Privacy Policy

Lumi Moni ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and financial services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

We collect several types of information to provide and improve our Services: **2.1 Personal Information** - Full name, date of birth, gender, nationality - Email address and phone number - Government-issued identification (BVN, NIN) for KYC verification - Profile picture (optional) - Biometric data (fingerprint, face recognition) if you enable biometric authentication **2.2 Financial Information** - Bank account details and account numbers - Transaction history and payment records - Card information (virtual and physical cards) - Savings goals and investment preferences - Virtual account details **2.3 Device and Technical Information** - Device ID, device name, and device type - Operating system and app version - IP address and location data - User agent and device fingerprint - Login history and session information **2.4 Usage Information** - App usage patterns and feature interactions - Transaction preferences and behavior - Customer support communications - Feedback and survey responses

We use the collected information for the following purposes: **3.1 Service Provision** - Process and complete financial transactions - Create and manage your account - Verify your identity through KYC processes - Enable bill payments (airtime, data, electricity, cable) - Provide virtual and physical card services - Facilitate money transfers and savings features **3.2 Security and Fraud Prevention** - Authenticate your identity using biometric data - Detect and prevent fraudulent activities - Monitor for suspicious transactions - Secure your account with multi-factor authentication - Maintain security logs and audit trails **3.3 Communication** - Send transaction notifications and alerts - Provide customer support and respond to inquiries - Send important account updates and security notices - Deliver marketing communications (with your consent) - Send password reset and verification emails/SMS **3.4 Legal and Compliance** - Comply with applicable laws and regulations - Respond to legal requests and court orders - Enforce our Terms of Service - Protect our rights and prevent illegal activities - Meet regulatory reporting requirements **3.5 Service Improvement** - Analyze usage patterns to improve our Services - Develop new features and products - Conduct research and analytics - Personalize your experience - Optimize app performance and reliability

We do not sell your personal information. We may share your information in the following circumstances: **4.1 Service Providers** - Payment processors (Paystack, Flutterwave, Providus Bank) - Cloud storage and hosting providers - Email and SMS service providers - Analytics and monitoring services - Customer support platforms **4.2 Financial Partners** - Banks and financial institutions for transaction processing - Card networks for card issuance and processing - Payment gateways for bill payments - KYC verification services (BVN, NIN verification) **4.3 Legal Requirements** - When required by law or legal process - To comply with regulatory obligations - To protect our rights and prevent fraud - In response to government requests - In connection with legal proceedings **4.4 Business Transfers** - In the event of a merger, acquisition, or sale - As part of due diligence processes - To protect our business interests **4.5 With Your Consent** - When you explicitly authorize us to share information - For referral programs and partnerships - For marketing purposes (with opt-in consent)

We implement industry-standard security measures to protect your information: **5.1 Encryption** - All data transmitted between your device and our servers is encrypted using TLS/SSL - Sensitive data at rest is encrypted using AES-256 encryption - PIN codes and passwords are hashed using bcrypt - Biometric data is stored securely using device-level encryption **5.2 Access Controls** - Multi-factor authentication for account access - Role-based access controls for our employees - Regular security audits and penetration testing - Secure coding practices and vulnerability assessments **5.3 Infrastructure Security** - Secure data centers with physical security measures - Regular backups and disaster recovery procedures - Network security and intrusion detection systems - Monitoring and logging of all system activities **5.4 Your Responsibilities** - Keep your login credentials confidential - Enable biometric authentication for added security - Use a strong, unique password - Log out when using shared devices - Report suspicious activities immediately

We retain your information for as long as necessary to: - Provide our Services to you - Comply with legal and regulatory obligations - Resolve disputes and enforce agreements - Maintain security and prevent fraud **Retention Periods:** - Account information: While your account is active and for 7 years after closure - Transaction records: 7 years (as required by financial regulations) - KYC documents: 7 years after account closure - Security logs: 2 years - Marketing data: Until you opt-out or request deletion After the retention period, we will securely delete or anonymize your information.

You have the following rights regarding your personal information: **7.1 Access and Portability** - Request access to your personal information - Receive a copy of your data in a portable format - View your transaction history and account details **7.2 Correction and Updates** - Update your profile information - Correct inaccurate data - Modify your preferences and settings **7.3 Deletion** - Request deletion of your account and data - Withdraw consent for data processing - Note: Some information may be retained for legal compliance **7.4 Opt-Out** - Unsubscribe from marketing communications - Disable push notifications - Manage cookie preferences (for web services) **7.5 Security Controls** - Enable or disable biometric authentication - Change your password or PIN - Manage trusted devices - Review security alerts and login history To exercise these rights, contact us at privacy@lumimoni.com or through the app settings.

We use cookies and similar technologies to: - Remember your preferences and settings - Analyze app usage and performance - Provide personalized experiences - Ensure security and prevent fraud **Types of Cookies:** - Essential cookies: Required for app functionality - Analytics cookies: Help us understand usage patterns - Security cookies: Protect against fraud and abuse You can manage cookie preferences through your device settings, though disabling certain cookies may affect app functionality.

Our Services may contain links to third-party websites or integrate with third-party services: **Payment Processors:** - Paystack, Flutterwave, Providus Bank - These services have their own privacy policies **Analytics Services:** - We use analytics tools to understand app usage - Data is anonymized and aggregated **KYC Providers:** - BVN and NIN verification services - Government databases and authorized providers We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place, including: - Standard contractual clauses - Adequate security measures - Compliance with applicable data protection regulations By using our Services, you consent to the transfer of your information to these countries.

We may update this Privacy Policy from time to time. We will notify you of any material changes by: - Posting the new Privacy Policy on our website - Sending you an email notification - Displaying a notice in the app Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: **Email:** privacy@lumimoni.com **Phone:** +234 800 LUMI FIN **Address:** Lagos, Nigeria **Data Protection Officer:** dpo@lumimoni.com We will respond to your inquiry within 30 days.