T
TaxPally
Sign InStart Free Plan
← Back to Home

Privacy Policy

Effective Date: January 16, 2026 | Last Updated: January 16, 2026

NDPA 2023 Compliant

TaxPally is fully compliant with the Nigeria Data Protection Act (NDPA) 2023 and GAID 2025 directives issued by the Nigerian Data Protection Commission (NDPC).

This Privacy Policy describes how TaxPally ("we", "us", or "our") collects, uses, stores, and protects your personal data when you use our record-keeping and tax organization platform. We are committed to protecting your privacy and ensuring transparency in our data processing practices in accordance with Nigerian law.

1. Data Controller

TaxPally is the data controller for your personal information. For privacy-related inquiries, contact us at:

Email: privacy@taxpally.com

Legal: legal@taxpally.com

2. Personal Data We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, password (encrypted)
  • Identity Information: Tax Identification Number (TIN), CAC Number (for companies)
  • Financial Information: Income records, expense records, bank account details (via Mono API)
  • Business Information: Company name, business address, contact person, business type
  • Documents: Receipts, invoices, contracts, tax forms, supporting documents

2.2 Automatically Collected Data

  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: Browser type, operating system, IP address
  • Cookies: Authentication tokens, session management (see Section 9)
  • Consent Records: IP address, user agent, consent timestamp, consent version

2.3 Third-Party Data

  • Bank Transactions: Transaction data synced via Mono API with your explicit authorization
  • Exchange Rates: Currency conversion rates from third-party providers

3. How We Use Your Personal Data

We process your data for the following purposes:

3.1 Service Provision (Contractual Necessity)

  • Create and manage your account
  • Store and organize your income and expense records
  • Generate reports and tax calculations (informational only)
  • Sync bank transactions via Mono API
  • Store and manage your uploaded documents
  • Provide customer support

3.2 Legal Compliance

  • Comply with NDPA 2023 requirements
  • Maintain audit logs for NDPC compliance
  • Respond to lawful government requests
  • Prevent fraud and abuse

3.3 Service Improvement (Legitimate Interest)

  • Analyze usage patterns to improve features
  • Fix bugs and technical issues
  • Develop new functionality
  • Ensure platform security

3.4 Communications (Consent)

  • Send tax deadline reminders (essential)
  • Notify you of account activity (essential)
  • Send product updates and newsletters (optional - requires separate consent)

4. Legal Basis for Processing

Under the NDPA 2023, we process your data based on:

  • Consent: You explicitly consent to our data processing when you accept our terms and privacy policy
  • Contractual Necessity: Processing is necessary to provide our services to you
  • Legal Obligation: We must comply with Nigerian laws and regulations
  • Legitimate Interest: We have a legitimate interest in improving our services and preventing fraud

5. Data Security

We implement industry-standard security measures in compliance with NDPC guidelines:

AES-256 Encryption

All data encrypted at rest and in transit

Secure Cloud Infrastructure

Hosted on secure, compliant cloud platforms

Password Protection

Passwords hashed using bcrypt (industry standard)

Access Controls

Strict authentication and authorization checks

Regular Security Audits

Continuous monitoring and vulnerability assessments

Note: While we implement robust security measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Sharing and Disclosure

We DO NOT sell, rent, or trade your personal data to third parties.

We may share your data only in the following limited circumstances:

6.1 With Your Consent

  • Mono API: Bank transaction data shared when you authorize bank connection
  • Tax Consultants: If you explicitly share your data for consultation purposes

6.2 Service Providers

  • Cloud Hosting: Infrastructure providers (data stored securely)
  • Email Services: Transactional email providers (for notifications)
  • Payment Processors: For subscription payments (if applicable)

All service providers are bound by strict data protection agreements.

6.3 Legal Requirements

We may disclose your data if required by:

  • Court orders or legal processes
  • Nigerian government agencies (NRS, SIRS, NDPC)
  • Law enforcement in response to lawful requests
  • Prevention of fraud, abuse, or illegal activity

6.4 What We DON'T Share

  • We DO NOT share your TIN with NRS/SIRS without your direct action
  • We DO NOT file tax returns on your behalf
  • We DO NOT sell your data to marketing companies
  • We DO NOT use your data for advertising purposes

7. Your Rights Under NDPA 2023

You have the following rights under the Nigeria Data Protection Act:

7.1 Right to Access

Request a copy of all personal data we hold about you. You can export your data from Settings → Data Export.

7.2 Right to Rectification

Correct inaccurate or incomplete data. You can update your information in Settings → Profile.

7.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data. Delete your account in Settings → Account → Delete Account. All data will be permanently removed within 30 days.

7.4 Right to Data Portability

Receive your data in a structured, machine-readable format (JSON/CSV). Available in Settings → Data Export.

7.5 Right to Withdraw Consent

Withdraw your consent at any time. Note: This may limit your ability to use certain features or require account deletion.

7.6 Right to Object

Object to processing based on legitimate interests. Contact privacy@taxpally.com to exercise this right.

7.7 Right to Complain

Lodge a complaint with the Nigerian Data Protection Commission (NDPC) if you believe your rights have been violated.

How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@taxpally.com. We will respond within 30 days as required by NDPA 2023.

8. Data Retention

We retain your personal data only as long as necessary:

  • Active Accounts: Data retained for the duration of your account
  • Deleted Accounts: Data permanently deleted within 30 days of account deletion
  • Legal Requirements: Some data may be retained longer if required by Nigerian law (e.g., tax records for audit purposes)
  • Backup Copies: Deleted data removed from backups within 90 days
  • Consent Records: Retained for 7 years for NDPC audit compliance

Important: Even after account deletion, you remain responsible for any tax obligations related to data you entered into TaxPally. We recommend exporting your data before deletion.

9. Cookies and Tracking

We use cookies for:

9.1 Essential Cookies (Required)

  • Authentication: Keep you logged in
  • Session Management: Maintain your active session
  • Security: Prevent CSRF attacks

These cookies are necessary for the platform to function and cannot be disabled.

9.2 Analytics Cookies (Optional)

  • Understand how users interact with our platform
  • Identify bugs and performance issues
  • Improve user experience

You can manage cookie preferences in your browser settings.

10. International Data Transfers

Your data is primarily stored in Nigeria or within the ECOWAS region. If we transfer data outside Nigeria, we ensure:

  • Compliance with NDPA 2023 cross-border transfer requirements
  • Adequate data protection measures in the destination country
  • Standard contractual clauses approved by NDPC
  • Your explicit consent for the transfer

11. Children's Privacy

TaxPally is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you are under 18, do not use this platform or provide any personal information.

If we become aware that we have collected data from a minor, we will delete it immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via:

  • Email notification to your registered address
  • Prominent notice on the platform
  • Updated "Last Updated" date at the top of this page

Continued use of TaxPally after changes constitutes acceptance of the updated Privacy Policy. If you do not agree, you must stop using the platform and delete your account.

13. Nigerian Data Protection Commission (NDPC)

If you believe your data protection rights have been violated, you can lodge a complaint with the NDPC:

Nigerian Data Protection Commission (NDPC)

Website: https://ndpc.gov.ng

Email: info@ndpc.gov.ng

Phone: +234 (0) 9-461-0000

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Privacy Inquiries:

privacy@taxpally.com

General Inquiries:

support@taxpally.com