Privacy Policy

1. Who We Are

GoGet is a Nigerian financial technology platform that enables users to convert cryptocurrency to Nigerian naira, manage crypto wallets, and interact with financial services via WhatsApp. GoGet operates as a technology service provider and partners with licensed financial institutions for payment processing and identity verification.

For questions about this policy, contact our Data Protection Officer at privacy@goget.app.

2. Information We Collect

2.1 Information You Provide

• Account registration: full name, email address, phone number, and password.
• Identity verification (KYC): Bank Verification Number (BVN), date of birth, government-issued ID, and selfie/liveness check. This is required to comply with Nigerian financial regulations.
• Bank account details: bank name, account number, and account name — used to process naira payouts.
• Transaction PIN: stored in hashed form; we cannot read or recover it.
• WhatsApp interactions: messages you send to the GoGet WhatsApp bot, used to process your requests.
• Support communications: emails, messages, or feedback you send to us.
• Waitlist registration: email address submitted on our website.

2.2 Information Collected Automatically

• Device and usage data: IP address, browser type, operating system, pages visited, time spent, and referring URL.
• Transaction data: cryptocurrency amounts, asset types, exchange rates, timestamps, transaction status, and Paystack transfer references.
• Wallet activity: blockchain wallet addresses generated for your account and incoming transaction records.
• Session data: authentication tokens and session state stored securely.
• Log data: server logs recording your interactions with our APIs and services.

2.3 Information from Third Parties

• Identity providers: results of BVN verification and ID checks from our KYC partner (Smile Identity).
• Blockchain data: publicly available on-chain transaction records associated with your wallets.
• Payment processors: transfer status and bank account confirmation from Paystack.
• Meta/WhatsApp: your WhatsApp phone number and message content when you interact with our bot. See Section 6 for details.

3. How We Use Your Information

We use your personal data to:

• Create and manage your GoGet account.
• Verify your identity as required by Nigerian financial regulations (CBN AML/KYC guidelines and the NDPR).
• Process cryptocurrency-to-naira conversion transactions and naira payouts to your bank account.
• Generate and manage your cryptocurrency wallet addresses.
• Respond to your WhatsApp messages and execute commands through the GoGet bot.
• Send you transaction confirmations, receipts, and service notifications via WhatsApp, SMS, or email.
• Detect, investigate, and prevent fraud, money laundering, and other illegal activities.
• Comply with applicable laws, regulations, and legal processes.
• Improve and develop our services through usage analysis.
• Respond to your support requests and enquiries.
• Send marketing communications where you have provided consent (you may opt out at any time).

Legal basis: We process your data on the basis of contract performance (to deliver the service you requested), legal obligation (KYC/AML compliance), legitimate interests (fraud prevention, service improvement), and consent (marketing).

4. How We Share Your Information

We do not sell your personal data. We share it only in the following circumstances:

5. Data Security

We implement industry-standard security measures to protect your data, including:

• All data transmitted between your device and our servers is encrypted using TLS.
• Sensitive data (including wallet private keys and BSP credentials) is encrypted at rest using AES-256.
• Transaction PINs are hashed using bcrypt and are never stored or transmitted in plain text.
• WhatsApp Flow PIN confirmations are end-to-end encrypted using RSA-OAEP + AES-128-GCM before reaching our servers.
• Access to production systems is restricted to authorised personnel only.
• We conduct regular security reviews and maintain audit logs of all sensitive operations.

While we take all reasonable precautions, no system is completely secure. You are responsible for keeping your account credentials, PIN, and phone access safe. If you suspect unauthorised access to your account, contact us immediately at security@goget.app.

6. WhatsApp and Messaging

GoGet operates a WhatsApp bot service to help you manage transactions via WhatsApp. When you interact with our bot:

• Your WhatsApp phone number is used to identify your account and route your messages to the correct service.
• Message content is processed to understand your intent (e.g. "cash out 100") and execute the requested action.
• We do not store the full text of your WhatsApp conversations beyond what is needed to complete your transaction or session.
• Transaction confirmation (PIN entry) via WhatsApp Flows uses end-to-end encryption provided by Meta. We only receive the decrypted PIN after verification on our server; it is never stored.
• We send you proactive notifications (transaction receipts, alerts) via WhatsApp. You may request to stop these by contacting support.

By using the GoGet WhatsApp bot, you acknowledge that messages are transmitted via Meta's WhatsApp Business Platform, which has its own Privacy Policy.

7. Cookies and Tracking

Our website uses cookies and similar technologies to:

• Essential cookies: maintain your logged-in session and security state. These cannot be disabled.
• Analytics cookies: understand how visitors use our site so we can improve it. Data is anonymised.
• Preference cookies: remember your settings and preferences.

You can control non-essential cookies through your browser settings. Disabling cookies may affect the functionality of some parts of our website.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes in this policy and to comply with our legal obligations:

• Account data: retained for the lifetime of your account plus 7 years after closure (required by Nigerian financial regulations for AML compliance).
• KYC/identity data: retained for 7 years after your last transaction, as required by law.
• Transaction records: retained for 7 years for regulatory and audit purposes.
• Session and cache data: deleted automatically within 24 hours of your session ending.
• Marketing preferences: retained until you withdraw consent.
• Support communications: retained for 2 years.

When data is no longer required, we securely delete or anonymise it.

9. Your Rights

Under the Nigeria Data Protection Regulation (NDPR) and applicable laws, you have the following rights:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: correct inaccurate or incomplete data.
• Right to erasure: request deletion of your data where we no longer have a legal basis to hold it. Note that we cannot delete data required to meet regulatory obligations.
• Right to restriction: ask us to limit how we use your data in certain circumstances.
• Right to data portability: receive your data in a structured, machine-readable format.
• Right to object: object to our use of your data for marketing at any time.
• Right to withdraw consent: where we rely on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email privacy@goget.app with your full name, registered phone number, and a description of your request. We will respond within 30 days. We may need to verify your identity before acting on your request.

If you are unsatisfied with our response, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpb.gov.ng.

10. Children's Privacy

GoGet is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has registered with us, please contact us at privacy@goget.app and we will promptly delete the account and associated data.

11. International Data Transfers

Some of our service providers (including Alchemy, Twilio, and Meta) operate outside Nigeria. Where data is transferred internationally, we ensure appropriate safeguards are in place — including standard contractual clauses and data processing agreements — to protect your data in accordance with the NDPR and applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you via WhatsApp, email, or a prominent notice on our website at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the current version. Your continued use of GoGet after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out: