Privacy Policy

We take your privacy seriously. This policy explains what data we collect, how we use it, and how we protect it.

Last updated: March 27, 2026

1. Introduction

Dojah Technologies Limited (“Dojah”, “we”, “our”, or “us”) respects your privacy and is committed to protecting the personal information collected through CheckIn, our no-code identity verification and data collection platform.

This Privacy Policy explains how personal information is collected, used, disclosed, and protected when using CheckIn. It applies to:

  • Clients — organizations or individuals using CheckIn to create verification flows, and
  • Verification Subjects — individuals whose personal information is submitted through these verification flows.

By accessing or using CheckIn, you acknowledge that you have read and understood this Privacy Policy.

Where personal data is collected through CheckIn, the Client acts as the data controller, determining the purpose and scope of processing. Dojah acts as a data processor on behalf of the Client, except where explicitly stated that Dojah acts as a controller in limited circumstances (such as account management or billing).

2. Our Role in Data Processing

2.1 When Dojah Acts as a Processor

In the context of Verification Flows configured by Clients, Dojah:

  • processes personal information submitted by Verification Subjects;
  • performs identity verification checks as configured by the Client; and
  • returns verification results to the Client through the CheckIn dashboard.

Dojah does so solely on the instructions of the Client and does not determine the purpose or lawful basis of such processing. The Client remains fully responsible for compliance with Applicable Law in respect of all personal data processed through CheckIn.

2.2 When Dojah Acts as a Controller

In limited circumstances, Dojah may process personal information as a controller, including:

  • information submitted by Clients for account creation and platform access;
  • billing and payment details;
  • technical, operational, or usage information collected for platform security, fraud prevention, and system improvement; and
  • legal or regulatory compliance purposes.

In these cases, Dojah determines the purposes and means of processing and applies this Privacy Policy to govern such activities.

3. Information We Collect

3.1 Information Collected from Clients

When Clients register or use CheckIn, we may collect:

  • organization or individual name, business details, and contact information;
  • account credentials and login information;
  • billing and payment information;
  • usage data related to the Client's interactions with the platform.

3.2 Information Collected from Verification Subjects

Through Verification Flows, personal information may be collected from Verification Subjects, including but not limited to:

  • Identity information: name, date of birth, government-issued identifiers (e.g., NIN, BVN);
  • Contact information: phone number, email address;
  • Biometric information: facial images used for verification;
  • Documentation: passports, licenses, utility bills, or other uploaded documents;
  • Responses to custom questions included in a Verification Flow.

3.3 Automatically Collected Information

Dojah may also collect information automatically when Verification Subjects or Clients access CheckIn, including:

  • device and browser information;
  • IP addresses and location metadata;
  • access and usage logs, including timestamps and activity within the platform.

4. How We Use Information

4.1 As a Processor (on behalf of Clients)

Dojah uses personal information collected through Verification Flows to:

  • execute the Client-configured verification checks;
  • transmit results to the Client via the CheckIn dashboard;
  • facilitate the collection, storage, and management of Verification Data; and
  • maintain a secure and operational platform.

In this context, Dojah acts solely on the instructions of the Client and does not determine the purpose or scope of processing.

4.2 As a Controller

Dojah may process personal information as a controller to:

  • manage Client accounts, including authentication and access;
  • process payments, billing, and credits;
  • maintain platform security and prevent fraud or unauthorized access;
  • improve the Services and conduct operational analytics; and
  • comply with legal, regulatory, or contractual obligations.

4.3 Responsibility and Limitations

  • Clients are solely responsible for determining the purpose and lawful basis for collecting information from Verification Subjects.
  • Dojah does not verify the accuracy, legality, or appropriateness of the purposes provided by Clients.
  • Verification Subjects are informed of the purpose of data collection as provided by the Client in each Verification Flow.

5. Lawful Basis for Processing

5.1 Client-Controlled Processing

  • The Client determines the lawful basis for processing Verification Subjects' personal data.
  • Verification Subjects should be provided with notice of the purpose(s) of collection and, where required, give valid consent or meet any other legal requirement.
  • Dojah is not responsible for verifying or validating the Client's legal basis for processing.

5.2 Dojah-Controlled Processing

Where Dojah acts as a controller (e.g., account management, billing, platform security), the lawful bases include:

  • Contract: processing necessary to provide the Services or manage Client accounts;
  • Legal obligation: processing required to comply with applicable laws or regulatory requirements; and
  • Legitimate interests: processing necessary to maintain platform security, prevent fraud, and improve the Services, provided it does not override fundamental rights of individuals.

6. Sharing of Information

Dojah only shares personal information in limited, controlled circumstances:

6.1 With Clients

Personal data collected through Verification Flows is shared directly with the Client who configured the flow. The Client is responsible for any further processing, storage, or sharing of that data.

6.2 With Service Providers

Dojah may engage third-party service providers to perform functions such as hosting, cloud storage, analytics, and verification processing. Such providers are bound by confidentiality obligations and are permitted to process personal data only as necessary to provide the requested service.

6.3 With Third-Party Data Sources

Certain verification checks require Dojah to query third-party data sources (e.g., NIMC, NIBSS). Dojah does not control or influence these sources and cannot guarantee the accuracy, completeness, or availability of information returned.

6.4 Legal and Regulatory Disclosures

Dojah may disclose information when required by law, regulation, legal process, or to protect rights, property, or safety of Dojah, Clients, or others. In such cases, disclosure will be limited to what is legally necessary.

6.5 Prohibited Sharing

Personal data collected via CheckIn will not be sold, leased, or otherwise made available for marketing purposes to unrelated third parties.

7. Data Retention

Dojah retains Verification Data only for as long as necessary to provide the Services and in accordance with the DPA. Retention may vary based on:

  • Client configurations and requirements
  • Legal, regulatory, or contractual obligations

Clients are responsible for determining how long Verification Data should be retained for their operational or legal purposes.

Client options for retention management:

  • Export or download data before deletion
  • Request deletion through available platform tools, where technically feasible

After retention periods expire or upon termination of a Client account, Dojah may delete or anonymize personal data, subject to legal obligations.

8. Data Security

Dojah implements appropriate technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. These measures include, but are not limited to:

  • encryption of data in transit and at rest;
  • access controls and role-based permissions;
  • monitoring and logging of system activity; and
  • secure infrastructure and storage environments.

While Dojah takes reasonable steps to protect personal information, no system can be completely secure. Accordingly, Dojah does not guarantee absolute security of information transmitted or stored through the Services.

Clients are responsible for maintaining the security of their account credentials and ensuring that access to the Services is restricted to authorized personnel.

9. International Data Transfers

Personal information processed through CheckIn may be transferred to, stored in, or accessed from jurisdictions outside Nigeria, including where Dojah or its service providers operate infrastructure or provide services.

Where such transfers occur, Dojah implements appropriate safeguards to ensure that personal information is protected in accordance with Applicable Law. These safeguards may include:

  • contractual protections with service providers; and
  • ensuring that recipients are subject to adequate data protection obligations.

By using the Services, Clients acknowledge that such transfers may occur as part of the operation of CheckIn.

10. Data Subject Rights

10.1 Verification Subjects

Where personal information is collected through a Verification Flow, Dojah processes such information on behalf of the Client. Accordingly:

  • the Client is responsible for responding to requests relating to access, correction, deletion, or other rights under Applicable Law; and
  • Verification Subjects should direct any such requests to the Client that requested the verification.

Dojah may assist Clients in responding to such requests where required under the Data Processing Addendum.

10.2 Dojah-Controlled Data

Where Dojah processes personal information as a controller (for example, Client account information), individuals may have rights under Applicable Law, including the right to:

  • request access to their personal information;
  • request correction of inaccurate or incomplete information;
  • request deletion of their personal information, subject to legal limitations;
  • object to or restrict certain types of processing; and
  • lodge a complaint with a relevant data protection authority.

Requests may be submitted using the contact details provided in this Privacy Policy.

11. Cookies and Tracking

Dojah may use cookies and similar technologies to support the functionality of CheckIn, improve user experience, and analyze platform usage. These technologies may be used to:

  • maintain session integrity;
  • remember user preferences; and
  • collect usage and performance data.

Clients may manage cookie preferences through their browser settings, although disabling certain cookies may affect the functionality of the Services.

12. Third-Party Services

The Services may integrate with or rely on third-party systems and services. This includes verification providers, infrastructure providers, and other external tools.

Dojah is not responsible for the privacy practices or content of such third-party services. Clients are encouraged to review the applicable privacy policies of any third-party services they rely on in connection with CheckIn.

13. Updates to this Privacy Policy

Dojah may update this Privacy Policy from time to time to reflect changes in the Services, legal requirements, or data processing practices.

Where changes are material, Dojah will use reasonable efforts to provide notice, including through the platform or via email.

Continued use of the Services following such updates constitutes acknowledgment of the revised Privacy Policy.

14. Contact Information

If you have any questions, concerns, or requests relating to this Privacy Policy or Dojah's data processing practices, you may contact us at:

Email: compliance@dojah.io