1. Introduction
Welcome to Gotwork ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Platform").
Gotwork operates as a technology platform connecting clients in Nigeria with skilled artisans, technicians, and service providers. By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
This policy is designed to comply with applicable data protection laws including the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act (NDPA) 2023, and aligns with international best practices including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) principles where applicable.
2. Geographic Scope
Gotwork is primarily designed, developed, and operated for users located within the Federal Republic of Nigeria. Our core services — including artisan identity verification (NIN via YouVerify), payment processing (Paystack in Nigerian Naira), and location-based matching — are built around Nigerian infrastructure, regulations, and service providers.
Users accessing the Platform from outside Nigeria (including the European Union, United States, or other regions) may do so at their own discretion, but should be aware that:
- The Platform's features, payment systems, and verification processes are optimised for the Nigerian market
- Nigerian data protection laws (NDPR 2019 and NDPA 2023) are the primary legal framework governing data processing on this Platform
- Certain features may not be available or fully functional outside Nigeria
- All transactions are denominated in Nigerian Naira (₦)
By using the Platform from outside Nigeria, you acknowledge and accept that the service is primarily designed for Nigerian users and that your experience may differ accordingly.
3. Terms and Conditions of Data Processing
Legal Basis for Processing
We process your personal data based on one or more of the following legal grounds:
- Contractual Necessity: Processing necessary to perform our contract with you, including facilitating service bookings, processing payments, and enabling communication between clients and artisans.
- Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, platform security, service improvement, and analytics.
- Legal Obligations: Processing required to comply with applicable laws, regulations, court orders, or governmental requests.
- Consent: Where required by law, we obtain your explicit consent before processing certain types of personal data.
4. Personal Information We Collect
Information You Provide Directly
- Account Registration: Full name, email address, phone number (with Nigerian +234 prefix), password, state, and city of residence
- Profile Information: Profile photographs, biographical information, service areas, and preferred categories
- Artisan-Specific Data: Professional skills, service categories, work experience, certifications, and portfolio images
- Identity Verification: Government-issued identification documents (Driver's License, NIN Card, or Nigerian Passport)
- Payment Information: Bank account details (for artisans), debit/credit card information (processed through secure third-party processors)
- Communications: Messages exchanged through our in-app chat
Artisan Identity Verification (NIN Processing)
For artisan identity verification, we collect National Identification Numbers (NINs) which are processed via YouVerify, an NDPC-licensed third-party verification partner. We do not store raw NIN data on our local servers once the verification handshake is complete. We retain only the verification status ("Verified" or "Unverified") and metadata provided by the issuing authority (such as the verified legal name). This approach ensures compliance with data minimization principles while maintaining platform integrity.
Information Collected Automatically
- Location Data: GPS coordinates (with permission) for connecting you with nearby artisans
- Device Information: Device type, operating system, unique device identifiers
- Usage Data: Pages viewed, features used, search queries, booking history
5. How We Use Your Personal Information
Core Service Delivery
- Create and manage your user account
- Connect clients with qualified artisans based on location and skills
- Process and facilitate service bookings and appointments
- Enable secure communication between platform users
- Process payments and financial transactions
- Verify artisan identities and professional credentials
Safety, Security, and Legal Compliance
- Detect, prevent, and address fraud and illegal activities
- Enforce our Terms of Use and other policies
- Comply with legal obligations
6. Data Sharing and Disclosure
Platform Users
- Clients: Your name, profile photo, and contact information are visible to artisans when you make a booking
- Artisans: Your public profile including name, photo, bio, service categories, verification status, and reviews are visible to potential clients
Third-Party Service Providers
We share data with trusted partners who assist in operating our Platform:
- Paystack (Payments) Limited: Payment processing, card tokenization, and transaction management. Paystack is a licensed Payment Service Provider regulated by the Central Bank of Nigeria.
- YouVerify: Identity verification services including NIN validation and biometric matching. YouVerify is an NDPC-licensed data processor for KYC operations.
- Termii: SMS notifications, OTP delivery, and phone number verification services.
- Resend: Transactional email delivery services.
- Cloud Infrastructure: Secure data hosting and storage services.
7. Data Retention
- Active Accounts: Data is retained for the duration of your account being active
- Transaction Records: Retained for 7 years for tax and financial regulations
- Identity Documents: Retained for account duration plus 5 years after deletion
- Communications: In-app messages retained for 3 years
8. Your Rights and Choices
Under the Nigeria Data Protection Regulation (NDPR) and international standards, you have the following rights:
- Access Rights: Request a copy of personal data we hold about you
- Correction Rights: Update or correct inaccurate personal information
- Deletion Rights: Request deletion of your personal data
- Objection Rights: Object to processing based on legitimate interests
To exercise these rights, please contact us at privacy@gotwork.ng
9. Data Security
We implement industry-standard security measures to protect your personal information:
- Encryption of data in transit using TLS/SSL protocols
- Encryption of sensitive data at rest
- Secure password hashing using industry-standard algorithms
- Regular security audits and vulnerability assessments
- Access controls limiting employee access on a need-to-know basis
Data Breach Notification
In the event of a data breach, we will notify the Nigeria Data Protection Commission (NDPC) and affected individuals within 72 hours where such breach is likely to result in a high risk to your rights and freedoms. Notification will include the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach and mitigate its effects.
10. Cross-Border Data Transfers
Your information may be transferred to and processed on servers located in the United States or other regions outside Nigeria (e.g., AWS S3 for file storage, cloud infrastructure providers for hosting). We ensure that all cross-border data transfers comply with the Nigeria Data Protection Act (NDPA) 2023 standards through appropriate safeguards, including data transfer agreements, standard contractual clauses, and ensuring that recipient jurisdictions provide adequate levels of data protection. Where adequate protection is not guaranteed by the recipient jurisdiction, we implement supplementary technical and organisational measures to protect your data.
11. Local Storage, Cookies, and Session Tokens
Gotwork uses local storage technologies on your device to maintain your user session and improve app performance. These include:
- Session Tokens: Encrypted authentication tokens stored securely on your device (via Secure Store on mobile, or HTTP-only cookies on web) to keep you signed in between visits without requiring you to re-enter your credentials each time.
- Local Preferences: Settings such as your preferred language, notification preferences, and display options are stored locally to provide a personalised experience.
- Performance Caching: Certain data (e.g., previously viewed artisan profiles, search results) may be cached locally to reduce loading times and minimise data usage on your device.
- Consent Records: Your privacy and cookie consent choices are stored locally to honour your preferences across sessions.
These technologies are essential for the proper functioning of the Platform. You can clear locally stored data at any time through your device or browser settings, though doing so may require you to sign in again and may affect your experience.
12. Children's Privacy
Gotwork is not intended for use by children under the age of 13. We do not knowingly collect, store, or process personal information from children under 13 years of age.
If you are a parent or guardian and believe that your child has provided personal information to us through the Platform, please contact us immediately at support@gotwork.ng. Upon verification, we will make every reasonable effort to promptly delete the child's information from our systems.
If we become aware that we have inadvertently collected personal data from a child under 13, we will take immediate steps to delete that information.
13. Nigerian Data Protection Compliance
Gotwork operates in full compliance with Nigerian data protection laws, including:
- Nigeria Data Protection Regulation (NDPR) 2019
- Nigeria Data Protection Act (NDPA) 2023
- NDPC Implementation Framework
We maintain registration with the Nigeria Data Protection Commission as a data controller.