Legal & Privacy

Privacy Policy

Last updated: July 5, 2026
AllConnect Data
Nigeria

Welcome to AllConnect Data. Your privacy matters deeply to us. This document explains exactly what personal information we collect when you use our platform and mobile app, how we use it, and the rights you have over it. We encourage you to read it carefully — we've written it in plain language to make it easy to understand.

1. Information We Collect

When you create an account and use our services, we collect several categories of information to make everything work correctly and securely.

Personal Account Details

  • Full name — used to personalise your account and transaction receipts.
  • Email address — for account verification, receipts, and important service notifications.
  • Phone number — required to create an account and used as the default airtime destination.
  • Password — stored exclusively as a bcrypt hash; nobody at AllConnect Data can ever read your plain-text password.
  • Transaction PIN — stored in encrypted form and used solely to authorise payments from your wallet.

Transaction Records

  • Meter numbers, IUC/smartcard numbers, and phone numbers entered during purchases.
  • Transaction amounts, dates, reference codes, and final statuses.
  • Wallet funding and debit history.
  • Electricity token codes and delivery confirmations.

Device & Usage Data

  • Device model, operating system version, and unique device identifiers.
  • IP address and approximate location derived from it.
  • Features used, pages visited, and time spent within the app.
  • Crash reports and performance diagnostics to help us fix issues faster.

What we never store: full credit or debit card numbers, bank account details, or BVN. All payment processing goes through our PCI-DSS compliant gateway partners — that data never touches our servers.

2. How We Use Your Information

Every piece of data we collect serves a specific purpose. We do not collect data speculatively or for undefined future use.

  • Service delivery: processing airtime top-ups, data purchases, electricity payments, cable TV subscriptions, exam PINs, and all wallet transactions.
  • Communication: sending transaction receipts, delivery confirmations, service updates, and responding to your support requests.
  • Identity verification: detecting and preventing fraudulent activity to keep your account and wallet safe.
  • Platform improvement: analysing anonymised, aggregated usage patterns to fix bugs and develop features our users actually need.
  • Legal compliance: responding to lawful requests from regulatory bodies, enforcing our Terms of Service, and protecting our rights where necessary.

3. Third-Party Services

We share the bare minimum of your data with trusted partners to deliver our services. We never sell, rent, or trade your personal information for marketing purposes.

VTU / Service Providers

To complete purchases, required details (such as meter number, phone number, or IUC code) are transmitted to our upstream VTU partners. These providers receive only what is strictly necessary for the specific transaction and operate under their own privacy policies.

Payment Gateways

Wallet top-ups flow through PCI-DSS compliant processors (e.g. Paystack, Flutterwave, Monnify). Your card or bank credentials are handled directly by these processors and never stored on our systems.

Analytics

We may use Firebase Analytics or similar services to understand how users interact with our platform. Only anonymous, aggregated statistics are shared — no personally identifiable information is involved.

Push Notifications

Transaction alerts and service messages are delivered via Firebase Cloud Messaging. Your device token is shared with Firebase solely for the purpose of message delivery.

We have no commercial relationships with data brokers or advertisers. Your information is used to run the service you signed up for — nothing else.

4. Data Security

Protecting the data you entrust to us is a core engineering priority, not an afterthought.

  • Encryption in transit: all data exchanged between your device and our servers is protected with HTTPS/TLS.
  • Encryption at rest: sensitive data stored on our servers is encrypted with AES-256.
  • Password hashing: passwords are one-way hashed with bcrypt and a unique salt — they cannot be reversed or read by anyone.
  • Role-based access control: only authorised team members can access sensitive data, and only when there is a legitimate need.
  • Regular security reviews: we audit our systems periodically and patch known vulnerabilities promptly.

No electronic storage or internet transmission method is completely infallible. While we implement robust safeguards, we cannot guarantee absolute security against every possible threat.

5. Data Retention

We keep your personal information for as long as your account is active or as required to provide the services you use. Transaction records are retained for a minimum of 5 years to comply with Nigerian financial regulations.

If you request account deletion, we will remove or anonymise your personal data within 30 days, except where applicable law requires us to retain specific records for longer.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of all personal data we hold about you.
  • Correction: ask us to fix any inaccurate or incomplete information on your account.
  • Deletion: request that we delete your account and associated personal data (subject to lawful retention requirements).
  • Restriction: ask us to limit how we process your data in certain circumstances.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on our legitimate interests or for direct marketing purposes.

To exercise any of these rights, send us an email at aliyuumar9457@gmail.com. We will respond within 30 days and may ask you to confirm your identity before acting on your request.

7. Children's Privacy

AllConnect Data is intended for users aged 18 and above. We do not knowingly collect or store personal information from anyone under 18. If we discover that a minor has registered an account or provided personal data, we will delete that information immediately. If you believe a child has submitted their details to us, please contact us right away.

8. Cookies

We use session cookies exclusively to maintain your authenticated login state while you use the web platform. These cookies are strictly necessary for the service to function and expire the moment you close your browser.

We do not use third-party tracking cookies, advertising cookies, or any cookies that collect behavioural data for marketing purposes.

9. International Data Transfers

Your data is primarily stored on servers located in Nigeria. However, certain third-party services we rely on — such as Firebase — may process data in other countries. Whenever data is transferred internationally, we ensure that appropriate safeguards are in place to maintain the same level of privacy protection you would expect within Nigeria.

10. Changes to This Policy

We may revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features. When significant changes are made, we will notify you by:

  • Updating the revision date at the top of this page.
  • Displaying an in-app notice the next time you open the app.
  • Sending an email to the address on your account (for material changes).

Your continued use of AllConnect Data after a policy update takes effect constitutes your acceptance of the revised terms.

11. Contact Us

Have a question, concern, or request about this Privacy Policy or how we handle your data? We take every inquiry seriously and aim to respond promptly and fairly.

Platform: AllConnect Data
Jurisdiction: Federal Republic of Nigeria
WhatsApp: 09024995789

Also read our other legal documents: