Privacy Policy

How we collect, use, and protect your personal information.

Table of Contents

1. Introduction

Welcome to HorlartPay. HorlartPay is a digital currency exchange platform that facilitates the conversion of foreign currencies (primarily USD) to Nigerian Naira (NGN) through e-wallet transfers.

This Privacy Policy explains how we collect, use, store, protect, and share your personal information when you use our Platform. We are committed to protecting your privacy and complying with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), and other applicable data protection laws.

By accessing or using HorlartPay, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not use our Platform.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account and use our services, we collect the following personal information:

Account Registration

Full name, email address, encrypted password (if provided).

Profile Information

Profile photograph or avatar (optional), preferences, settings, 2FA credentials (if enabled).

Transaction Information

E-wallet details, account usernames/emails, transaction amounts, selected offers, payment instructions, and Proof of Payment uploads.

Financial Information

Nigerian bank account details to receive fund, transaction history, and exchange rates applied.

Communication Data

Messages exchanged through in-app admin chat, customer support correspondence, feedback, and survey responses.

2.2 Information We Collect Automatically

We automatically collect technical information when you use the Platform, including:

  • IP address, browser type and version
  • Device information and unique identifiers
  • Time zone, location (country and city level from IP)
  • Pages visited, features used, date and time of access
  • Referring website addresses

We also use cookies and similar technologies (session, authentication, security, and analytics cookies). See Section 9 for details.

2.3 Information We Receive from Third Parties

We may receive information from:

  • Exchange rate providers

2.4 Sensitive Personal Data

We do not intentionally collect sensitive categories of personal data (genetic, biometric, health, religious, political, sexual orientation, or trade union membership). If such data is inadvertently disclosed, we will handle it with high protection and only use it to address your specific inquiry.

3. How We Use Your Information

We process your personal data for the following lawful purposes:

3.1 Contract Performance

Creating and managing accounts, processing currency exchange transactions, facilitating Admin communication, verifying transfers, maintaining records, and providing customer support.

3.2 Legal Obligation

Complying with AML regulations, preventing fraud, responding to lawful government requests, maintaining transaction records, and filing regulatory reports.

3.3 Legitimate Interests

Operating and improving the Platform, detecting fraud and security threats, troubleshooting, R&D, enforcing Terms, and protecting legal rights.

3.4 Consent

With your explicit consent (withdrawable), we may send marketing communications or share your data for purposes not outlined in this Policy. We will obtain consent where required by law.

5. How We Share Your Information

5.1 Service Providers

We may share data with trusted third-party service providers who assist in operating the Platform, including hosting, email, payment verification, security, and analytics providers. Service providers are contractually obligated to use your data only for the services they provide, implement appropriate security, comply with Nigerian laws, and not use your data for their own purposes.

5.2 Legal Requirements

We may disclose personal information if required by law or valid requests from public authorities (court orders, law enforcement, regulatory inquiries), to protect legal rights, prevent harm, or address fraud/security issues.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale, personal data may be transferred to the acquiring entity subject to the same privacy protections.

5.4 With Your Consent

We may share your information with third parties when you provide explicit consent for such disclosure.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

6.1 Security Measures

Technical safeguards include SSL/TLS encryption, encrypted storage of sensitive data, secure authentication, optional 2FA, and regular security updates. Organizational safeguards include access controls, employee training, confidentiality agreements, audits, incident response procedures, and secure disposal of data. Administrative access is limited, logged, and monitored.

6.2 Your Responsibility

You play a role in protecting your account: choose strong passwords, enable 2FA, keep credentials confidential, log out from shared devices, monitor account activity, and report concerns promptly.

6.3 Data Breach Notification

If a breach affects your personal data, we will notify the Nigeria Data Protection Commission (NDPC) within 72 hours as required by law and notify affected users without undue delay if there is a high risk to rights and freedoms. We will describe the breach, likely consequences, and measures taken to address it.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purposes in this Policy and to comply with legal obligations.

7.1 Retention Periods

  • Active account information: retained while your account is active
  • Transaction records: retained for the duration of your account plus 7 years after account closure
  • Communication logs: retained for 3 years from the date of communication
  • Technical logs: retained for 12 months
  • Closed accounts: basic account data retained for 2 years; marketing preferences until withdrawal or 2 years of inactivity

7.2 Deletion of Data

After retention periods expire, we will delete personal data from active systems, anonymize data retained for statistics, and securely destroy backups and physical records. You may request earlier deletion via the right to erasure (see Section 8).

8. Your Data Protection Rights

Under the NDPA and NDPR, you have the following rights regarding your personal data:

8.1 Right to Access

Request confirmation of processing and obtain a copy of your personal data. To exercise: contact support@horlartpay.com. Response time: within 30 days.

8.2 Right to Rectification

Correct inaccurate or complete incomplete data. To exercise: update account settings or contact support@horlartpay.com. Response time: within 14 days.

8.3 Right to Erasure

Request deletion when data is no longer necessary, consent withdrawn, processing unlawful, or deletion required by law. Limitations apply (e.g., 7-year retention for financial records). To exercise: contact support@horlartpay.com.

8.4 Right to Restrict Processing

Request restriction when accuracy is contested, processing unlawful but deletion not desired, or processing needed for legal claims. To exercise: contact support@horlartpay.com.

8.5 Right to Data Portability

Receive data in a machine-readable format and transmit to another provider for data you provided based on consent or contract. To exercise: contact support@horlartpay.com.

8.6 Right to Object & Withdraw Consent

Object to processing based on legitimate interests or direct marketing and withdraw consent where applicable. To exercise: contact support@horlartpay.com or use account settings.

8.7 Right to Lodge a Complaint

If you believe your rights are violated, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) or contact us first at support@horlartpay.com to try to resolve the issue.

9. Cookies and Tracking Technologies

Cookies are small text files placed on your device to improve experience and enable functionality.

9.1 Types of Cookies

We use:

  • Essential Cookies: Authentication, security, session, CSRF protection.
  • Performance & Analytics: Usage analytics, error tracking, performance monitoring.
  • Functional: Language, theme, form data.

We do NOT use advertising cookies or third-party tracking cookies for marketing or social media tracking cookies.

9.2 Managing Cookies

Control cookies via browser settings (refusing or deleting cookies may affect functionality). Essential cookies cannot be disabled. You can opt out of analytics cookies in account settings. Continued use after cookie notice constitutes consent; you may withdraw consent via browser settings.

10. Third-Party Links

Our Platform may contain links to third-party websites, services, or resources (for example, e-wallet providers).

We are not responsible for third-party privacy practices. Review third-party privacy policies before sharing personal information. Linking does not imply endorsement.

11. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in processing practices, legal requirements, Platform features, or feedback.

For material changes, we will update the "Last Updated" date, notify you via email or Platform notice, and seek consent where required.

Continued use after changes constitutes acceptance. If you disagree, stop using the Platform and contact us to close your account.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Get in Touch

Response Time:

We aim to respond to all inquiries within 48-72 hours (business days).

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Federal Republic of Nigeria. Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of Nigerian courts.

By using HorlartPay, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.