Get the app

Privacy Policy

Effective Date: March 12, 2026
Last Updated: April 22, 2026

1. Introduction

Welcome to Pro by Daya (“Daya Pro”, “we”, “us”, or “our”). Daya Pro is a stablecoin trading and wallet management application operated by Daya Technologies Limited. We are committed to protecting the privacy and security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Daya Pro mobile application and related services (collectively, the “Service”). Please read this policy carefully. By accessing or using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

When you create an account or use our Service, we may collect the following personal information:

  • Account Information: Email address, first name, last name, and username.
  • Authentication Credentials: Passkey data (WebAuthn credentials), PIN (stored securely on-device), and one-time passwords (OTPs) for verification.

2.2 Identity and Security Information

To enhance user protection and account security, and to help prevent fraud and bot activity, we collect identity and security information, including:

  • Selfie Photographs and Identity Information: Selfie photographs and identity-related information used to enhance protection and security for our users, confirm account ownership, and help prevent the Service from being spammed or abused by fraudulent users or bots.
  • Identity Documents: Government-issued identification documents (passport, driver's licence, or national identification card), selfie photographs submitted with those documents, and the country of issuance where needed to confirm account ownership and protect the Service from abuse.

2.3 Financial Information

In the course of providing the Service, we collect financial information, including:

  • Bank Account Details: Bank name, account number, and account name for fiat (NGN) deposits and withdrawals.
  • Blockchain Wallet Addresses: Deposit and withdrawal addresses across supported blockchain networks (Ethereum, Base, Polygon, Arbitrum, Optimism, Solana, TRON, BNB Smart Chain, Aptos, and others).
  • Transaction History: Records of deposits, withdrawals, trades, orders (including order type, side, quantity, price, fees, and status), and wallet balances.

2.4 Device and Technical Information

We automatically collect certain device and technical information when you use the Service:

  • Device Identifiers: Device type, device name, and operating system name and version.
  • Network Information: IP address and user agent string.
  • Application Information: App version and build number.

2.5 Usage and Telemetry Data

We collect limited usage data to improve the reliability and performance of the Service:

  • Event Data: Interactions with key features such as passkey setup, login flows, and recovery processes.
  • Telemetry Logs: Timestamped client events buffered in memory for diagnostic purposes. Telemetry collection may be enabled or disabled based on environment configuration.

2.6 Notification Preferences

We collect your preferences for receiving notifications, including:

  • Communication Channels: Push notification and email preferences.
  • Notification Categories: Preferences for order updates, deposit confirmations, withdrawal updates, and price alerts.
  • Push Notification Tokens: Device tokens required to deliver push notifications through the Expo Push Notification service.

2.7 Face Data-Specific Disclosures

To make our face-data practices clear:

  • Device Biometrics Are Not Collected by Daya: We do not collect, receive, or store biometric templates or scans created by Apple Face ID, Touch ID, or similar device-level biometric systems. Those biometric templates remain on your device and are not shared with Daya.
  • Passkey Recovery Selfies Are Not Retained by Daya: If you use the passkey recovery flow, we may ask you to capture a selfie to re-confirm your identity against information already linked to your account. Daya uses that selfie for a one-time identity check and does not retain it after the request is completed.
  • Selfie Images We Do Retain: We retain selfies and other face images submitted during account security and identity confirmation checks. We store this face data to enhance the protection and security of our users, confirm account ownership, help ensure the Service is not spammed or abused by fraudulent users or bots, and support short-term review of suspected abuse or account-security issues.
  • We Do Not Retain Face Data Indefinitely: Retained selfie images are stored for up to 30 days after submission and are then deleted. We use this specific retention period because it gives us a limited window to review security alerts, investigate suspected fraudulent or bot activity, and resolve related support issues without keeping face data longer than necessary.
  • Third Parties We Share Face Data With: We do not share face data with third parties.
  • Third-Party Storage of Face Data: Because we do not share face data with third parties, no third party stores face data on our behalf.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Account Management: To create, maintain, and secure your account.
  • Service Delivery: To facilitate trading, deposits, withdrawals, and wallet management on the platform.
  • Identity and Account Protection: To confirm account ownership, enhance protection and security for our users, and help prevent fraud, impersonation, and bot activity.
  • Credit Services: To assess, manage, and administer intraday credit lines, including monitoring credit episodes, applying penalties where applicable, and enforcing account restrictions.
  • Transaction Processing: To process and settle trades, calculate and apply fees, and maintain accurate ledger records.
  • Communications: To send you transaction confirmations, security alerts, account notifications, and service updates based on your notification preferences.
  • Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorised access, and other harmful activities.
  • Compliance: To comply with applicable laws, regulations, legal processes, tax reporting, and record-keeping obligations.
  • Service Improvement: To analyse usage patterns, diagnose technical issues, and improve the performance and reliability of the Service.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who assist us in operating the Service, including:

  • Payment Processors and Banking Partners: To facilitate NGN deposits, withdrawals, and bank account verification.
  • Blockchain Infrastructure Providers: To process on-chain deposits and withdrawals.
  • Notification Services: To deliver push notifications and email communications.
  • Cloud Infrastructure Providers: To host and operate the Service securely.

4.2 Regulatory and Legal Obligations

We may disclose your information where required by law or in response to valid legal processes, including:

  • Requests from regulatory authorities, law enforcement agencies, or courts.
  • Compliance with applicable legal, tax reporting, fraud-prevention, and public-safety obligations.
  • Protection of our rights, property, or safety, or the rights, property, or safety of our users or the public.

4.3 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption: Sensitive credentials and authentication tokens are stored using device-level secure storage (encrypted keychain/keystore).
  • Authentication Security: We use OAuth 2.0 with access and refresh token pairs, with automatic token rotation.
  • Access Controls: Role-based access controls for internal administrative operations, with audit logging for all sensitive actions.
  • Secure Transmission: All data transmitted between the application and our servers is encrypted using industry-standard protocols (TLS/HTTPS).

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We may also retain certain information as required by law or for legitimate business purposes, including:

  • Transaction Records: Retained in accordance with applicable financial record-keeping requirements.
  • Selfie Images and Related Identity Data: Retained for up to 30 days after submission so we can review security alerts, investigate suspected fraudulent or bot activity, and resolve related support issues, after which they are deleted.
  • Passkey Recovery Face Images: Used only for a one-time identity check and not retained by Daya after the request is completed.
  • Audit Logs: Credit limit changes, suspension events, penalty applications, and administrative actions are retained in immutable audit logs.
  • Account Data: Retained for a reasonable period after account closure to comply with legal obligations and resolve disputes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal and regulatory retention requirements.
  • Restriction: Request that we restrict the processing of your personal information in certain circumstances.
  • Data Portability: Request a copy of your personal information in a structured, commonly used, and machine-readable format.
  • Withdrawal of Consent: Where processing is based on consent, withdraw your consent at any time.
  • Objection: Object to the processing of your personal information for certain purposes.

To exercise any of these rights, please contact us using the details provided in Section 11.

8. Device Permissions

The Daya Pro application may request the following device permissions:

  • Camera: Required for capturing selfie photographs to enhance user protection and security and to help prevent fraudulent users or bots from abusing the Service.
  • Photo Library: Required for uploading identification documents during enhanced account security checks.
  • Biometric Authentication (Face ID / Fingerprint): Used for secure account access and transaction confirmation on your device. Daya does not receive or store the biometric template created by your device operating system.

You may manage these permissions through your device settings at any time. Disabling certain permissions may limit your ability to use specific features of the Service.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy within the application or by sending you a notification. The “Last Updated” date at the top of this policy indicates when it was last revised.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Daya Technologies Limited
Email: support@daya.co
Website: https://daya.co

12. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act 2023 (NDPA) and any applicable regulations issued by the Nigeria Data Protection Commission (NDPC).