AirtimeFlip Logo
    About us
    Product
    BlogHelp CentreContact us
Get Started

Privacy Policy

Effective Date: 1st July, 2026

AirtimeFlip (“AirtimeFlip ” , “the Company” , or “We”“our” , “us”) is a digital platform that enables users to convert airtime into cash, purchase airtime, buy data, and pay utility bills through a secure technology infrastructure. We are committed to protecting the privacy and personal data of all users in accordance with the Nigeria Data Protection Regulation (NDPR 2019), the Nigeria Data Protection Act 2023 (NDPA), and applicable global data protection principles. We value your Personal Data and we are committed to protecting your privacy whenever you interact with us.

This privacy policy (“Policy”) applies to your use of our products/services/sites. Please read this Privacy Notice (Notice) to understand our policies, processes, and procedures regarding the processing of your personal data.

By this Notice, We explain to you how your Personal Data is collected, used, managed, and transferred by Jobberman and also explain how you can update your Personal Data with us and exercise your rights in respect of the Personal Data provided to us.

1. Definitions

“Automated Decision-Making” means when a decision is made which is based solely on automated Processing (including Profiling) which produces legal effects or significantly affects an individual. The GDPR prohibits Automated Decision-Making (unless certain conditions are met) but not automated Processing;

“Consent” means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her;

“Data Controller” means a person who either alone, jointly with other persons or in common with other persons or as a statutory body determines the purposes for and the manner in which Personal Data is processed or is to be processed;

“Data Subject” means an identifiable person; one who can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity;

“Data Protection Impact Assessment or DPIA” means tools and assessments used to identify and reduce risks of a data Processing activity. DPIA can be carried out as part of Privacy by Design and should be conducted for all major system or business change programs involving the Processing of Personal Data;

“Data Protection Laws” means the NDPR, the GDPR and any relevant data protection laws;

“Data Protection Officer or DPO” means the person appointed as such under the Data Protection Laws and in accordance with its requirements. A DPO is responsible for advising Branch (including its employees) on their obligations under Data Protection Laws, for monitoring compliance with Data Protection Laws, as well as with Branch’s policies and providing advice;

“GDPR” means the EU General Data Protection Rules 2016/679;

“Legal Basis” means the basis for Processing Personal Data as set out in Paragraph 7 of this Policy

“NDPA” means Nigeria Data Protection Regulation 2023;

“NITDA” means National Information Technology Development Agency;

“Personal Data” means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; It can be anything from a name, address, a photo, an email address, bank details, posts on social networking websites, medical information, and other unique identifier such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM and others;

“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;

“Policy” means this Data Protection Policy;

“Privacy by Design and Default” means implementing appropriate technical and organisational measures in an effective manner to ensure compliance with the GDPR;

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Profiling” means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Profiling is an example of automated Processing;

“Pseudonymisation” means replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is meant to be kept separately and secure;

“Sensitive Personal Data” means Data relating to religious or other beliefs, sexual tendencies, health, race, ethnicity, political views trade union membership, criminal records or any other sensitive personal information;

“Third Party” means any natural or legal person, public authority, establishment or any other body other than the Data Subject, the Data Controller, the Data Administrator and the persons who are engaged by the Data Controller or the Data Administrator to process Personal Data; and

“AirtimeFlip” means All related digital services and platforms operated by AirtimeFlip

2. Introduction

2.1 AirtimeFlip takes its responsibilities with regard to the management of the requirements of the Data Protection Laws very seriously. This Policy sets out how Branch manages these responsibilities.

2.2 AirtimeFlip obtains, uses, stores and otherwise processes Personal Data relating to potential users, employees (applicants) and clients, current employees and clients, former employees and clients, current and former workers, contractors, website and application users and contacts, collectively referred to in this Policy as Data Subjects. When Processing Personal Data, AirtimeFlip is obliged to fulfill individuals’ reasonable expectations of privacy by complying with the Data Protection Laws.

2.3 This Policy therefore seeks to ensure that AirtimeFlip:

  • a. is clear about how Personal Data must be processed andAirtimeFlip’s expectations for all those who process Personal Data on its behalf;
  • b. comply with the Data Protection Laws and with good practice;
  • c. protect its reputation by ensuring the Personal Data entrusted to us is processed in accordance with Data Subjects’ rights; and
  • d. protect itself from risks of Personal Data Breaches and other breaches of the Data Protection Laws.

3. Scope

3.1 This Privacy Policy applies to:
Website: https://airtimeflip.com
Mobile application (AirtimeFlip App)
All related digital services and platforms operated by AirtimeFlip. By using our services, you agree to the terms of this Privacy Policy. This Policy applies to all Personal Data we process regardless of the location where that Personal Data is stored (e.g. on a user’s own device) and regardless of the Data Subject. All users and others Processing Personal Data on AirtimeFlip’s behalf must read it. A failure to comply with this Policy may result in disciplinary action.

3.2 Every member of staff of AirtimeFlip is required to read and assimilate the contents of this policy and to abide by it fully. AirtimeFlip shall have the right to seek redress against any member of staff whose failure to comply with this policy in any manner whatsoever results in damages being sought or awarded, or any legal action instituted against AirtimeFlip.

3.3 The Data Protection Officer is responsible for ensuring that all AirtimeFlip employees comply with this Policy and should implement appropriate practices, processes, controls and training to ensure compliance.

3.4 The DPO is responsible for overseeing for determining how your personal data is processed and protected, ‘Ifiegbunam Chisom Stephen ’ , and can be reached at support@airtimeflip.com

4. Personal Data Protection Principle

4.1 When we process Personal Data, we are guided by the following principles, which are set out in the Data Protection Laws. AirtimeFlip is responsible for, and demonstrates compliance with the data protection principles listed below:

4.2 Those principles require Personal Data to be:

  • A. processed lawfully, fairly, in a transparent manner and with respect for the dignity of the human person.
  • B. collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • C. adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed.
  • D. accurate and where necessary kept up to date.
  • E. not kept in a form which permits identification of Data Subjects for longer than is
  • F. necessary for the purposes for which the Personal Data is processed.
  • G. processed in a manner that ensures its security, using appropriate technical and
  • H. organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage.
  • I. Our services are intended for users aged 17 years and above. We do not knowingly collect data from individuals below this age. If such data is discovered, it will be deleted immediately.

5. Consent

5.1 AirtimeFlip shall obtain a Data Subject’s Consent if there is no other Legal Basis for the Processing. Consent requires genuine choice and genuine control. We process your data based on Contractual necessity (to provide services), legal obligations under Nigerian law and legitimate business interests (fraud prevention, system improvement, security).

5.2 A Data Subject Consents to the Processing of his or her Personal Data if he or she clearly indicates agreement either by a statement or positive action to the Processing. Consent must be specifically and expressly given. If Consent is given in a document that deals with other matters, you must ensure that the Consent is separate and distinct from those other matters.

5.3 Prior to giving consent, the Data Subject shall be informed of his or her right and the ease to withdraw his or her Consent at any time by uninstalling the app. Withdrawal of Consent must be promptly honoured once the data subject uninstalls the app.

5.4 Consent might need to be renewed if we intend to process Personal Data for a different and incompatible purpose which was not disclosed when the Data Subject first consented, or if the Consent is historic.

5.5 AirtimeFlip will store event tracking information that serve as evidence of the Consent to demonstrate compliance to consent.

5.6 No Consent shall be sought, given or accepted in any circumstance that may engender direct or indirect propagation of atrocities, hate, child rights violations, criminal acts and anti- social conduct.

6. Data Collection

6.1 AirtimeFlip collects the following information:

  • A. Registration Data: Full name (if provided during onboarding); Email address; Phone number; Password (encrypted)
  • B. Identity Verification (KYC): National Identification Number (NIN); Bank Verification Number (BVN)
  • C. Transaction Data: Airtime conversion requests; Data purchases; Bill payment records; Wallet activity logs
  • D. Uploaded Content: Profile picture; KYC documents and identity images
  • E. Technical Data: IP address; Device information; Browser type; Cookies and usage analytics

6.2 AirtimeFlip collects the above-mentioned information using website and in-app forms and through information gathered from the device.

6.3 When users send email or other communications to AirtimeFlip, we may retain those communications in order to process inquiries, respond to their requests and improve our services. When clients access AirtimeFlip’s services, the AirtimeFlip servers automatically record information that the customer’s/client’s browser sends whenever a person visits a page/website.

6.4 We may send transactional messages (account activity, confirmations); service updates; and marketing and promotional messages. Users may opt out of marketing emails at any time.

6.5 AirtimeFlip collects the above-mentioned information for evaluation of credit risk, due diligence, regulatory compliance, and marketing among other reasons.

6.6 Prior to collecting Personal Data from the Data Subject, AirtimeFlip shall provide the Data Subject with all of the following information contained in the privacy and security policy

  • A. identity and contact details of AirtimeFlip;
  • B. the email address of the DPO;
  • C. the purpose of the Processing for which the Personal Data is intended, as well as the legal basis for the Processing;
  • D. the legitimate interests pursued by AirtimeFlip or by any Third Party who has access to the Personal Data;
  • E. the recipients or categories of recipients of the Personal Data (if any);
  • F. where applicable, the fact that AirtimeFlip intends to transfer Personal Data to a recipient in a foreign country or a third country or international and the existence or absence of an adequacy decision by NITDA;
  • G. concerning the Data Subject or to object to Processing as well as the right to data portability;
  • H. the existence of the right to withdraw Consent for continuous data access at any time by uninstalling the app, without affecting the lawfulness of Processing based on Consent before its withdrawal;
  • I. the right to lodge a complaint with NITDA or any other relevant authority;
  • J. whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the Data Subject is obliged to provide the Personal Data and of the possible consequences of failure to provide such data;
  • K. where AirtimeFlip intends to further process the Personal Data for a purpose other than that for which the Personal Data is collected, AirtimeFlip shall provide the Data Subject prior to the further Processing, with information on that other purpose and with any relevant information.

6.7 Personal data must be accurate and, where necessary, kept up to date.

6.8 You should ensure that Personal Data is recorded in the correct files.

6.9 Incomplete records can lead to inaccurate conclusions being drawn and in particular, where there is such a risk, you should ensure that relevant records are completed.

7. Data Processing

7.1 AirtimeFlip must ascertain that the processing of the data is lawful.

7.2 Processing shall be lawful if at least one of the following applies:

  • A. the Data Subject has given Consent to the Processing of his or her Personal Data for one or more specific purposes;
  • B. Processing is necessary for the performance of a contract to which the Data Subject is a party or in order to take steps at the request of the Data Subject prior to entering into a contract;
  • C. Processing is necessary for compliance with a legal obligation to which the Controller is subject;
  • D. Processing is necessary in order to protect the vital interests of the Data Subject or of another natural person; and
  • E. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official public mandate vested in the controller.

7.3 We use your data to provide airtime-to-cash conversion services; process airtime, data, and bill payments; verify your identity (KYC compliance); prevent fraud and unauthorized transactions; communicate account updates and service notifications; send marketing and promotional messages (where consented); improve platform functionality and user experience; and comply with regulatory obligations.

7.4 We retain personal data for as long as your account remains active, OR until you request deletion of your account. Billing information (such as card details) is NOT stored on our servers. All stored data is retained securely in encrypted databases with strict access controls.

7.5 Users may request data modification via email support; request account deletion via email support; OR request correction of personal information. All requests will be processed within a reasonable timeframe, subject to verification.

8. Data Subjects' Right

Data subjects have rights in relation to the way we handle their Personal Data. These include the following rights:

  • A. Access your personal data and where the Legal Basis of our Processing is Consent, to withdraw that Consent to process additional information by uninstalling the app
  • B. to object to our Processing of Personal Data in limited circumstances; and
  • C. to ask us to rectify inaccurate data or to complete incomplete data;
  • D. to restrict Processing in specific circumstances e.g. where there is a valid complaint about accuracy;
  • E. the right not to be subject to decisions based solely on automated Processing, including Profiling, except where necessary for entering into, or performing, a contract, with AirtimeFlip, it is based on the Data Subject’s explicit consent; or is authorised by law and is also subject to safeguards;
  • F. to prevent Processing that is likely to cause damage or distress to the Data Subject or anyone else;
  • G. to be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms;
  • H. to make a complaint to NITDA or any other regulatory body
  • I. Object to processing for marketing purposes

To exercise these rights, contact: support@airtimeflip.com

9. Requests

9.1 AirtimeFlip shall take appropriate measures to provide any information relating to Processing to the Data Subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular, for any information addressed specifically to a child.

9.2 The information may be provided by electronic means.

9.3 We verify the identity of an individual requesting data. Where you have reasonable doubt concerning the identity of the person making the request for information, you may request the provision of additional information necessary to confirm the identity of the Data Subject.

9.4 We immediately forward any Data Subject Access Request you receive to the Data Protection Officer at support@airtimeflip.com

9.5 Information provided to the Data Subject and any communication and any action taken shall be provided free of charge. Where the Data Subject’s request is manifestly unfounded or excessive, in particular because of their repetitive character, AirtimeFlip may either:

  • A. charge a reasonable fee taking into account the administrative costs of providing the information or communicating or taking the action requested; or
  • B. write a letter to the Data Subject stating refusal to act on the request and copy NITDA on every such occasion.

9.6 We do not allow third parties to persuade you into disclosing Personal Data without proper authorisation. For example, customers'/clients’ spouses do not have an automatic right to gain access to their spouse’s data. Parents of Data Subjects do not have an automatic right to gain access to their child’s data.

9.7 We should not alter, conceal, block or destroy Personal Data once a request for access has been made. You should contact support@airtimeflip.com before any changes are made to Personal Data which is the subject of an access request.

10. Accountability

10.1 We implement appropriate technical and organisational measures in an effective manner to ensure compliance with the personal data protection principles. AirtimeFlip is responsible for, and must be able to demonstrate compliance with, the personal data protection principles above.

10.2 We do not sell your personal data. However, we may share your data with trusted third parties, including: KYC verification providers (e.g., Prembly); Payment processors (e.g., Monnify); Email service providers (e.g., Mailgun, Zoho Campaigns, ZeptoMail); and Security and fraud monitoring partners. All third parties are required to process your data securely and only for specified purposes.

10.3 We apply adequate resources and controls to ensure and to document the Data Protection Laws compliance including:

  • A. appointing a suitably qualified DPO;
  • B. integrating data protection into our policies and procedures, in the way Personal Data is handled by us and by producing required documentation such as privacy notices, records of Processing and records of Personal Data Breaches;
  • C. training members of staff on compliance with Data Protection Laws and keeping a record accordingly; and
  • D. regularly testing the privacy measures implemented and conducting periodic reviews and audits to assess compliance, including using results of testing to demonstrate compliance improvement effort.

11. Data Security

11.1 AirtimeFlip implements and sustains appropriate safeguards to protect Personal Data, taking into account in particular the risks to Data Subjects presented by unauthorised or unlawful Processing or accidental loss, destruction of, or damage to their Personal Data.

11.2 We implement industry-standard security measures including:

  • A. AES-256 encryption for data at rest
  • B. TLS/SSL encryption for data in transit
  • C. Two-Factor Authentication (2FA)
  • D. Web Application Firewall (WAF) protection
  • E. Role-based access controls
  • F. Hourly automated backups
  • G. Continuous system monitoring

Despite these measures, no digital system is completely secure. Users are advised to keep login credentials confidential.

11.3 Safeguarding will include the use of encryption and Pseudonymisation where appropriate. It also includes protecting the confidentiality (i.e. that only those who need to know and are authorised to use Personal Data have access to it), integrity and availability of the Personal Data. We will regularly evaluate and test the effectiveness of those safeguards to ensure the security of our Processing of Personal Data.

11.4 AirtimeFlip also implements measures for protecting the Personal Data that you process in the course of your duties. We handle Personal Data in a way that guards against accidental loss or disclosure or other unintended or unlawful Processing and in a way that maintains its confidentiality. We also exercise particular care in protecting Sensitive Personal Data from loss and unauthorised access, use or disclosure.

11.5 We take steps to comply with procedures and technologies we put in place to maintain the security of all Personal Data from the point of collection to the point of destruction.

11.6 Although AirtimeFlip primarily serves users in Nigeria, individuals accessing the platform from outside Nigeria (including Europe) may be subject to cross-border data transfers. We ensure adequate safeguards are applied where required.

11.7 We take steps to comply with all applicable aspects of this Policy, and not attempt to circumvent the administrative, physical and technical safeguards we implement and maintain in accordance with the Data Protection Laws standards to protect Personal Data.

12. Responsibilities Of The DPO

The DPO is responsible for:

  • A. advising AirtimeFlip and its employees of its obligations under the Data Protection Laws;
  • B. monitoring compliance with this Policy and Data Protection Laws, AirtimeFlip’s policies with respect to data protection and monitoring, training and audit activities that relate to compliance with the Data Protection Laws;
  • C. providing advice where requested on data protection impact assessments;
  • D. supervising internal data processing;
  • E. dealing with requests, complaints and enquiries from Data Subject and law enforcement agencies;
  • F. to cooperate with and act as the contact point between AirtimeFlip and NITDA;
  • G. the data protection officer shall in the performance of his or her tasks have due regard to the risk associated with Processing operations, taking into account the nature, scope, context and purposes of Processing.
  • All privacy-related inquiries should be directed to: support@airtimeflip.com

13. Employee Responsibilities

13.1 Employees who process Personal Data about AirtimeFlip employees, clients, applicants, alumni or any other individual must comply with the requirements of this Policy. Employees must ensure that:

  • A. all Personal Data is kept securely;
  • B. no Personal Data is disclosed either verbally or in writing, accidentally or otherwise, to any unauthorised Third Party;
  • C. Personal Data is kept in accordance with this Policy;
  • D. any queries regarding data protection, including subject access requests and complaints, are promptly directed to the DPO and the Data Protection team;
  • E. any data protection breaches are swiftly brought to the attention of the Data Protection team and the DPO and that they support the Data Protection team in resolving breaches; and
  • F. where there is uncertainty around a data protection matter advice is sought from the Data Protection team and the DPO.

13.2 Where employees are responsible for adhoc staff or short-term staff or volunteers or contractors or interns or any person by whatever name called, doing work which involves the Processing of personal information, they must ensure that such person is aware of the data protection principles.

13.3 Employees who are unsure about who are the authorised third parties to whom they can legitimately Disclose Personal Data should seek advice from the Data Protection team or the DPO. 13.4 AirtimeFlip employees may only process Personal Data when performing job duties requires it and should not process Personal Data for any reason unrelated to job duties.

14. Third-Party Data Processors

14.1 Data Processing by a Third Party shall be governed by a written contract between the Third Party and AirtimeFlip.

14.2 Where external companies are used to process Personal Data on behalf of AirtimeFlip, responsibility for the security and appropriate use of that data as long as it remains with AirtimeFlip.

14.3 Where a Third-Party data processor is used:

  • A. the Third-Party data processor shall be chosen by AirtimeFlip and the data processor must provide sufficient guarantees about its security measures to protect the Processing of Personal Data;
  • B. reasonable steps must be taken by the DPO to ensure that such security measures are in place;
  • C. a written contract establishing what Personal Data will be processed and for what purpose, provided by the information Compliance team, must be entered into by both parties i.e. the Third-Party data processor and AirtimeFlip.

4.4 AirtimeFlip shall ensure that the Third-Party data processor does not have a record of violating the principles of data Processing and that the Third Party is accountable to NITDA or a reputable regulatory authority for data protection within or outside Nigeria.

14.5 AirtimeFlip may only transfer Personal Data to Third Party service providers (i.e. data processors) approved by the DPO who provide sufficient guarantees to implement appropriate technical and organisational measures to comply with Data Protection Laws and who agree to act only on AirtimeFlip’s instructions.

14.6 We use cookies to iImprove user experience, analyze platform performance and personalize content and advertising. We use profiling cookies (for user experience and marketing optimization). We do NOT use third-party tracking cookies for unauthorized external profiling. Users may disable cookies in browser settings; however, this may affect platform functionality.

14.7 Our platform may contain links to third-party services. We are not responsible for their privacy practices.

14.8 For further guidance about the use of Third-Party data processors please contact Data Protection team.

15. Contractors, Short-Term And Voluntary Staff

15.1 AirtimeFlip is responsible for the use made of Personal Data by anyone working on its behalf. Managers who employ contractors or short term or voluntary staff must ensure that they are appropriately vetted for the data they will be processing. In addition, managers should ensure that:

  • A. any Personal Data collected or processed in the course of work undertaken for AirtimeFlip is kept securely and confidentially;
  • B. all Personal Data is returned to AirtimeFlip on completion of the work, including any copies that may have been made. Alternatively, the data is securely destroyed and AirtimeFlip receives notification in this regard from the contractor or short term / voluntary member of staff;
  • C. AirtimeFlip receives prior notification of any disclosure of Personal Data to any other organisation or any person who is not a direct employee of the contractor;
  • D. any Personal Data made available by AirtimeFlip, or collected in the course of the work, is neither stored nor processed outside Nigeria unless written Consent to do so has been received from AirtimeFlip; and
  • E. all practical and reasonable steps are taken to ensure that contractors, short term or voluntary staff do not have access to any Personal Data beyond what is essential for the work to be carried out properly.

15.2 For further guidance on this item, please contact the DPO.

16. Customer/Client And User Responsibilities

Customers/Clients and Users are responsible for:

  • A. familiarising themselves with the privacy policy provided when their relationship with AirtimeFlip commences;
  • B. ensuring that their Personal Data provided to AirtimeFlip is accurate and up to date.

17. Reporting A Personal Data Breach

17.1 AirtimeFlip is required to report any Personal Data Breach where there is a risk to the rights and freedoms of the Data Subject. Where the Personal Data Breach results in a high risk to the Data Subject, he/she also has to be notified unless subsequent steps have been taken to ensure that the risk is unlikely to materialise, security measures were applied to render the Personal Data unintelligible (e.g. encryption) or it would amount to disproportionate effort to inform the Data Subject directly. In the latter circumstances, a public communication must be made, or an equally effective alternative measure must be adopted to inform Data Subjects, so that they themselves can take any remedial action.

17.2 We have put in place procedures to deal with any suspected Personal Data Breach and will notify Data Subjects or the relevant regulator where we are legally required to do so. All suspected breach of Personal Data should be remedied with 1 (one) month from the date of the report of the breach.

17.3 If you know or suspect that a Personal Data Breach has occurred, you should immediately contact the Data Protection team at admin@airtimeflip.com. AirtimeFlip will retain all evidence relating to Personal Data Breaches in particular to enable AirtimeFlip to maintain a record of such breaches, as required by the Data Protection Laws.

17.4 Records of Personal Data Breaches must be kept by each employee or member of staff who observes or has reason to believe that a Data Breach has occurred. The record must set out:

  • A. the facts surrounding the breach;
  • B. its effects; and
  • C. the remedial action taken.

17.5 AirtimeFlip will not be responsible for any Personal Data breach which occurs as a result of:

  • A. an event which is beyond the control of AirtimeFlip;
  • B. an act or threats of terrorism;
  • C. an act of God (such as, but not limited to fires, explosions, earthquakes, drought, tidal waves and floods) which compromises AirtimeFlip’s data protection measures;
  • D. war, hostilities (whether war be declared or not), invasion, act of foreign enemies, mobilisation, requisition, or embargo; and
  • E. rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises AirtimeFlip's data protection measures;
  • F. the transfer of your personal data to a third party on your instructions; and
  • G. the use of your personal data by a third party designated by you.

18. Limitations On The Transfer Of Personal Data

18.1 Where it is intended that Personal Data shall be transferred to a foreign country or to an international organisation for processing, the affirmation of the Attorney-General of the Federation, that the data protection levels in the foreign country or international organisation are adequate in accordance with the provisions of the NITDA regulations, must be obtained.

18.2 An application to the Attorney General of the Federation shall be accompanied by all data protection laws applicable to the foreign data processor, including all data protection policies of the said foreign recipient.

18.3 In the absence of any decision by the Attorney-General of the Federation as to the adequacy of safeguards in a foreign country, a transfer or a set of transfers of Personal Data to a foreign country or an international organisation shall take place only on one of the following conditions:

  • A. The Data Subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the Data Subject due to the absence of an adequate decision and appropriate safeguards and that there are no alternatives.
  • B. the transfer is necessary for the performance of a contract between the Data Subject and AirtimeFlip or the implementation of pre-contractual measures taken at the Data Subject's request;
  • C. the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between AirtimeFlip and another natural or legal person;
  • D. the transfer is necessary for important reasons of public interest;
  • E. the transfer is necessary for the establishment, exercise or defence of legal claims; and
  • F. The transfer is necessary in order to protect the vital interests of the Data Subject or of other persons, where the Data Subject is physically or legally incapable of giving Consent.

18.4 Provided, in all circumstances above, that the Data Subject shall be manifestly made to understand through clear warnings of the specific principle(s) of data protection that are likely to be violated in the event of transfer to a third country, except where the Data Subject is answerable in duly established legal action for any civil or criminal claim in a third Country.

19. Training And Audit

19.1 We are required to ensure that all AirtimeFlip employees undergo adequate training to enable them to comply with Data Protection Laws. We also periodically regularly test our systems and processes to assess compliance.

19.2 We carry out data privacy related training.

19.3 We periodically review systems and processes under our control to ensure they comply with this Policy.

19.4 We do not currently use automated decision-making that produces legal or significant effects on users without human intervention.

20. Direct Marketing

20.1 We are subject to certain rules and privacy laws when marketing to our customers/clients and potential customers/clients, alumni and any other potential user of our services. The limited exception for existing customers/clients allows organisations to send marketing texts or emails if they have obtained contact details in the course of a sale to that they are marketing similar services.

21. Sharing Personal Data

21.1 In the absence of Consent, a legal obligation or other legal basis of Processing, Personal Data should not generally be disclosed to third parties unrelated to AirtimeFlip, with the exception of reports to credit bureaus and contact information that is shared with collections agencies should the user fail to pay their loan.

21.2 Further, without a court order, the law enforcement agencies and their agents have no automatic right of access to records of Personal Data, though voluntary disclosure may be permitted for the purposes of preventing/detecting crime or for apprehending offenders. You should refer to law enforcement agents that request Personal Data to the DPO.

21.3 Sharing of Personal Data for research purposes may also be permissible, subject to certain safeguards. If you need guidance or clarification, please contact the Data Protection team on support@airtimeflip.com

22. Changes To This Policy

We may update this Privacy Policy from time to time. Where changes are material Users will be notified via email or platform notice. Continued use of the platform constitutes acceptance of updates. We reserve the right to change this Policy at any time without notice to you. We will however notify you any time this Policy is amended.

23. Contact Information

For all privacy-related issues, complaints, or requests:
Email: support@airtimeflip.com

Follow us

Helpful links

© 2026 AirtimeFlip Technology. All Rights Reserved

Follow us

Office address

1021 E Lincolnway Unit #908 Cheyenne, WY 82001.
Abuja, Nigeria.

Email Contact

support@airtimeflip.com

Donwload mobile app

appstore

Download on the

App store

playstore app

Get it on

Google play