Your data,
handled with care.

1. Who is responsible for your data

The data controller is PortX Technologies Ltd, a company incorporated in Nigeria under the Companies and Allied Matters Act 2020 and based in Abuja. We have appointed a Data Protection Officer, who you can reach at dpo@muuvers.com for anything in this notice. Our registered-office address and RC number are available on request.

2. What data we collect about you

To verify you, dispatch jobs to you and pay you, we collect:

• Account & contact data: your name, email, phone number and profile photo.
• Identity / KYC data: your National Identification Number (NIN) and a liveness selfie, processed through Smile Identity (section 3).
• Driver documents: driving licence, vehicle registration, roadworthiness certificate and insurance, plus their expiry dates.
• Bank & payout data: the bank account you are paid into, with ownership verified through Paystack Resolve.
• Payment metadata: fare amounts, commission, payouts and cash-settlement records — your earnings ledger.
• Location data: your device’s real-time location while you are online, in the foreground and the background (section 5).
• Device data: device identifiers and your push-notification token.
• Trip & performance data: jobs completed, route history, customer ratings and in-app chat.
• Support communications: messages you send us and dispute evidence you submit.

3. KYC documents and your NIN

Verifying who you are is the most sensitive thing we do with your data, so we treat it accordingly. During onboarding (and again whenever a document expires) we verify:

• your identity, by matching your NIN and a liveness check through Smile Identity; and
• that you own your payout bank account, through Paystack Resolve.

Both providers act as our data processors under data-processing agreements: they process your data only to perform the verification we ask for and do not use it for their own purposes.

4. Why we use it, and our lawful bases

We use your data, and rely on the following lawful bases under the NDPA:

• To verify your eligibility to drive (identity, licence, vehicle documents, bank ownership) — legal obligation and the performance of our contract with you.
• To match and dispatch jobs to you, calculate fares and run the marketplace — performance of our contract.
• To share your live location, name, photo and vehicle plate with the customer on an active booking — performance of the contract and our legitimate interest in a safe, transparent service.
• To pay you and settle commission — performance of our contract.
• To prevent fraud and keep the platform safe — our legitimate interests and legal obligations.
• To meet tax, accounting and regulatory duties — legal obligation.
• To send you optional marketing — only with your consent, which you can withdraw at any time.

5. Location data during your shifts

Location is core to how Muuvers works, so we are specific about it:

• We collect your device location only while you are online and available for jobs.
• We use it to keep the customer’s live map current during an active booking, to match you to nearby jobs, and to assess dispatch eligibility.
• We collect it in the background while you are online so the customer’s map stays accurate even when the app is not in front of you. Background location updates stop the moment you go offline.
• The customer on a booking sees your live location only for the duration of that booking.

We keep location records for the period needed to support disputes, safety reviews and our records.

6. Who we share your data with

We share data only as needed to run the service:

• Customers on your bookings see your name, photo, vehicle plate, live location and in-app chat for the booking.
• Paystack — payments, payouts and bank-account resolution.
• Smile Identity — NIN and liveness identity verification.
• Sentry — crash and error monitoring, with PII scrubbed in transit.
• Resend — transactional email.
• Google Maps — address lookup and geocoding.
• AWS S3 and Cloudinary — secure storage of files, photos and documents.
• Our hosting provider, which runs the platform infrastructure.
• Regulators, tax authorities and law enforcement, where we are legally required to disclose.

Each processor handles your data under a data-processing agreement and only on our instructions. We do not sell your data.

7. International transfers

Some of the providers above process or store data outside Nigeria. Where that happens, we put in place appropriate safeguards so your data keeps NDPA-level protection — for example standard contractual clauses or transfers to countries recognised as providing adequate protection.

8. How long we keep your data

We keep your data only as long as we need it, then delete or anonymise it:

• Trip and payment records are retained for 7 years after the relevant transaction, for tax and anti-money-laundering compliance.
• Verification documents (NIN, licence, vehicle and bank documents) are retained for the life of your account plus 12 months, then deleted, unless a longer period is required by law.
• If you delete your account, we honour it within 30 days, retaining only what the records above require.
• Marketing consent is kept until you withdraw it.

9. How we protect your data

We apply technical and organisational measures appropriate to the sensitivity of driver data: NIN and bank details are encrypted at rest with a separate key; phone numbers are hashed for lookup; all traffic is protected with TLS in transit; and our internal admin tooling requires multi-factor authentication. No system is perfectly secure, but we work to keep these controls current.

10. Your rights

Under the NDPA you have the right to:

• Access the personal data we hold about you;
• Rectify data that is inaccurate or out of date;
• Erase your data, subject to the retention rules in section 8;
• Portability — receive your data in a usable format;
• Object to processing based on our legitimate interests; and
• Withdraw consent at any time where we relied on it (for example, marketing).

To exercise any of these, email dpo@muuvers.com. To close your account, use Settings in the app or Delete your account. Exercising these rights is free, and we will respond within the timeframe the NDPA requires.

11. Data breaches and complaints

If a personal-data breach is likely to put your rights at risk, we will notify the Nigeria Data Protection Commission and, where required, you, within the timeframes the NDPA sets.

You can complain to us first at dpo@muuvers.com. If you are not satisfied, you have the right to complain to the Nigeria Data Protection Commission at ndpc.gov.ng.

12. Children

Muuvers is not for anyone under 18. You must be at least 18 to drive on the platform, and we do not knowingly process the data of children. If we learn that we have, we will delete it.

13. Changes to this notice

We may update this notice as the service and the law change. For material changes we will notify you in the driver app or by email and update the “Last updated” date above.

Related: Driver terms of service · Cookies notice · Delete your account