Crowwe is a social media platform that enables users to connect, chat, make audio and video calls, and send and receive money through peer-to-peer and group chat payment channels. Crowwe is owned by IPI Solutions Nigeria Limited and developed by Gloomme Business Connections Limited, both wholly-owned subsidiaries of IPI Group Limited.
Crowwe is owned and operated by IPI Solutions Nigeria Limited, and developed by Gloomme Business Connections Limited. For the purposes of the Nigeria Data Protection Act 2023 (NDPA 2023) and the EU General Data Protection Regulation (GDPR) where applicable, the Data Controller for all personal data processed through Crowwe is:
| Company | IPI Solutions Nigeria Limited |
| RC Number | [Insert RC Number] |
| Registered Address | Plot 8 Zambezi Crescent, Maitama, Abuja FCT, Nigeria |
| Lagos Office | Plot 169 Karimu Kotun, Victoria Island, Lagos |
| privacy@crowwe.ng | info@ipi.ng | |
| Data Protection Officer | dpo@ipi.ng |
| Website | www.crowwe.ng | www.ipi.ng |
Crowwe is developed by Gloomme Business Connections Limited (RC: [Insert RC Number]), a technology development subsidiary of IPI Group Limited. Development activities are conducted under an intra-group service agreement with IPI Solutions Nigeria Limited as platform owner and Data Controller.
Our Data Protection Officer (DPO), appointed in compliance with Section 32 of the NDPA 2023 and Article 37 of the GDPR, can be contacted at dpo@ipi.ng for all privacy-related enquiries.
2.1 Account and Identity Information
- Full name, username, and display name
- Email address and phone number (used for verification and payments)
- Date of birth (for age verification)
- Profile photograph
- Government-issued ID — NIN, BVN, or passport (for financial services compliance, where required by CBN regulations)
2.2 Audio and Video Call Data
- Call logs — participants, duration, timestamp, and call type (audio or video)
- Audio data transmitted during calls (end-to-end encrypted; not stored on Crowwe servers after the call ends)
- Video data transmitted during video calls (end-to-end encrypted; not retained post-call)
- Network quality metrics collected during calls to improve call performance
- Call history — who you called, when, and for how long
2.3 Financial and Payment Data
- Bank account and mobile money wallet details (for funding your Crowwe wallet)
- Payment card information — processed via PCI-DSS compliant gateways; full card numbers are never stored on Crowwe servers
- Peer-to-peer (P2P) transaction records — sender, recipient, amount, timestamp, and chat context
- Group payment records — contributions made within group chats, split amounts, and settlement status
- Crowwe wallet balance and transaction history
- Payment method preferences
2.4 Messaging and Social Data
- Direct messages and group chat messages sent between users on Crowwe
- Media shared in chats — photos, videos, voice notes, documents, and links
- Posts, status updates, stories, comments, reactions, and content you publish to your profile or feed
- Group membership and group chat activity (group names, member lists, admin actions)
- Social connections — users you follow, block, or mute; contacts you import
- Social interactions — likes, shares, reposts, mentions
2.5 Location, Device and Technical Data
- Precise GPS location (where you grant permission) — to show nearby merchants and enable delivery
- Approximate location from IP address; delivery addresses
- Device type, operating system, device identifiers, IP address, app version
- Crash logs, network information, and performance data
2.6 Behavioural and Usage Data
- Pages, products, and merchants you view; search queries; purchase history
- Features used, session frequency and duration
Under the NDPA 2023 and the GDPR, we must have a valid lawful basis for every processing activity. The table below sets out the bases we rely on:
| Lawful Basis | Legal Reference | When We Rely On It |
|---|---|---|
| Consent | NDPA s.25 / GDPR Art.6(1)(a) | Marketing communications; optional features; location data; cookie preferences |
| Contract Performance | NDPA s.25 / GDPR Art.6(1)(b) | Processing transactions; operating your account; merchant settlements |
| Legal Obligation | NDPA s.25 / GDPR Art.6(1)(c) | KYC/AML compliance (CBN); tax reporting; responding to lawful government requests |
| Legitimate Interests | NDPA s.25 / GDPR Art.6(1)(f) | Platform security; fraud detection; internal analytics; business continuity |
| Vital Interests | NDPA s.25 / GDPR Art.6(1)(d) | Emergency safety situations |
Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of any processing conducted before withdrawal.
4.1 To Provide and Operate Crowwe
- Creating and managing your Crowwe account and profile
- Delivering direct messages, group chat messages, and media between users
- Facilitating audio and video calls between users (peer-to-peer and group calls)
- Processing peer-to-peer payments and group payment contributions sent through Crowwe chats
- Managing group chats — creation, membership, permissions, and admin controls
- Displaying your social feed, posts, stories, and profile to your connections
4.2 Identity Verification and Compliance
- Verifying your identity per CBN Know-Your-Customer (KYC) requirements
- Conducting Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) checks — Money Laundering (Prevention and Prohibition) Act 2022
- Complying with NDPA 2023, CBN regulations, FCCPC regulations, and Nigerian law
4.3 Security and Fraud Prevention
- Detecting, investigating, and preventing fraudulent transactions and abuse
- Monitoring cybersecurity threats — Cybercrimes (Prohibition, Prevention, Etc.) Act 2015
4.4 Personalisation and Improvement
- Personalising your feed, product recommendations, and search results
- Internal analytics to understand usage and improve our service
- Researching and developing new features
4.5 Communications
- Transactional notifications (payment confirmations, order updates, account alerts)
- Marketing communications — only where you have given consent
- Responding to customer service enquiries and complaints
5.1 Within IPI Group
Data may be shared between IPI Solutions Nigeria Limited (platform owner), Gloomme Business Connections Limited (platform developer), and other IPI Group Limited subsidiaries for compliance, service delivery, system maintenance, and internal reporting. All group companies are bound by the same data protection standards as this Policy.
5.2 With Payment Recipients
When you send money to another Crowwe user through a peer-to-peer or group chat payment, we share the minimum information necessary to process the payment — including your display name and the transaction amount — with the recipient. We do not share your financial account details with other users.
5.3 With Payment Processors
We share financial data with CBN-licensed, PCI-DSS compliant payment processors solely to facilitate peer-to-peer and group payment transactions initiated within Crowwe chats. These processors are contractually bound to protect your data and may not use it for any purpose beyond transaction processing.
5.4 With Service Providers
We use third-party service providers for cloud hosting, customer support, analytics, marketing, and identity verification. All are bound by data processing agreements compliant with NDPA 2023 and GDPR.
5.5 With Regulatory and Law Enforcement Authorities
We may disclose personal data to the NDPC, CBN, FCCPC, EFCC, NFIU, courts, or Nigerian government agencies where required by law or to prevent fraud, money laundering, or terrorism financing.
5.6 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred. You will be notified in advance and your rights will be protected.
Your personal data — including messages, call logs, payment records, and profile data — is primarily processed and stored in Nigeria, within Tier-III certified data centres operated by IPI Group Limited, in accordance with our commitment to Nigerian data sovereignty. Audio and video call content is transmitted end-to-end encrypted and is not stored on Crowwe servers after a call ends.
Where transfers outside Nigeria are necessary, we ensure appropriate safeguards as required by Section 43 of the NDPA 2023:
- NDPC adequacy decisions for the recipient country
- Standard Contractual Clauses (SCCs) approved by NDPC / European Commission
- Binding Corporate Rules (BCRs) for intra-group transfers
- Your explicit consent where required and no other safeguard is available
For transfers to EU/EEA recipients, we comply with Chapter V of the GDPR.
We retain your personal data only for as long as necessary. The following periods apply:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account data | Duration of account + 5 years after closure | CBN record-keeping requirements |
| Transaction records | 7 years from transaction date | CBN / FIRS requirements |
| KYC / Identity documents | 5 years from last transaction or closure | Money Laundering Act 2022 |
| Messages | 2 years (unless needed for disputes) | Platform operations |
| Location data | 90 days | Delivery and safety only |
| Marketing consent records | Until withdrawal + 3 years | Compliance evidence |
| Security / fraud logs | 5 years from incident date | Cybercrimes Act 2015 |
| Anonymised analytics | Indefinite (cannot be re-linked to you) | Legitimate interest |
After the applicable retention period, data is securely deleted or anonymised.
You have the following rights under the NDPA 2023 and, where applicable, the GDPR. To exercise any right, contact us at privacy@crowwe.ng.
Right to Access
Request a copy of all personal data we hold about you.
Right to Rectification
Correct inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your data (subject to legal retention obligations).
Right to Restriction
Restrict processing of your data in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or for direct marketing.
Withdraw Consent
Withdraw consent at any time — without affecting past processing.
Right to Complain
Lodge a complaint with the NDPC or your national supervisory authority.
Automated Decision Rights
Not be subject solely to automated decisions that significantly affect you.
We implement appropriate technical and organisational security measures consistent with Section 26 of the NDPA 2023 and Article 32 of the GDPR.
Technical Measures
- All data encrypted in transit using TLS 1.3 or higher
- Sensitive data encrypted at rest using AES-256
- All data processed and stored exclusively in Tier-III certified data centres in Nigeria
- Multi-factor authentication (MFA) for all administrative system access
- Regular penetration testing and vulnerability assessments by Drocke Consultants & Advisory Limited
- 24/7 monitoring through our Cyber-Physical Security Operations Center (CPSOC)
- Payment processing through PCI-DSS Level 1 compliant gateways
Crowwe uses cookies and similar tracking technologies on our website and within our mobile applications.
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Essential | Necessary for the platform to function (session tokens, authentication, basket) | No |
| Performance | Anonymised analytics to understand usage and improve Crowwe (Google Analytics, Firebase) | Yes |
| Functional | Remember your preferences (language, currency, notification settings) | Yes |
| Marketing / Targeting | Deliver relevant advertisements and track campaign performance — consent required | Yes (consent-based) |
You can manage cookie preferences through our cookie settings panel or your device settings. Disabling essential cookies will affect platform functionality.
We do not knowingly collect personal data from persons under 18. If you are under 18, please do not use Crowwe or provide any personal data to us. If we become aware that we have collected data from a minor without parental consent, we will immediately delete it. Please contact us at privacy@crowwe.ng if you believe a minor's data has been collected.
Payment facilitation on Crowwe operates within peer-to-peer chat and group chat channels. All transactions are processed by CBN-licensed, PCI-DSS compliant payment processors. Crowwe does not directly store full card numbers and is not itself a licensed financial institution or payment service provider.
Crowwe's payment features allow users to send money to contacts and split bills within group chats. These transactions are initiated through the chat interface and settled via regulated payment partners.
Payment data is governed by: CBN Regulations on Electronic Payments; CBN Consumer Protection Regulations 2019; PCI-DSS standards; and each payment processor's own privacy policy.
For payment disputes, failed transactions, or refund requests, contact support@crowwe.ng. All disputes are handled in accordance with CBN Consumer Protection regulations.
Crowwe is a social media platform. Content you post publicly — posts, stories, photos, videos, profile information — may be visible to your connections or to the public depending on your privacy settings. Messages and call content shared in private chats or group chats are visible only to the participants of that chat.
Audio and video calls on Crowwe are transmitted using end-to-end encryption. Call content (audio and video) is not recorded or stored by Crowwe. Call metadata (who called whom, when, and for how long) is retained as set out in Section 7.
You retain ownership of content you post. By posting, you grant Crowwe a non-exclusive, royalty-free licence to display and distribute your content within the platform for the purpose of operating the service.
Adjust your privacy settings within the Crowwe app at any time to control who can see your content, contact you, or follow your activity.
In the event of a personal data breach likely to result in risk to data subjects, we will:
- Notify the Nigeria Data Protection Commission (NDPC) within 72 hours — NDPA 2023, Section 40
- Notify affected data subjects without undue delay where the breach poses high risk
- Where applicable, notify the relevant EU supervisory authority within 72 hours — GDPR Article 33
- Investigate the breach, take immediate remediation steps, and document all actions
Breach notifications will be sent to the email address on your Crowwe account. Please keep your contact information up to date.
We send marketing communications only where you have given prior consent, or where permitted by the Nigerian Communications Act and CBN Consumer Protection Regulations. You may withdraw consent at any time by:
- Clicking the 'Unsubscribe' link in any marketing email
- Adjusting notification preferences in the Crowwe app settings
- Contacting us at privacy@crowwe.ng with subject: "Unsubscribe"
Withdrawing marketing consent does not affect transactional communications (order updates, payment confirmations, security alerts).
| Law / Regulation | Relevance to Crowwe |
|---|---|
| Nigeria Data Protection Act 2023 (NDPA 2023) | Primary Nigerian data protection law — governs all personal data processing of Nigerian residents |
| Nigeria Data Protection Commission (NDPC) | Supervisory authority; handles complaints and oversees NDPA compliance |
| EU General Data Protection Regulation (GDPR) | Applies to processing of EU/EEA resident data, regardless of where processing occurs |
| Cybercrimes (Prohibition, Prevention, Etc.) Act 2015 | Criminalises unauthorised data access and interception in Nigeria |
| FCCPC Act 2018 | Consumer data rights and protection from unfair data practices |
| Money Laundering (Prevention & Prohibition) Act 2022 | KYC/AML record-keeping and reporting for financial features |
| CBN Consumer Protection Regulations 2019 | Financial data rights for payment and e-commerce activities |
| CBN BVN Regulatory Framework | Governs use of Bank Verification Numbers for KYC |
We may update this Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
- Update the Effective Date at the top of this Policy
- Notify you via email to your registered address, or via a prominent notice within the Crowwe app
- Where required by law, seek your renewed consent
Your continued use of Crowwe after the effective date of an updated Policy constitutes acceptance of the changes, to the extent permitted by law.
For questions about this Policy, to exercise your data rights, or to report a privacy concern:
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:
For Nigerian residents:
| Authority | Nigeria Data Protection Commission (NDPC) |
| Website | www.ndpc.gov.ng |
| info@ndpc.gov.ng | |
| Address | Plot 2047, Michael Okpara Way, Zone 5, Wuse, Abuja FCT |
For EU/EEA residents:
You may lodge a complaint with the supervisory authority in your EU/EEA country of residence. Contact our DPO at dpo@ipi.ng to identify the relevant authority for your jurisdiction.