Last Updated: March, 2026
At Sofri Trust (“Sofri,” “we,” “us,” or “our”), your privacy and trust are important to us. This Privacy Policy explains how we collect, use, store, share, and protect your personal information in line with the Nigeria Data Protection Regulation (NDPR 2019), the Central Bank of Nigeria (CBN) requirements, and global data protection standards (such as GDPR and CCPA/CPRA).
AT A GLANCE – QUICK OVERVIEW
|
What We Collect |
Why We Collect It |
Who We Share With |
How Long We Keep It |
|
Personal details (name, BVN, ID, contact info) |
To onboard you, verify identity (KYC), comply with law |
Regulators (CBN, NIBSS, NDIC), authorized partners |
At least 7 years (per CBN rules) |
|
Transaction data (account activity, payments, loans) |
To process payments, credit scoring, fraud prevention |
Payment processors, partner banks, auditors |
7 years minimum |
|
Device/location data (IP, app usage, cookies, geolocation) |
To secure accounts, detect fraud, improve services |
IT providers, analytics vendors |
Varies (cookies: session–2 yrs) |
|
Communications (emails, calls, chats) |
To provide customer support, resolve disputes |
Customer service partners |
As long as necessary |
|
Children’s accounts (via Parent/Guardian) |
To allow minors to operate through an adult account holder |
Regulators, compliance authorities |
As long as account remains active |
1. INFORMATION WE COLLECT
Based on You accessing and/or availing any of the Services (defined in the Terms and Conditions for Sofri) provided on the Website and/or App, we may collect certain Personal Information from You.
The “Personal Information” that We collect from You includes, but is not limited to, Your name, User account password, phone number, email address, address, contact preferences, ID proof (Passport, Voter ID etc.), truedepth data, device type, geo- location information, computer and connection information, mobile network information, statistics on page views, traffic to and from the sites, referral URL, ad data, and standard web log data bank account/debit card details, Financials, BVN, transaction history, proof of employment, Communication records (emails, calls, chats with Sofri) and other information that would assist Us in verifying Your identity.
Personal Information also includes, among others, any information that does not reveal Your specific identity, such as, browser information, information collected through Cookies (defined below), pixel tags and other technologies, demographic information, etc.
As is the case with most other websites of similar nature as Our Website and/or App, Our Website and App gathers information via various methods such as;
i. automatically when You visit the Website.
ii. when you provide your Personal Information on the Website and/or App and store it in log files.
iii. through the use of cookies.
For example, we may store environmental variables, such as browser type, operating system, speed of the central processing unit (CPU), referring or exit web pages, click patterns and the internet protocol (IP) address of Your computer.
We may use your Personal Information to:
i. Provide Services and support.
ii. Process applications and send notices about your transactions.
iii. Verify your identity.
iv. Resolve disputes, collect fees and troubleshoot problems.
v. Manage risk, or to detect, prevent and /or remediate fraud or other potentially prohibited or illegal activities.
vi. Detect, prevent or remediate violations of Laws, Regulations, Standards, Guidelines and Frameworks.
vii. Improve Services by implementing aggregate customer or User preferences.
viii. Measure the performance of the Services and improve content, technology and layout.
ix. Track information breach and remediate such identified breaches.
x. Manage and protect our information technology and physical infrastructure.
xi. Contact you at any time with your provided telephone number, email address or other contact details.
2. HOW WE USE YOUR INFORMATION
We use your data for the following purposes, in line with NDPR and international standards:
To open and manage your account (contractual necessity).
To comply with CBN, NDIC, NFIU, EFCC, or court requirements (legal obligation).
To confirm your identity through identity verification (KYC)
To process transactions, payments, and credit scoring.
To detect and prevent fraud, money laundering, and terrorist financing.
To improve services, app experience, and customer support.
To send service updates, account alerts, and with your consent, marketing messages.
To enforce Our Terms and Conditions;
To protect Our operations or those of any of Our affiliates;
To protect Our rights, privacy, safety or property, and/or that of Our affiliates, You or others; and
To allow Us to pursue available remedies or limit the damages that We may sustain.
3. LEGAL BASES FOR PROCESSING
We process your data on the following grounds:
Consent – where you agree (e.g., marketing, cookies).
Contract – to perform services you request (account opening, loan processing).
Legal obligation – compliance with CBN, NDIC, NFIU, EFCC regulations.
Legitimate interest – fraud prevention, service improvement, risk management.
4. CHILDREN’S DATA
Sofri does not knowingly collect personal data directly from children under 18. However, a Parent or Legal Guardian may open and operate an account on behalf of a minor. All such accounts must be linked to the parent/guardian’s verified identity, and Sofri will treat the guardian as the data subject of record.
5. WHY WE COLLECT THE DATA IN (1) ABOVE
To enhance user experience as we offer special products for the Bank’s application and websites
To confirm your identify through identity verification (KYC)
To recommend new services, products or app features as developed by Sofri
To recommend partner services target at specific locations and customers
To generate statistics relevant to activities and behavior in the use of the Sofri app and websites
For credit decisioning such as credit limit management and tenor extension
To enhance user security and resolve technical issues
Geolocation data is required to enhance protection of user information and identify improper logins
6. ACCESS TO PERSONAL INFORMATION
You are required to ensure that Your Personal Information is accurate, complete and up to date by logging into Your account. We shall also make reasonable efforts to provide You with the opportunity to request correction of Your Personal Information provided to us if the same is inaccurate; or even to delete the Personal Information.
Your Personal Information shall be:
collected and processed in accordance with specific, legitimate and lawful purpose consented to by You.
stored only for the period within which it is reasonably needed.
secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements.
7. DATA RETENTION AND DELETION: WHAT YOU NEED TO KNOW
The Company retains personal data for specified periods based on the type of data collected and its intended use. For instance, financial transaction data will be retained for seven (7) years, while Know Your Customer (KYC) information will be retained for three (3) years after an account has been closed. All retention practices comply with applicable regulatory requirements, and data will be deleted or anonymized when it is no longer required.
In certain situations, the Company may retain information for reasons of safety, security, and fraud prevention. For example, if an account has been deactivated due to unsafe behaviour or involvement in security incidents, the related information may be retained to prevent the user from opening a new account in the future.
Users have the right to request the deletion of their accounts at any time. Upon such request, the Company will delete data that is not required for regulatory, tax, insurance, litigation, or other legal purposes. However, certain categories of data, such as location, device, and usage data, may still be retained for a minimum period of seven (7) years to meet these requirements.
In addition, users may request to revise, amend, or update their personal information in line with this Policy and applicable legislative and regulatory requirements. Such requests can be made by contacting the Company directly.
Finally, under specific circumstances, the Company may anonymize users' personal information, rendering it no longer associated with any identifiable individual. Once anonymized, the Company reserves the right to use such data for legitimate business purposes without further notice or consent from the user.
8. SECURITY
We work hard to protect Your Personal Information from unauthorized access to or unauthorized alteration, disclosure or destruction.
We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers and information access authorization controls. Pursuant to the same, we encrypt our Services using secure server software, which is the industry standard and among the best software available today for secure transactions.
While Sofri is responsible for safeguarding the information entrusted to Us, your role in fulfilling confidentiality duties includes, but is not limited to, adopting and enforcing appropriate security measures such as non-sharing of passwords and other platform login details and adherence with security protocols.
In the unlikely event of a data breach that compromises your personal information, Sofri will, in compliance with the Nigeria Data Protection Regulation (NDPR 2019) and relevant Central Bank of Nigeria (CBN) cybersecurity directives, use reasonable efforts to notify the relevant regulatory authorities and affected users within 72 hours of becoming aware of the breach, where such breach is likely to result in a risk to your rights and freedoms.
The notification will:
Describe the nature of the breach and categories of data affected;
Outline the steps Sofri has taken or plans to take to mitigate its adverse effects;
Provide recommendations on steps you may take to further protect yourself.
Sofri shall not be liable for any breach or unauthorized access resulting from circumstances beyond its reasonable control, including but not limited to cyber-attacks on third-party networks, force majeure events, or user negligence. However, Sofri shall take all reasonable technical and organizational measures to safeguard your personal data in line with applicable laws and industry standards.
9. AUTOMATED DECISION-MAKING
Certain services, including credit scoring, lending, and fraud monitoring, may involve automated processing.
You have the right to:
10. YOUR RIGHTS
You have the following rights under NDPR and global data laws:
Right to access your personal data.
Right to rectification of inaccurate data.
Right to erasure (“right to be forgotten”).
Right to restrict or object to processing (including marketing).
Right to data portability (transfer to another provider).
Right to withdraw consent at any time.
11. DATA SHARING
We only share data with:
Regulators (CBN, NDIC, NFIU, EFCC).
Service providers (payment processors, IT/cloud providers, credit bureaus).
Auditors, legal advisors, or law enforcement (when legally required).
Business partners (where necessary for joint services, with safeguards).
To enforce Our Terms and Conditions;
to protect Our operations or those of any of Our affiliates;
to protect Our rights, privacy, safety or property, and/or that of Our affiliates, You or others; and
to allow Us to pursue available remedies or limit the damages that We may sustain.
We never sell your personal data.
12. CROSS-BORDER TRANSFERS
Where data is transferred outside Nigeria, we ensure safeguards are in place, such as:
Standard contractual clauses.
Transfers to countries with adequate data protection standards.
Encryption and secure data handling agreements.
13. COOKIES & TRACKING
Cookies are pieces of information that are stored on a User’s computer when the User accesses a website. The Website and/or App may use temporary cookies to help you access some of the special functions within the database driven areas of Sofri’s Website and App. Once you leave Our Website and App, these cookies expire. Cookies deployed by Sofri do not collect Your Personal Information.
Cookies are small files placed on your computer’s hard drive that enables the website to identify your computer as you view different pages. Cookies allow websites and applications to store your preferences to present contents, options or functions that are specific to you. Like most interactive websites, our website and/or App uses cookies to enable the tracking of your activity for the duration of a session. Our website and/or App uses only encrypted session cookies which are erased wither after a predefined timeout period or once the user logs out of the platform and closes the browser. Session cookies do not collect information from the User’s Computer. They will typically store information in the form of a session identification that does not personally identify the User.
We use cookies, SDKs, and analytics tools (e.g., Google Analytics, Firebase) to improve our services.
Essential cookies – required for app operation.
Analytics/advertising cookies – optional, require consent. You can manage preferences in your device or browser settings.
14. MARKETING & COMMUNICATIONS
We may contact you with updates, promotions, or new features.
You can opt out anytime by clicking “unsubscribe” in emails or updating preferences in the app.
15. SOCIAL MEDIA
You may choose to share information on our website via social media, such as Facebook, Instagram, LinkedIn, and YouTube, X etc.. This means that the information you share, with name and preferences, shall be visible to visitors of your personal pages. We advise you to carefully read the privacy policies of the social media parties as these are applicable to the processing of your Personal Data by these parties.
16. UPDATES TO THIS PRIVACY POLICY
Sofri may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or business practices. When updates are made, the “Last Updated” date at the top of this Privacy Policy will be revised, and the updated version will be posted on the Sofri app and website.
Where material changes affect how we handle your Personal Information, we will notify you by placing a notice on our mobile application and website, or by sending you an email. By continuing to use our Services after such updates have been communicated, you acknowledge and consent to the revised Privacy Policy.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information and your rights.
17. CONSENT
By visiting, accessing or availing any Services available on the Website or App, you explicitly consent to, without limitation or qualification, to the collection, storage, processing disclosure, use and transfer of Your Personal Information provided by You in the manner as described in this Privacy Policy.
Please read this Privacy Policy carefully as it affects your rights and liabilities under law. If you do not accept the Privacy Policy stated herein or disagree with the way We collect and process Personal Information collected on the Website and App, please do not visit, access or avail any of the Services offered on the Website and/or App.
18. GOVERNING LAW AND JURISDICTION
This Privacy Policy is made pursuant to the Nigeria Data Protection Regulation 2023 and other relevant Nigerian laws, regulations or international conventions applicable to Nigeria and its provisions shall be construed accordingly.
In the event of breach to the Privacy Policy, you irrevocably submit to the exclusive jurisdiction of the courts of Nigeria to settle any disputes which may arise in connection with the creation, validity, effect, interpretation or performance of, or the legal relationships established by, this Privacy Policy.
19. HOW TO CONTACT US
If you have any questions or concerns about how we use your information or want to exercise your rights, you can contact us at:
Email: hello@sofritrustmicrofinance.bank
Phone: +2342013302657, +2342013302658
