Your data,
handled with care.

1. Who we are

Muuvers is a marketplace that connects people who need household and small-commercial moves with independent-contractor drivers. We facilitate the match, the price, the payment and any dispute — we are not the carrier of your goods. This notice explains how we handle personal data across our app and website.

The data controller is PortX Technologies Ltd (“Muuvers”, “we”, “us”), a company incorporated in the Federal Republic of Nigeria and registered under the Companies and Allied Matters Act 2020 (CAMA). Our registered office and company registration number are set out on our Contact page.

We are committed to handling your data in line with the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR).

2. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing this notice and answering your questions about how we use your data. You can reach our DPO at dpo@muuvers.com for any question relating to this notice, to exercise your rights, or to raise a concern.

You can contact our Data Protection Officer at dpo@muuvers.com. General privacy enquiries can also be sent to privacy@muuvers.com.

3. Who this notice covers

This notice applies to:

• Customers who book moves through the Muuvers app.
• Drivers (independent contractors) who complete moves. Drivers go through additional identity and document verification, so a small number of clauses below relate only to them — these are clearly marked.
• Visitors to our website and anyone who contacts our support team.

We currently operate in Abuja, with Lagos launching in Q3 2026 and other cities following as driver supply is vetted.

4. Data we collect

We only collect the personal data we need to run the service. The categories below describe what we collect and the source.

4.1 Account data

When you sign up we collect your name, your email address (used with a one-time passcode to sign you in), and your phone number. For a booking we also collect the pickup contact details and the pickup and drop-off addresses, including the number of floors. Customers are not asked for any physical identity document.

4.2 Driver verification data (drivers only)

To approve a driver before they carry a customer’s property, we collect and verify, through an eight-step onboarding flow:

• National Identification Number (NIN) and a liveness check, verified through Smile Identity.
• Driving licence, vehicle registration, roadworthiness certificate and insurance.
• Bank-account ownership, confirmed through Paystack Resolve, so we can pay out earnings to the correct account.

Documents are re-verified on expiry, and approval typically takes 24–48 hours. The NIN is a government identifier and is treated as a high-sensitivity category under the NDPA — see Section 12 for how we secure it.

4.3 Location data

We process GPS location while a booking is active, to match you with nearby drivers, calculate the price, and let the customer track the move in real time. For drivers, background location updates run only while a job is in progress and stop when the booking ends or the driver goes offline.

4.4 Payment data

Card payments are processed by Paystack. We hold payment tokens and transaction references only — we do not store raw card numbers. For card bookings the fare is held in escrow until delivery is complete and undisputed. We also keep a record of fares, refunds, driver payouts and, for cash jobs, the commission owed and netted against the next card payout.

4.5 Support and communications

We process the in-app chat between customer and driver during a booking, and any support tickets, emails or calls you send us — to deliver the service and resolve disputes.

4.6 Device and diagnostic data

We collect device model, operating-system version, app version and crash or error reports (through Sentry) to keep the app working and secure. Personal data is scrubbed from these reports in transit.

5. Lawful bases for processing

Under the NDPA and NDPR we must have a lawful basis for each use of your data. We rely on:

• Performance of a contract — to create your account, match a booking, lock the price, take payment, track the move, and pay drivers.
• Legal obligation — driver identity verification (NIN, licence, insurance), tax and anti-money-laundering record keeping, and responding to lawful requests.
• Legitimate interests — keeping the platform safe and free of fraud, debugging the app, and (where relevant) defending legal claims. We balance these interests against your rights.
• Consent — optional marketing communications and non-essential cookies. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

6. Why we use your data

• To create and secure your account and sign you in.
• To match a move, generate the locked quote, and run the booking.
• To take and hold payment, issue refunds, and pay drivers.
• To verify that drivers are who they say they are before they carry customer property.
• To enable live tracking and in-app contact during a move.
• To handle disputes and provide customer support.
• To detect, prevent and investigate fraud and abuse.
• To meet our tax, accounting and other legal obligations.
• With your consent, to send you product updates and offers — which you can opt out of at any time.

7. Who we share your data with

We do not sell your personal data. We share it only with the recipients below, only as needed, and under data-processing agreements that require them to protect it:

• Other users on the same booking — the driver and customer on a move can see each other’s name, photo, vehicle plate, live location, and the in-app chat, so the move can happen safely.
• Paystack — card payments, refunds, driver payouts and bank-account resolution.
• Smile Identity — NIN and liveness verification for drivers.
• Resend — sending transactional emails such as sign-in passcodes and booking notices.
• Google Maps — address lookup, geocoding and routing.
• AWS S3 and Cloudinary — storage of uploaded photos and verification documents.
• Sentry — crash and error monitoring, with personal data scrubbed in transit.
• Our hosting provider — to run the app and website infrastructure.
• Regulators, law enforcement and courts — only where we are legally required to disclose.

8. International transfers

Some of our processors (for example AWS, Cloudinary, Sentry, Resend and Google) operate servers outside Nigeria. Where your data is transferred abroad, we rely on the lawful transfer mechanisms permitted by the NDPA and NDPR — including transfers to countries with an adequate level of protection and, where adequacy does not apply, standard contractual clauses and equivalent contractual safeguards in our agreements with each processor.

9. How long we keep your data

We keep personal data only for as long as we need it for the purpose we collected it, or for as long as the law requires. When you delete your account (see Section 10), most data is purged within 30 days; the narrow categories below are kept longer for legal and dispute reasons.

• Trip and payment records — kept for 7 years after the transaction, to meet Nigerian tax, accounting and anti-money-laundering obligations and to defend or resolve disputes.
• Driver verification documents (NIN result, licence, insurance, vehicle papers) — kept for the life of the driver account plus 12 months after it closes, to evidence that we lawfully verified the driver.
• Support and dispute records — kept for as long as needed to resolve the matter and for any limitation period that follows.
• Marketing consent — kept until you withdraw it, after which we stop sending marketing and retain only a record that you opted out.

To close your account, use the in-app Settings → Delete account flow or visit our account-deletion page.

10. Your rights

Under the NDPA and NDPR 2019 you have the following rights over your personal data. There is no charge to exercise them, and we will respond within the statutory timeframe.

• Access — request a copy of the personal data we hold about you. Use the in-app “Export my data” option or email dpo@muuvers.com.
• Rectification — correct inaccurate or incomplete data. Most fields are editable in the app; for the rest, email the DPO.
• Erasure — delete your account and data, subject to the records we must keep under Section 9. Start at our account-deletion page.
• Portability — receive the data you gave us in a structured, machine-readable format.
• Restriction and objection — ask us to pause or stop a particular use of your data. Email the DPO.
• Withdraw consent — opt out of marketing or non-essential cookies at any time, without affecting earlier processing.

To exercise any right, email dpo@muuvers.com. We may need to verify your identity before acting on a request.

11. Complaints

If you believe we have mishandled your personal data, please contact our DPO first so we can put it right. You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC), the supervisory authority responsible for the NDPA, at ndpc.gov.ng.

12. How we protect your data

We use technical and organisational measures to keep your data safe:

• Sensitive identifiers — NIN and bank details — are encrypted at rest with a separate key.
• Phone numbers are hashed for lookup, and held in plaintext only where contractually necessary.
• All traffic is encrypted with TLS in transit.
• Access to our administrative tools requires multi-factor authentication, and is limited to staff who need it.
• Sign-in is by one-time passcode; password-reset links, where used, expire after 15 minutes, and a phone-number change is re-verified by OTP.

13. Breach notification

If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Nigeria Data Protection Commission, and where required notify affected individuals, within the timeframes set out in the NDPA and NDPR. We keep an internal record of breaches and our response to each one.

14. Children

Muuvers is not intended for, and is not offered to, anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact dpo@muuvers.com and we will delete it.

15. Cookies and similar technologies

Our website and app use cookies and similar storage. Non-essential analytics are blocked until you accept them through our consent banner. For the full list of what we store, why, and for how long, see our Cookie notice.

16. Changes to this notice

We’ll update this notice when our practices or the law change. For material changes we’ll show an in-app banner before they take effect, and the “last updated” date at the top will always reflect the current version. Questions about this notice can go to dpo@muuvers.com or privacy@muuvers.com.