NidFul Docs

Privacy & Data Handling

Learn how NidFul processes personal data and how to request changes or deletion.

6 min readUpdated Sep 23, 2025Resources

Privacy & Data Handling

NidFul protects the personal information of researchers, program stakeholders, and affected users. This overview reflects our transparency commitments and is tailored to African data protection laws.

Data We Collect

  • Account Information – Name, email, phone, preferred language.
  • Verification Data – Government IDs or business documents for KYC/KYB.
  • Activity Logs – Login history, policy updates, payout approvals.
  • Submission Content – Vulnerability reports, attachments, and related comments.

How We Use Data

  • Operate and secure the NidFul platform.
  • Verify identity and eligibility for payouts.
  • Communicate with researchers and program owners.
  • Detect fraud, abuse, or policy violations.

Legal Bases

  • Performance of a contract (platform access, bounty payments).
  • Legitimate interests (security monitoring, community trust).
  • Compliance with legal obligations (KYC, anti-money laundering rules).
  • Consent where required (marketing communications).

Data Storage & Transfers

  • Primary data centres in Lagos, Nairobi, and Frankfurt with redundancy.
  • Cross-border transfers use standard contractual clauses and encryption.
  • Attachments and sensitive artifacts encrypted at rest and in transit.

Regional residency

Programs can opt for data residency restrictions to keep submission content within specific jurisdictions (e.g., Nigeria or South Africa).

Your Rights

  • Access, correct, or delete your personal data (subject to legal retention requirements).
  • Export data in machine-readable formats.
  • Object to certain processing activities.
  • Withdraw consent for optional communications.

Request changes by emailing privacy@nidful.com with proof of account ownership. We respond within 30 days.

Retention

  • Account data retained while you remain active.
  • Submission records retained for at least 24 months, extendable for compliance.
  • KYC documents retained according to financial regulations (typically 5 years).

Third-Party Processors

  • Payment providers (banking partners, mobile money operators).
  • Cloud hosting and security monitoring services.
  • Customer support systems.

Third parties undergo security and privacy reviews before onboarding.

Updates

We review this policy annually and publish change logs. Significant updates trigger email notifications.

For questions, reach out to privacy@nidful.com or your program representative. Continue to Additional Links & Support for escalation paths and status dashboards.