Introduction
Finora Technologies Ltd ("Finora", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business management and tax platform ("Finora Platform") and our marketing website at finorabusiness.com.
This policy is designed to comply with the Nigeria Data Protection Regulation (NDPR) issued by the National Information Technology Development Agency (NITDA).
Please read this Privacy Policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
1. Who We Are
Finora Technologies Ltd is a business management and tax platform designed for Nigerian businesses. We help small to medium businesses manage invoicing, accounting, and tax compliance.
Contact Details:
- Website: https://finorabusiness.com
- App: https://app.finorabusiness.com
- Email: privacy@finorabusiness.com
Data Protection Officer: dpo@finorabusiness.com
2. Information We Collect
2.1 Information You Provide Directly
Account Information:
- Name, email address, phone number
- Password (stored in encrypted form)
- Profile photo (optional)
Business Information:
- Business name and address
- Tax Identification Number (TIN)
- CAC registration number
- Industry and business type
- Annual revenue range
Financial Information:
- Invoice details (customers, amounts, dates)
- Receipt information (vendors, amounts, items)
- Expense records
- Bank account details (for bank integration feature)
- Product and inventory data
- Accounting journal entries
Customer and Supplier Data (entered by you):
- Names and contact details of your customers
- Names and contact details of your suppliers
Communications:
- Support inquiries
- Feedback and surveys
- Contact form submissions
2.2 Information Collected Automatically
Technical Data:
- IP address
- Browser type and version
- Device type and operating system
- Time zone setting
Usage Data:
- Pages viewed and features used
- Actions taken within the platform
- Session duration and frequency
- Referring website or source
Cookies and Tracking Technologies:
- Session cookies for authentication
- Preference cookies
- Analytics cookies (see our Cookies Policy)
2.3 Information from Third Parties
Bank Integration: When you connect your bank account via our bank integration feature, we receive:
- Account balance
- Transaction history
- Account identifiers
Payment Processing (Paystack): When you subscribe to paid plans:
- Payment status
- Transaction reference
- Card type (last 4 digits only)
We do not receive or store your full card number, CVV, or PIN.
3. Legal Basis for Processing
Under NDPR Article 2.2, we process your personal data based on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Providing platform services | Performance of contract |
| Account management | Performance of contract |
| Processing payments | Performance of contract |
| Tax calculations | Legal obligation |
| Customer support | Legitimate interests |
| Service improvements | Legitimate interests |
| Security and fraud prevention | Legitimate interests |
| Marketing communications | Consent |
| Compliance with laws | Legal obligation |
4. How We Use Your Information
4.1 Providing Our Services
- Creating and managing your account
- Processing your invoices, receipts, and expenses
- Generating financial statements
- Calculating tax obligations (VAT, WHT, CIT)
- Facilitating bank integration and reconciliation
- Enabling accountant collaboration features
4.2 Communication
- Sending service-related emails (account verification, password reset)
- Subscription and billing notifications
- Feature updates and product announcements
- Responding to your inquiries and support requests
4.3 Improvement and Analytics
- Understanding how users interact with our platform
- Identifying and fixing technical issues
- Developing new features based on usage patterns
- Improving user experience
4.4 Security and Compliance
- Detecting and preventing fraud or unauthorized access
- Maintaining audit logs
- Complying with Nigerian tax and data protection laws
- Enforcing our Terms of Use
4.5 Marketing (with your consent)
- Sending promotional emails about Finora features
- Sharing tips and resources for business management
- Informing you about special offers or discounts
You can opt out of marketing communications at any time by clicking "Unsubscribe" in any marketing email or updating your preferences in Settings > Notifications.
5. Data Sharing and Disclosure
We do not sell your personal data. We may share your information in the following circumstances:
5.1 Service Providers
We engage trusted third-party service providers to help us deliver our services, including providers for authentication, database infrastructure, content delivery, bank integration, payment processing, and email delivery.
All service providers are carefully vetted and bound by data processing agreements in compliance with NDPR requirements. They are required to protect your data and only process it according to our instructions.
For specific inquiries about our service providers, please contact our Data Protection Officer at dpo@finorabusiness.com.
5.2 Professional Accountants (with your permission)
If you use our Accountant Collaboration feature, you may grant your accountant access to your business data for review and adjustment purposes.
5.3 Legal Requirements
We may disclose your information when required by law, such as:
- Responding to court orders or legal processes
- Complying with requests from tax authorities (FIRS)
- Responding to requests from regulatory bodies (NITDA)
- Protecting our legal rights
5.4 Business Transfers
If Finora is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside Nigeria, including the United States, where our cloud service providers (Firebase, Cloudflare) maintain data centers.
In accordance with NDPR Article 2.11, we ensure appropriate safeguards for international transfers through:
1. Standard Contractual Clauses: Agreements with service providers that include GDPR-compliant standard contractual clauses 2. Certifications: Service providers maintain SOC 2 Type II and ISO 27001 certifications 3. Encryption: Data encrypted in transit and at rest 4. Access Controls: Strict access limitations
7. Data Retention
We retain your personal data for as long as necessary to provide our services and comply with legal obligations:
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of account |
| Financial/tax records | 6 years (tax law requirement) |
| Deleted account data | 7 days to complete deletion |
| Audit logs | 2 years (NDPR requirement) |
| Backup data | 90 days after deletion |
| Contact form data | 2 years |
| Marketing preferences | Until you unsubscribe |
After the retention period, data is securely deleted or anonymized.
8. Your Privacy Rights
Under NDPR, you have the following rights regarding your personal data:
8.1 Right to Access
Request a copy of the personal data we hold about you.
8.2 Right to Rectification
Request correction of inaccurate or incomplete data.
8.3 Right to Erasure
Request deletion of your personal data (subject to legal retention requirements).
8.4 Right to Restrict Processing
Request that we limit how we use your data.
8.5 Right to Data Portability
Request your data in a portable, machine-readable format.
8.6 Right to Object
Object to processing based on legitimate interests or for marketing purposes.
8.7 Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
How to Exercise Your Rights
Via Email: Send your request to dpo@finorabusiness.com
In the App: Go to Settings > Privacy > Data Requests
Response Time: We will respond within 30 days. If your request is complex, we may extend this by up to 60 days (we will notify you if this is necessary).
Verification: We may need to verify your identity before processing your request to protect your data from unauthorized access.
9. Data Security
We implement robust security measures to protect your personal data:
Technical Safeguards:
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for data at rest
- Secure password hashing (bcrypt)
- Multi-factor authentication (optional)
- Regular security assessments and penetration testing
Organizational Safeguards:
- Role-based access control
- Employee confidentiality agreements
- Regular security training
- Incident response procedures
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.
10. Children's Privacy
The Finora Platform is designed for businesses and is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.
If you believe we have collected data from a child, please contact us at privacy@finorabusiness.com, and we will promptly delete the information.
11. Third-Party Links
Our website and platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws.
How We Notify You:
- Email notification to your registered email address
- Prominent notice on our website
- In-app notification
We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes are posted constitutes your acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or our data practices:
General Privacy Inquiries:
- Email: privacy@finorabusiness.com
Data Protection Officer:
- Email: dpo@finorabusiness.com
NITDA Complaints: If you believe your data protection rights have been violated, you may lodge a complaint with NITDA:
- Website: https://nitda.gov.ng
- Email: info@nitda.gov.ng
Last updated: December 29, 2025