Get the app

Privacy Policy

Effective Date: March 12, 2026
Last Updated: March 12, 2026

1. Introduction

Welcome to Pro by Daya (“Daya Pro”, “we”, “us”, or “our”). Daya Pro is a stablecoin trading and wallet management application operated by Daya Technologies Limited. We are committed to protecting the privacy and security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Daya Pro mobile application and related services (collectively, the “Service”). Please read this policy carefully. By accessing or using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

When you create an account or use our Service, we may collect the following personal information:

  • Account Information: Email address, first name, last name, and username.
  • Authentication Credentials: Passkey data (WebAuthn credentials), PIN (stored securely on-device), and one-time passwords (OTPs) for verification.

2.2 Identity Verification (KYC) Information

To comply with applicable regulations and to protect against fraud, we collect identity verification information, including:

  • Basic Verification: Bank Verification Number (BVN), selfie photographs for facial recognition.
  • Enhanced Verification: Government-issued identification documents (passport, driver's licence, or national identification card), selfie photographs with documents, and the country of issuance.

2.3 Financial Information

In the course of providing the Service, we collect financial information, including:

  • Bank Account Details: Bank name, account number, and account name for fiat (NGN) deposits and withdrawals.
  • Blockchain Wallet Addresses: Deposit and withdrawal addresses across supported blockchain networks (Ethereum, Base, Polygon, Arbitrum, Optimism, Solana, TRON, BNB Smart Chain, Aptos, and others).
  • Transaction History: Records of deposits, withdrawals, trades, orders (including order type, side, quantity, price, fees, and status), and wallet balances.

2.4 Device and Technical Information

We automatically collect certain device and technical information when you use the Service:

  • Device Identifiers: Device type, device name, and operating system name and version.
  • Network Information: IP address and user agent string.
  • Application Information: App version and build number.

2.5 Usage and Telemetry Data

We collect limited usage data to improve the reliability and performance of the Service:

  • Event Data: Interactions with key features such as passkey setup, login flows, and recovery processes.
  • Telemetry Logs: Timestamped client events buffered in memory for diagnostic purposes. Telemetry collection may be enabled or disabled based on environment configuration.

2.6 Notification Preferences

We collect your preferences for receiving notifications, including:

  • Communication Channels: Push notification and email preferences.
  • Notification Categories: Preferences for order updates, deposit confirmations, withdrawal updates, and price alerts.
  • Push Notification Tokens: Device tokens required to deliver push notifications through the Expo Push Notification service.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Account Management: To create, maintain, and secure your account.
  • Service Delivery: To facilitate trading, deposits, withdrawals, and wallet management on the platform.
  • Identity Verification: To verify your identity, comply with Know Your Customer (KYC) regulations, and prevent fraud.
  • Credit Services: To assess, manage, and administer intraday credit lines, including monitoring credit episodes, applying penalties where applicable, and enforcing account restrictions.
  • Transaction Processing: To process and settle trades, calculate and apply fees, and maintain accurate ledger records.
  • Communications: To send you transaction confirmations, security alerts, account notifications, and service updates based on your notification preferences.
  • Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorised access, and other harmful activities.
  • Compliance: To comply with applicable laws, regulations, and legal processes, including anti-money laundering (AML) and counter-terrorism financing (CTF) requirements.
  • Service Improvement: To analyse usage patterns, diagnose technical issues, and improve the performance and reliability of the Service.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who assist us in operating the Service, including:

  • Payment Processors and Banking Partners: To facilitate NGN deposits, withdrawals, and bank account verification.
  • Blockchain Infrastructure Providers: To process on-chain deposits and withdrawals.
  • Identity Verification Providers: To perform KYC checks and facial recognition verification.
  • Notification Services: To deliver push notifications and email communications.
  • Cloud Infrastructure Providers: To host and operate the Service securely.

4.2 Regulatory and Legal Obligations

We may disclose your information where required by law or in response to valid legal processes, including:

  • Requests from regulatory authorities, law enforcement agencies, or courts.
  • Compliance with anti-money laundering (AML), counter-terrorism financing (CTF), and tax reporting obligations.
  • Protection of our rights, property, or safety, or the rights, property, or safety of our users or the public.

4.3 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption: Sensitive credentials and authentication tokens are stored using device-level secure storage (encrypted keychain/keystore).
  • Authentication Security: We use OAuth 2.0 with access and refresh token pairs, with automatic token rotation.
  • Access Controls: Role-based access controls for internal administrative operations, with audit logging for all sensitive actions.
  • Secure Transmission: All data transmitted between the application and our servers is encrypted using industry-standard protocols (TLS/HTTPS).

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We may also retain certain information as required by law or for legitimate business purposes, including:

  • Transaction Records: Retained in accordance with applicable financial record-keeping requirements.
  • KYC/Identity Data: Retained as required by applicable AML and CTF regulations.
  • Audit Logs: Credit limit changes, suspension events, penalty applications, and administrative actions are retained in immutable audit logs.
  • Account Data: Retained for a reasonable period after account closure to comply with legal obligations and resolve disputes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal and regulatory retention requirements.
  • Restriction: Request that we restrict the processing of your personal information in certain circumstances.
  • Data Portability: Request a copy of your personal information in a structured, commonly used, and machine-readable format.
  • Withdrawal of Consent: Where processing is based on consent, withdraw your consent at any time.
  • Objection: Object to the processing of your personal information for certain purposes.

To exercise any of these rights, please contact us using the details provided in Section 11.

8. Device Permissions

The Daya Pro application may request the following device permissions:

  • Camera: Required for capturing selfie photographs during identity verification (KYC).
  • Photo Library: Required for uploading identity documents during enhanced verification.
  • Biometric Authentication (Face ID / Fingerprint): Used for secure account access and transaction confirmation.

You may manage these permissions through your device settings at any time. Disabling certain permissions may limit your ability to use specific features of the Service.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy within the application or by sending you a notification. The “Last Updated” date at the top of this policy indicates when it was last revised.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Daya Technologies Limited
Email: support@daya.co
Website: https://daya.co

12. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act 2023 (NDPA) and any applicable regulations issued by the Nigeria Data Protection Commission (NDPC).