knit logo

Privacy Policy

Effective Date: 03/07/2025

1. Introduction

Welcome to Grats, a product of Veritic Innovations Limited ("we", "our", "us"). Veritic Innovations Limited is a company duly incorporated under the laws of the Federal Republic of Nigeria, with registration number 8028553.

Grats is a financial technology platform that allows users to send and receive gratitude through multiple payment options. Protecting your personal data is central to our mission of making gratitude safe, seamless, and trustworthy.

This Privacy Policy explains how we collect, use, disclose, and protect your information in line with:

  • Nigeria Data Protection Regulation (NDPR) 2023
  • Applicable international standards, including the General Data Protection Regulation (GDPR) where relevant.

By using Grats, you consent to the data practices described in this policy.

2. Privacy Principles

When you use Grats, we may collect:

  • Personal Identification Data: Name, date of birth, nationality, gender, (where applicable).
  • Contact Information: Email, phone number, mailing address.
  • Payment & Transaction Data: Bank account details, card details, mobile money, wallet activity, transaction history.
  • KYC/Verification Data: Government-issued ID, proof of address, biometric data (where required).
  • Usage Data: Interactions on the Grats platform, including gratitude messages attached to payments.
  • Technical Data: IP address, device information, browser type, cookies, and log files.

3. How We Use Your Information

  • Enable you to send and receive gratitude payments securely.
  • Fulfil KYC, AML, and CTF compliance obligations.
  • Meet GDPR and NDPR regulatory requirements.
  • Detect, investigate, and prevent fraud or unauthorized activity.
  • Provide customer support and respond to inquiries.
  • Improve Grats' features, personalize experiences, and develop new services.
  • Send you notifications, updates, and policy changes.

4. Legal Basis for Processing

We process your information based on:

  • Consent (e.g., account sign-up, marketing preferences).
  • Contractual necessity (to process payments and deliver Grats services).
  • Legal obligations (to comply with financial regulations).
  • Legitimate interests (platform security, fraud prevention, service improvements).

5. Data Sharing and Disclosure

Your data may be shared with:

  • Regulators: Regulatory authorities as legally required.
  • Financial Partners: Banks, card networks, mobile money operators, and payment processors.
  • Service Providers: Technology, fraud detection, compliance, and cloud hosting providers (under strict confidentiality).
  • International Partners: Where payments cross borders, subject to NDPR-approved safeguards.
  • Communication: Send information on service updates , downtime , regulatory notices etc.

To facilitate secure and compliant payment processing, we work with Grants PaymentsSolutions Limited, a company incorporated in the United Kingdom with company number 08111736.

To facilitate secure and compliant payment processing, Grats partners with Grants PaymentSolutions Limited (“GPSL”), a company duly licensed and regulated by the Central Bank of Nigeria (CBN) as an International Money Transfer Operator (IMTO) https://www.cbn.gov.ng/PaymentsSystem/InternationalMoneyTransferOperators.html.

GPSL executes all regulated remittance activities in Nigeria, and is responsible for all Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF), and Know-Your-Customer (KYC/CDD) compliance obligations.

Veritic Innovations Limited (“VIL”), the operator of Grats, acts solely as a technology service provider to GPSL. VIL does not receive, hold, or control customer funds, nor does it execute remittance transactions in its own name. Instead, VIL provides technology support (such as onboarding, user experience, and API orchestration) to GPSL

This arrangement ensures:

  • All regulated remittance services in Nigeria are performed by GPSL as the licensed entity.
  • VIL remains outside the regulatory perimeter, functioning only as a technology vendor.
  • Customer funds and compliance responsibilities are never transferred to VIL.
  • We do not sell or rent your personal data to third parties.

We do not sell or rent your personal data to third parties.

6. Data Retention

We maintain administrative, technical and physical controls designed to protect the personal data you provide.

We will retain your personal information only as long as necessary to:

  • Provide Grats services.
  • Comply with GDPR, AML/CTF, and NDPR requirements (generally 5–7 years).
  • Resolve disputes and enforce agreements.

7. Security Measures

We take strong precautions to keep your information safe, including:

  • End-to-end encryption for payment transactions.
  • Secure servers, firewalls, and intrusion detection systems.
  • Multi-factor authentication (MFA).
  • Regular monitoring and independent security audits.

8. Your Data Protection Rights

You have the right to:

  • Access and request a copy of your personal data.
  • Request corrections or deletion.
  • Withdraw consent where processing is based on consent.
  • Object to or restrict certain processing activities.
  • Request data portability.

9. Cookies & Tracking

We use cookies and similar technologies to:

  • Secure accounts.
  • Analyze usage patterns.
  • Improve user experience.

You can control cookie settings via your browser preferences.

10. Minor's Privacy

Grats is not intended for individuals under 18 years old. We do not knowingly collect or process children's data.

Where you have a belief that Grats has mistakenly or unknowingly collected information from a minor, please contact us to enable us investigate and restrict such data collection.

11. International Data Transfers

Grats is affiliated globally with service providers around the world. Your personal data may be transferred to other countries, but we will ensure reasonable steps to secure your personal data in compliance with Data Protection Laws.

12. Policy Updates

We may revise this Privacy Policy from time to time. Updates will be posted on our website/app and communicated by email where appropriate. The updates will reflect new or changed services and regulatory updates as required

If you have questions, concerns, or requests regarding this Privacy Policy, please contact: Grats

support@mygrats.com