• 1.1 This Privacy Policy (the "Policy") establishes the comprehensive framework under which EPO Connect Limited, a company duly incorporated under the laws of the Federal Republic of Nigeria (operating as "HustlPay"), processes "Personal Data." As a technology marketplace that bridges the gap between clients and freelancers HUSTLPAY (herein referred to as either “Us”, “We” or “Our”) knows the importance of managing personal data, hence, the need to value your personal data and protect it in line with the Nigerian Data Protection Act 2023.
• 1.2 This document details how we process your personal data, the reason for which it is processed, your rights regarding your personal data we process and how we can be contacted.
• 1.3 This Policy applies to all "Data Subjects" including Freelancers, Clients, and visitors. By accessing the Platform, you acknowledge that you have read and understood the implications of this processing as a condition of service.

2.  SCOPE

•  2.1  This policy covers all transactions intended for the processing of personal data and the actual processing of personal data of data subjects (“Data Subject” means the person whose data you process, which in this context refers to “Freelancers, Clients, and visitors”,  or any “end user”) of  HustlPay.

3. OBJECTIVES OF THE PRIVACY POLICY

3.1 The objectives of the privacy policy include;

• a.    Highlight the roles and responsibilities of participants in data privacy management.
• b.    Highlight the requirement of relevant regulations governing data privacy.
• c.   The need to provide extensive guidelines of how we collect, store and process your personal data.

3. LEGAL BASIS FOR PROCESSING

• 3.1 In accordance with the Nigeria Data Protection Act (NDPA) 2023, HustlPay processes data under the following legal pillars:
• Contractual Necessity: Processing required to execute the Terms of Service between Client and Freelancer.
• Legal Obligation: Compliance with the Money Laundering (Prevention and Prohibition) Act and Central Bank of Nigeria (CBN) regulations.
• Consent: Explicit authorization granted by the Data Subject for marketing and secondary platform features.

4. DATA CATEGORIZATION, COLLECTION METHODOLOGY, AND  USE  

•   4.1. Data means information  that could identify a specific individual such as names, addresses, e-mail addresses, and telephone numbers. We collect personally identifiable data that covers; identification and personal information like data subject name, address, email, age or the range, account login details and online identifiers; contact information that covers personal and business contact information; content especially free form content posted on our website that may include personal data like text, images, messages, comments, feedback and correspondence; information regarding your interaction with website, mobile application or advertisement and recordings such as audio files and records.

4.2  We categorize the data collected into the following distinct classifications:

• 4.2.1. Personally Identifiable Information (PII): Including but not limited to full legal name, date of birth, and gender.
• 4.2.2. Regulatory Identity Data: National Identification Number (NIN), Bank Verification Number (BVN) for verification purposes, and Tax Identification Numbers (TIN).
• 4.2.3. Financial and Transactional Artifacts: Including tokenized primary account numbers (PAN), bank account numbers for disbursement, and digital reproductions of physical bank deposit slips for "Cash Payment Service" verification.
• 4.2.4. Metadata and Telemetry: IP addresses, device identifiers, and behavioral cookies used for session persistence and fraud mitigation.

4.3  How we collect Data

• 4.3.1 We obtain your  data when you enter your personal information for the purpose of  using our platform to register either as a client or freelancer for the purpose of using our platform.
• 4.3.2 We may automatically collect personal information such as Device/Network Data when you access and use our website using cookies. A "cookie" is a small piece of information stored by a Web server on a Web browser so it can be later read back from that browser.  
• 4.3.3 We may subscribe to databases or contract with third party data providers from which we collect personal information such as Contact Data, Professional/Biographical Data, Inference Data, and other personal data regarding data subjects that may be interested in our platform.

4.4   Use of Cookies to Collect Data

4.4.1 Cookies are pieces of information stored directly on the device you are using. Cookies let us recognize your device and to collect information such as internet browser type, time spent on our On-line Services, pages visited, language preferences, country website preference.

4.4.2 We may use the information;

1. to gather statistical information about the use of our platform in order to understand how they are used, continually improve their design and functionality, and assist us with resolving questions about them.
2. for security purposes, to facilitate navigation, to display information more effectively, or to personalize your experience while using our website or mobile application. 
3. allows us to present to the data subject the advertisements or offers that are most likely to appeal to the data subject and also track Your responses to our advertisements and we may use cookies or other files to track your use of other websites.
4. You can decide to remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility).

4.5  Condition for Processing  Data

4.5.1 Processing of  data is any operation or set of operations which is performed upon  data either by manual or automatic means. Hustlpay and any third party acting on our behalf shall only process your data if at least one of these conditions are met:

1. “Consent” means as the freely given, specific, informed and unambiguous indication of the individual’s wishes being an affirmative action that signifies your express agreement to processing your personal data.  Explicit consent is specific to data collected, purposes and disclosures.
2. Consent should also be sought when there is a need to transfer data to a third party or to a foreign country. 
3. We must obtain express consent when collecting cookie or device data from a data subject using our websites or mobile application.
4. Consent is also required when there is a specific need to collect the personal data outside the employment of Hustlpay  for which the data subject entered with the firm.
5. We will obtain consent of the data subjects when collecting the personal data through account opening as a client, freelancer and visitor.
6. We shall always provide proof of consent, whether obtained in person or via an electronic channel.
7.  Necessary for processing the performance of a contract or entering a contract at your request.
8.   Processing is necessary for compliance with a legal obligation.
9.   Processing is necessary for the performance of a task carried out in the public.

4.6 How we use Your  Data

4.6.1 If you sign up for, or request to use our website or mobile application, we will process your   data to provide the services requested by You and we further use the information to operate, provide, develop, and improve the services  needed from us and freelancers. These purposes for use of your data include:

1. To take and handle  services, process payments
2. Use the information to provide functionality, analyse performance, fix errors, and improve the usability and effectiveness of our platform.
3.  To comply with applicable extant laws.
4.  We use personal information to prevent and detect fraud and abuse in order to protect the security of our customers/buyer, vendor/sellers, and us. We may also use scoring methods to assess and manage credit risks.
5. We use your personal information to display interest-based ads for features, and services that might be of interest to you.

5. DATA SHARING AND THIRD-PARTY DISCLOSURES

5.1 HustlPay does not sell Personal Data. Disclosures are limited to:

5.1.1 Contractual Facilitation: Disclosure of Freelancer professional profiles to Clients and vice-versa to enable "Service Contracts".

5.1.2  Sub-Processors: Utilization of licensed Payment Processors (e.g., Paystack, Flutterwave, or Stripe) and automation intermediaries (e.g., Make.com) for operational efficiency.

5.1.3. Statutory Disclosure: Mandatory reporting to law enforcement or regulatory bodies upon receipt of a valid judicial order.

6. SECURITY PROTOCOLS AND CRYPTOGRAPHIC STANDARDS

    6.1. Non-Storage of Raw Card Data: HustlPay maintains a "Zero-Storage" policy for full bank card digits and CVV/CVC codes. All payment intake is handled via PCI-DSS compliant tokenization.

   6.2. Encryption: Data at rest is secured via AES-256 encryption, and data in transit is secured via Transport Layer Security (TLS) 1.3.

   6.3. Physical Cash Verification Security: Uploaded deposit slips are subjected to restricted access controls, limiting visibility only to verified Compliance Officers.

    6.4 Note, no security safeguards are 100% secure and we cannot guarantee the security of your information and these protections do not apply to information you choose to share in public areas such as third-party social networks.

7. ADVERTISING

7.1 Third-party advertising partners may collect information about you when you interact with their content, advertising, and services.  These companies may use data (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about services of interest to you.

7.2  These partners in the course of advertising provide links to other websites and services, such links are not an endorsement, authorization or representation that we are affiliated with that third party.

7.3  We do not exercise control over third party websites or services, and are not responsible for their actions and their guidelines with respect to the use and disclosure of personal data submitted to them.

8. USER GENERATED CONTENT

8.1  Where a mechanism for providing feedback is created and data subjects are allowed to share their information through such mechanism online, please bear in mind when data subjects voluntarily disclose personal data online such data becomes public and can be utilized by others.

8.2 Note, when such data is disclosed, we do not have control over, and take no responsibility for its use, storage or dissemination of such publicly disclosed data by a data subject. 

9.  USE OF OUR WEBSITE AND MOBILE APPLICATION BY CHILDREN

9.1   The services offered on our platform by independent freelancers are not to be subscribed by children under the age of 18. 

9.2 Where a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at the contact via the contact details provided on website and mobile application for such data to be deleted information from our database as soon as reasonably practicable.

10. DATA RETENTION AND DISPOSAL

10.1 We adhere to the principle of "Storage Limitation."

1. Transaction Records: Retained for six (6) years post-transaction to satisfy Nigerian financial audit requirements.
2.  Identity Documents: Retained for the duration of the account's active status plus two (2) years following account closure, unless otherwise mandated by AML/CFT regulations.

11. DATA SUBJECT RIGHTS

11.1 Pursuant to the NDPA, you are entitled to:

1. The Right to Erasure: To request the deletion of data where processing is no longer necessary.
2. The Right to Object: To contest processing based on legitimate interest.
3. The Right to Portability: To receive your data in a machine-readable format.
4. Deletion of User Account: delete your user account or uninstall our mobile application by doing so, you have stopped the collection of your personal data by us.    

12. CROSS-BORDER DATA TRANSFERS

12.1 Your data may be transferred to jurisdictions outside of Nigeria. HustlPay ensures that such transfers are governed by "Adequacy Decisions" or "Standard Contractual Clauses" (SCCs) to ensure a level of protection equivalent to Nigerian law.

13.  DATA BREACH NOTIFICATION

13.1 “Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. We will inform relevant authorities and if necessary affected data subject of personal data breach within 72 hours of being aware of the breach. This includes breaches that are the result of both accidental and deliberate causes.

13.  GOVERNING LAW AND DISPUTE RESOLUTION

13.1 This Policy is governed by the laws of the Federal Republic of Nigeria. Any disputes arising from data processing shall first be submitted to the Nigeria Data Protection Commission (NDPC) for mediation before seeking judicial redress.

14. CHANGES TO PRIVACY POLICY

14.1 We have the right to modify this Privacy Policy at any time without notice. We encourage you to periodically review this page for the latest information on our privacy practices.

14.2  Any changes to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes on the Site or as otherwise indicated at the time of posting.

14.3 In any event, your continued use of our marketplace after the posting of any modified Privacy Policy represents your acceptance of the terms of the modified Privacy Policy.