CROWWE · PRIVACY POLICY

Your Privacy Matters

How we collect, use and protect your personal data on Crowwe — social media, messaging, calling & payments

Effective: 27 June 2026 Governing Law: NDPA 2023 · GDPR · Nigerian Law Platform Owner: IPI Solutions Nigeria Limited DPO: dpo@ipi.ng
Last updated: 27 June 2026  ·  Version: 1.0  ·  If you have questions about this policy, contact our DPO at dpo@ipi.ng
Summary: Crowwe is a social media platform with messaging, audio and video calling, and integrated peer-to-peer and group chat payment features. We collect personal data to provide these services, process payments, verify your identity, and keep you safe. We do not sell your data. You have full rights over your data under Nigerian and international law. Read on for the full details.
1. Who We Are — Data Controller

Crowwe is a social media platform that enables users to connect, chat, make audio and video calls, and send and receive money through peer-to-peer and group chat payment channels. Crowwe is owned by IPI Solutions Nigeria Limited and developed by Gloomme Business Connections Limited, both wholly-owned subsidiaries of IPI Group Limited.

Crowwe is owned and operated by IPI Solutions Nigeria Limited, and developed by Gloomme Business Connections Limited. For the purposes of the Nigeria Data Protection Act 2023 (NDPA 2023) and the EU General Data Protection Regulation (GDPR) where applicable, the Data Controller for all personal data processed through Crowwe is:

CompanyIPI Solutions Nigeria Limited
RC Number[Insert RC Number]
Registered AddressPlot 8 Zambezi Crescent, Maitama, Abuja FCT, Nigeria
Lagos OfficePlot 169 Karimu Kotun, Victoria Island, Lagos
Emailprivacy@crowwe.ng  |  info@ipi.ng
Data Protection Officerdpo@ipi.ng
Websitewww.crowwe.ng  |  www.ipi.ng

Crowwe is developed by Gloomme Business Connections Limited (RC: [Insert RC Number]), a technology development subsidiary of IPI Group Limited. Development activities are conducted under an intra-group service agreement with IPI Solutions Nigeria Limited as platform owner and Data Controller.

Our Data Protection Officer (DPO), appointed in compliance with Section 32 of the NDPA 2023 and Article 37 of the GDPR, can be contacted at dpo@ipi.ng for all privacy-related enquiries.

2. Data We Collect

2.1 Account and Identity Information

  • Full name, username, and display name
  • Email address and phone number (used for verification and payments)
  • Date of birth (for age verification)
  • Profile photograph
  • Government-issued ID — NIN, BVN, or passport (for financial services compliance, where required by CBN regulations)

2.2 Audio and Video Call Data

  • Call logs — participants, duration, timestamp, and call type (audio or video)
  • Audio data transmitted during calls (end-to-end encrypted; not stored on Crowwe servers after the call ends)
  • Video data transmitted during video calls (end-to-end encrypted; not retained post-call)
  • Network quality metrics collected during calls to improve call performance
  • Call history — who you called, when, and for how long

2.3 Financial and Payment Data

  • Bank account and mobile money wallet details (for funding your Crowwe wallet)
  • Payment card information — processed via PCI-DSS compliant gateways; full card numbers are never stored on Crowwe servers
  • Peer-to-peer (P2P) transaction records — sender, recipient, amount, timestamp, and chat context
  • Group payment records — contributions made within group chats, split amounts, and settlement status
  • Crowwe wallet balance and transaction history
  • Payment method preferences

2.4 Messaging and Social Data

  • Direct messages and group chat messages sent between users on Crowwe
  • Media shared in chats — photos, videos, voice notes, documents, and links
  • Posts, status updates, stories, comments, reactions, and content you publish to your profile or feed
  • Group membership and group chat activity (group names, member lists, admin actions)
  • Social connections — users you follow, block, or mute; contacts you import
  • Social interactions — likes, shares, reposts, mentions

2.5 Location, Device and Technical Data

  • Precise GPS location (where you grant permission) — to show nearby merchants and enable delivery
  • Approximate location from IP address; delivery addresses
  • Device type, operating system, device identifiers, IP address, app version
  • Crash logs, network information, and performance data

2.6 Behavioural and Usage Data

  • Pages, products, and merchants you view; search queries; purchase history
  • Features used, session frequency and duration
3. Legal Basis for Processing

Under the NDPA 2023 and the GDPR, we must have a valid lawful basis for every processing activity. The table below sets out the bases we rely on:

Lawful BasisLegal ReferenceWhen We Rely On It
ConsentNDPA s.25 / GDPR Art.6(1)(a)Marketing communications; optional features; location data; cookie preferences
Contract PerformanceNDPA s.25 / GDPR Art.6(1)(b)Processing transactions; operating your account; merchant settlements
Legal ObligationNDPA s.25 / GDPR Art.6(1)(c)KYC/AML compliance (CBN); tax reporting; responding to lawful government requests
Legitimate InterestsNDPA s.25 / GDPR Art.6(1)(f)Platform security; fraud detection; internal analytics; business continuity
Vital InterestsNDPA s.25 / GDPR Art.6(1)(d)Emergency safety situations

Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of any processing conducted before withdrawal.

4. How We Use Your Data

4.1 To Provide and Operate Crowwe

  • Creating and managing your Crowwe account and profile
  • Delivering direct messages, group chat messages, and media between users
  • Facilitating audio and video calls between users (peer-to-peer and group calls)
  • Processing peer-to-peer payments and group payment contributions sent through Crowwe chats
  • Managing group chats — creation, membership, permissions, and admin controls
  • Displaying your social feed, posts, stories, and profile to your connections

4.2 Identity Verification and Compliance

  • Verifying your identity per CBN Know-Your-Customer (KYC) requirements
  • Conducting Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) checks — Money Laundering (Prevention and Prohibition) Act 2022
  • Complying with NDPA 2023, CBN regulations, FCCPC regulations, and Nigerian law

4.3 Security and Fraud Prevention

  • Detecting, investigating, and preventing fraudulent transactions and abuse
  • Monitoring cybersecurity threats — Cybercrimes (Prohibition, Prevention, Etc.) Act 2015

4.4 Personalisation and Improvement

  • Personalising your feed, product recommendations, and search results
  • Internal analytics to understand usage and improve our service
  • Researching and developing new features

4.5 Communications

  • Transactional notifications (payment confirmations, order updates, account alerts)
  • Marketing communications — only where you have given consent
  • Responding to customer service enquiries and complaints
5. Data Sharing and Disclosure
We do not sell your personal data. We share data only in the circumstances below.

5.1 Within IPI Group

Data may be shared between IPI Solutions Nigeria Limited (platform owner), Gloomme Business Connections Limited (platform developer), and other IPI Group Limited subsidiaries for compliance, service delivery, system maintenance, and internal reporting. All group companies are bound by the same data protection standards as this Policy.

5.2 With Payment Recipients

When you send money to another Crowwe user through a peer-to-peer or group chat payment, we share the minimum information necessary to process the payment — including your display name and the transaction amount — with the recipient. We do not share your financial account details with other users.

5.3 With Payment Processors

We share financial data with CBN-licensed, PCI-DSS compliant payment processors solely to facilitate peer-to-peer and group payment transactions initiated within Crowwe chats. These processors are contractually bound to protect your data and may not use it for any purpose beyond transaction processing.

5.4 With Service Providers

We use third-party service providers for cloud hosting, customer support, analytics, marketing, and identity verification. All are bound by data processing agreements compliant with NDPA 2023 and GDPR.

5.5 With Regulatory and Law Enforcement Authorities

We may disclose personal data to the NDPC, CBN, FCCPC, EFCC, NFIU, courts, or Nigerian government agencies where required by law or to prevent fraud, money laundering, or terrorism financing.

5.6 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred. You will be notified in advance and your rights will be protected.

6. International Data Transfers

Your personal data — including messages, call logs, payment records, and profile data — is primarily processed and stored in Nigeria, within Tier-III certified data centres operated by IPI Group Limited, in accordance with our commitment to Nigerian data sovereignty. Audio and video call content is transmitted end-to-end encrypted and is not stored on Crowwe servers after a call ends.

Where transfers outside Nigeria are necessary, we ensure appropriate safeguards as required by Section 43 of the NDPA 2023:

  • NDPC adequacy decisions for the recipient country
  • Standard Contractual Clauses (SCCs) approved by NDPC / European Commission
  • Binding Corporate Rules (BCRs) for intra-group transfers
  • Your explicit consent where required and no other safeguard is available

For transfers to EU/EEA recipients, we comply with Chapter V of the GDPR.

7. Data Retention

We retain your personal data only for as long as necessary. The following periods apply:

Data CategoryRetention PeriodLegal Basis
Account dataDuration of account + 5 years after closureCBN record-keeping requirements
Transaction records7 years from transaction dateCBN / FIRS requirements
KYC / Identity documents5 years from last transaction or closureMoney Laundering Act 2022
Messages2 years (unless needed for disputes)Platform operations
Location data90 daysDelivery and safety only
Marketing consent recordsUntil withdrawal + 3 yearsCompliance evidence
Security / fraud logs5 years from incident dateCybercrimes Act 2015
Anonymised analyticsIndefinite (cannot be re-linked to you)Legitimate interest

After the applicable retention period, data is securely deleted or anonymised.

8. Your Data Protection Rights

You have the following rights under the NDPA 2023 and, where applicable, the GDPR. To exercise any right, contact us at privacy@crowwe.ng.

Right to Access

NDPA s.34 / GDPR Art.15

Request a copy of all personal data we hold about you.

Right to Rectification

NDPA s.35 / GDPR Art.16

Correct inaccurate or incomplete personal data.

Right to Erasure

NDPA s.36 / GDPR Art.17

Request deletion of your data (subject to legal retention obligations).

Right to Restriction

NDPA s.37 / GDPR Art.18

Restrict processing of your data in certain circumstances.

Right to Data Portability

NDPA s.38 / GDPR Art.20

Receive your data in a structured, machine-readable format.

Right to Object

NDPA s.39 / GDPR Art.21

Object to processing based on legitimate interests or for direct marketing.

Withdraw Consent

NDPA s.25 / GDPR Art.7(3)

Withdraw consent at any time — without affecting past processing.

Right to Complain

NDPA s.40 / GDPR Art.77

Lodge a complaint with the NDPC or your national supervisory authority.

Automated Decision Rights

NDPA s.41 / GDPR Art.22

Not be subject solely to automated decisions that significantly affect you.

We will respond to all data subject requests within 30 days of receipt. Contact us at privacy@crowwe.ng with subject: "Data Subject Request — [Your Name]". We may require proof of identity.
9. Data Security

We implement appropriate technical and organisational security measures consistent with Section 26 of the NDPA 2023 and Article 32 of the GDPR.

Technical Measures

  • All data encrypted in transit using TLS 1.3 or higher
  • Sensitive data encrypted at rest using AES-256
  • All data processed and stored exclusively in Tier-III certified data centres in Nigeria
  • Multi-factor authentication (MFA) for all administrative system access
  • Regular penetration testing and vulnerability assessments by Drocke Consultants & Advisory Limited
  • 24/7 monitoring through our Cyber-Physical Security Operations Center (CPSOC)
  • Payment processing through PCI-DSS Level 1 compliant gateways
Important: Despite our security measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at security@crowwe.ng.
10. Cookies and Tracking Technologies

Crowwe uses cookies and similar tracking technologies on our website and within our mobile applications.

Cookie TypePurposeCan Be Disabled?
EssentialNecessary for the platform to function (session tokens, authentication, basket)No
PerformanceAnonymised analytics to understand usage and improve Crowwe (Google Analytics, Firebase)Yes
FunctionalRemember your preferences (language, currency, notification settings)Yes
Marketing / TargetingDeliver relevant advertisements and track campaign performance — consent requiredYes (consent-based)

You can manage cookie preferences through our cookie settings panel or your device settings. Disabling essential cookies will affect platform functionality.

11. Children's Privacy
Crowwe is not intended for persons under 18 years of age.

We do not knowingly collect personal data from persons under 18. If you are under 18, please do not use Crowwe or provide any personal data to us. If we become aware that we have collected data from a minor without parental consent, we will immediately delete it. Please contact us at privacy@crowwe.ng if you believe a minor's data has been collected.

12. Payment Processing

Payment facilitation on Crowwe operates within peer-to-peer chat and group chat channels. All transactions are processed by CBN-licensed, PCI-DSS compliant payment processors. Crowwe does not directly store full card numbers and is not itself a licensed financial institution or payment service provider.

Crowwe's payment features allow users to send money to contacts and split bills within group chats. These transactions are initiated through the chat interface and settled via regulated payment partners.

Payment data is governed by: CBN Regulations on Electronic Payments; CBN Consumer Protection Regulations 2019; PCI-DSS standards; and each payment processor's own privacy policy.

For payment disputes, failed transactions, or refund requests, contact support@crowwe.ng. All disputes are handled in accordance with CBN Consumer Protection regulations.

13. Social Features, Calls and User-Generated Content

Crowwe is a social media platform. Content you post publicly — posts, stories, photos, videos, profile information — may be visible to your connections or to the public depending on your privacy settings. Messages and call content shared in private chats or group chats are visible only to the participants of that chat.

Audio and video calls on Crowwe are transmitted using end-to-end encryption. Call content (audio and video) is not recorded or stored by Crowwe. Call metadata (who called whom, when, and for how long) is retained as set out in Section 7.

You retain ownership of content you post. By posting, you grant Crowwe a non-exclusive, royalty-free licence to display and distribute your content within the platform for the purpose of operating the service.

Adjust your privacy settings within the Crowwe app at any time to control who can see your content, contact you, or follow your activity.

14. Data Breach Notification

In the event of a personal data breach likely to result in risk to data subjects, we will:

  • Notify the Nigeria Data Protection Commission (NDPC) within 72 hours — NDPA 2023, Section 40
  • Notify affected data subjects without undue delay where the breach poses high risk
  • Where applicable, notify the relevant EU supervisory authority within 72 hours — GDPR Article 33
  • Investigate the breach, take immediate remediation steps, and document all actions

Breach notifications will be sent to the email address on your Crowwe account. Please keep your contact information up to date.

15. Marketing Communications

We send marketing communications only where you have given prior consent, or where permitted by the Nigerian Communications Act and CBN Consumer Protection Regulations. You may withdraw consent at any time by:

  • Clicking the 'Unsubscribe' link in any marketing email
  • Adjusting notification preferences in the Crowwe app settings
  • Contacting us at privacy@crowwe.ng with subject: "Unsubscribe"

Withdrawing marketing consent does not affect transactional communications (order updates, payment confirmations, security alerts).

16. Regulatory Compliance Framework
Law / RegulationRelevance to Crowwe
Nigeria Data Protection Act 2023 (NDPA 2023)Primary Nigerian data protection law — governs all personal data processing of Nigerian residents
Nigeria Data Protection Commission (NDPC)Supervisory authority; handles complaints and oversees NDPA compliance
EU General Data Protection Regulation (GDPR)Applies to processing of EU/EEA resident data, regardless of where processing occurs
Cybercrimes (Prohibition, Prevention, Etc.) Act 2015Criminalises unauthorised data access and interception in Nigeria
FCCPC Act 2018Consumer data rights and protection from unfair data practices
Money Laundering (Prevention & Prohibition) Act 2022KYC/AML record-keeping and reporting for financial features
CBN Consumer Protection Regulations 2019Financial data rights for payment and e-commerce activities
CBN BVN Regulatory FrameworkGoverns use of Bank Verification Numbers for KYC
17. Changes to This Privacy Policy

We may update this Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Update the Effective Date at the top of this Policy
  • Notify you via email to your registered address, or via a prominent notice within the Crowwe app
  • Where required by law, seek your renewed consent

Your continued use of Crowwe after the effective date of an updated Policy constitutes acceptance of the changes, to the extent permitted by law.

18. How to Contact Us

For questions about this Policy, to exercise your data rights, or to report a privacy concern:

Data Protection Officer
Privacy Enquiries
Security Incidents
Customer Support
Headquarters (Abuja)
Plot 8 Zambezi Crescent, Maitama, Abuja FCT
Lagos Office
Plot 169 Karimu Kotun, Victoria Island, Lagos
19. Complaints to Supervisory Authorities

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

For Nigerian residents:

AuthorityNigeria Data Protection Commission (NDPC)
Websitewww.ndpc.gov.ng
Emailinfo@ndpc.gov.ng
AddressPlot 2047, Michael Okpara Way, Zone 5, Wuse, Abuja FCT

For EU/EEA residents:

You may lodge a complaint with the supervisory authority in your EU/EEA country of residence. Contact our DPO at dpo@ipi.ng to identify the relevant authority for your jurisdiction.