Privacy Policy
Last updated: 23 May 2026
GetJabb operates an on-demand marketplace that connects users with independent service providers ("Workers") in real time. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use our mobile applications, website, APIs, and related services (the "platform").
By using the platform you confirm that you have read this Policy. Where the law requires consent, you will be asked to provide it separately and you may withdraw it at any time.
1. About this Policy
This Policy is drafted to align with the Nigeria Data Protection Act 2023 ("NDPA") and the NDPC General Application and Implementation Directive 2025 ("GAID").
2. Who we are and how to reach us
| General privacy enquiries | privacy@getjabb.com |
| Data Protection Officer (DPO) | dpo@getjabb.com |
| Regulator | Nigeria Data Protection Commission (NDPC) · info@ndpc.gov.ng · ndpc.gov.ng |
You may file a complaint with the NDPC at any time. You do not need to use our internal process first, although we ask that you try us first so we can fix issues quickly.
3. Personal data we collect
3.1 Account & identity data
Full name, phone number, email address, hashed password, profile photo, date of birth, gender (optional), and, for Workers and where Users opt in to verification: government ID details (for example, NIN, NIMC, driver's licence, voter's card), BVN (where required for Paystack subaccount setup), selfie/liveness images, and verification status.
3.2 Location data
- Foreground location: GPS coordinates, accuracy, and heading while you actively use the platform.
- Background location: GPS coordinates collected while the app is not in the foreground. Background location is collected only when you explicitly enable it and only when you have an active task or live shift. You can disable it at any time in your device or app settings.
- Approximate location: city/area derived from IP address.
3.3 Task & communication data
Task descriptions, photos and documents you upload, in-app chat messages, voice notes, call metadata (we do not record calls), reviews, ratings, and complaints.
3.4 Device & technical data
Device type and model, OS and version, app version, IP address, browser type, advertising identifier (where present and not reset by you), crash logs, performance metrics, and approximate device locale.
3.5 Payment-related data
Transaction references, payment status, amounts, provider settlement records, and bank account / mobile-money details for Paystack subaccounts. We do not store full card numbers or CVVs. Card data is handled by our licensed payment service providers (for example, Paystack) within PCI-DSS-compliant systems. GetJabb does not operate wallet balances or stored customer/provider funds.
3.6 Sensitive personal data (NDPA s.30)
Where you give us biometric data (face image for ID matching), or where we infer health/disability information from a task description, we treat that data as sensitive personal data and apply the additional safeguards in section 8.
3.7 Data about others
If you share a contact, emergency contact, or recipient's address, you confirm that you have authority to share that information with us.
4. How we use your data and the lawful basis for each use
We process personal data only where we have a lawful basis under NDPA s.25. The matrix below maps each processing purpose to its basis.
| Purpose | Categories used | Lawful basis |
|---|---|---|
| Create and manage your account | Account & identity, device | Performance of a contract |
| Verify your identity and run background/document checks | Identity, ID, biometric, BVN | Performance of a contract; legal obligation (KYC/AML); your consent for sensitive data |
| Match Users with nearby Workers and compute ETAs | Location, account | Performance of a contract |
| Process task payments through Paystack | Payment-related, account | Performance of a contract; legal obligation (tax, AML) |
| Detect, investigate, and prevent fraud, abuse, and safety incidents | All categories as needed | Legitimate interest; legal obligation |
| Provide customer support and resolve disputes | Account, task, communication, location | Performance of a contract; legitimate interest |
| Send transactional and safety notifications (OTPs, task updates) | Account, device | Performance of a contract |
| Send marketing communications | Account, device | Your consent (you can withdraw at any time) |
| Improve, secure, and develop the platform | Technical, aggregated/anonymised | Legitimate interest |
| Comply with Nigerian law and regulators | As required | Legal obligation |
| Defend, exercise, or establish legal claims | As required | Legitimate interest; legal claim |
Where we rely on legitimate interests, we have carried out a balancing assessment available on request from the DPO.
5. Automated decision-making and profiling
We use automated systems to:
- match Users with Workers based on location, rating, and availability;
- score risk for fraud, AML, and safety;
- rank and surface Workers in search results.
These do not produce legal or similarly significant effects on you without human involvement. If a decision (for example, account suspension) is taken solely by automated means and significantly affects you, you have the right under NDPA s.37 to be informed, request human review by writing to dpo@getjabb.com, and contest the decision.
6. How we share your data
We share personal data only with categories of recipients listed below and only to the extent needed.
| Recipient | Examples | Purpose |
|---|---|---|
| Other platform participants | Users ↔ Workers | Matching, communication, completing tasks |
| Payment service providers | Paystack and other CBN-licensed PSPs | Processing task payments and provider settlement through Paystack Split Payments |
| Identity & verification providers | NIMC integrations, BVN verification, KYC vendors | KYC/AML, fraud prevention |
| Communications providers | SMS/OTP gateways, email, push providers | Delivering messages and security codes |
| Cloud and infrastructure providers | Hosting, storage, logs, analytics | Running and securing the platform |
| Regulators and authorities | NDPC, FCCPC, FIRS, CBN, NFIU, EFCC, NPF, courts | Where legally required |
We do not sell your personal data. We do not rent your data. We do not share your data for third-party advertising.
All of our processors are bound by written data-processing agreements that require NDPA-compliant safeguards.
7. International data transfers
Some of our processors operate outside Nigeria. Where we transfer personal data outside Nigeria, we do so only on bases permitted by NDPA ss.41–43, including adequacy decisions, Standard Contractual Clauses, necessity to perform a contract with you, or your explicit consent. You can request the list of cross-border processors and safeguards by writing to dpo@getjabb.com.
8. Sensitive personal data
Where we process sensitive personal data we:
- limit collection to what is strictly necessary;
- require explicit, separate consent unless another NDPA s.30 basis applies;
- restrict access to a need-to-know group;
- apply encryption at rest and in transit;
- delete the data when no longer needed.
9. Data retention
We retain personal data only for as long as needed. The schedule below is our default; we may keep data longer where a law, regulator, or live dispute requires it.
| Data | Default retention |
|---|---|
| Account profile and credentials | While the account is active, plus 12 months after closure |
| Task records, ratings, reviews | 7 years (commercial records, dispute defence) |
| In-app chat | 24 months from last message |
| Raw GPS pings | 90 days; aggregated trip data 24 months |
| KYC/AML records | At least 5 years after end of relationship (MLPPA 2022) |
| Financial transaction records | 7 years (tax, FIRS) |
| Security logs (auth, access) | 18 months |
| Closed-case dispute evidence | 7 years from final decision |
We delete or anonymise personal data once the retention period ends, unless the law requires us to keep it longer.
10. Your rights
Under NDPA ss.34–37 you have the right to:
- Be informed about how we process your data (this Policy).
- Access the personal data we hold about you and a copy of it.
- Rectify inaccurate or incomplete data.
- Erase your data where the conditions in NDPA s.36 are met.
- Restrict processing in certain circumstances.
- Object to processing based on our legitimate interests or direct marketing.
- Data portability: receive your data in a structured, machine-readable format and ask us to transmit it to another controller where technically feasible.
- Withdraw consent at any time, without affecting processing carried out before withdrawal.
- Not be subject to a solely automated decision that significantly affects you (see section 5).
- Lodge a complaint with the NDPC at info@ndpc.gov.ng.
To exercise any right, contact dpo@getjabb.com. We will respond within one month as required by GAID.
11. How we secure your data
We use risk-appropriate technical and organisational safeguards, including:
- TLS encryption in transit and AES-256 (or equivalent) encryption at rest for sensitive fields;
- multi-factor authentication for staff with access to production data;
- role-based access controls and audit logs;
- secure software development lifecycle (code review, dependency scanning);
- regular vulnerability scanning and periodic penetration testing;
- data minimisation and pseudonymisation where feasible.
No system is perfectly secure. If a breach occurs we will notify the NDPC within 72 hours where required by NDPA s.40, and we will notify affected data subjects without undue delay where the breach is likely to result in high risk to your rights.
12. Responding to law enforcement and regulators
We disclose personal data to authorities only where required by Nigerian law, by a valid court order, or where we believe in good faith that disclosure is necessary to prevent imminent harm.
13. Children
The platform is for adults 18 years and older. We do not knowingly collect data from anyone under 18. If we discover that we have collected personal data from a minor we will delete it. Contact dpo@getjabb.com if you believe a minor has registered.
14. Cookies and similar technologies
Our website and app use cookies, SDKs, and similar technologies for authentication, security, analytics, and to remember preferences. Full details, including how to opt out of non-essential trackers, are in our Cookie Policy.
15. Marketing and promotional communications
We send promotional messages only with your consent. You can withdraw consent at any time:
- in-app: Settings → Notifications;
- email: click "unsubscribe" in any marketing email;
- SMS: reply STOP, or register on the NCC Do-Not-Disturb 2442 service.
Transactional and safety messages (for example, OTPs, task updates, fraud alerts) are not marketing and will continue.
16. Third-party links
The platform may contain links to third-party services. Their privacy practices are governed by their own policies. We are not responsible for them.
17. Changes to this Policy
We may update this Policy from time to time. For material changes we will notify you at least 14 days in advance via the app and/or email, and ask for fresh consent where required by law.
18. Contact
| Topic | Contact |
|---|---|
| General privacy enquiries | privacy@getjabb.com |
| Data Protection Officer | dpo@getjabb.com |
| Regulator | Nigeria Data Protection Commission · info@ndpc.gov.ng · ndpc.gov.ng |
Related: Terms of Service · Refund & Dispute Policy · Acceptable Use Policy.
This page is provided for general information and may be updated from time to time. It is not legal advice.