Privacy Policy

1. Introduction

Nenfadz Technologies (“we”, “us”, “our”) operates Koinmuniti, a cooperative society financial management platform available at koinmuniti.com (“the Platform”). We are committed to protecting the personal data of cooperative administrators, members, and all users of the Platform in accordance with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023.

This Privacy Policy explains what data we collect, why we collect it, how we use it, who we share it with, and what rights you have over your data. By using the Platform, you agree to the practices described in this policy.

2. Who We Are (Data Controller)

Nenfadz Technologies
Email: [email protected]

As the operator of the Platform, Nenfadz Technologies is the data controller responsible for your personal data. Each cooperative society using the Platform is an independent data controller for the financial and membership data of their own members.

3. Data We Collect

4. Why We Collect Your Data (Legal Basis)

We collect and process your data on the following legal bases under the NDPR/NDPA:

We do not process your data for advertising purposes. We do not sell your data to any third party.

5. How We Use Your Data

We use your data to:

• Provide and operate the Platform and its features
• Authenticate your identity and maintain the security of your account
• Process and record financial transactions within your cooperative
• Calculate and display member worth and financial positions
• Generate financial statements and reports
• Send transactional emails (account verification, password reset, loan notifications, payment confirmations, invitation emails)
• Maintain complete and accurate audit logs as required for financial record-keeping
• Process subscription payments for Platform access
• Respond to your support inquiries
• Comply with applicable laws and regulations

6. Data Sharing and Third Parties

We share your data only with carefully selected third-party service providers who assist us in operating the Platform. These providers are categorised as follows:

• Email delivery providers — for sending transactional emails such as account verification, password resets, and notifications
• Payment processors — for processing subscription fees and cooperative contribution payments
• Cloud hosting and infrastructure providers — for storing data and serving the Platform application

All third-party processors are contractually bound to process your data only as instructed by us, to maintain appropriate security standards, and to comply with applicable data protection laws. We do not authorise any processor to use your data for their own purposes.

We do not sell, rent, or trade your personal data to any third party.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide you with the Platform. Specifically:

• Account data — retained for the duration of your account and deleted within 30 days of account closure upon request
• Financial records — retained for a minimum of 7 years in compliance with Nigerian financial record-keeping requirements
• Audit logs — retained for a minimum of 7 years
• Session data — retained for 30 days after session expiry
• Email communications — retained for 90 days

Cooperative financial data (contributions, loans, repayments) cannot be deleted on request if it forms part of a cooperative's required financial records, as deletion would compromise the integrity of the cooperative's accounts.

8. Data Security

We take the security of your data seriously. Our security measures include:

• All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
• Passwords are stored using bcrypt hashing — we cannot read your password
• All financial actions are recorded in immutable audit logs
• Database access is restricted to authorised systems only
• Session tokens are cryptographically signed and expire after 8 hours of inactivity
• We conduct regular reviews of our security practices

Despite these measures, no system is completely secure. If you suspect your account has been compromised, please contact us immediately at [email protected].

9. Your Rights Under the NDPR/NDPA

As a data subject under Nigerian law, you have the following rights:

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

10. Cookies and Session Storage

The Platform uses essential cookies only:

• Session cookie — maintains your login session for up to 8 hours of inactivity
• Cooperative cookie — remembers which cooperative you last selected

We do not use advertising cookies, tracking cookies, or any third-party analytics cookies. You cannot opt out of essential cookies as they are required for the Platform to function.

11. Children's Privacy

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us at [email protected] and we will delete it promptly.

12. International Data Transfers

To deliver the Platform, your data may be processed on servers located outside Nigeria. All such transfers are made under appropriate safeguards consistent with NDPR requirements for cross-border data transfers, including contractual protections with all data processors.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered cooperative administrators by email and update the “Last updated” date at the top of this page. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.