We're committed to protecting your data

At Billspot, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Platform"). Our Platform provides services including:

• Airtime Purchases: Buy airtime for yourself or others across all major networks
• Data Subscriptions: Purchase internet data plans at competitive rates
• Bill Payments: Pay electricity, water, TV subscriptions, and other utility bills
• Airtime-to-Cash Conversion: Convert your excess airtime to cash instantly
• Wallet Management: Securely store funds and manage your transactions
• Money Transfers: Send money to friends, family, and businesses

Please read this Privacy Policy carefully. By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree, please discontinue use of our Platform immediately.

1. Information We Collect

1.1. Information You Provide

• Account Information: When you register, we collect your name, email address, phone number, and password.
• Identity Verification: For KYC compliance, we may collect your BVN (Bank Verification Number) and other government-issued identification information. For face liveness, facial imagery, and related KYC uploads (including Tier 2 and optional Tier 3 verification), see the section “Identity verification, face liveness, and facial imagery” below.
• Transaction Data: We collect information related to your airtime purchases, bill payments, airtime-to-cash conversions, and other transactions you conduct on our Platform.
• Payment Information: We collect details about your payment methods, including bank account information, card details, and transaction history.
• Communications: We store records of your interactions with our customer support team.

1.2. Information We Automatically Collect

• Usage Data: We collect information about how you interact with our Platform, including pages visited, features accessed, time spent, and actions taken.
• Device Information: We collect data about your device, including IP address, device type, operating system, browser type, mobile network information, and device identifiers.
• Location Data: With your permission, we may collect precise location data to provide location-based services and fraud prevention.
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing behavior and preferences.

Identity verification, face liveness, and facial imagery

This section supplements our Privacy Policy. General practices (how we use data, security, your rights, contact, international transfers, and changes) are as stated elsewhere in this document.

1. What face-related and identity data we collect

Face liveness (automated check)

When you complete identity verification (KYC) in the BillSpot app, we may ask you to complete an on-device face liveness check using Amazon Web Services, including Amazon Rekognition Face Liveness. The app uses your device camera so AWS can confirm that a live person is present.

Our systems create a liveness session and store a short-lived record linking your account to that session identifier so we can confirm the session is yours and still valid when you submit documents.

After you complete the check, we receive session status, confidence scores, and related results from AWS. We do not receive or store the liveness challenge as a video file that you upload to our servers in the same way as your other KYC photos.

When AWS provides it, we may receive and store a reference still image (a single image derived from the successful liveness result) on BillSpot’s secure identity verification storage, together with your other Tier 2 verification materials. We use that image only for automated face comparison (for example, to confirm the person who completed liveness matches your selfie holding your ID) and for the retention period described in section 4. Whether liveness is required depends on our product configuration.

Photographs you upload for KYC

You may upload photographs including: the front (and where applicable back) of your government-issued ID; a photo of you holding your ID with your face and the document clearly visible; and a photo of a handwritten note (for example including “BillSpot” and the current date) as instructed in the app. These files are stored on BillSpot’s private, secure storage used for identity verification (Tier 2).

Optional video verification (Tier 3)

If you request or we require video verification, we create a request record in our systems (for example status: pending, scheduled, completed). We may notify you (including via WhatsApp, where configured) that our team will contact you to complete verification. We do not record or retain video or audio of a live verification call in the BillSpot app or on our servers as part of this flow. We only keep operational metadata (such as status, scheduling, outcome, and optional notes or external references used to manage the request). We do not retain call recordings or similar media outside the app for this Tier 3 process.

2. Why we use this information

We use liveness results, ID images, your holding-ID photo, the handwritten note (where applicable), and the liveness reference still image (where stored) only to: verify your identity; meet legal, regulatory, and fraud-prevention obligations for payment-related services; enable or adjust limits for features we describe in the app; and detect fraud, impersonation, and abuse (including automated checks and, where applicable, human review).

We use automated services as described in section 3 (for example AWS Rekognition for liveness and face comparison where enabled, and Google (Gemini) for document and image checks where enabled).

We do not use this information for advertising, we do not sell it, and we do not use it for unrelated profiling.

3. Third parties, why we share, and whether they store data

Amazon Web Services (AWS) processes Face Liveness and, where enabled, face comparison as a processor/service provider under our instructions. AWS may process and retain data as described in AWS’s documentation for the services we use and in our agreements with AWS.

Official AWS references (for transparency):

• Amazon Rekognition Face Liveness — technical overview: https://docs.aws.amazon.com/rekognition/latest/dg/face-liveness.html
• Amazon Rekognition Face Liveness — product information: https://aws.amazon.com/rekognition/face-liveness/
• AWS Privacy Notice: https://aws.amazon.com/privacy/

Google (Gemini / Generative Language API) may receive still images you uploaded when those features are enabled. Google may process and retain data as described in Google’s terms and privacy documentation for the API and in our arrangements with Google.

Official Google references (for transparency):

• Gemini API terms: https://ai.google.dev/gemini-api/terms
• Google Privacy Policy: https://policies.google.com/privacy
• Google Cloud Data Processing Addendum (where applicable to our use of Google Cloud services): https://cloud.google.com/terms/data-processing-addendum

We may use other sub-processors for hosting or operations. A current list of sub-processors is available on request from privacy@billspot.co.

Third-party processors may store or process data on their own systems as described in their privacy notices and our agreements with them. We use them only to provide verification and related security, not for their independent use or marketing.

We do not share face-related data with third parties for their marketing.

4. How long we keep it (and why not forever)

On BillSpot systems: We retain Tier 2 identity verification materials—including ID images, your holding-ID photo, handwritten note (where applicable), and the liveness reference still image (where stored)—for two (2) years from the date you submit your verification (submitted_at). After that period we delete those files and associated verification records from our systems as part of our automated retention process, except where we are required by applicable law or regulatory obligation to keep specific information longer. If the law requires longer retention, we will retain only what is necessary, update this policy as needed, and align our technical retention settings with that requirement.

Liveness session helper records (session identifiers used before you submit documents) are removed after a short period configured in our systems (typically on the order of 24 hours) when they are abandoned or no longer needed.

Retention of biometric or face-related verification data on our side is not indefinite.

What BillSpot does not retain: We do not retain the Face Liveness challenge as a stored video file on our servers like a normal user-uploaded KYC video. We may retain a reference still image returned by AWS as described in section 1, for the period above.

AWS and Google may retain data under their service rules and our configuration, as described in their documentation and section 3.

5. Your rights and contact

You may request access, correction, or deletion of your personal data where applicable law allows. Some information may be kept where law requires. Contact us at privacy@billspot.co. If you are in the EU/UK, you may also object or lodge a complaint with a supervisory authority.

For more detail, see the “Your Rights and Choices”, “Account and Data Deletion”, and “Contact Us” sections of this Privacy Policy.

2. How We Use Your Information

We use your information for the following purposes:

1. Provide and Maintain Our Services
   • Process transactions (airtime purchases, bill payments, wallet management, airtime-to-cash conversions)
   • Authenticate your identity and secure your account
   • Provide customer support and respond to your inquiries
   • Send transaction confirmations and service-related notifications
2. Improve and Personalize Your Experience
   • Analyze usage patterns to enhance our Platform's features and functionality
   • Develop new products, services, and features
   • Personalize your experience based on your preferences and transaction history
3. Marketing and Communications
   • Send promotional offers, newsletters, and updates about our services (with your consent)
   • Conduct surveys and collect feedback about our services
4. Security and Compliance
   • Detect and prevent fraud, unauthorized transactions, and other harmful activities
   • Verify your identity as required by financial regulations
   • Comply with legal obligations, including anti-money laundering regulations
   • Resolve disputes and enforce our terms and policies

3. Information Sharing and Disclosure

3.1. Service Providers

We share your information with trusted third-party service providers who help us operate, improve, and secure our Platform, including:

• Payment processors and financial institutions
• Telecommunications providers for airtime and data purchases
• Utility companies and bill payment processors
• Cloud hosting and storage providers
• Analytics and data processing services
• Customer support services

These service providers are contractually obligated to use your information only for the specific services they provide to us and are prohibited from using your information for their own purposes.

3.2. Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose your information to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with our Platform
• Protect the personal safety of users of our Platform or the public

3.3. Business Transfers

If Billspot is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Platform of any change in ownership or uses of your information.

4. Data Security

We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction, including:

• End-to-end encryption for all data transmissions
• Secure Socket Layer (SSL) technology
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• Strict access controls and monitoring systems

While we strive to use commercially acceptable means to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

5. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access and Portability: You can request a copy of your personal information that we hold.
• Correction: You can request that we correct inaccurate or incomplete information about you.
• Deletion: You can request that we delete your personal information in certain circumstances.
• Restriction and Objection: You can request that we restrict or stop processing your personal information.
• Withdrawal of Consent: Where we rely on your consent to process your information, you can withdraw your consent at any time.

To exercise these rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within 30 days.

You can also manage certain privacy settings directly in your Billspot account settings, including:

• Updating your profile information
• Managing notification preferences
• Enabling or disabling location services
• Changing your password and security settings

5.1. Account and Data Deletion

We provide multiple options for account management and data deletion to give you control over your information:

In-App Options:

• Deactivate Account: Temporarily disable your account. Available in: Settings → Account → Deactivate Account
  • Your account will be temporarily disabled
  • You can recover it by resetting your PIN and password
  • Data is retained during deactivation
• Delete Account: Permanently delete your account. Available in: Settings → Account → Delete Account
  • Your account will be permanently deleted
  • Note: We use soft delete for account recovery purposes
  • Your data is retained in our system for a period to allow account recovery
  • To permanently delete all data or recover a deleted account, contact support

Request Permanent Data Deletion:

If you want to permanently delete all your data from our systems, please contact our support team:

• Email: privacy@billspot.co or support@billspot.co
• Subject: "Permanent Data Deletion Request"
• Include: Your registered email address or phone number
• Processing Time: We will process your request within 30 days

Alternative: Delete via App

You can also delete your account directly from the app:

1. Open Billspot app
2. Go to Settings → Account
3. Select "Delete Account"
4. Follow the on-screen instructions

6. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to:

• Remember your preferences and settings
• Keep you logged in to your account
• Understand how you interact with our Platform
• Analyze the performance of our Platform
• Prevent fraud and enhance security
• Personalize content and marketing (with your consent)

You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. However, if you block certain cookies, you may not be able to use all features of our Platform.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you
• Legal obligations to which we are subject (such as financial record-keeping requirements)
• Whether retention is advisable in light of our legal position (such as for statutes of limitations, litigation, or regulatory investigations)

When we no longer need to use your information, we will either securely delete it or anonymize it so that it can no longer be associated with you. For security reasons, we implement a controlled deletion process to prevent accidental or malicious removal of critical data.

8. Children's Privacy

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.

We ensure that any international transfers of your personal information comply with applicable data protection laws and that appropriate safeguards are in place to protect your information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will update the "Effective Date" at the top of this Privacy Policy.

We will notify you of any material changes through a notice on our Platform or by sending an email to the email address associated with your account. We encourage you to review this Privacy Policy periodically to stay informed about our information practices.

Your continued use of our Platform after any changes to this Privacy Policy constitutes your acceptance of the revised Privacy Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will respond to your inquiry as soon as possible and within 30 days.