Privacy Policy

Introduction

Vector is a service platform owned and developed by Vector Innovation Ltd. (“Vector,” “we,” “our,” or “us”), a private company incorporated in Lagos, Nigeria, with its registered office at.

We are committed to protecting your privacy in compliance with applicable laws, including the General Data Protection Regulation (GDPR) and the Nigeria Data Protection Regulation (NDPR). This Privacy Policy (“Policy”) explains how we collect, use, share, and safeguard your personal information when you use our website, applications, products, and services (the “Platform”).

By using our Platform, you agree to the terms outlined in this Policy. If you do not agree, please discontinue use of our Platform.

Scope

This Policy applies to personal data collected through the Platform, by email, or via other electronic communications. It does not apply to:

  • Data collected offline.
  • Data collected by unaffiliated third parties.
  • Anonymized or aggregated data that cannot identify you.

We may update this Policy periodically. Continued use of our Platform after updates are published means you accept the revised Policy.

Legal Bases for Processing (GDPR & NDPR)

We process your personal data based on one or more of the following lawful bases:

  • Contractual necessity – To provide you with our services, process transactions, and fulfill our obligations.
  • Legal obligation – To comply with financial, regulatory, and anti-money laundering laws.
  • Legitimate interests – To improve our services, prevent fraud, and ensure platform security (unless overridden by your fundamental rights).
  • Consent – Where required (e.g., marketing communications, optional surveys). You may withdraw consent at any time.
  • Public interest – Where processing is necessary for compliance with applicable financial and regulatory frameworks.

Personal Data We Collect

We may collect the following categories of data:

  • Identity and Contact Information – Name, government-issued ID, business registration documents, BVN (where applicable), tax identification number, email, phone number, date of birth, billing details.
  • Technical Data – IP address, login details, browser/app type and version, operating system, time zone, usage logs, location (based on IP).
  • Financial Data – Card details, transaction history, linked bank account information, balances, and payment records.
  • Marketing and Communication Data – Preferences, survey responses, and communication history with Vector.

How We Collect Data

  • Directly from you (during registration, onboarding, or communication).
  • Automatically (through cookies, device identifiers, analytics).
  • From third parties (e.g., KYC/AML service providers, financial institutions, and regulators).

How We Use Your Data

We use your personal data to:

  • Provide and maintain our services.
  • Verify your identity and comply with KYC/AML obligations.
  • Process payments and transactions securely.
  • Communicate with you (service updates, support, compliance notices).
  • Improve the Platform, perform analytics, and enhance user experience.
  • Send marketing communications (with your consent).

Data Retention

We will retain your personal data only for as long as necessary to:

  • Fulfill the purposes for which it was collected.
  • Comply with legal, tax, and regulatory obligations.
  • Resolve disputes and enforce agreements.

When data is no longer required, it will be securely deleted or anonymized.

Cross-Border Data Transfers

As a global platform, your data may be transferred and processed outside your country of residence, including the United States, European Union, and Nigeria.

Where such transfers occur, we will ensure appropriate safeguards, including:

  • Standard Contractual Clauses (for GDPR compliance).
  • NDPR-compliant data transfer agreements.
  • Technical and organizational measures to protect your information.

Your Rights

Under GDPR and NDPR, you have the right to:

  • Access – Request a copy of your personal data.
  • Rectification – Correct inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”) – Request deletion of your data where legally permissible.
  • Restriction – Limit how we process your data in certain circumstances.
  • Portability – Receive your data in a machine-readable format.
  • Objection – Object to processing based on legitimate interests or direct marketing.
  • Withdraw Consent – Where processing is based on consent, withdraw it at any time.

Requests can be made by contacting us at the details below. We will respond in line with GDPR/NDPR timelines (usually within 30 days).

Data Security

We implement physical, administrative, and technical safeguards, including:

  • Data encryption and secure storage.
  • Restricted access to personal data.
  • Firewalls, intrusion detection, and monitoring.

While we strive to protect your data, no system is 100% secure. You are responsible for keeping your login details safe.

Children's Data

Our services are not directed to individuals under 18 years old. We do not knowingly collect data from minors. If we learn that we have collected data from a child, we will delete it promptly.

Contact Information

If you have questions or wish to exercise your rights, contact us at:

📧 [email protected]

📧 [email protected]

You also have the right to lodge a complaint with your local Data Protection Authority (e.g., the Nigerian Data Protection Commission or an EU/UK Data Protection Authority).