HelloBobHellobob

Legal

Privacy Policy

This policy explains what information HelloBob collects about you, how we use it, who we share it with, and the choices you have.

Effective date:

1. Who we are

HelloBob (“HelloBob”, “we”, “us”, or “our”) operates the HelloBob mobile applications, this website at hellobob.app, and related services (together, the “Service”). The Service lets you buy, sell, swap, hold and send cryptocurrency, and convert cryptocurrency to Nigerian Naira for payout to a Nigerian bank account.

For the purposes of the Nigeria Data Protection Act 2023 (“NDPA”) and any other applicable data protection laws, HelloBob is the data controller of the personal information described in this policy. Our registered legal entity, address and Data Protection Officer (DPO) contact details are listed in section 14.

2. Information we collect

We collect information that you provide to us, information we collect automatically when you use the Service, and information we receive from third parties who help us provide the Service.

2.1 Information you give us

  • Account details: name, email address, phone number, password, profile picture and any preferences you set.
  • Identity verification (KYC):date of birth, residential address, nationality, government-issued ID (such as NIN, BVN, driver’s license or passport), a selfie or short liveness video, and any supporting documents required to comply with our anti-money-laundering (AML) and counter-terrorist-financing (CTF) obligations.
  • Financial information: Nigerian bank account details (account number, bank, account name) you add for payouts, transaction history with HelloBob, on-chain wallet addresses you save, and the amounts and currencies you transact in.
  • Communications: messages, voice notes, video and other media you send to our in-app chat, support tickets, emails or social-media messages, including attachments and metadata.
  • Survey and feedback responses you choose to share with us.

2.2 Information collected automatically

  • Device and technical data: device model, operating system and version, unique device identifiers, mobile network, IP address, time zone, language, installed app version and crash diagnostics.
  • Usage data: features and screens you interact with, the date and time of your activity, in-app navigation, search queries, referral source, and aggregated performance metrics.
  • Authentication and security signals: successful and failed sign-in attempts, session tokens, biometric authentication outcomes (we do notreceive your fingerprint or Face ID data — only a yes/no signal from your device), and risk signals used to detect fraud.
  • Cookies and similar technologies: on our website, we use cookies and local storage to keep you signed in, remember preferences and measure usage. See section 8 for details.

2.3 Information from third parties

  • Identity verification providers who confirm your KYC documents and run sanctions / politically-exposed-person screening.
  • Custodians, liquidity providers and blockchain analytics partnerswho help us execute trades, hold assets and detect illicit activity.
  • Payment partners and licensed banks who process Naira deposits and payouts on our behalf.
  • Public blockchain data— transactions made from or to wallets associated with your account are inherently public and we may analyse them to comply with the law.
  • Push-notification, analytics and crash-reporting services we use to run the Service.

3. How we use your information

We use your information to:

  • create your account, authenticate you and provide the Service;
  • carry out KYC, AML, CTF, sanctions and fraud-prevention checks required by law;
  • execute crypto and Naira transactions you request, and reflect the correct balances in your wallet;
  • send you transactional and security notifications (e.g. logins, deposits, withdrawals, swaps, password changes);
  • respond to your support requests, including via in-app chat;
  • monitor, troubleshoot, secure and improve the Service, including diagnosing crashes and abuse;
  • comply with our legal, regulatory, tax and accounting obligations and respond to lawful requests from public authorities;
  • with your consent where required, send you product updates, marketing and promotional communications — you can opt out at any time;
  • enforce our Terms and any other agreement we have with you.

4. Lawful bases for processing

Where the NDPA or another data-protection law applies, we rely on the following legal bases:

  • Performance of a contract— to deliver the Service you have signed up for.
  • Compliance with legal obligations— including KYC, AML, CTF, sanctions, tax reporting and responses to lawful requests.
  • Legitimate interests— to keep the Service secure, prevent fraud and abuse, develop new features, and run our business. We balance these interests against your privacy rights.
  • Consent— for non-essential cookies, marketing and any other processing where consent is required. You may withdraw consent at any time.

5. Sharing your information

We do not sell your personal information. We share it only with the following:

  • Service providers who act on our instructions: cloud hosting, databases, identity verification, fraud detection, customer support, analytics, push notifications, email delivery, and crash reporting.
  • Custodians, exchanges, liquidity providers and licensed banks that execute, settle or safeguard your transactions.
  • Regulators, law enforcement and other authorities where we are required to do so by law or to protect our rights, the rights of our users or the public.
  • Professional advisers (auditors, lawyers, insurers) under confidentiality.
  • A successor entity in the event of a merger, acquisition, reorganisation, financing or sale of assets, subject to confidentiality.
  • Other parties at your direction, for example when you choose to share a transaction receipt or invite a friend.

Information sent to a public blockchain (such as a destination wallet address and the amount transferred) is stored on that blockchain by design, and we cannot delete it.

6. International transfers

Some of our service providers operate outside Nigeria. When we transfer personal information to a country that the National Data Protection Commission (NDPC) has not designated as providing adequate protection, we put appropriate safeguards in place, such as contractual data-transfer commitments, and only transfer the minimum needed.

7. How long we keep your information

We retain your personal information for as long as your account is active, and after that for as long as we are required to under financial-services, AML and tax laws — typically a minimum of seven (7) years from the date of your last transaction or the closure of your account. We may retain limited information for longer where necessary to defend legal claims, prevent fraud or comply with a court order.

8. Cookies and analytics

On our website, we use a small number of cookies and similar technologies to keep you signed in, remember your preferences, measure how the site is used and improve it. You can set your browser to block cookies, but parts of the website may not work as expected if you do.

Inside the mobile apps, we do not use browser cookies, but we use local storage and secure-enclave items to keep you signed in, and analytics SDKs that report aggregated usage data. You can opt out of non-essential analytics from the in-app privacy settings where available.

9. Your privacy rights

Subject to applicable law, you have the right to:

  • access the personal information we hold about you and receive a copy of it;
  • request that we correct information that is inaccurate or incomplete;
  • request deletion of your personal information — we may have to keep some of it to comply with legal obligations or to defend legal claims;
  • object to, or ask us to restrict, certain processing — for example direct marketing;
  • request that we transfer certain information you provided to us in a structured, machine-readable format;
  • withdraw consent that you previously gave us;
  • lodge a complaint with the National Data Protection Commission (NDPC) or another competent supervisory authority.

To exercise any of these rights, write to us at hello@hellobob.app. We will verify your identity before acting on your request, and we will respond within the timeframes required by law (and in any case within thirty (30) days).

10. How we keep your information safe

We protect your information using a combination of technical, organisational and physical safeguards. These include encryption in transit and at rest, access controls, device-based authentication (passcode, Face ID or fingerprint) for the app, the use of secure key storage (Keychain on iOS, Keystore on Android), monitoring for unauthorised access, and ongoing staff training. No system is perfectly secure, so we also encourage you to use a strong unique password, enable biometric login, never share your recovery details with anyone, and contact us immediately if you suspect any unauthorised activity on your account.

11. Children

The Service is not directed to anyone under eighteen (18). We do not knowingly collect personal information from children. If you believe a child has given us personal information, contact us and we will delete it.

12. Marketing communications

Where required by law, we will only send you marketing communications with your consent. You can unsubscribe from marketing emails at any time using the link at the bottom of those emails, or by writing to us. Even if you opt out of marketing, we will still send you transactional and security messages essential to operating the Service.

13. Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Effective date” at the top of this page and, where the changes are material, we will notify you in-app or by email before they take effect. Your continued use of the Service after the new effective date means you accept the updated policy.

14. Contact us

Questions, complaints or requests about this policy or your personal information should be sent to: