Mobiris Privacy Policy

1. Who we are

Mobiris is a product of Growth Figures Limited, a company registered in Nigeria, and operates Mobility OS as a multi-company mobility operations platform for driver onboarding, verification, fleet operations, guarantor management, payments, and risk governance.

Growth Figures Limited operates Mobiris as a platform provider and processor or controller depending on the workflow and applicable law. Companies using Mobility OS may separately act as controllers for their own operational records.

Platform issuer and owner website: growthfigures.com.

For data requests or privacy questions, contact support@mobiris.ng unless a different privacy contact is shown in your organisation onboarding flow.

2. Data we collect

We collect account and contact data such as name, email address, phone number, organisation, role, and login credentials.

For identity verification, we may collect government identity references, identity numbers or masked references, date of birth, gender, verification status, liveness/selfie images, provider-returned identity images, and provider-backed identity attributes.

For operations, we may collect driver, guarantor, vehicle, assignment, remittance, wallet, and document records needed for tenancy and mobility workflows.

We also collect platform security and audit data such as device/session events, consent records, permissions, and administrative audit trails.

3. Sensitive personal data and biometrics

Identity verification in Mobility OS may involve biometric processing, including live selfie capture, liveness checks, face comparison, and government or provider-backed portrait matching. This is treated as sensitive personal data.

We process biometric and government identity data only for verification, fraud prevention, compliance, dispute handling, safety, and platform risk governance.

We do not expose raw biometric templates to company operators. Canonical biometric matching and person resolution remain inside the intelligence plane with restricted access controls.

4. Purposes of processing

We process personal data to create and secure accounts, onboard drivers and guarantors, complete identity verification, prevent fraud, manage fleet operations, process payments, maintain compliance, and support customer service.

We may also use data to detect duplicate identities, assess risk, maintain watchlists, open review cases, and preserve legally required audit trails across the platform.

Where required by law, we rely on explicit consent for sensitive verification processing. We may also rely on contractual necessity, legal obligations, legitimate interests in fraud prevention and platform security, and other lawful bases permitted by NDPR, GDPR, or local law.

5. Third-party processors and sharing

Mobiris may use third-party processors for identity verification, liveness, payments, cloud infrastructure, document storage, messaging, and email delivery. These may include identity providers such as Youverify or Smile Identity, payment processors such as Paystack or Flutterwave, cloud storage providers, and transactional email providers.

We share only the data reasonably necessary for each processor to perform the requested service, and we require appropriate contractual and security protections.

Companies do not receive cross-company identity graphs. Company users receive only company-safe derived signals such as verification status, risk band, or reverification-required flags where operationally necessary.

6. Cross-company identity linkage and risk governance

Mobility OS may link successfully verified humans to one canonical person record in the intelligence plane so that repeated fraud, duplicate identity attempts, unresolved defaults, or guarantor overexposure can be assessed safely across organisations.

This canonical model is used for fraud prevention, platform integrity, and governance. It is not a public directory and is not exposed to companies as a cross-company lookup.

Only authorised platform staff in the control plane may access cross-company intelligence views for governance, compliance, review, and security purposes.

7. Retention and deletion

We retain operational, financial, verification, and audit records only for as long as necessary to provide the service, comply with law, resolve disputes, prevent fraud, and enforce platform safety controls.

Sensitive verification materials are retained according to documented retention controls and may be deleted, anonymised, or restricted when no longer required for the original purpose, legal compliance, or fraud-prevention evidence.

Where deletion cannot be immediate because of legal, audit, security, or dispute obligations, we will restrict processing and retain only what is necessary for those obligations.

8. Your rights

Subject to applicable law, you may request access to your personal data, correction of inaccurate data, deletion, restriction of processing, objection where applicable, portability where applicable, and withdrawal of consent for future sensitive processing.

Where we process data on behalf of a company, some requests may need to be routed through that organisation as controller of the operational workflow.

You may submit requests through in-app support, account settings where available, or by contacting support@mobiris.ng.

9. Security

We use layered technical and organisational controls including HTTPS in transit, access controls, audit logging, guarded internal APIs, encrypted or restricted biometric artifacts, and controlled storage for documents and verification assets.

We do not intentionally publish sensitive identity or document materials. Access is limited to authorised services and users with a legitimate operational or governance need.

10. International transfers and updates

Where data is processed outside your jurisdiction, we apply appropriate safeguards permitted by applicable law and our processor arrangements.

We may update this policy from time to time. Material updates will carry a new version and may require renewed consent where legally required.