Skip to main content
RouteFi DriveRouteFi Drive← Home

Privacy Policy

1. Introduction

This Privacy Policy explains how Dignified Labs ("we", "us", "our") collects, uses, stores, and protects your personal data when you use RouteFi Drive ("the Platform").

We are committed to protecting your privacy and handling your data responsibly. This policy applies to all users of the Platform, including Customers and Dealer personnel.

By using RouteFi Drive, you consent to the collection and use of your data as described in this policy.

2. Data We Collect

2.1 Information You Provide

When you create an account and use the Platform, we collect:

  • Identity information — Full name, date of birth, email address, phone number, residential address (street, city, state).
  • Identity verification data — Bank Verification Number (BVN) and National Identification Number (NIN), collected during the finance application process.
  • Employment information — Employer name, job title, monthly income, length of employment.
  • Financial information — Bank statements and other financial documents uploaded as part of your application.
  • Documents — Passport photographs, national identification documents, proof of address, and proof of employment.
  • Vehicle preferences — Details of vehicles you select during the application process.
  • Communications — Messages you send through the Platform's messaging system, including any file attachments.
  • Support requests — Tickets you submit, including subject, description, category, and any attachments.

2.2 Information We Collect Automatically

When you access the Platform, we may automatically collect:

  • Device type, browser type, and operating system.
  • IP address and approximate geographic location.
  • Pages visited, time spent on pages, and navigation patterns.
  • Referring website or application.

2.3 Information from Third Parties

We receive data from the following third-party services:

  • Auth0 — Authentication status, login timestamps, and session data.
  • Paystack — Payment transaction status, payment method used (card type or bank), and transaction references. We do not receive or store your full card number.
  • Identity verification providers — Verification status (verified/not verified) and basic identity confirmation (name match) for BVN and NIN checks.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Account management — To create and manage your user account, authenticate your identity, and maintain session security across subdomains.
  • Finance applications — To process your vehicle finance applications, verify your identity, assess your eligibility, and present your application to the relevant Dealer.
  • Loan management — To track your loan balance, payment history, upcoming payments, and early settlement calculations.
  • Payment processing — To initiate and record payments through Paystack, send payment receipts, and update your loan balance.
  • Communication — To send you transactional emails including application status updates, payment confirmations, payment reminders, and messages from Dealers.
  • Support — To respond to your support tickets and resolve any issues you report.
  • Platform improvement — To understand how the Platform is used and to improve our services.

4. Legal Basis for Processing

We process your personal data on the following grounds:

  • Contract performance — Processing is necessary to provide the Platform services, manage your account, and facilitate your finance applications and loan agreements.
  • Legitimate interest — Processing is necessary for the operation, security, and improvement of the Platform.
  • Legal obligation — Processing is required to comply with applicable Nigerian laws, including anti-money laundering (AML) and know-your-customer (KYC) requirements.
  • Consent — Where we rely on your consent, you may withdraw it at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

5. Data Sharing

We share your personal data only with the following parties, and only to the extent necessary:

  • Dealers — When you submit a finance application through a Dealer's instance, the Dealer receives your application information (personal details, employment information, documents, and vehicle selection) to review and make a decision. Dealers can also view your loan and payment information for agreements originated through their dealership.
  • Paystack — Your email address and transaction details are shared with Paystack to process payments. Paystack's privacy policy governs their handling of this data.
  • Auth0 — Your email address and basic profile information are stored by Auth0 for authentication purposes. Auth0's privacy policy governs their handling of this data.
  • Identity verification providers — Your BVN and NIN are transmitted to our verification provider to confirm your identity. Only the verification result (verified/not verified) is stored on the Platform alongside the encrypted BVN/NIN.
  • Cloud storage providers — Documents and images you upload are stored securely with our cloud storage provider (Supabase).
  • Email provider — Your email address and name are shared with our email provider (Resend) to deliver transactional notifications.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

6. Data Security

We take the security of your data seriously and employ the following measures:

  • Encryption at rest — Sensitive identity data (BVN and NIN) is encrypted before storage using industry-standard encryption.
  • Secure transmission — All data transmitted between your browser and the Platform is encrypted using HTTPS/TLS.
  • Authentication — User sessions are managed through Auth0 with secure, HTTP-only session cookies.
  • Access control — Role-based access control (RBAC) ensures that users can only access data relevant to their role (Customer, Dealer Admin, Dealer Staff, or Platform Admin).
  • Payment security — Payment card data is handled entirely by Paystack, a PCI DSS-compliant payment processor. We never receive or store your full card number.
  • Webhook verification — Payment webhooks are verified using HMAC-SHA512 signatures to prevent tampering.

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your data.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy:

  • Account data — Retained for the duration of your account and for 12 months after account closure.
  • Application data — Retained for the duration of any associated loan agreement, plus 7 years after the agreement is settled or terminated, to comply with regulatory and record-keeping requirements.
  • Payment records — Retained for 7 years after the transaction date, in compliance with Nigerian tax and financial regulations.
  • Messages and communications — Retained for the duration of the associated application or loan agreement, plus 2 years.
  • Support tickets — Retained for 3 years after the ticket is closed.
  • Identity verification data — Encrypted BVN and NIN are retained for the duration of your account. Verification status is retained with your application records.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — You can request a copy of the personal data we hold about you.
  • Correction — You can update your personal information through the Profile section of the Platform, or request that we correct inaccurate data.
  • Deletion — You can request deletion of your personal data, subject to our legal and regulatory obligations to retain certain records.
  • Restriction — You can request that we restrict the processing of your data in certain circumstances.
  • Portability — You can request your data in a structured, machine-readable format.
  • Objection — You can object to processing based on legitimate interest.

To exercise any of these rights, contact us at privacy@routefidrive.com. We will respond within 30 days.

Please note that certain requests may be subject to limitations. For example, we cannot delete records associated with active loan agreements or records we are legally required to retain.

9. Cookies and Tracking

The Platform uses essential cookies for authentication and session management. These cookies are necessary for the Platform to function and cannot be disabled.

We use a cross-subdomain session cookie on the .routefidrive.com domain to provide seamless authentication as you move between the customer portal and dealer instances.

We do not use advertising cookies or trackers. We do not serve ads or share your data with advertising networks.

10. Children's Privacy

RouteFi Drive is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

11. International Data Transfers

Your data may be processed and stored in locations outside Nigeria, including by our third-party service providers. Where data is transferred internationally, we ensure that appropriate safeguards are in place, including contractual protections with our service providers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date and, for material changes, notify you by email or through the Platform. We encourage you to review this policy periodically.

13. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at:

Dignified Labs Data Protection Enquiries: privacy@routefidrive.com General Support: support@routefidrive.com Website: routefidrive.com