Last Updated: September 5, 2025
At HowFarApp, we value your privacy and are committed to protecting your personal data in accordance with the Nigeria Data Protection Act (NDPA) 2023 and other applicable laws. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our web and mobile platform, which connects friends and family through timelines, messaging, groups, events, live streaming, free voice and video calls, and offers discounted airtime, data, and utility bill payments, while empowering you to sell and earn through diverse opportunities.
This policy applies to all users of HowFarApp’s services, including our website, mobile app, and USSD features, wherever available. It covers personal data—any information relating to an identified or identifiable individual—and sensitive personal data, such as financial or biometric information, as defined by the NDPA. This policy does not apply to data processed solely for personal or household purposes without infringing on your privacy rights.
We collect the following data to provide and improve our services:
· Identity and Contact Data: Name, phone number, email, BVN/NIN (for bill payments), and profile details (e.g., username, photo) you provide during registration or use.
· Usage Data: Interactions with timelines, messages, groups, events, live streams, and calls (e.g., posts, call duration, viewed content).
· Financial Data: Payment details (e.g., bank account, card details via our payment gate) for bill payments or earnings.
· Technical Data: IP address, device type, browser, location (with consent), and app usage metrics.
· Sensitive Data: Biometric data (if used for verification) or financial data for transactions, processed with explicit consent.
· User-Generated Content: Posts, comments, messages, or marketplace listings you share.
We collect data when you:
· Register or update your profile.
· Use social features (e.g., messaging, live streaming, etc.).
· Pay bills or earn through affiliates/sales.
· Interact with ads or partners (e.g., MTN/Airtel etc.).
We process your data based on lawful grounds under the NDPA (Section 24), including consent, contract performance, legal obligations, vital interests, public interest, or legitimate interests:
· Service Delivery: To enable timelines, messaging, groups, events, live streaming, free calls, and bill payments.
· Personalization: To tailor content, ads, or discounts based on usage or location.
· Earnings and Sales: To facilitate affiliate earnings or marketplace sales, including payouts.
· Security: To protect against fraud, unauthorized access, or breaches, using AES-256 encryption, Cloudflare WAF, etc.
· Compliance: To meet NDPA, CBN (AML/KYC), and NCC.
· Analytics: To improve services via anonymized data (e.g., DAU tracking for 25% engagement).
Under NDPA (Sections 31-36), you have the following rights:
· Right to be informed: We notify you of data collection and processing via this policy and in-app notices.
· Right of Access: Request a copy of your data (e.g., profile, payment history) free of charge, subject to identity verification.
· Right to Rectification: Correct inaccurate data via your account settings or support.
· Right to Erasure (“Right to be Forgotten”): Request deletion of your data, except where required for legal obligations.
· Right to Restrict Processing: Limit how we use your data in specific cases (e.g., disputes).
· Right to Object: Object to processing for marketing or legitimate interests, unless overridden by public interest.
· Right to Data Portability: Request your data in a structured format for transfer to another service.
· Right Against Automated Decision-Making: Opt out of automated decisions (e.g., ad targeting) unless necessary for contracts or consented.
To exercise these rights, contact our Data Protection Officer (DPO) at dpo@howfarapp.ng or via in-app support. We’ll respond within 30 days, as per NDPA. Withdraw consent as easily as you give it (e.g., via settings).
We share your data only when necessary and with safeguards:
· Service Providers: With trusted partners for payment processing, calls/streaming, and our hosting partner, bound by NDPA-compliant contracts.
· Telco Partners: With MTN/Airtel/Glo/T2 (formally 9Mobile) for zero-rating or bill payments, ensuring data minimization.
· Affiliates/Marketplace: With users or brands for earnings/sales, with your consent.
· Legal Obligations: With authorities (e.g., NDPC, CBN) for compliance or investigations (e.g., fraud, national security).
For cross-border transfers (e.g., to servers), we ensure:
· Recipient countries have adequate protection (NDPA Section 43).
· Use of binding corporate rules, standard contractual clauses, or consent.
· Data is encrypted (AES-256) and anonymized where possible.
We notify you before sharing sensitive data and obtain explicit consent for non-essential sharing.
We implement robust technical and organizational measures (NDPA Section 29):
· Encryption: AES-256 for data at rest (MySQL database) and TLS 1.3 for data in transit (HTTPS, WebRTC/Agora). End-to-end encryption (E2E) for chats and calls via Signal SDK.
· Access Control: Role-based access (RBAC), multi-factor authentication (MFA via Google Authenticator), and auto-logout after 30 minutes.
· Network Security: For DDoS protection and WAF, firewall, and weekly scans.
· Audits: Annual NDPR audits and penetration tests to ensure compliance.
· Backups: Encrypted daily backups on our servers.
We owe you a duty of care to protect your data against loss, misuse, or unauthorized access.
We retain your data only as long as necessary:
· Active Users: Profile and usage data kept while your account is active.
· Transactions: Financial data retained for 7 years per CBN regulations.
· Inactive Accounts: Deleted after 12 months of inactivity, unless legally required.
· Deleted Data: Erased within 30 days of your request, except for legal obligations.
Anonymized data (e.g., for analytics) may be retained indefinitely.
In case of a breach, we:
· Notify the Nigeria Data Protection Commission (NDPC) within 72 hours if it risks your rights/freedoms.
· Inform you without undue delay if the breach poses a high risk, in clear language.
· Maintain a breach response plan, logging incidents and mitigation steps.
Report suspected breaches to support@howfarapp.ng
We use cookies and similar technologies to enhance your experience:
· Essential Cookies: For login, session management, and bill payments.
· Analytics Cookies: To track usage via anonymized data.
· Advertising Cookies: For personalized ads (with consent).
Manage cookie preferences in your account settings. You can disable non-essential cookies, but this may limit functionality.
We do not knowingly collect data from children under 16 without parental consent, per NDPA and Child Rights Act 2003. If you’re a parent and believe your child has provided data, contact us to remove it.
Our platform may include links to third-party sites (e.g., Paystack, MTN, etc.). We are not responsible for their privacy practices. Review their policies before sharing data.
We’ve appointed a Data Protection Officer (DPO) to oversee NDPA compliance. Contact: support@howfarapp.ng We conduct annual compliance audits and register as a Data Controller/Processor of Major Importance (DCPMI) with the NDPC by March 31 each year.
We may update this policy to reflect legal or service changes. We’ll notify you via email or in-app alerts at least 7 days before changes take effect. Continued use after updates implies acceptance. Check this page regularly for the latest version.
For questions, complaints, or to exercise your rights, contact:
Data Protection Officer
Email: support@howfarapp.ng
Address: HowFarApp, Abuja, Nigeria
Phone: +234-701-547-4441
You may also lodge complaints with the Nigeria Data Protection Commission (NDPC) at contact@ndpc.gov.ng or via ndpc.gov.ng.
