Privacy policy
Version: privacy_v1_20260419 Effective: 19 April 2026
survey.ng is operated by <FILL IN — registered company name, RC number> ("survey.ng", "we", "us"). This policy explains what personal data we collect, why, and what you control. We are a Data Controller under the Nigeria Data Protection Act 2023 (NDPA).
If anything below is unclear, write to our Data Protection Officer at dpo@survey.ng.
What data we hold, and why
We only keep what we need to run the service.
- Phone number — your account identifier, for OTP sign-in and notifications. Legal basis: contract.
- Email — secondary contact and payout receipts. Contract.
- Name — identity verification and payout recipient. Contract.
- Date of birth — required to check you're 18+ and for demographic survey matching. Contract + legitimate interest.
- Gender, state, area type — targeting surveys you're eligible for. Contract + legitimate interest.
- Employment, education, income band — matching you to higher-paying B2B studies. Consent. You may revoke this at any time in Settings → Privacy.
- BVN (Bank Verification Number) — verifying your bank account and preventing duplicate signups. Contract + legal obligation (KYC/AML). Plaintext retained only transiently for verification, then zeroed within 90 days. A SHA-256 hash is kept for deduplication indefinitely.
- Bank account number — receiving your payouts. Contract. Stored encrypted at rest; only the last 4 digits are shown in the UI.
- Survey answers (non-screener) — research aggregation we share with the brand/researcher who paid for the study. Contract + consent.
- Quality-score signals — anti-fraud and quality. Legitimate interest. See our Quality Score page for a plain-English breakdown.
What we never collect: screener answers (we discard them after the qualify/disqualify decision — only the boolean outcome is stored); your contact list; biometric identifiers.
How long we keep it
- Active account: we keep the above for as long as your account is active.
- Ledger history: retained for 7 years after an entry is created. Nigerian tax and companies law require this; after erasure, your ledger rows remain but are no longer tied to your identity.
- BVN plaintext: zeroed within 90 days of verification. The SHA-256 hash is retained indefinitely to prevent duplicate accounts.
- Deleted accounts: after you request deletion, data is wiped on day 7. See the Deletion section.
Who we share data with
We share data only with processors strictly necessary to provide the service, under written data-processing agreements:
- Paystack — bank account verification, BVN lookup, payout disbursement.
- Termii (and Meta WhatsApp Business API, where used) — OTP and notification delivery.
- MTN / Airtel / Glo / 9mobile — airtime redemption delivery (via Paystack).
- Our cloud infrastructure provider — hosting and encrypted backups.
We do not sell your personal data. We do not share personally identifiable survey answers with researchers — researchers receive aggregated results, with any per-response identifiers replaced by opaque tokens.
Cross-border transfers
Our primary infrastructure is hosted in <FILL IN — region / country>. Transfers outside Nigeria are permitted under NDPA on the basis of <FILL IN — e.g. adequacy decision, standard contractual clauses>. Contact the DPO for a copy of the applicable safeguard.
Your rights
The NDPA gives you specific rights over your data:
- Access — download everything we have on you from Settings → Privacy → Download my data. JSON + PDF bundle delivered within 24 hours in practice, 30 days at the outside.
- Rectification — edit most profile fields in Settings. Name changes require support with supporting evidence (to prevent payout fraud).
- Erasure — delete your account from Settings → Delete account. 7-day cooldown, one-click cancel. On day 7, identifying data is wiped; ledger entries remain for legal-record retention but are pseudonymised.
- Restriction — pause processing while a dispute is resolved. Use the Pause my account toggle in Settings.
- Portability — the same JSON bundle from Access is a structured, machine-readable export.
- Object — revoke optional consents (marketing email, WhatsApp alerts, B2B income-targeted matching) in Settings → Privacy. Required-for-service processing (fraud prevention, quality scoring) cannot be objected to while your account is active — your remedy is to delete the account.
- Automated decision-making — our quality score and survey matching are algorithmic; you can see why a survey was matched to you on the survey intro page, and the score breakdown is explained in-app.
All rights requests go through the app; if something isn't possible there, write to dpo@survey.ng and we respond within 30 days.
Cookies and tracking
survey.ng uses only strictly necessary cookies and local storage:
- Session token (tab-scoped, cleared on tab close).
- Refresh token (in a secure HTTP-only cookie, rotated on use).
- CSRF protection tokens.
We do not use third-party advertising cookies, tracking pixels, or analytics that identify individuals.
Security
- All traffic is HTTPS, with TLS 1.3 where supported.
- Passwords (ops) and PINs (panelists) are hashed with Argon2id.
- Bank account numbers and BVN plaintext are encrypted at rest (AES-256-GCM).
- Every privileged action is recorded in an append-only audit log.
- Access to production data is tightly scoped; see our Security overview at <FILL IN — security url>.
If you believe your account has been compromised, write to security@survey.ng immediately.
Breach notification
If a breach affects your data, we notify the Nigeria Data Protection Commission within 72 hours where required, and we notify you by SMS + email without undue delay. A public post-mortem is published at survey.ng/security/ within 7 days.
Full runbook is held internally; the commitment is: we tell you what happened, what data was involved, what we did, and what you should do.
Changes to this policy
When we update this policy materially, we:
- Bump the version (e.g.
privacy_v1_20260419→privacy_v2_YYYYMMDD). - Show a one-screen summary of the changes on next login.
- For consents whose lawful basis is Consent (employment/income matching, marketing, WhatsApp), force re-consent under the new version.
Archived versions are available on request from dpo@survey.ng.
Contact
- Data Protection Officer: dpo@survey.ng — <FILL IN — DPO name>, <FILL IN — phone>
- General support: support@survey.ng
- Postal: <FILL IN — registered address>
You may also lodge a complaint directly with the Nigeria Data Protection Commission (NDPC) if you are unsatisfied with our response.