This Privacy Policy explains how TafiNorth ("we", "our", or "us") collects, uses, and protects your personal information when you use our ride-hailing platform across northern Nigeria. By using TafiNorth you agree to this policy.
1. Introduction
TafiNorth is a ride-hailing platform operating across northern Nigeria. We are committed to protecting your privacy and handling your personal data responsibly and transparently in accordance with applicable Nigerian data protection laws, including the Nigeria Data Protection Act 2023 (NDPA).
This policy applies to all users of the TafiNorth mobile application, website, and related services, including riders, drivers, and visitors.
2. Information We Collect
Information you provide directly
- Name, phone number, and email address when you register
- Profile photo (optional)
- Payment information (card details processed via our payment partners)
- Driver documents — licence, vehicle registration, insurance (drivers only)
- Feedback, ratings, and support communications
Information collected automatically
- Precise location data when the app is in use
- Trip data including pickup and dropoff locations, distance, and duration
- Device information — model, operating system, app version
- Usage data — features accessed, time spent, actions taken
- IP address and connection information
Information from third parties
- Payment verification from our payment processors
- Background check results for driver applicants
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the TafiNorth platform
- Match riders with nearby drivers and process trip requests
- Process payments and prevent fraud
- Verify driver identity and vehicle documents
- Send service notifications, receipts, and trip updates via SMS
- Respond to customer support requests
- Ensure the safety of riders, drivers, and the public
- Conduct analytics to improve service quality and performance
- Comply with legal obligations
We do not use your data for targeted advertising. We do not sell your personal information to any third party.
4. Sharing Your Information
With drivers and riders
When a trip is matched, riders and drivers can see each other's first name, photo, rating, and vehicle details. Your full phone number is never shared directly — calls are routed through our platform.
With service providers
We share data with trusted third-party vendors who help us operate the platform, including payment processors, SMS providers (Sendchamp), cloud infrastructure providers, and background check services. These parties are contractually bound to protect your data.
For legal reasons
We may disclose your information if required by Nigerian law, court order, or to protect the rights, property, or safety of TafiNorth, our users, or the public.
Business transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services. Specifically:
- Account data is retained until you delete your account
- Trip history is retained for 3 years for legal and safety purposes
- Driver documents are retained for the duration of the driver relationship plus 1 year
- Support communications are retained for 2 years
After the applicable retention period, we securely delete or anonymise your data.
6. Your Rights
Under the Nigeria Data Protection Act 2023, you have the following rights regarding your personal data:
- Right to access — request a copy of the data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your data in certain circumstances
- Right to portability — receive your data in a machine-readable format
- Right to object — object to certain types of processing
- Right to withdraw consent — where processing is based on consent
To exercise any of these rights, contact us at privacy@tafinorth.com. We will respond within 30 days.
7. Security
We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:
- End-to-end encryption for data in transit (TLS 1.2+)
- Encrypted storage of sensitive data at rest
- Access controls limiting employee access to personal data on a need-to-know basis
- Regular security reviews and penetration testing
No system is completely secure. If you believe your account has been compromised, contact us immediately at security@tafinorth.com.
8. Children
TafiNorth is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by SMS. The "last updated" date at the top of this page reflects the most recent revision. Continued use of TafiNorth after changes become effective constitutes your acceptance of the revised policy.