com
Data Protection Officer	dpo@bettalyfe.com
Customer Support	support@bettalyfe.com \| +234-916-000-8850

3. Personal Data We Collect

3.1 Identity and Verification Data

Full legal name, date of birth, gender, and nationality
Bank Verification Number (BVN) — mandatory per CBN regulations
National Identification Number (NIN) — mandatory per CBN 2024 circular
Government-issued photo ID (National ID Card, Voter's Card, Driver's Licence, or International Passport)
Passport photograph and liveness/selfie biometric image (Tier 3 KYC)

3.2 Contact Data

Phone number (primary and alternate), email address
Residential and business address
Next of kin name and contact details

3.3 Financial and Wallet Data

Virtual bank account number (issued via Providus Bank)
Wallet balance and full transaction history
BettaCredit balance and service redemption records
Gift card purchase and usage records
Bill payment history (airtime, data, electricity, cable TV)
Loan application, disbursement, and repayment data (processed via Unicorn MFB)
Payment card details (tokenised only — full card numbers are never stored by BettaLyfe)

3.4 Health Data — Sensitive Personal Data

Health data is a special category of sensitive personal data under Section 30 of the NDPA 2023. We collect and process health data ONLY with your explicit, freely-given consent.

MyBettaCare health plan type and subscription details
Claims history (processed via AXA Mansard Insurance and NEM Health)
Pre-existing condition disclosures made during plan enrolment
Dependant/family member data provided for health coverage

3.5 Pension and Savings Data

Personal Pension Plan (PPP) contributions and balance (managed via Pension Managers)
Partial withdrawal history and retirement fund activity

3.6 Device and Technical Data

Device type, operating system, and unique device identifier
IP address and approximate location (city/state level only — no GPS tracking)
App usage patterns, session duration, and crash/error logs

4. How We Collect Your Data

Source	Purpose
Direct provision	When you register, complete KYC, apply for a product, or contact support
Providus Bank	In connection with your virtual wallet account operation and fund holding
NIBSS	Automated real-time BVN verification at onboarding
NIMC	Automated real-time NIN verification at onboarding
AXA Mansard / NEM Health	When you enrol in or use a MyBettaCare health plan
Unicorn MFB	When you apply for or repay a loan product
Pension Managers	In connection with your Personal Pension Plan (PPP) account
Paystack	Payment processing data for wallet funding
Licensed credit bureaus	Credit data for loan eligibility assessment

5. Legal Basis for Processing

Processing Activity	Legal Basis
Account registration and KYC	Contract performance; Legal obligation (CBN KYC)
BVN and NIN verification via NIBSS/NIMC	Legal obligation (CBN 2024 KYC circular)
Virtual wallet (Providus Bank)	Contract performance
Health insurance — AXA Mansard / NEM Health	Explicit consent; Contract performance
Health data processing	Explicit consent (required separately at enrolment)
Personal Pension Plan (PPP)	Contract performance; Legal obligation (PenCom)
Loan processing (Unicorn MFB)	Contract performance; Legitimate interests
AML/fraud monitoring and NFIU reporting	Legal obligation (MLPPA 2022)
BettaCredit and gift card management	Contract performance
Marketing communications	Consent (withdrawable at any time)
Regulatory reporting (CBN, NFIU, NAICOM, NDPC)	Legal obligation

6. Data Sharing and Disclosure

We do not sell your personal data under any circumstances.

6.1 Licensed Service Partners

Partner	Role
Providus Bank	Virtual wallet operation; holding all user funds in trust
Paystack	Payment processing for wallet funding
AXA Mansard Insurance Plc	Underwriting and administering MyBettaCare plans
NEM Insurance Plc (NEM Health)	Underwriting and administering MyBettaCare plans
Unicorn Microfinance Bank	Loan origination, disbursement, and repayment
Pension Managers	Personal Pension Plan (PPP) contribution management
NIBSS	Real-time BVN verification
NIMC	Real-time NIN verification
Licensed credit bureaus	Loan eligibility assessment
Bill payment aggregators	Airtime, data, electricity, and cable TV payments

All partners are bound by Data Processing Agreements (DPAs).

6.2 Regulatory Disclosure (required by Nigerian law)

Central Bank of Nigeria (CBN)
Nigerian Financial Intelligence Unit (NFIU)
Economic and Financial Crimes Commission (EFCC)
National Insurance Commission (NAICOM)
National Pension Commission (PenCom)
Nigeria Data Protection Commission (NDPC)

7. Data Retention

Data Category	Retention Period
Account and identity data	5 years after account closure (MLPPA 2022 minimum)
Transaction records (wallet, loans, payments)	5 years from transaction date
Health insurance records (AXA Mansard / NEM Health)	5 years after policy expiry
Loan records (Unicorn MFB)	5 years from loan closure
Pension records	Duration of plan + 5 years
Customer support and communications	2 years
AML/KYC audit logs	5 years

8. Your Rights Under the NDPA 2023

Right	What It Means
Right of Access	Request a copy of all personal data we hold about you
Right to Rectification	Request correction of inaccurate or incomplete data
Right to Erasure	Request deletion (subject to legal retention obligations)
Right to Data Portability	Receive your data in a structured, machine-readable format
Right to Object	Object to processing based on legitimate interests or direct marketing
Right to Withdraw Consent	Withdraw consent for consent-based processing at any time
Right to Complain	Lodge a complaint with the NDPC

To exercise any right, email privacy@bettalyfe.com. We will respond within 30 days.

9. Data Security

All sensitive data encrypted at rest (AES-256) and in transit (TLS 1.3)
BVN and NIN stored only as tokenised references — raw digits are not retained after verification
Role-based access controls limit data access to authorised personnel only
Annual penetration testing by an independent security firm
In the event of a data breach, the NDPC and affected users will be notified within 72 hours (Cybercrimes Act 2024)

10. Children and Minors

The Platform is for users aged 18 and above. We do not knowingly collect personal data from anyone under 18. Dependant family members (including minors) may be added to MyBettaCare plans by an eligible adult — their health data is processed solely for coverage purposes.

11. Contact Us

Contact Type	Details
Privacy requests and complaints	privacy@bettalyfe.com
Data Protection Officer	dpo@bettalyfe.com
General support	support@bettalyfe.com \| +234-916-000-8850
Postal address	4c Idowu Martins Street, Victoria Island, Lagos, Nigeria
Escalate complaint to regulator	Nigeria Data Protection Commission

BettaLyfePrivacy Policy