Privacy Policy - PearMonie

PEARMONIE PRIVACY POLICY

LAST UPDATED: JANUARY 2026

1. Introduction

Hello! We have created this Privacy Policy to describe your privacy rights with respect to the use of our Services.

PearMonie (“we,” “our,” “us”), owned and operated by PearWheel Nigeria Limited, values your privacy and is committed to protecting the confidentiality, integrity, and security of your personal data. We comply with the Nigeria Data Protection Act (NDPA) 2023, the General Application and Implementation Directive 2025, and other applicable laws.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the PearMonie website, mobile application, and related services (“Services”).

By accessing or using our Services, you acknowledge that you have read, understood, and consented to the practices described in this Privacy Policy. You may withdraw consent at any time, although withdrawal may affect our ability to provide certain Services.

“You,” “your,” “user,” or “data subject” refers to any individual accessing or using our Services.

2. Legal Basis for Processing Personal Data

We process personal data under the following lawful bases:

Contractual necessity: to provide banking and financial services, process applications, and deliver our Services.
Legal and regulatory obligations: including Know Your Customer (KYC), anti-money laundering (AML/CFT), credit reporting, tax compliance, and the Nigeria Data Protection Commission (NDPC) requirements.
Legitimate interest: to protect our platform, prevent fraud, improve user experience, conduct risk assessments, and maintain internal operations.
Consent: for specific activities requiring explicit permission (e.g., marketing communications). Consent may be withdrawn at any time without affecting processing carried out under other lawful bases.

3. Data We Collect

PearMonie collects personal data directly from you, automatically through your use of our Services, and from verified third‐party sources where permitted by law.

Personal Data You Provide

This may include:

Full name, residential address, email address, phone number, and date of birth;
Identification information such as National Identification Number (NIN) and Bank Verification
Number (BVN), where required for regulatory purposes;
Wallet-related information, including wallet setup details and transaction records;
Login credentials and security information;
Any other information you voluntarily provide through forms, in‐app features, or customer support
interactions.
Automatically Collected Data
When you use PearMonie, we may automatically collect certain technical and usage information, including:

Device type, operating system, and app version;
Pages or features accessed and time spent within the app;
General location data (city or region level);
IP address, cookies, and similar tracking technologies used to improve app performance and
security.
Image and Face Data Processing
PearMonie may collect and process image and face‐related data strictly for operational, security, and regulatory purposes. This includes:
Wallet Scan Creation: When you use the wallet scan or wallet activation features, we may collect facial images or camera input to securely create, link, and validate your PearMonie Wallet.
Regulatory KYC & Identity Verification: Images such as selfies or identity document photos may be processed to verify your identity in compliance with applicable Know‐Your‐Customer (KYC), anti‐money laundering (AML), and other regulatory requirements.
Fraud Prevention & Security: Image data may be used to prevent impersonation, unauthorized access, or fraudulent wallet activity.
PearMonie does not use image or face data for advertising, marketing, profiling, or unrelated analytics purposes.
Use of TrueDepth / Camera Technologies (Where Applicable)
Where supported by your device, PearMonie may use camera‐based or depth‐sensing technologies solely to enhance identity verification accuracy during wallet scan creation and KYC checks. We do not store raw data depth maps or biometric templates beyond what is necessary to complete verification and meet legal obligations.

Data Storage and Sharing

Image and face data are securely stored using industry‐standard encryption.
Such data is retained only for as long as necessary to fulfill wallet activation, verification, and
regulatory requirements.
We do not sell or share image or face data with third parties except trusted service providers
involved in identity verification, compliance, or security — and only under strict confidentiality and data protection agreements.
Your Rights
You may request access to, correction of, or deletion of your personal data, including image data, subject to legal and regulatory retention obligations. Full details are provided in the sections of this Privacy Policy covering Data Retention, Your Rights, and Contact Information.

4. How We Use Your Personal Data

PearMonie uses your personal data to:

verify identity, conduct KYC, and assess creditworthiness;
process transactions and manage contractual obligations;
provide banking services in partnership with Providus Bank and other partners under strict Service Level Agreements (SLAs);
coordinate service delivery;
communicate with you and provide support;
comply with regulatory obligations;
prevent fraud, conduct risk analysis, and maintain records; and
improve and personalize our Services.

We do not store your full card details or online banking credentials; these are handled securely by approved payment partners.

5. Data Accuracy

We take reasonable steps to ensure that all personal data we collect or process is accurate and up to date. Please notify us promptly when your information changes.

6. Data Confidentiality

Your personal data is treated as confidential and will only be shared as necessary under Applicable Law. While PearMonie is responsible for safeguarding your data, you are also responsible for maintaining the confidentiality of your login details, securing your devices, and ensuring that you interact only with authorized PearMonie personnel.

7. Data Sharing and Disclosure

PearMonie does not sell or rent personal data. We may share data with:

Providus Bank and financial partners;
payment processors and identity verification services;
cloud hosting and customer service providers;
regulatory authorities when required by law.

Data sharing occurs only when necessary for service delivery, compliance, fraud prevention, or with your explicit consent. All partners operate under binding contracts requiring compliance with NDPA 2023.

8. International Data Transfers

Where personal data is required to be transferred outside Nigeria, PearMonie ensures that such transfers are carried out in full compliance with the NDPA 2023. Appropriate safeguards, including contractual and technical measures, are implemented, and transfers occur only to countries or recipients that provide an adequate level of data protection or where lawful transfer mechanisms apply.

9. Data Subject Rights

Under Applicable Law, you have the right to:

be informed about data processing activities;
access your personal data;
request correction or erasure;
restrict processing;
withdraw consent;
request data portability;
object to processing (including direct marketing); and
lodge complaints with PearMonie’s Data Protection Officer (DPO) or the NDPC.

To exercise these rights, contact us at info@pearmonie.com.

10. Data Security

We implement physical, electronic, and managerial safeguards including:

encryption and firewalls;
Secure Sockets Layer (SSL) technology;
role-based access and authentication controls; and
secure data storage.

11. Training

PearMonie ensures that employees who handle personal data receive adequate data protection training. We maintain an internal compliance framework and implement yearly capacity-building programmes to ensure compliance with Applicable Law.

12. Data Retention

We retain personal data only as long as necessary to:

provide services;
meet legal obligations;
resolve disputes;
prevent fraud; and
enforce agreements.

When data is no longer required, it is securely deleted or anonymized.

13. Data Breach Management

If a personal data breach occurs that is likely to result in a risk to your rights or freedoms, we will:

assess the nature, scope, and impact of the breach;
notify the NDPC without undue delay and, where feasible, within seventy-two (72) hours;
notify affected individuals as soon as practicable where significant harm may occur;
investigate the cause and extent of the breach;
take corrective and mitigating actions;
address vulnerabilities and strengthen security measures; and
document all breach-related activities as required under Applicable Law.

14. Third-Party Links

Our Services may contain links to external websites. PearMonie is not responsible for their privacy practices. Please review their policies before sharing personal data.

15. Limitation of Liability

While PearMonie takes reasonable measures to safeguard your data, we are not liable for unauthorized access or disclosures caused by events beyond our control or by your failure to secure your login details or devices.

16. Updates to This Privacy Policy

We may revise this Privacy Policy periodically. Updates will be reflected in the “Last Updated” date. Where changes materially affect your rights, we will provide additional notice (e.g., app notification or email).

17. Governing Law

This Privacy Policy is made pursuant to the NDPA 2023, the General Application and Implementation Directive 2025, and other applicable laws. Where any provision conflicts with mandatory law, such law shall prevail.

18. Contact Us

For questions, requests, or complaints regarding this Privacy Policy, please contact: