GORRO

Privacy Policy

Effective Date: 12th April 2026 · Version 1.0

This Privacy Policy explains how Gorro ("Gorro", "we", "us", or "our") collects, uses, stores, shares, and protects your personal information when you use the Gorro platform, including our mobile application, website, and all associated services. Please read this policy carefully before using Gorro.

Privacy Policy

1. Who We Are

Gorro is a community finance infrastructure platform developed and operated by Bigstack Technologies Ltd, and sponsored by Ekondo Microfinance Bank.

Gorro provides savings, group treasury management, and credit access services provided by Ekondo Microfinance Bank, a licensed microfinance bank regulated by the Central Bank of Nigeria (CBN). All banking and financial services on the Gorro platform are delivered by Ekondo MFB.

For any privacy-related enquiries, you may contact us at: privacy@gorro.ng

2. Information We Collect

We collect different types of information depending on how you interact with the Gorro platform. The categories of personal data we collect include the following:

2.1 Information You Provide Directly

  • Identity information: your full name, date of birth, gender, and nationality.
  • Contact information: your phone number, email address, and residential address.
  • Identity verification documents: Bank Verification Number (BVN), National Identity Number (NIN), and government-issued identification documents required for KYC compliance.
  • Financial information: bank account details, transaction history, savings balances, and credit-related information.
  • Account credentials: your username and password.
  • Next-of-kin details: name and contact information for your nominated next of kin.
  • Communications: any messages, queries, or feedback you send to us through the app or via support channels.

2.2 Information We Collect Automatically

  • Device information: hardware model, operating system, unique device identifiers, and mobile network information.
  • Usage data: log data including access times, pages viewed, features used, and actions taken within the app.
  • IP address and browser type (for web access).
  • Transaction data: the details of every transaction you carry out on the platform, including amounts, timestamps, product types, and counterparties.

2.3 Information From Third Parties

  • Identity verification data from licensed identity verification providers.
  • Credit information from CRC Credit Bureau, used to assess creditworthiness for loan products.
  • Payment and transaction data from our payment service providers, Paystack and Fincra.
  • Banking and account data from Ekondo Microfinance Bank in connection with the delivery of financial services on the platform.

2.4 Community and Group Information

Gorro is a community finance platform. When you participate in a Cluster, Circle, or Ajo group, certain information is shared within that group by design:

  • Your contributions, withdrawals, and participation activity within a group are visible to other members of that group.
  • Your name and profile identity are visible to other group members.
  • Your personal KYC documents, identity information, and private account details are never shared with other group members. This information remains strictly private to you and to Gorro.

3. How We Use Your Information

We use your personal data only for lawful purposes. Specifically, we use the information we collect to:

  • Create and manage your Gorro account and savings wallet.
  • Verify your identity and carry out Know Your Customer (KYC) checks as required by applicable regulations.
  • Provide, operate, and improve the Gorro platform and all its features.
  • Process your transactions, savings plans, group contributions, and withdrawals.
  • Assess your eligibility for credit products through our banking partner, Ekondo Microfinance Bank.
  • Report credit activity to CRC Credit Bureau as required by law and in accordance with your agreement to our terms.
  • Send you transaction notifications, account updates, security alerts, and service-related communications.
  • Respond to your enquiries and provide customer support.
  • Comply with our legal and regulatory obligations under applicable Nigerian law.
  • Detect, prevent, and investigate fraud, unauthorised access, and other illegal activities.
  • Analyse usage patterns to improve platform performance and user experience.
  • Communicate with you about new products, features, or promotions (where you have not opted out of marketing communications).

4. Legal Basis for Processing Your Data

We process your personal data in accordance with the Nigeria Data Protection Act (NDPA) 2023 and the NDPA General Application and Implementation Directive (GAID) 2025. The lawful bases on which we rely include:

  • Consent: where you have explicitly agreed to the processing of your personal data for a specific purpose.
  • Contractual necessity: where processing is necessary to fulfil our obligations to you under the Gorro Terms of Service.
  • Legal obligation: where we are required by law or regulation to process your data — for example, for KYC, anti-money laundering (AML), and credit bureau reporting obligations.
  • Legitimate interests: where processing is necessary for our legitimate business interests or the interests of third parties, provided those interests are not overridden by your rights and freedoms.

5. How We Share Your Information

We treat your personal data with care and do not sell it to third parties. We may share your information only in the following circumstances:

5.1 With Our Banking and Financial Partners

We share necessary personal and financial data with Ekondo Microfinance Bank for the purpose of delivering regulated financial services — including savings products, loan disbursements, and account management — on the Gorro platform.

5.2 With Payment Service Providers

We share transaction data with Paystack and Fincra solely for the purpose of processing payments, deposits, and withdrawals on the platform.

5.3 With Credit Bureaus

We share credit-relevant data with CRC Credit Bureau as required by law and for the purpose of credit scoring and responsible lending. By using Gorro's credit features, you consent to the sharing and reporting of your credit activity.

5.4 With Identity Verification Providers

We share identity information with licensed identity and KYC verification providers for the purpose of verifying your BVN, NIN, and other identity documents.

5.5 With Regulators and Law Enforcement

We may disclose your personal data to government agencies, regulators, law enforcement bodies, or courts where we are required to do so by law, court order, or regulatory direction — including the Central Bank of Nigeria (CBN), the Nigeria Financial Intelligence Unit (NFIU), and other competent authorities.

5.6 In a Business Transaction

If Bigstack Technologies Ltd undergoes a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the successor entity as part of that transaction. We will notify you of any such change in advance.

5.7 With Your Consent

We may share your information with other third parties where you have given us your explicit consent to do so.

6. How Long We Keep Your Data

We retain your personal data for as long as is necessary to provide you with our services and to fulfil the purposes described in this policy. Specifically:

  • Account data is retained for the duration of your active account and for a minimum of five (5) years after account closure, in compliance with applicable financial regulations.
  • Transaction records are retained for a minimum of seven (7) years in accordance with Nigerian financial record-keeping requirements.
  • KYC and identity verification data is retained for the period required by CBN regulations and applicable anti-money laundering legislation.
  • Where you have exercised a right to erasure (subject to legal and regulatory obligations), we will delete or anonymise your data accordingly.

7. How We Protect Your Data

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure. These measures include:

  • Encryption of sensitive data in transit and at rest.
  • Secure access controls and authentication mechanisms.
  • Regular security assessments and monitoring of our systems.
  • Restricted access to personal data on a need-to-know basis within our team.

While we take all reasonable steps to protect your information, no system is entirely immune to risk. You are responsible for keeping your account credentials confidential and for notifying us immediately of any suspected unauthorised access to your account.

8. Your Rights

Under the Nigeria Data Protection Act (NDPA) 2023, you have the following rights with respect to your personal data:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may request that we correct any inaccurate or incomplete personal data.
  • Right to erasure: you may request the deletion of your personal data, subject to our legal and regulatory retention obligations.
  • Right to restrict processing: you may request that we limit how we use your personal data in certain circumstances.
  • Right to data portability: you may request a copy of your data in a structured, machine-readable format.
  • Right to object: you may object to the processing of your personal data for direct marketing purposes at any time.
  • Right to withdraw consent: where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at privacy@gorro.ng. We will respond to all legitimate requests within the timeframes required by applicable law.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website to improve your browsing experience, analyse platform usage, and deliver relevant content. You may configure your browser to refuse cookies, though some features of the platform may not function correctly if you do so.

Our mobile application may use analytics and crash-reporting tools to help us improve the app's performance and stability. These tools may collect device information and usage data as described in Section 2.2 above.

10. Children's Privacy

Gorro is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has created an account or provided us with personal data, we will take steps to delete that information and close the account promptly.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Where we make material changes, we will notify you via the app or by email before the changes take effect. The date at the top of this policy indicates when it was last revised. Your continued use of Gorro after any update constitutes your acceptance of the revised policy.

← Back to Home