← Back to home

STACKLEVEST GLOBAL TECH LTD

Data Privacy Policy

Effective Date: February 2026

Stacklevest Global Tech Ltd ("Stacklevest", "we", "our", or "us") is committed to protecting your privacy and safeguarding your personal and financial information. This Data Privacy Policy explains how we collect, use, store, share, and protect your data, including financial data retrieved via Mono Connect, in accordance with the Nigeria Data Protection Act, 2023 ("NDPA") and the General Application and Implementation Directive (GAID) 2025.

1. Information We Collect

We collect the following categories of personal data:

A. Account Information

  • Full name
  • Email address
  • Phone number
  • Login credentials (stored in encrypted form)

B. Financial Data (via Mono Connect)

When you choose to connect your bank account through Mono Connect, we may access:

  • Account name and masked account number
  • Account balance
  • Transaction history
  • Merchant descriptions
  • Debit and credit activity
  • Transaction timestamps

We do not collect or store your bank login credentials. Authentication is handled securely by Mono Connect. Your internet banking password and PIN are never accessible to Stacklevest at any time.

C. Device and Usage Data

  • Device type, operating system, and browser information
  • IP address
  • App usage patterns and interaction data
  • Crash logs and performance data

2. How Mono Connect Works

Stacklevest uses Mono Connect, a secure financial data API provided by Mono Technologies Nigeria Limited, to retrieve your financial data with your explicit consent.

When you link your account:

  1. You are redirected to Mono's secure authentication interface.
  2. You grant permission for Stacklevest to access specific financial data.
  3. Mono securely transmits the authorized financial data to Stacklevest via encrypted APIs.

Stacklevest does not have access to your internet banking password or PIN at any time. You may also manage your linked accounts and data access through Mono Portal atportal.mono.co.

3. Lawful Basis for Processing

Under the Nigeria Data Protection Act, 2023, we process your personal data based on the following lawful grounds:

  • Consent: When you create an account and/or connect your bank account through Mono Connect, you provide explicit consent for us to collect and process your personal and financial data for the purposes described in this policy.
  • Contractual Necessity: Processing is necessary to provide you with the budgeting, expense tracking, and financial analytics services you requested when you signed up.
  • Legal Obligation: Where we are required to retain records, report information, or comply with directives under applicable Nigerian laws and financial regulations.
  • Legitimate Interest: To improve our services, enhance security, and prevent fraud, where such interests are not overridden by your fundamental rights and freedoms.

4. How We Use Your Data

We use your personal and financial data strictly for the following purposes:

  • To provide and operate our budgeting and financial analytics services
  • To track income and expenses
  • To categorize transactions
  • To generate budgeting insights and spending analytics reports
  • To trigger budget alerts and notifications
  • To improve personalization and user experience
  • To communicate with you about your account, service updates, and support
  • To comply with legal and regulatory obligations
  • To detect, prevent, and address fraud or security issues

We do not sell, rent, or trade your personal or financial data to any third party.

5. Automated Decision-Making

Our app uses automated processes to:

  • Categorize your transactions (e.g., food, transport, entertainment)
  • Generate budgeting insights and spending summaries
  • Trigger alerts when you approach or exceed a budget limit

These automated processes are designed to enhance your experience and do not produce legal or similarly significant effects on you. If you have concerns about any automated decision, you may contact us at privacy@stacklevest.com to request a review or explanation.

6. Data Storage & Security

We implement industry-standard technical and organisational security measures to protect your personal data, including:

  • HTTPS/TLS encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Role-based access control for internal systems
  • JWT-based secure authentication
  • Secure PostgreSQL database environment
  • Regular access audits, vulnerability assessments, and monitoring
  • Incident response procedures for potential security events

Only authorized system components and personnel can access financial data, and access is granted on a strict need-to-know basis.

7. Cross-Border Data Transfers

Your data may be transferred to and stored on servers located outside Nigeria through our use of cloud hosting providers. Where such transfers occur, we ensure adequate protection of your personal data through:

  • Selecting providers that maintain internationally recognized security certifications
  • Implementing standard contractual clauses and data processing agreements
  • Applying encryption and access control measures during transfer and storage

We will only transfer your data to jurisdictions that provide adequate levels of data protection or where appropriate safeguards are in place, in compliance with the NDPA and GAID 2025.

8. Data Retention

We retain your personal and financial data as follows:

  • Account and financial data: Retained for as long as your account remains active and for a period of 12 months after account deletion or deactivation, unless a longer retention period is required by law or regulation.
  • Transaction data: Retained for the duration of your active account. Upon account deletion, transaction records are permanently removed within 90 days, unless legally required to retain them.
  • Device and usage data: Retained for up to 12 months for analytics and service improvement purposes.

You may request deletion of your data at any time. Upon such request, linked bank connections via Mono will be revoked and your stored financial records will be permanently removed, unless we are legally obligated to retain them.

9. User Consent

By creating an account on Stacklevest and/or connecting your bank account through Mono Connect, you:

  • Explicitly authorize Stacklevest to collect, process, and store your personal and financial data as described in this policy
  • Understand the scope and purpose of the data being accessed
  • Agree to the use of your data for budgeting, financial analysis, and the other purposes stated herein

Withdrawal of Consent

You may withdraw your consent at any time by:

  • Disconnecting your bank account from your Stacklevest dashboard
  • Contacting us at privacy@stacklevest.com

Please note: Withdrawal of consent does not affect the lawfulness of any processing carried out before such withdrawal. Certain data may still be retained where required by law.

10. Third-Party Service Providers

Stacklevest uses trusted third-party service providers to operate and deliver our services, including:

ProviderCategoryPurpose
Mono Technologies Nigeria LimitedFinancial data aggregationVia Mono Connect
Cloud Infrastructure ProvidersHostingStorage and server infrastructure
Email/SMS/Push Notification ProvidersCommunicationsTransactional and service-related communications

These providers act as data processors on our behalf and are contractually obligated to:

  • Process your data only on our documented instructions
  • Maintain appropriate technical and organisational security measures
  • Not use your data for any purpose other than providing services to Stacklevest
  • Delete or return your data upon termination of the service agreement

11. Your Rights

Under the Nigeria Data Protection Act, 2023, you have the following rights regarding your personal data:

  • Right of Access: Request access to the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Deletion: Request erasure of your personal data, subject to legal retention requirements.
  • Right to Withdraw Consent: Withdraw your consent for data processing at any time.
  • Right to Data Portability: Request a copy of your stored personal and financial data in a commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interest or automated decision-making.
  • Right to Restrict Processing: Request that we limit how your data is processed in certain circumstances.
  • Right to Lodge a Complaint: If you believe your personal data has been processed unlawfully or your rights have been violated, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

To exercise any of these rights, please contact us at privacy@stacklevest.com. We will respond to your request within 30 days of receipt.

12. Data Breach Notification

In the event of a personal data breach that is likely to pose a high risk to your rights and freedoms, Stacklevest will:

  • Notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay, providing clear information about:
    • The nature of the breach
    • The likely consequences
    • The measures taken or proposed to address the breach
    • Recommended steps you can take to protect yourself

We maintain a data breach register and incident response procedures to ensure timely detection and response to any security incidents.

13. Data Protection Officer

Stacklevest has designated a Data Protection Officer (DPO) responsible for overseeing compliance with data protection laws and this policy.

Data Protection Officer
Email: dpo@stacklevest.com

The DPO can be contacted for any questions or concerns regarding how your personal data is processed, or to exercise any of your data subject rights.

14. Data Protection Compliance

Stacklevest complies with applicable data protection laws and regulations, including:

  • Nigeria Data Protection Act (NDPA), 2023
  • NDP Act General Application and Implementation Directive (GAID), 2025
  • Applicable financial data protection standards and guidelines issued by the Nigeria Data Protection Commission (NDPC)

We are committed to conducting Data Protection Impact Assessments (DPIAs) where our processing activities may pose a high risk to the rights and freedoms of data subjects, and to maintaining records of our processing activities.

15. Changes to This Policy

We may update this Data Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make significant changes:

  • We will notify you via email and/or in-app notification
  • The updated policy will be made available within the app and on our website
  • Continued use of our services after the effective date of the updated policy constitutes your acceptance of the changes

16. Contact Information

STACKLEVEST GLOBAL TECH LTD
Bassan Plaza Plot 759
Independent Avenue, Central Business District
FCT, Nigeria

General Inquiries: privacy@stacklevest.com
Data Protection Officer: dpo@stacklevest.com

NDPC Audit Compliance Trustmark

StackleVest Global Tech Ltd is certified by the Nigeria Data Protection Commission (NDPC) for compliance with the Nigeria Data Protection Act, 2023. View our Audit Compliance Trustmark certificate below.

Open certificate in new tab