Privacy Policy
Effective Date: March 2026
1. Introduction
Rezidant ("we", "us", "our") is a property technology and financial services platform that connects property owners, managers and tenants, and facilitates property management services including rent financing and tenant eligibility assessments. Our registered operations are currently based in Nigeria.
We are committed to protecting the privacy and personal data of all individuals who interact with our platform. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, how long we keep it and what rights you have over your data.
This Policy applies to all users of the Rezidant platform, including tenants, property owners, property managers, landlords and any other individuals whose personal data we process in connection with our services.
Applicable Legal Framework
This Privacy Policy is governed by the Nigeria Data Protection Act (NDPA) 2023 and the General Application and Implementation Directive (GAID) 2025, issued by the Nigeria Data Protection Commission (NDPC). Rezidant is committed to full compliance with these laws and to upholding the rights of all data subjects whose personal data we process.
2. Personal Data We Collect and How It Is Used
We collect personal data from multiple touchpoints, directly from you when you register and use the platform, from third parties such as financial data providers, and through automated systems embedded within our platform.
| Category of Personal Data | Source | Purpose of Processing |
|---|---|---|
| Personal identifiers: full name, email address, phone number | Directly from the user at registration | Account creation, identity verification, communications |
| Government-issued ID documents (NIN, BVN, Passport, Driver's Licence) | Directly from user; third-party KYC providers | KYC/KYB compliance, identity verification, regulatory obligations |
| Biometric data (facial recognition, fingerprint data where applicable) | Directly from user via the platform | Identity verification and fraud prevention |
| Financial data: bank statements, transaction history, credit history | Directly from user; via Mono; credit bureaus | Rent financing eligibility assessment; KYB/KYT checks; credit decisioning |
| Property and tenancy information: rental agreements, address, lease terms | Directly from tenants and property managers | Platform service delivery; tenancy management; dispute resolution |
| Transactional data: payment records, rent disbursements | Generated through platform activity | Processing payments, financial reporting, legal compliance |
| Device and usage data: IP address, device identifiers, session logs | Automated collection through the platform | Security, fraud prevention, platform performance monitoring |
| KYB information: business registration details, directorship information | Directly from business users; public registries | Business verification, due diligence, regulatory compliance |
2.1 Sensitive Personal Data
We collect and process certain categories of sensitive personal data, specifically biometric data used solely for identity verification, and financial data including bank statements, credit scores and transaction histories used to assess eligibility for rent financing products. We apply heightened safeguards including strict access controls and encryption at rest and in transit. We will always seek your explicit consent before processing sensitive personal data unless required by law.
2.2 Automated Decision-Making and Profiling
Rezidant uses automated processing, including profiling, as part of our tenant eligibility and rent financing assessment processes. Certain decisions, such as whether you qualify for rent financing or meet tenancy eligibility criteria, may be made using automated systems. These decisions are based on personal and financial data you provide and data obtained through third-party partners such as credit bureaus and open banking providers. You have the right to request human review of any automated decision that significantly affects you. See Section 11 for details.
3. User Roles and Data Collected
| User Role | Data Typically Collected |
|---|---|
| Tenant | Full name, email, phone number, government-issued ID, biometric data, bank account details, transaction history, credit history, rental application data, payment records |
| Property Owner / Manager / Landlord | Full name, email, phone number, business registration details where applicable, property information, banking details for rent disbursement, KYB information |
Where a property manager submits the contact details of colleagues or other individuals, they are required to obtain prior consent from those individuals before sharing their details with Rezidant.
4. Lawful Basis of Processing
We only process your personal data where we have a valid lawful basis to do so:
- Consent: For the majority of our processing activities, including sensitive data such as biometrics and financial information, we obtain your explicit consent before processing. You may withdraw your consent at any time.
- Contract: Where processing is necessary to fulfil our contractual obligations to you, such as processing payments or managing your tenancy arrangements.
- Legal Obligation: Where we are required to process data to comply with a legal or regulatory requirement, such as anti-money laundering obligations or regulatory reporting.
- Legitimate Interests: Where processing is necessary for our legitimate business interests, such as fraud detection and platform security, provided these interests are not overridden by your rights.
- Vital Interests: In exceptional circumstances, where processing is necessary to protect the vital interests of you or another individual.
Withdrawal of Consent
You can withdraw your consent at any time via your account settings or by contacting us at info@rezidant.com. Where no alternative lawful basis exists, withdrawal of consent means we will no longer be able to provide the associated service.
5. Sharing of Personal Data
We do not sell your personal data to any third party.
5.1 Internal Sharing
Personal data may be shared within Rezidant across our technology and operations teams, strictly to support platform delivery and service improvements. Access is limited to personnel with a legitimate need.
5.2 Third-Party Service Providers
| Processor | Service | Data Involved |
|---|---|---|
| Mono | Open banking and financial data aggregation | Bank account data, transaction history |
| DigitalOcean | Cloud infrastructure and data hosting | All categories of data hosted on the platform |
| Google Analytics | Web and application analytics | Device data, usage data, session data (non-personal) |
All processors are contractually bound to handle your data in accordance with applicable data protection laws and our instructions.
5.3 Legal and Regulatory Disclosure
We may disclose personal data to law enforcement, regulatory authorities or courts where required by law or to protect our legal rights.
5.4 No Sale of Personal Data
Rezidant does not, under any circumstances, sell, rent or otherwise monetise your personal data to third parties.
6. Cross-Border Data Transfers
Rezidant currently processes data primarily within Nigeria. However, as our platform is hosted on DigitalOcean cloud infrastructure, your data may be stored on servers located outside Nigeria.
Where personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with applicable law. You will be informed before your data is transferred to a new international jurisdiction.
7. Data Retention
We retain personal data for as long as necessary to fulfil the purpose for which it was collected or as required by applicable law. In general, we retain personal data for 7 years from the date of account creation. Financial and transactional records are retained for 7 years from the date of the transaction. KYC and KYB data is disposed of in line with our Data Retention and Disposal Policy. At the end of the applicable retention period, personal data is securely archived in an access-restricted environment and is not used for any active processing purpose.
8. Cookies and Tracking Technologies
Rezidant uses cookies and related tracking technologies to enhance platform functionality, ensure security and analyse usage patterns.
| Technology | Purpose | Can You Opt Out? |
|---|---|---|
| Session Cookies | Maintain your login session securely | No (essential for platform function) |
| Persistent Cookies | Remember user preferences across sessions | Yes, via cookie consent settings |
| JSON Web Tokens (JWTs) | Secure authentication and session management | No (essential for security) |
| Google Analytics | Web and app usage analytics | Yes, by declining analytics consent |
| Analytics SDKs | Application performance monitoring | Yes, by declining performance consent |
You can manage your cookie preferences by adjusting your consent settings within the platform. Disabling essential cookies may affect platform functionality.
9. Data Security
We have implemented robust technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction or disclosure. Our technical measures include end-to-end encryption in transit using HTTPS/TLS and SSH protocols, password hashing, firewall protection, network intrusion detection and strict access controls. Our organisational measures include regular staff training, periodic security audits, penetration testing and access management policies. Our security programme is being developed in alignment with the ISO 27001 standard, for which certification is currently in progress.
10. Personal Data Breach Management
In the event of a personal data breach, Rezidant will notify the NDPC within 72 hours of becoming aware of the breach. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify affected data subjects without undue delay, describing the nature of the breach, the data affected, the likely consequences and the steps being taken to address it. Our sub-processors, including DigitalOcean, are contractually required to report any breach involving Rezidant data within a timeframe that enables us to meet our regulatory obligations.
11. Your Data Protection Rights
| Right | Description |
|---|---|
| Right of Access | Obtain confirmation of whether we process your data and receive a copy |
| Right to Rectification | Request correction of inaccurate or incomplete data |
| Right to Erasure | Request deletion where data is no longer necessary or where you withdraw consent |
| Right to Restriction | Request that we restrict processing in certain circumstances |
| Right to Data Portability | Receive your data in a structured, machine-readable format |
| Right to Object | Object to processing based on legitimate interests or for direct marketing |
| Right to Withdraw Consent | Withdraw consent at any time without affecting prior lawful processing |
| Right to Object to Automated Decisions | Request human review of decisions made solely through automated processing |
| Right to Lodge a Complaint | Lodge a complaint with the NDPC at www.ndpc.gov.ng |
How to Exercise Your Rights
Via the Rezidant platform: submit a request through your account portal, verified by OTP sent to your registered contact details. By email: send your request to info@rezidant.com. We aim to process straightforward requests within 2 to 5 minutes and will respond to complex requests within 30 days as required by law. We will not charge a fee unless a request is manifestly unfounded or excessive.
12. Updates to This Policy
Rezidant reviews this Privacy Policy annually and may update it at any time. Where we make a material change, including changes to the categories of data we collect, the purposes for which it is used, the third parties we share it with or our service offerings, we will notify you by email, in-app notification or website banner. Your continued use of the platform after the effective date of any updated Policy constitutes your acceptance of those changes.
13. Supervisory Authority
If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at www.ndpc.gov.ng.
14. Contact Information
Rezidant respects the rights of individuals under the Nigeria Data Protection Act (NDPA) and is committed to responding to any questions, concerns or complaints regarding the collection, processing or use of personal data.
Privacy Contact: info@rezidant.com
General Enquiries: info@rezidant.com
15. Key Definitions
- Personal Data: Any information relating to an identified or identifiable natural person.
- Sensitive Personal Data: A special category of personal data warranting heightened protection, including biometric data, financial data and health data.
- Data Controller: The entity that determines the purposes and means of processing personal data. For this Policy, Rezidant is the data controller.
- Data Processor: A third party that processes personal data on behalf of the data controller under contractual obligations.
- Data Subject: The individual to whom personal data relates. In this context, this includes tenants, property owners and managers.
- Processing: Any operation performed on personal data, including collection, storage, use, disclosure, transmission or deletion.
- KYC: Know Your Customer: verifying the identity of individual platform users.
- KYB: Know Your Business: verifying the identity and legitimacy of business entities.
- KYT: Know Your Transaction: monitoring and analysing transaction data to detect suspicious activity.
- GAID: General Application and Implementation Directive 2025, issued by the NDPC to guide compliance with the NDPA.
Ref: RZD/PRIV/POL/001/2026