Tetrup LogoTetrup OS

Legal

Privacy Policy

Effective: 1 May 2026Last updated: 15 July 2026

Tetrup Technology Ltd ("Tetrup", "we", "our", or "us") is committed to protecting your privacy and handling your personal data with the highest standards of transparency, integrity, and security. This Privacy Policy describes how we collect, use, disclose, store, and protect information about you when you use the Tetrup Application, website, mobile application, and related services (collectively, the "Application").

This Policy is issued in accordance with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), the General Data Protection Regulation (EU) 2016/679 (GDPR) to the extent applicable to users in the European Economic Area, and other applicable international data protection standards. By accessing or using the Application, you acknowledge that you have read, understood, and agreed to the terms of this Policy.



1. Who We Are and How to Contact Us

Tetrup Technology Ltd is the data controller responsible for your personal data collected through the Application. We are incorporated under the laws of the Federal Republic of Nigeria. Our registered address and data protection contact are available at Tetrup.com/en/contact. If you have any questions, concerns, or requests regarding this Policy or your personal data, you may write to us at privacy@tetrup.com



2. Information We Collect

We collect personal data that is necessary to provide our services, comply with legal obligations, and improve your experience on the Application. The categories of information we may collect include:


  1. Identity and contact information: full legal name, email address, phone number, residential or business address, date of birth, nationality, and government-issued identification numbers required for Know Your Customer (KYC) verification.

  2. Business and corporate information: company name, Corporate Affairs Commission (CAC) registration number, tax identification number (TIN), business type, industry classification, directors and shareholders details, and corporate documents including Memorandum and Articles of Association.

  3. Financial information: bank account details, virtual account information, transaction histories, invoice data, payroll records, and financial statements generated or uploaded on the Application.
  4. Investment and capital market information: portfolio details, investment preferences, declared investment objectives, and market activity data to the extent you utilise our capital market tools.

  5. Technical and usage information: IP address, device identifiers, browser type and version, operating system, pages visited, features used, access times, referring URLs, and error logs.

  6. Communications: messages you send us through support channels, feedback forms, or email, and records of any correspondence we have with you.

We do not knowingly collect sensitive personal data such as biometric data, health information, or political opinions unless explicitly required for a specific compliance function and with your separate consent.



3. Legal Basis for Processing

We process your personal data only where we have a valid legal basis to do so. Under the NDPA 2023 and, where applicable, the GDPR, the legal bases on which we rely include:


  1. Performance of a contract: processing necessary to provide the services you have subscribed to, including account creation, payment processing, and business registration assistance.

  2. Compliance with a legal obligation: processing required to meet obligations under Nigerian law, including the NDPA, the Companies and Allied Matters Act (CAMA), the Finance Act, Federal Inland Revenue Service (FIRS) regulations, and Securities and Exchange Commission (SEC) guidelines.
  3. Legitimate interests: processing for fraud prevention, Application security, analytics, and product improvement, provided such interests are not overridden by your fundamental rights.

  4. Consent: where we rely on your consent for specific processing activities such as marketing communications or optional analytics, you may withdraw consent at any time without affecting the lawfulness of prior processing.


4. How We Use Your Information

We use the personal data we collect for the following purposes:

  1. To create, verify, maintain, and secure your account on the Application.
  2. To facilitate business registration, compliance filings, document generation, and post-incorporation services.
  3. To provide accounting, invoicing, payroll, tax computation, and financial reporting tools.
  4. To process payments, manage virtual accounts, and facilitate transactions through integrated payment gateways.
  5. To provide capital market information, investment calculators, portfolio tracking, and related financial intelligence tools.
  6. To conduct KYC and anti-money laundering (AML) checks as required by applicable Nigerian law and regulatory guidelines.
  7. To detect, investigate, and prevent fraud, unauthorised access, and other unlawful activities on the Application.
  8. To communicate with you regarding your account, transactions, service updates, and compliance reminders.
  9. To send you marketing communications where you have consented or where permitted by applicable law, with the ability to opt out at any time.
  10. To improve the Application through aggregate analytics, product research, and usage analysis.


5. Sharing and Disclosure of Your Information

We do not sell, rent, or trade your personal data to third parties. We may share your information only in the following circumstances:


  1. Service providers and processors: we engage third-party technology providers, payment processors (such as Paystack and Flutterwave), cloud infrastructure providers, and professional service firms under binding data processing agreements that require them to protect your data in accordance with this Policy and applicable law.

  2. Regulatory and government authorities: we may disclose personal data to the Nigeria Data Protection Commission (NDPC), the Corporate Affairs Commission (CAC), the Federal Inland Revenue Service (FIRS), the Securities and Exchange Commission (SEC), the Central Bank of Nigeria (CBN), law enforcement agencies, or courts of competent jurisdiction where required by law or a valid legal process.
  3. Business transfers: in the event of a merger, acquisition, restructuring, or sale of assets, your data may be transferred as part of the transaction, subject to the acquirer honouring this Policy or providing notice and equivalent protections.
  4. With your consent: we may share your data with third parties where you have expressly authorised us to do so.


6. International Data Transfers

Tetrup operates primarily in Nigeria. Where we transfer personal data outside Nigeria for example, to cloud service providers or international partners we ensure adequate safeguards are in place in accordance with Section 43 of the NDPA 2023. These safeguards may include adequacy decisions, standard contractual clauses, binding corporate rules, or equivalent mechanisms recognised under applicable law.


For users in the European Economic Area (EEA) or the United Kingdom, we comply with GDPR Chapter V requirements for cross-border data transfers. For users in the United States, we comply with applicable federal and state privacy laws to the extent applicable to our operations.



7. Data Retention

We retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations, resolve disputes, and enforce our agreements. In general:


  1. Account data is retained for the duration of your relationship with Tetrup and for a period of six (6) years thereafter, as required under Nigerian company and tax law.
  2. KYC and AML records are retained for a minimum of five (5) years following the end of a business relationship, in line with the Money Laundering (Prevention and Prohibition) Act 2022.
  3. Transaction records are retained for a minimum of seven (7) years in compliance with FIRS requirements.
  4. Where data is no longer required, we securely delete or anonymise it in accordance with our data lifecycle management procedures.


8. Your Rights

Under the NDPA 2023 and, where applicable, the GDPR, you have the following rights with respect to your personal data:


  1. Right of access: you may request a copy of the personal data we hold about you.
  2. Right to rectification: you may request correction of inaccurate or incomplete personal data.
  3. Right to erasure: you may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to overriding legal or regulatory obligations.
  4. Right to restriction of processing: you may request that we limit the processing of your data in certain circumstances.
  5. Right to data portability: you may request that we provide your data in a structured, commonly used, and machine-readable format.
  6. Right to object: you may object to the processing of your data where it is based on legitimate interests or for direct marketing purposes.
  7. Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please submit a written request to privacy@tetrup.com. We will respond within thirty (30) days as required under the NDPA 2023.



9. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to operate and improve the Application. Cookies are small text files placed on your device that help us remember your preferences, authenticate sessions, analyse usage patterns, and deliver relevant content. You may configure your browser to refuse cookies or alert you when cookies are set, though disabling certain cookies may affect the functionality of the Application. We do not use tracking technologies for cross-site behavioural advertising without your consent.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and incident response procedures. While we strive to use commercially acceptable means to protect your data, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.



11. Children's Privacy

The Application is not directed at children under the age of eighteen (18) years. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under eighteen, we will take immediate steps to delete that information.



12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or the Application's features. Material changes will be communicated to you by email or via a prominent notice on the Application at least fourteen (14) days before taking effect. Continued use of the Application after the effective date of any revision constitutes acceptance of the updated Policy.



13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Federal Republic of Nigeria. Any disputes arising in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts of Nigeria, without prejudice to your rights to seek redress before the Nigeria Data Protection Commission or another relevant supervisory authority.

Data Protection Contact

Tetrup Technology Ltd
Email: privacy@tetrup.com
Website: tetrup.com/en/contact