cloza

Legal

Privacy Policy

Last updated: March 2026

What we collect

When you create an account, we collect your name, email address, and NIN for identity verification. Bank account details are collected when you add a payout account.

When you create a project, we collect project details, contract terms, and your client's name and email.

We also collect usage data including login activity, pages viewed, actions taken within the platform, and IP address for security, analytics, and fraud prevention.

How we use your data

  • To create and manage your account
  • To enable contract creation, acceptance, and milestone tracking
  • To coordinate and route payments through third-party payment providers (Paystack)
  • To verify identity and prevent fraud
  • To send transactional notifications (payments, approvals, updates)
  • To resolve disputes using activity logs and submitted data
  • To improve the platform based on usage patterns
  • To comply with legal and regulatory obligations

Legal basis for processing

  • Performance of a contract — to provide our services
  • Legal obligations — including financial record-keeping and fraud prevention
  • Legitimate interests — to maintain platform security and improve our services
  • Consent — where required, including identity verification (KYC)

Data controller and processor roles

Cloza acts as a Data Controller for personal data related to account management, identity verification, fraud prevention, and compliance obligations.

Cloza also acts as a Data Processor for project-related data, including contracts, deliverables, and communications, which are processed on behalf of users.

Third-party services

We use trusted third-party providers to operate the platform, including payment processors, identity verification services, infrastructure providers, and communication services.

These providers process personal data only as necessary to deliver their services.

International data transfers

Some of our service providers may process personal data outside Nigeria. Where this occurs, we take reasonable steps to ensure that appropriate safeguards are in place in accordance with NDPR requirements.

Data retention

We retain your account data while your account is active. Transaction records are retained for up to 7 years in line with financial and regulatory requirements. You may request deletion of your personal data at any time, subject to legal obligations.

Security

We implement appropriate technical and organizational measures to protect your data, including encryption, access controls, activity logging, and secure infrastructure.

Your rights

  • Right to access your personal data
  • Right to request correction of inaccurate data
  • Right to request deletion of your data
  • Right to object to or restrict processing
  • Right to data portability
  • Right to withdraw consent where applicable

What we do not do

We do not sell your personal data. We do not use your data for advertising. We do not hold or control user funds; payments are handled by licensed third-party providers.

Contact and Data Protection Officer

Cloza has appointed a Data Protection Officer responsible for overseeing compliance with data protection obligations.

For privacy-related questions or to exercise your rights, contact support@withcloza.com