Privacy Policy

This Privacy Policy covers personal data processed by RouteFi Drive, operated by Dignified Labs. It applies to everyone who uses our platform — customers applying for finance, dealers listing vehicles on our network, and visitors browsing our website. If you are applying for vehicle finance with us, the personal data involved is sensitive. We treat it with the care that implies.

The data controller is Dignified Labs, a company incorporated in Nigeria. You can reach our Data Protection Officer using the details in Section 12.

Depending on how you interact with us, we may collect the following categories of personal data: Identity data • Full name, date of birth, gender; • Bank Verification Number (BVN) and/or National Identification Number (NIN); • A photograph of your government-issued ID; • A live selfie used to verify that the ID belongs to you. Contact data • Phone number, email address; • Residential address and proof of address document. Financial data • Employment status, employer name, monthly income; • Bank account details for direct debit setup (via Mono); • Payment history on your RouteFi Drive agreement. Usage data • Device type, browser, IP address, broad geographic region; • Pages you view, actions you take, and timestamps; • Communications you send to us via email, chat, or phone.

We use your personal data to: • Verify your identity and assess your eligibility for finance; • Set up and service your finance agreement, including collecting payments; • Communicate with you about your account, agreement, and the service; • Comply with our legal obligations, including anti-money-laundering, know-your-customer, and credit reporting rules; • Detect and prevent fraud and other abuse of the platform; • Improve our product and tailor relevant updates — never at the cost of your privacy.

Under NDPA, we rely on the following lawful bases: • Contract — to enter into and perform your finance agreement; • Legal obligation — to meet KYC, AML, and tax rules; • Legitimate interest — to run our business, prevent fraud, and improve our product, balanced against your rights; • Consent — where we ask for it explicitly, such as for marketing communications. You can withdraw consent at any time.

We only share your personal data with trusted processors who help us deliver the service. Each has been assessed for security and data protection. They act on our instructions and cannot use your data for their own purposes. • Paystack — for collecting payments and setting up direct debits; • Mono — for BVN verification and bank account linkage; • Dojah — for NIN verification and liveness checks; • Auth0 (Okta) — for secure login and account management; • Supabase — for secure storage of identity documents; • Resend — for transactional email delivery; • Credit bureaus licensed by the CBN — for credit checks at application, and reporting of repayment history during your agreement. Dealers on our network receive only the information necessary to process your application: name, contact details, selected vehicle, and the fact that RouteFi has approved or declined your finance. They do not receive your BVN, NIN, or bank details.

Under the NDPA, you have the right to: • Access — request a copy of the personal data we hold about you; • Rectification — ask us to correct inaccurate or incomplete data; • Erasure — ask us to delete your data, subject to our legal obligation to retain finance records; • Restriction — ask us to pause processing while a concern is investigated; • Portability — receive a copy of your data in a structured, machine-readable format; • Objection — object to processing based on legitimate interests; • Withdraw consent — at any time, for processing based on consent; • Complain — to the Nigeria Data Protection Commission (NDPC). To exercise any of these rights, email our DPO. We will respond within 30 days.

We use a small number of cookies, grouped as follows: • Strictly necessary — keep you logged in, remember your session, enable security features. These cannot be disabled; • Analytics — help us understand how the platform is used, in aggregate. You can opt out; • Preference — remember your dealer, last-viewed vehicles, and interface settings. We do not use advertising cookies or third-party trackers for behavioural advertising.

We retain your personal data for as long as your agreement is active, plus the period required by Nigerian financial regulation after closure — typically seven years. Identity documents are retained for as long as required to evidence our KYC checks. Usage data is typically retained for 24 months.

Some of our processors are located outside Nigeria. Where data is transferred internationally, we rely on either an adequacy decision by the NDPC or standard contractual clauses equivalent in protection. The primary regions involved are the United States (Auth0, Resend, Supabase) and the European Union.

RouteFi Drive is only available to adults aged 21 and over. We do not knowingly collect personal data from children. If you believe we have inadvertently done so, contact our DPO and we will delete it immediately.

For any privacy question, to exercise your rights, or to raise a concern, contact our Data Protection Officer: • Email: privacy@routefidrive.com • Postal: Dignified Labs, Data Protection Office, Lagos, Nigeria. If you are not satisfied with our response, you may complain directly to the Nigeria Data Protection Commission at ndpc.gov.ng.