ECO Privacy Policy

Effective Date: July 16, 2025 • Last Updated: July 16, 2025

1. Introduction

ECO ("we," "us," or "our") is committed to protecting your privacy and ensuring transparency in how we collect, use, and share your personal information. This Privacy Policy explains how we handle your data when you use our services. It describes our commitment to treat your information with the utmost care and confidentiality in compliance with applicable data protection laws, and in alignment with global industry best practices. This policy applies to all users of the ECO platform, including merchants and individual users, and covers all ECO services, applications, and websites.

2. Information We Collect

2.1 Personal Information You Provide

Account Registration:

  • Full name
  • Email address
  • Phone number
  • Business information (for merchants)

Financial Information:

  • Bank account details
  • Transaction history
  • Payment methods
  • ECO wallet balance and activity

Profile Information:

  • Profile picture
  • Business logo (merchants)
  • PayID/username
  • Communication preferences

2.2 Information We Collect Automatically

Device and Technical Information:

  • IP address
  • Device type, model, and operating system
  • Browser type and version
  • App version and settings
  • Location data (with consent)

Usage Information:

  • Transaction patterns and behavior
  • Feature usage analytics
  • Login times and frequency
  • Error logs and performance data

Cookies and Tracking Technologies:

  • Session cookies
  • Preference cookies
  • Analytics cookies
  • Security cookies

2.3 Third-Party Services

ECO does not sell, trade, or rent your Personal Information to third parties. However, to provide our services effectively, we may share limited Personal Information with trusted third parties, including:

  • Paystack – to facilitate transactions and process payments.
  • SendGrid – to send verification codes, transactional updates, and support messages.
  • PostHog – to collect website analytics and improve user experience.
  • Vercel – hosting provider which may process limited technical data for performance and security.

At this time, ECO does not use third-party identity verification platforms or automated KYC vendors. All verification is conducted internally by our team via direct communication. If this changes in the future, we will update this policy and notify users accordingly. We may also disclose Personal Information if required to do so by law or in response to valid legal requests. Where third parties process Personal Information on our behalf, they are contractually bound to strict data protection obligations and must enter into Data Processing Agreements (DPAs) with ECO.

3. KYC and Verification

Merchant verification (KYC) is conducted internally by our team via phone call. We do not currently use any third-party KYC provider or API. All verification information is handled manually and securely by ECO staff.

4. How We Use Your Information

4.1 Primary Business Purposes

  • Creating and maintaining your account
  • Providing customer support
  • Processing account updates
  • Managing user preferences
  • Facilitating ECO transfers
  • Processing payments and conversions
  • Maintaining transaction records
  • Generating receipts and statements
  • Detecting and preventing fraud
  • Monitoring for suspicious activity and site misuse
  • Securing your account
  • Providing rewards
  • Verify merchant identity
  • Communicate with you (transaction updates, marketing, support — opt-out available for marketing)
  • Improve services and analyze data to develop products and features
  • Maintain up-to-date records
  • Resolve disputes and cooperate with regulators/law enforcement
  • Any other purpose disclosed during service delivery
  • Fulfill legal and regulatory obligations

We may retrieve additional Personal Information from third parties (e.g., your financial institution or payment processor). With your consent, we may collect information via emails, surveys, and other communications. Once you begin using your ECO account, we maintain records of your transactions and related activity. We do not share your Personal Information without your consent, except as required to deliver our services or comply with the law.

4.2 Purpose Limitation

ECO collects Personal Information solely for specific, identified purposes and with your consent. It will not be reused for any incompatible purpose without additional consent.

4.3 Data Minimization

ECO limits collection and use of Personal Information to what is relevant, adequate, and necessary. Where possible, anonymized data will be used.

4.4 Legal Bases for Processing (NDPR + GDPR)

  • Contractual Necessity: Processing required to deliver ECO services
  • Legitimate Interests: Fraud prevention, platform improvement, operations
  • Legal Compliance: Meeting regulatory and legal obligations
  • Consent: Marketing communications and optional features

5. How We Share Your Information

  • Merchants you interact with on ECO (only PayID or email, if applicable)
  • Our internal teams (support, tech, marketing)
  • Third-party service providers for analytics, payments, hosting
  • Regulatory bodies when required by law
  • Law enforcement upon valid legal request

We do not sell your data to third parties.

6. Your Rights

You have the following rights under Nigeria’s NDPR and the EU’s GDPR:

  • Access your personal data
  • Correct or update inaccurate data
  • Delete your data or request data erasure
  • Withdraw consent (where consent is the lawful basis)
  • Object to processing in some cases
  • Request a copy of your personal data
  • Lodge a complaint with a data protection authority

To exercise these rights, contact: support@geteco.io. We may need to verify your identity before processing requests. We respond within 7 calendar days (NDPR). For EU users, within 30 calendar days (GDPR). Complex requests may be extended by an additional 7 days per NDPR.

7. Data Transfers

If your personal data is transferred outside Nigeria or your country of residence, we ensure appropriate safeguards, such as:

  • Data encryption
  • Secure, GDPR/NDPR-compliant cloud hosting
  • Data processing agreements with foreign providers

You will be notified if storage location changes affect your rights.

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes in this policy or as required by law. ECO is obligated to retain data to process transactions, ensure settlements, make refunds, identify and investigate fraud, and comply with laws applicable to us, our banking partners, and card processors.

Even after account closure, certain Personal Information and transaction data may be retained to meet obligations. Data is securely destroyed where possible. We periodically review retained data for accuracy, relevance, and necessity.

Additional practices:

  • Marketing data retained until you opt out
  • Support interactions may be stored for quality and compliance
  • Retention periods follow applicable data protection and financial regulations

9. Security Measures

ECO implements adequate controls to protect the integrity and confidentiality of Personal Information, both digital and physical. Data is stored/processed on systems in Lagos, Nigeria, and other hosting locations.

Safeguards include:

  • Secure servers
  • Encryption of data in transit and at rest
  • Role-based access control
  • Regular monitoring and security audits

In the event of a data breach impacting your rights or privacy, we will notify you and relevant authorities within the legally required timeframe. Access to Personal Information is limited to employees whose roles require it; all staff are trained on data protection obligations.

10. Updates, Modifications & Amendments

We may update, modify, or amend this Privacy Notice as technology evolves or as required by law. We will notify users of material changes. The revised Notice applies from the effective date on our website. If you do not agree with changes, you may discontinue use of the ECO platform and request account closure.

11. Children’s Privacy

Our services are not directed at persons under 18. We do not knowingly collect personal information from children. If we discover a child has provided personal data, we will delete it promptly.

12. Contact Information

Questions or rights requests: support@geteco.io

13. Cookies and Tracking Technologies

We only use essential and functional cookies at this time. Cookies are small data files stored on your device. ECO uses cookies to ensure our website functions properly and to enhance your experience. These cookies are strictly necessary and do not require consent.

Types of cookies currently used:

  • Essential cookies – Core functionality like navigation, secure areas, basic features.
  • Functional cookies – Remember choices (e.g., language, login) and provide enhanced features.

We do not use cookies for tracking, advertising, or analytics at this time. If this changes, we will update this section and provide cookie preference controls.

Back to top ↑