Legal

Data Protection Policy

How Paycape handles your data under the Nigeria Data Protection Regulation (NDPR) and NDPA 2023.

Last updated: January 2026 · Paycape, a subsidiary of Tech Della Solutions Ltd

1. Our Data Protection Principles

Paycape processes personal data in accordance with the following principles required by the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023:

  • Lawfulness, fairness, and transparency — We process data on clear legal grounds and tell you how it is used
  • Purpose limitation — Data collected for one purpose is not used for another incompatible purpose
  • Data minimisation — We collect only what we actually need to provide the Services
  • Accuracy — We take reasonable steps to ensure data is accurate and up to date
  • Storage limitation — We retain data only as long as necessary or as required by law
  • Integrity and confidentiality — We use appropriate technical and organisational measures to protect data
  • Accountability — We can demonstrate compliance with these principles

2. Lawful Basis for Processing

We rely on the following lawful bases for different types of processing:

  • Contract performance — Processing necessary to provide the Paycape service you signed up for (account management, invoicing, payroll, etc.)
  • Legal obligation — Processing required by Nigerian law, including FIRS record-keeping requirements and NDPR reporting obligations
  • Legitimate interests — Product improvement, fraud prevention, and security monitoring, where these do not override your rights
  • Consent — Marketing communications (you may withdraw consent at any time)

3. Categories of Personal Data Processed

Category A — Identity and contact data

Name, email address, phone number, business address. Basis: Contract performance.

Category B — Financial data

Invoice records, payroll information, expense records, bank account details, tax identification numbers (TINs). Basis: Contract performance and legal obligation.

Category C — Employee data (processed on behalf of customers)

Where you use Paycape for payroll, you input employee data including names, salary details, and bank account numbers. Paycape processes this as a Data Processor on your behalf. You are the Data Controller for this data. You must have a lawful basis for providing this data to us.

Category D — Usage data

Log data, feature usage, session information. Basis: Legitimate interests (service improvement and security).

We do not process special category data (health, biometric, political opinions, etc.) unless you explicitly provide it in the content of your records.

4. Data Subject Rights

Under the NDPA 2023, you have the following rights regarding your personal data held by Paycape:

  • Right of access — Request a copy of all personal data we hold about you
  • Right to rectification — Request correction of inaccurate data
  • Right to erasure — Request deletion of your data (subject to legal retention requirements)
  • Right to data portability — Receive your data in JSON or CSV format
  • Right to object — Object to processing based on legitimate interests
  • Right to restrict processing — Request that we limit how we use your data
  • Right to opt out of marketing — Unsubscribe from marketing at any time via email footer or by emailing privacy@paycape.com

Submit requests to privacy@paycape.com. We respond within 30 days. Complex requests may take up to 90 days with notification.

5. Data Protection Officer

Paycape has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this policy and applicable data protection laws.

Contact our DPO at privacy@paycape.com with the subject line "DPO Request".

6. Data Breach Procedure

In the event of a personal data breach, Paycape will:

  • Contain and assess the breach immediately upon discovery
  • Notify affected individuals within 72 hours if the breach is likely to result in high risk to their rights
  • Report to the Nigeria Data Protection Commission (NDPC) within 72 hours where required
  • Document the breach, its effects, and remedial actions taken

If you believe your account has been compromised, contact us immediately at security@paycape.com.

7. Data Retention Schedule

  • Account data: Retained for the duration of the account. Deleted within 90 days of account closure.
  • Financial records (invoices, payroll, expenses): Retained for 7 years as required by FIRS / Companies and Allied Matters Act.
  • Marketing data: Retained until you withdraw consent or unsubscribe.
  • Log data: Retained for 90 days for security and debugging purposes.

Where processing is based on your consent (marketing communications), you may withdraw that consent at any time by clicking the unsubscribe link in any marketing email, or by emailing privacy@paycape.com.

Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal, and does not affect processing on other lawful bases.

To opt out of all Paycape communications, visit our opt-out preferences page.