Halo
HomePersonalBusinessBanking as a Service
BlogContact
HaloLegal

Privacy Policy

How Halo collects, uses, stores, and protects your personal information when you use our products and services.

Last updated: May 22, 2026Account deletion

Contents

  • 1. Introduction
  • 2. Information we collect
  • 3. How we use your information
  • 4. Legal bases for processing
  • 5. Who we share your information with
  • 6. How long we keep your information
  • 7. Your rights
  • 8. How we protect your information
  • 9. International transfers
  • 10. Cookies and similar technologies
  • 11. Children
  • 12. Changes to this Policy
  • 13. How to contact us

1. Introduction

This Privacy Policy explains how Halo Microfinance Bank Ltd and Halo Asset Capital Management Limited (together, “Halo”, “we”, “us”, or “our”) collect, use, share, and protect personal information when you use our website, mobile applications, and related financial services (collectively, the “Services”).

Halo is committed to handling your personal data lawfully, fairly, and transparently in accordance with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), and the directives of the Central Bank of Nigeria (CBN) and the Securities and Exchange Commission (SEC).

By using the Services, you confirm that you have read and understood this Privacy Policy.

2. Information we collect

We collect information you provide directly, information collected automatically when you use the Services, and information from third parties such as our regulators and identity-verification partners.

Information you provide directly includes:

  • Identity and contact details: full name, date of birth, gender, residential address, email, phone number, government-issued ID (NIN, BVN, passport, driver's licence), and a selfie or live photo used for identity verification.
  • Financial details: bank-account information, debit/credit-card details, source of funds declarations, employer and occupation, and tax information where applicable.
  • Account and transaction details: usernames, passwords, security questions, beneficiaries, transfer instructions, savings goals, and investment preferences.
  • Communications: messages you send to our support team, complaint records, and feedback you provide.

Information collected automatically includes:

  • Device information: device model, operating system, unique device identifiers, mobile network information, and crash reports.
  • Usage information: pages visited, features used, time and duration of sessions, and interaction patterns within the Halo app.
  • Location information: approximate location derived from your IP address, and (where you grant permission) more precise location used for fraud prevention.
  • Cookies and similar technologies: as described in our Cookies section below.

Information from third parties includes data received from credit bureaux, the Nigeria Inter-Bank Settlement System (NIBSS), payment processors, fraud-prevention partners, and publicly available sources used to comply with “Know Your Customer” (KYC) and anti-money-laundering (AML) obligations.

3. How we use your information

We use personal information for the following purposes:

  • To open, operate, and maintain your Halo account and to provide the banking, savings, investment, and ancillary services you request.
  • To verify your identity and prevent fraud, money laundering, terrorist financing, and other unlawful activity, in line with CBN, NFIU, and SEC requirements.
  • To process transactions, settle payments, and provide statements and tax documents.
  • To communicate with you about your account, security alerts, regulatory notices, and changes to our terms or this Privacy Policy.
  • To improve, test, and develop new features for the Services, including diagnosing technical issues and analysing aggregated usage patterns.
  • To send you product updates, offers, and educational content where you have opted in to receive such communications.
  • To enforce our Terms of Use, defend legal claims, and comply with court orders and lawful requests from regulators or law-enforcement agencies.

4. Legal bases for processing

Under the NDPA, we rely on the following legal bases to process your personal data:

  • Contract: where processing is necessary to perform our agreement with you (for example, executing transactions you instruct).
  • Legal obligation: where we are required to process data by law or by directives of the CBN, SEC, NFIU, FIRS, or other competent authorities.
  • Legitimate interest: where processing is necessary for our legitimate interests in operating a safe and secure financial-services business — for example, fraud prevention, network and information security, and analytics — and those interests are not overridden by your rights.
  • Consent: where you have given us specific, informed consent — for example, for marketing communications or for using your precise location.

5. Who we share your information with

We share personal information only with parties that have a legitimate need to receive it, and only to the extent necessary. We do not sell your personal data.

  • Regulators and law enforcement: CBN, SEC, NFIU, NDIC, FIRS, NDPC, NITDA, courts, and other competent authorities, where required by law or to defend legal claims.
  • Service providers: identity-verification, KYC/AML, cloud-hosting, customer-support, analytics, and communications partners that process data on our behalf under strict confidentiality and data-processing agreements.
  • Payment networks and counterparties: NIBSS, card schemes, correspondent banks, and recipient institutions, to settle the transactions you instruct.
  • Group companies: Halo Microfinance Bank Ltd and Halo Asset Capital Management Limited may share data with one another for the purposes described in this Policy, under appropriate intra-group safeguards.
  • Successors in interest: in the event of a merger, acquisition, restructuring, or sale of assets, your information may be transferred to the relevant party, subject to commitments equivalent to those in this Policy.

6. How long we keep your information

We retain personal information for as long as your account is active and for as long as we are required to do so by law or regulation. In particular:

  • KYC, identity-verification, and transaction records are retained for at least five (5) years after the closure of your account, as required by the CBN AML/CFT Regulations and the NFIU.
  • Records relating to investment services are retained in line with SEC Rules and Regulations and other applicable capital-markets requirements.
  • Records of complaints, disputes, and chargebacks are retained until the matter is fully resolved and for such period thereafter as we reasonably consider necessary.
  • Marketing-preference records are retained for as long as needed to honour your opt-out and to evidence that we did so.

After the applicable retention period, your information is either securely deleted or anonymised so that it can no longer be associated with you.

7. Your rights

Subject to the NDPA and applicable financial-services regulations, you have the following rights in relation to your personal data:

  • Right of access: to obtain confirmation of whether we hold personal data about you and to receive a copy of that data.
  • Right of rectification: to have inaccurate or incomplete personal data corrected.
  • Right of erasure: to request deletion of your personal data, subject to the regulatory retention obligations described above.
  • Right to restrict or object to processing: in particular circumstances permitted by the NDPA.
  • Right to data portability: to receive a copy of certain personal data in a structured, commonly used, machine-readable format.
  • Right to withdraw consent: where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint: with the Nigeria Data Protection Commission (NDPC).

To exercise any of these rights, contact our Data Protection Officer using the details in Section 12. To request account deletion specifically, please see our dedicated Account Deletion page.

8. How we protect your information

We employ administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption of data in transit and at rest, role-based access controls, multi-factor authentication, 24/7 transaction monitoring, regular security testing, and staff training.

No method of transmission over the internet or method of electronic storage is one-hundred-percent secure. Where we become aware of a personal-data breach that is likely to result in a risk to your rights, we will notify you and the NDPC in accordance with the timelines set by the NDPA.

9. International transfers

Some of our service providers may process personal data outside Nigeria. Where this occurs, we take steps required by the NDPA to ensure that your information receives an adequate level of protection, including by entering into appropriate data-transfer agreements and assessing the data-protection regime of the destination country.

10. Cookies and similar technologies

Our website uses cookies and similar technologies to remember your preferences, understand how the site is used, and improve performance. You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the site.

11. Children

The Services are intended for adults aged 18 and above. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

12. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will revise the “last updated” date at the top of this page and, where the changes are material, we will provide additional notice (such as an in-app message or email).

13. How to contact us

If you have any questions or concerns about this Privacy Policy or our handling of your personal data, please contact our Data Protection Officer:

  • Email: privacy@myhalobank.com
  • Postal address: 1st Floor, 29A Barkley Street, Lagos Island, Lagos, Nigeria
  • You also have the right to lodge a complaint directly with the Nigeria Data Protection Commission (NDPC).
Halo

Halo is a savings and investment platform focused on helping Nigerians improve their personal and small business finances.

Personal Banking

  • Savings
  • Investments
  • Banking
  • Clubs & Societies
  • Lending

Business Banking

  • Transfers
  • Placements
  • Beneficiary Management

Banking-as-a-Service

  • Company Wallet
  • Account Management
  • Embedded Savings & Investments

Quick Links

  • About Us
  • Meet The Team
  • Blog
  • FAQs
  • Contact Us
Licensed by CBN
Microfinance Banking
SEC Regulated
Investment Management
  • Privacy Policy|
  • Terms and Conditions|
  • Account Deletion|
  • Licenses|
  • AML/CFT Policy|
  • Information Security Policy|
  • Data Protection Policy

Banking services are provided by Halo Microfinance Bank Ltd, a microfinance bank licensed by the Central Bank of Nigeria (CBN). Asset and investment management services are provided by Halo Asset Capital Management Limited, licensed by the Securities and Exchange Commission (SEC). Our financial products and solutions cater to the banking and investment needs of individuals and institutional clients. We provide investment services and other financial products through our web and mobile applications.

© 2026 Halo MFB  |  All rights Reserved