Privacy Policy

Bybox is operated by Bybox Labs Ltd, a technology company registered in Nigeria (RC 8931210).

We build digital experiences that make cash gifting and social connection simple, personal, and secure.

Our address:

Bybox Labs Ltd (RC 8931210), Abuja, Nigeria.

contact@bybox.me

We only collect information necessary to deliver our service effectively and safely.

We collect the following categories of data:

We do not buy or sell user data from any external source.

Your messages are end-to-end encrypted — only you and the recipient can read them.

Bybox cannot access, view, or analyze message content.

We do not use your messages for advertising, profiling, or algorithmic recommendations.

Messages are stored securely and temporarily on encrypted servers only to ensure delivery, after which they remain accessible only to the sender and receiver.

We will never manually access or read your messages, except when required by law through a valid legal process (for example, a court order or government request).

Bybox is not a bank or wallet.

All payments and withdrawals are handled by licensed third-party partners (e.g., OPay) who process payments in compliance with Nigerian financial regulations.

We do not directly store, process, or have access to your card or bank details.

We only store transaction metadata, such as:

• Amount, date, and status (success/failure).
• Transaction ID and settlement reference.

This data helps you view your transaction history and helps us prevent fraud or duplicate charges.

All sensitive payment data travels only through secure, encrypted APIs provided by our financial partners.

We use the information we collect to:

• Create and manage your bybox account.
• Verify your phone number and secure your login.
• Deliver gifts and messages between users.
• Process withdrawals and display transaction summaries.
• Detect, prevent, and respond to fraud or abuse.
• Personalize templates, badges, and notifications.
• Communicate with you about updates, features, and support.
• Comply with legal or regulatory obligations.

We never use your data for targeted advertising.

Your safety and privacy are our highest priorities.

We use multiple layers of protection, including:

• Encryption: All communications and stored data are encrypted in transit (HTTPS/TLS) and at rest.
• Access control: Only authorized personnel can access system logs — and never your messages.
• PIN & OTP protection: All accounts are protected by multi-layer authentication.
• Fraud detection: We use automated systems to detect unusual or suspicious activity.
• Secure development: Regular code reviews, penetration testing, and security updates.

If we ever experience a data breach that could affect you, we'll notify you promptly in line with NDPR requirements.

We keep your data only as long as necessary to provide the service, comply with legal obligations, or resolve disputes.

• Messages remain encrypted and accessible to you unless deleted or your account is closed.
• Transaction records are kept for as long as required by law (e.g., for anti-fraud or audit purposes).
• When you delete your account, we permanently erase your profile, messages, badges, and link.

Certain transaction metadata may remain archived securely for compliance reasons (no personal content).

We only share your data in these cases:

1. With your consent — e.g., when you connect a third-party service or share your link on social media.
2. With trusted partners — for essential services like OTP delivery, payment processing, or hosting.
3. For legal compliance — when required by law, regulation, or court order.

We never sell, rent, or trade your personal information.

Although bybox operates primarily from Nigeria, we may store or process data on secure servers located in other countries (e.g., cloud hosting providers).

When we do, we ensure your data is protected by equivalent privacy safeguards, including encryption and contractual commitments.

Depending on your location, you may have the following rights under NDPR or GDPR:

• Access: Request a copy of the information we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal information.
• Restriction: Ask us to limit how we use your data.
• Withdrawal of consent: Withdraw any consent you previously gave.
• Portability: Request transfer of your data to another service (where applicable).

You can exercise these rights by contacting us.

We may ask for verification before processing requests to ensure your account security.

Our website and app may use cookies or similar technologies to:

• Keep you signed in.
• Save your preferences (e.g., theme or language).
• Understand how users interact with the app to improve performance.

We do not use cookies for advertising or third-party tracking.

You can control or delete cookies through your device or browser settings.

Bybox is not designed for children under 16 years old.

We do not knowingly collect or store personal information from minors.

If we learn that we have collected data from a child without proper consent, we'll delete it immediately.

Parents or guardians who believe their child has used bybox may contact us immediately.

Bybox integrates with external providers for SMS, OTPs, hosting, and payment processing.

These providers have their own privacy practices, which we review to ensure compliance with NDPR and GDPR standards.

We are not responsible for how third-party platforms (like OPay, App Store, or Google Play) handle data once you leave bybox.

We encourage you to review their privacy policies directly.

When you delete your bybox account:

• Your profile, link, messages, and badges are permanently erased.
• Transaction metadata (amounts, timestamps, payment partner IDs) may be retained for a limited period (up to 7 years) for accounting and anti-fraud compliance.
• Data retained for compliance is anonymized wherever possible.

Once retention periods expire, all remaining data is securely deleted.

We may update this Privacy Policy from time to time to reflect changes in our service or legal obligations.

When we do, we'll notify you by email, in-app notification, or an update notice on our website.

Your continued use of bybox after any update means you accept the revised Policy.

If you have any questions, feedback, or concerns about this Privacy Policy or your data, please contact:

contact@bybox.me

Bybox Labs Ltd (RC 8931210), Abuja, Nigeria.