Back
DelayFree logo
DLF-DPP-001

Privacy Policy

This Privacy Policy explains how DelayFree Limited collects, uses, discloses, stores, and protects personal data in connection with our logistics marketplace platform, mobile applications, and related services in Nigeria.

Applies to Customer AppApplies to Delivery Agent AppApplies to Delivery Firm Web Portal

Controller

DelayFree Limited

Effective Date

March 2026

Privacy Contact

privacy@delayfree.com

1

About This Policy

This Privacy Policy applies to personal data processed through the DelayFree platform for customers, delivery riders, delivery agents, and merchant or firm partners. By accessing or using the platform, you acknowledge that you have read and understood this Policy and how your personal data may be handled in connection with our services.

We are committed to complying with the Nigeria Data Protection Act 2023 (NDPA) and applicable data protection requirements in Nigeria. This page is intended to serve as our public-facing privacy notice and should be read together with any product notices, onboarding disclosures, and operational terms that may apply to a specific service.

2

Data Controller & Contact Information

DelayFree Limited is the data controller responsible for personal data processed in connection with the platform.

  • Company: DelayFree Limited
  • Country of Incorporation: Federal Republic of Nigeria
  • Privacy Contact: privacy@delayfree.com
  • Data Protection Officer: dpo@delayfree.com
  • Regulator: Nigeria Data Protection Commission (NDPC), Nigeria

For privacy requests, complaints, or questions about how we handle personal data, please contact us through the privacy or DPO channels listed above. We aim to respond to verified requests within the timelines required by applicable law.

3

Legal Basis for Processing

We process personal data only where we have a valid legal basis to do so. Depending on the service and the type of data involved, our legal bases may include:

  • Performance of contract: to provide delivery, settlement, support, and account services you request from us.
  • Legitimate interests: to prevent fraud, secure the platform, investigate abuse, improve our products, and maintain service reliability.
  • Legal obligation: to comply with KYC, tax, anti-fraud, records retention, and other regulatory duties.
  • Consent: where required for optional marketing, cookies, or similar processing that depends on your permission.

Where processing depends on consent, you may withdraw that consent at any time, subject to any processing that has already lawfully occurred before withdrawal.

4

Data We Collect

4.1 Customer Data

  • Full name
  • Mobile phone number
  • Email address
  • Pickup and drop-off addresses for each delivery request
  • Real-time GPS location during active delivery sessions where required to fulfil service and support safety
  • Order history, transaction records, wallet balance, and payment references
  • Device identifiers, IP address, browser type, crash logs, and app usage information
  • In-app communications and support interactions

4.2 Delivery Agent / Rider Data

  • Full name, email address, phone number, and residential address
  • Government-issued identity information for KYC verification, including NIN or BVN where required
  • Guarantor details and supporting verification information where applicable
  • Vehicle, licence, and conveyance details
  • Bank account details for disbursement
  • Real-time GPS location data during active delivery sessions
  • Performance metrics, ratings, complaints, and delivery history

4.3 Delivery Firm / Merchant Partner Data

  • Business name and CAC registration details
  • Contact person details including name, email address, and phone number
  • Business address, operational hours, and onboarding records
  • Bank account details for settlement
  • Inventory, order, and operational data required to process deliveries

4.4 Automatically Collected Data

  • Device type, operating system, unique device identifiers, and app version
  • IP address and browser information for web users
  • Crash reports, diagnostic logs, and performance telemetry
  • Clickstream, navigation, and feature interaction data
5

How We Use Your Data

  • To register, verify, and manage accounts on the DelayFree platform
  • To connect customers with available riders and delivery firms and fulfil delivery requests
  • To process payments, manage wallet balances, record commissions, and disburse payouts
  • To verify rider identity and eligibility through KYC processes
  • To track delivery status and communicate operational updates in real time
  • To detect fraud, abuse, unauthorised access, or other misuse of the platform
  • To send receipts, service notices, support responses, and platform notifications
  • To comply with legal, regulatory, tax, and audit obligations
  • To analyse and improve products, operations, user experience, and service quality
  • To send marketing communications where you have provided the required consent
6

Location Data

Because delivery services depend on movement and coordination, certain platform features require location data. We apply the following principles:

  • Customer location data is collected only as needed to fulfil an active delivery request. We do not access location in the background when there is no delivery in progress.
  • Rider and delivery-agent location may be collected during active sessions to power live tracking, dispatch operations, route support, and safety oversight.
  • Precise location data is retained only for as long as it is required for operations, security review, support, dispute handling, and limited audit needs.
  • Location information is not sold and is used strictly to provide service, resolve issues, and protect users and the platform.
7

Sharing Your Data

We do not sell personal data. We may share personal data only as necessary to provide the service, support legitimate operations, comply with law, or protect the platform and its users.

  • Operational sharing between customers, riders, and merchants where delivery execution requires names, phone numbers, pickup points, drop-off addresses, or order details.
  • Trusted processors acting under data processing agreements, including payment processors such as Paystack or Flutterwave, email service providers such as SendGrid, cloud hosting providers, SMS or OTP providers, and KYC verification providers.
  • Professional advisers, auditors, insurers, or service partners where required for lawful operations, dispute handling, or risk management.
  • Courts, regulators, law enforcement, or competent authorities where disclosure is legally required or necessary to protect rights, property, safety, or the public.
8

Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, to manage our relationship with you, or as required by law, regulation, or legitimate audit and security obligations.

  • Active account data is generally retained throughout the account lifecycle.
  • Transaction and financial records are typically retained for seven years to support tax, accounting, audit, and statutory obligations.
  • Rider KYC documents may be retained for up to five years after the engagement ends, subject to legal or regulatory requirements.
  • Delivery logs and GPS records are generally retained for up to twelve months unless a dispute, complaint, investigation, or legal obligation requires longer retention.
  • Marketing preferences are kept until consent is withdrawn or the communication purpose ends.
9

Data Security

We implement appropriate technical and organisational safeguards to protect personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction.

  • Encryption in transit and at rest where applicable
  • Role-based access controls and least-privilege access management
  • Multi-factor authentication and access monitoring for sensitive systems
  • Secure hosting, logging, and technical hardening measures
  • Regular security reviews, staff training, and processor oversight
10

Your Rights

Under the NDPA 2023 and, where applicable, the NDPR framework, you may have the following rights in relation to your personal data:

  • The right to access personal data we hold about you
  • The right to request correction of inaccurate or incomplete personal data
  • The right to request deletion or erasure where applicable
  • The right to restrict or object to certain processing activities
  • The right to withdraw consent where processing depends on consent
  • The right to data portability in a structured, commonly used, machine-readable format where applicable
  • The right to lodge a complaint with the Nigeria Data Protection Commission (NDPC)

We will respond to verified requests within 30 days where practicable. For complex requests, we may extend this period by a further 30 days where permitted by law, with prior notice to you.

11

Children's Privacy

Our services are not directed to persons under the age of 18. We do not knowingly collect personal data from minors. If you believe that a child has provided personal data to us, please contact us immediately at privacy@delayfree.com so we can investigate and take appropriate steps.

12

International Transfers

  • Some service providers may process data outside Nigeria.
  • Where international transfers occur, we use contractual protections and other safeguards consistent with NDPA requirements before personal data is transferred.
13

Cookies and Analytics

  • We use cookies and similar technologies to operate core site functionality, remember preferences, and analyse usage.
  • Where required, non-essential analytics or marketing technologies are used only with the appropriate consent.
  • Disabling certain cookies may affect website functionality or service experience.
14

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, operations, security controls, product features, or service providers. Material changes will be communicated through an in-app notice, website notice, email, or another appropriate method before the changes take effect where required.

15

Governing Law

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act 2023 and other applicable data protection and regulatory requirements. Any disputes arising from this Policy are subject to the jurisdiction of the competent courts and authorities in Nigeria unless otherwise required by law.

16

How to Contact Us & Complaints

If you have any questions about this Privacy Policy or our data practices, please contact us first so we can try to resolve the issue directly.

  • DelayFree Privacy Contact: privacy@delayfree.com
  • Data Protection Officer: dpo@delayfree.com
  • NDPC Website: ndpc.gov.com
  • NDPC Email: info@ndpc.gov.com
  • NDPC Address: Plot 103B, Former Diplomatic Zone, Mabushi, Abuja

If you are not satisfied with our response, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC).

Document Reference: DLF-DPP-001

Effective Date: March 2026 | Controller: DelayFree Limited

This page is intended to reflect the public-facing contents of the DelayFree privacy policy document and related operational privacy controls.