NINFix

Privacy Policy

Last updated: 30 May 2026

NINFix (“we”, “us”, “our”) helps Nigerians understand, resolve and track their National Identification Number (NIN) process. We take your privacy seriously and process your personal data in line with the Nigeria Data Protection Act, 2023 (NDPA) and the Nigeria Data Protection Regulation. This policy explains what we collect, why, who we share it with, how long we keep it, and the rights you have.

The short version

  • • We collect only what each feature needs.
  • • We never ask for or store your full BVN, biometrics, or ID scans.
  • • We never change your NIMC data, we only guide you and, with your consent, display your own record.
  • • If you view your record, we keep only a masked NIN (last 3 digits), not the full record or photo.
  • • We never sell your data.

1. Who is responsible for your data

NINFix is the data controller for the personal data processed through this service. For any privacy question or request, contact privacy@ninfix.org.

2. Information we collect

  • Account & profile: your name, email address, optional phone number, and the date you accepted these terms (NDPA consent).
  • Your cases: the NIN issue category you select, your progress (steps and document checklist), and any field you flag as wrong (with the current value, so your fix has context).
  • NIN record lookups (optional): if you use “My NIN Record”, we keep an audit entry of each lookup, a masked NIN (last 3 digits), the provider name, and whether it succeeded or failed. See section 5.
  • Billing: subscription status and billing identifiers from our payment processor (Paystack). We do not see or store your card details.
  • Technical: basic, security-related data such as authentication session cookies. We do not use advertising trackers.

3. What we never collect or store

  • Your full 11-digit NIN as a stored value (we store it masked).
  • Your full BVN, fingerprints, signature or other biometrics.
  • Scans or photos of your ID documents.
  • Your card details, these go directly to Paystack.
  • The full record or photo returned when you view your NIN, it is shown for that session only and then discarded.

4. How we use your data

We use your data to:

  • generate your personalized resolution plan and document checklist;
  • track your progress and, if you ask, send you reminders;
  • display your own official record when you request it, with your consent;
  • manage your subscription and provide support;
  • keep the service secure and prevent abuse.

We do not sell your data or use it for third-party advertising.

5. Viewing your official NIN record

“My NIN Record” is optional and consent-first. You authorise it using a Virtual NIN (vNIN) that you generate yourself with a government-approved verification provider, we never ask for your full NIN. The lookup runs entirely on our servers; provider keys never reach your browser.

After showing your record, we retain only a masked NIN, the provider name, and the lookup outcome (for support and to limit billable lookups), plus any field you choose to flag for a correction. Your photo, signature and the raw provider data are never stored.

6. Lawful basis (NDPA)

We rely on:

  • Consent, for creating your account and for retrieving your NIN record (you can withdraw it at any time);
  • Performance of a contract, to provide the features you sign up for and manage your subscription;
  • Legitimate interests, to keep the service secure and improve it, balanced against your rights.

7. Who we share data with (processors)

We share the minimum necessary with trusted service providers who process data on our behalf under contract:

  • Supabase, secure database and authentication (stores your account, profile and cases).
  • Paystack, payment processing and subscriptions (handles your card data directly; we never see it).
  • Resend, sending transactional and reminder emails.
  • A government-approved verification provider, only if you use “My NIN Record”, to retrieve your own record via your vNIN.

We do not share your data with anyone else without your consent, unless required by law.

8. Government portals

NINFix is independent and not affiliated with NIMC. We do not access, scrape, or automatically check any government portal on your behalf. You report your own status to us, and you make all corrections yourself through official NIMC channels.

9. How long we keep your data

We keep your account and case data while your account is active. If you delete your account, we delete your personal data, subject to any limited records we must keep for legal, tax or fraud-prevention reasons. Lookup audit entries are kept only as long as needed for support and abuse prevention.

10. Security

We protect your data with industry-standard measures, including encryption in transit, row-level security so you can only access your own data, server-side handling of all sensitive operations and API keys, and data minimisation. No system is perfectly secure, but we work to keep your data safe.

11. Your rights

Under the NDPA you have the right to:

  • access the personal data we hold about you;
  • correct inaccurate data (you can edit your details in your account);
  • delete your account and data;
  • withdraw consent at any time;
  • object to or restrict certain processing;
  • lodge a complaint with the Nigeria Data Protection Commission (NDPC).

To exercise any of these, use your account page or email privacy@ninfix.org.

12. Cookies

We use only essential cookies needed to keep you signed in and the service secure. We do not use advertising or cross-site tracking cookies.

13. Children

NINFix is intended for adults managing their own NIN (or that of a dependant they are authorised to assist). We do not knowingly create accounts for children.

14. Changes to this policy

We may update this policy from time to time. We will change the “last updated” date above and, where appropriate, notify you. Continued use of NINFix after an update means you accept the revised policy.

15. Contact

Questions about your data or this policy? Email privacy@ninfix.org.