Data Privacy Notice

Version 3.0 | Last Updated: 20th May 2026

Your Privacy at a Glance

We know legal documents can be long. Here is a plain-language summary of the most important points before you read the full Notice:

  • We collect your Personal Data to provide savings and insurance services, verify your identity, and meet our legal and regulatory obligations.
  • We share your data with licensed insurance underwriters (to register your policy), our KYC and fintech partner Embedly/Sterling Bank (to verify your identity and operate your Wallet), and payment processors. We do not sell your data.
  • Your National Identification Number (NIN) is mandatory for all insurance purchases and is encrypted at rest. BVN is required for higher-tier financial services.
  • We operate a Lead Management System (LMS) as required by the National Insurance Commission (NAICOM). It records your platform activity and is shared only with partner underwriters and NAICOM — never with advertisers or third-party analytics platforms.
  • You can access, correct, restrict, or request deletion of your Personal Data at any time by contacting our Data Protection Officer at info@skydd.ng.
  • We retain policy and claims records for a minimum of seven (7) years as required by NAICOM.
  • In the event of a data breach that is likely to result in risk to your data rights, we will notify the Nigeria Data Protection Commission (NDPC) and affected individuals within seventy-two hours (72) in accordance with applicable law.
  • You have the right to withdraw consent, object to processing, request data portability, and lodge a complaint with the Nigeria Data Protection Commission (NDPC).

1. Introduction

At Skydd Insurance Brokers Limited (“Skydd”, “we”, “us”, or “our”), we are committed to protecting the privacy and security of personal information supplied by customers, third-party vendors, service providers, and all other persons who interact with our Platform (“you” or “your”).

This Data Privacy Notice (“Notice”) outlines how we collect, use, disclose, store, and protect your personal information in accordance with the Nigeria Data Protection Act (NDPA) 2023, the General Application and Implementation Directive (GAID) 2025, and all other applicable NAICOM regulations governing the processing of personal data.

This Notice applies exclusively to your use of our website at https://www.skydd.ng, our mobile application, and all affiliated platforms operated by Skydd (“Services”). Services include but are not limited to health insurance, auto insurance, life insurance, travel insurance, property insurance, salary protection insurance, savings products, and any other platform Skydd may use from time to time.

By accessing our Platform, you agree and consent to the collection, use, storage, and sharing of your personal information as described in this Notice.

3. Role Definitions

For the purpose of this Notice:

  • Data Subject: An identified or identifiable natural person to whom Personal Data relates.
  • Data Controller: The person or entity that determines the purposes and manner of Personal Data processing. For this Notice, Skydd Insurance Brokers Limited is the Data Controller.
  • Data Protection Officer (DPO): Skydd has appointed a Data Protection Officer to ensure the strategy and implementation of data protection requirements comply with this Notice and all relevant laws. The DPO is reachable at info@skydd.ng. The responsibilities of the DPO are clearly outlined in the NDPA 2023.
  • Personal Data: means any information relating to an individual, who can be identified or is identifiable, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, cultural, social, or economic identity of that individual.

4. What Personal Information Do We Collect?

Only the minimum information required to meet the purposes described in this Notice is collected. Skydd and its representatives are not responsible for the authenticity of information provided by Data Subjects. The information we collect falls into the following categories:

4.1. Information You Give Us Directly

  • Personal information: Full name, date of birth, gender, email address, phone number, residential address, and profile photograph (optional).
  • Government-issued identification: National Identification Number (NIN) and Bank Verification Number (BVN) are mandatory for all insurance purchases and financial services.
  • Sensitive personal information: Information that, if compromised, could cause substantial harm, including genetic and biometric data linked to NIN/BVN verification, health status declarations (pre-existing conditions, smoking status for life and health products), and any other sensitive data required for underwriting purposes.
  • Employment information: Employer name and address, job title, employment start date, salary band, etc.
  • Financial information: Bank account details for claims payouts and beneficiary payments (encrypted at rest); wallet funding history and transaction records.
  • Insurance-specific information: Vehicle details, property address, travel data, etc.
  • Device information: Device type, make, model, purchase date, and IMEI or serial number, etc.

4.2. Information We Collect Automatically

  • Product and usage data: Information about products you currently use, have applied for, or have previously used.
  • Log data: Your device’s IP address, browser type, pages visited, time zone settings, page response times, and navigation paths.
  • Device information: Hardware model, operating system version, unique device identifiers, and app version.
  • Usage patterns: Full URL clickstream through and from our Platform (including date and time), page interaction data (scrolling, clicks), and session duration.
  • Referral and acquisition data: How you found Skydd, including campaign source, referral channel, and UTM parameters from tracked links.
  • Inferences: Interests and preferences inferred from your usage of the Platform.

4.3. Information Collected Through Cookies and Similar Technologies

To enhance your experience on the web Platform, Skydd employs cookies and similar tracking technologies including:

  • Web Beacons: Electronic images used to understand how you interact with our website and emails.
  • Flash Cookies (Local Shared Objects): Used to store data such as settings and preferences.
  • Persistent or Session Cookies: Persistent cookies remain on your device for a set period; session cookies are deleted when you close your browser.

By accessing our website, you consent to cookies being placed on your device in accordance with this Notice. You may manage cookies through your browser’s privacy and security settings. Disabling all cookies may limit the functionality of certain features. Our mobile application does not use browser cookies but may use app-level analytics based on aggregated and anonymised data. Skydd does not integrate third-party advertising trackers, pixels, or SDKs (such as Google Analytics, Meta Pixel, or Mixpanel).

4.4. Information We Receive from Third Parties

We may receive information about you from:

  • Embedly / Sterling Bank: KYC verification results, NIN and BVN match status, wallet transaction confirmations, and KYC tier assignments.
  • Paystack: Payment confirmation status and transaction references.
  • Family members: In instances of incapacitation or death of the insured, for claims processing.
  • Loss adjusters, claims assessors, and fraud detection agencies: To support claims management and verification.
  • Contractors, consultants, and business partners: Who distribute our products through their platforms.

All third-party sources are contractually obligated to comply with applicable data protection laws and to process your information solely for authorised, legitimate purposes with adequate technical and organisational safeguards.

4.5. How We Collect Your Information

Skydd collects Personal Data through:

  • Know Your Customer (KYC) forms and identity verification flows;
  • Electronic means including emails, in-app forms, and the mobile application;
  • Claim forms and supporting document uploads;
  • Inquiry and quote generation forms;
  • Feedback forms, surveys, and polls;
  • Recorded telephone conversations with our customer support team;
  • Live chat and chatbot interactions;
  • Cookies and web analytics tags (web platform only);
  • Digital touchpoints including push notifications and in-app interactions.

5. How We Use Your Information

We use the information we collect to:

  • 5.1 To Provide and Manage Your Services: Create and manage your Skydd Account; process premium payments and manage your policy; generate and deliver your insurance certificates.
  • 5.2 To Verify Your Identity: We are legally required to verify your identity before issuing any insurance product.
  • 5.3 To Meet Regulatory and Legal Obligations: Submit required reports and data to NAICOM, the NDPC, and other regulatory or law enforcement bodies as required by law; conduct fraud prevention, AML checks, credit assessment, and identity verification as required by law.
  • 5.4 Communication and Notifications: Send you transactional notifications (payment confirmations, policy activations, certificate issuance, claim status updates, renewal reminders, and savings milestones; these are essential to your insurance cover and cannot be opted out of), service reminders (premium due dates, qualifying period updates, and lapse warnings), and promotional communications (new products and special offers; you can opt out at any time).
  • 5.5 Personalisation and Platform Improvement: Personalise your experience, recommend relevant products, and improve our platform. We analyse non-personal, aggregated, and anonymised data to understand user behaviour and optimise our services.
  • 5.6 Legal Rights and Fraud Prevention: Establish, exercise, or defend our legal rights, including in response to legal claims. We may also use it to investigate fraudulent claims, conduct fraud and AML checks, and carry out identity verification for the purpose of protecting our platform and users.

7. How We Share Your Information

7.1 Insurance Underwriters

We share your Personal Data with licensed insurance underwriters to register and administer your policies. Data is shared only after your policy purchase and payment are confirmed, and only where necessary for policy issuance, administration, claims handling, regulatory compliance, or another lawful basis. The data shared includes identity information, contact details, NIN, beneficiary details, and product-specific information. Current underwriting partners include Tangerine Life Insurance, Tangerine General Insurance, Crystalife Assurance, Hygeia HMO, Bastion Health Insurance, AXA Mansard Health, and applicable state health schemes (Ilera Eko, Imo State, Ebonyi State).

7.2 KYC and Fintech Partners

We share your identity data with Embedly to verify your NIN and BVN, create and operate your Skydd Account, process premium payments, and facilitate claim and maturity payouts.

7.3 Payment Processors

We share transaction data with Paystack to process card payments and bank transfers. These processors receive only the data necessary to process your payment and are bound by their own PCI-DSS compliance and privacy obligations.

7.4 Financial and Governmental Bodies

We may disclose your information to financial organisations, NAICOM, the CBN, the NDPC, the EFCC, the Nigerian Police Force, or other government agencies where required by law, regulatory obligation, or where we reasonably suspect fraud or financial crime.

7.5 Service Providers

We use trusted third-party service providers who process data on our behalf, including ZeptoMail (transactional email), Firebase Cloud Messaging (push notifications), and AWS or Google Cloud Platform (cloud hosting and storage). All service providers are contractually bound to process your data only on our instructions.

7.6 What We Will Never Do

  • Sell, rent, or trade your Personal Data to any third party for commercial gain;
  • Share your data with advertising networks or allow third-party advertising SDKs to access your data;
  • Share LMS data with any party other than licensed underwriting partners and NAICOM;
  • Transfer your Personal Data outside Nigeria without appropriate safeguards and compliance with applicable legal requirements.

8. How We Store Your Personal Information

Your personal information is stored on our secure servers hosted on AWS. In cases where we have provided you with a password to access specific areas of the Platform, it is your responsibility to keep that password confidential. Please do not share your credentials with anyone.

We may transfer and store the data we collect in countries other than Nigeria, including the United States of America, Canada, the European Economic Area (EEA), and the United Kingdom, using cloud storage solutions chosen for efficiency and performance. We will protect your data as described in this Notice and comply with applicable legal requirements providing adequate protection for cross-border transfers of data. You may request more information about the safeguards we have in place by contacting us at info@skydd.ng.

While no method of transmission or storage can be guaranteed to be completely secure, we implement appropriate technical and organisational measures designed to protect your personal information.

9. How Long We Keep Your Information

We keep your personal information, insurance policy records, claims records, KYC records, and other regulatory records for a minimum of seven (7) years after the end of the customer relationship or for such longer period as required by applicable law.

10. Your Data Protection Rights

Under the NDPA 2023, you have the following rights regarding your personal information:

  • Right of access: You may request a copy of the Personal Data we hold about you, including information on what data we collect, how it is processed, and for what purposes. Requests are ordinarily processed free of charge.
  • Right to rectification: If you believe your information is inaccurate or incomplete, you have the right to request correction and we will promptly address valid requests.
  • Right to erasure: Under certain conditions, you may request that we erase your personal information. This right will be balanced against our legal and regulatory retention obligations.
  • Right to restrict processing: You have the right to request that we restrict the processing of your Personal Data under certain conditions.
  • Right to object to processing: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to data portability: You may request the transfer of your Personal Data to another service provider in a structured, commonly used, and machine-readable format.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw at any time.
  • Right to lodge a complaint: You have the right to lodge a complaint with the NDPC if you object to the manner in which Skydd is using your personal information.

To exercise any of these rights, please contact our DPO at info@skydd.ng. We will respond to all valid requests within seven (7) working days. In some cases we may need to verify your identity before processing your request. Please note that certain rights are subject to legal and regulatory limitations — for example, we cannot delete data we are legally required to retain under NAICOM.

11. Children’s Information

We understand the importance of protecting children’s privacy. The Skydd Platform is not directed at persons younger than 18 years of age, and we will not intentionally collect personal identifiable information from anyone under 18.

However, children may be named as beneficiaries or dependants on policies held by a parent or guardian — for example, under the Future Scholar Fund or Wellness Family Plans. In these cases:

  • The child’s data (name and date of birth) is collected from and managed by the parent or guardian who holds the policy;
  • We process the child’s data solely for the purpose of administering the policy and issuing the benefit;
  • We do not use children’s data for any other purpose.

We do not anticipate children using our Services or visiting our Platform without adult supervision. However, if you believe your child has provided information to us, please contact us immediately at info@skydd.ng and we will promptly remove such information.

12. Remedies and Dispute Resolution

Skydd and you are each entitled to enforce rights in the event of a breach of this Notice, to recover damages caused by any breach, and to exercise all other rights under applicable law. Any claim or dispute arising in relation to this Notice shall be resolved first through amicable negotiation between the parties.

Where amicable settlement fails, the affected parties agree to resolve the dispute by mediation at the Lagos Multi-Door Courthouse (LMDC). If after 30 days from the commencement of mediation the parties are unable to resolve the dispute, either party may submit it for final determination by a court of competent jurisdiction in Lagos State, Nigeria. Each party shall bear its own costs of mediation proceedings. All disputes shall be subject to the jurisdiction of the courts of the Federal Republic of Nigeria.

Skydd shall not be liable for any breach or claim that does not arise directly from its services or Platform, or for any claim brought more than one (1) month after the date the breach occurred.

You also have the right at any time to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng or info@ndpc.gov.ng. We would welcome the opportunity to address your concerns before you approach the NDPC, so please contact our DPO at info@skydd.ng in the first instance.

13. Changes to This Notice

We may update this Notice from time to time to reflect changes in our practices, technology, legal requirements, or best practice. We will notify you of material changes by posting the updated Notice on the Platform and, where appropriate, by sending an email or prominent in-app notification at least 30 days before the changes take effect. We will update the “Last Updated” date at the top of this Notice. The current version is always available at https://www.skydd.ng.

Changes to this Notice are effective when posted on the Platform or provided to you directly. Continued use of the Platform after any update constitutes acceptance of the revised Notice.

14. Contact Us

If you have any questions, concerns, or requests regarding this Notice, the handling of your data, or if you wish to exercise your rights, please contact our Data Protection Officer:

Our dedicated team will address your enquiries and requests promptly. Please provide sufficient information to help us identify you in our records and respond effectively.