Privacy & Cookies Policy
How we collect, use, share and protect your personal data — in line with the Nigeria Data Protection Act (NDPA) 2023 and NAICOM market conduct rules.
Last reviewed: May 2026
1. Introduction
InsureOnGo.Com Partnering Insurtech Limited (“InsureOnGo”, “we”, “us”, “our”) respects your privacy. This policy explains what personal data we collect about you, why we collect it, who we share it with, and the rights you have over your data. It applies to our website, our WhatsApp service (ChatSure™), our mobile experiences, and any other channel where you interact with us.
We process personal data as a data controller in line with the Nigeria Data Protection Act (NDPA) 2023 and applicable NAICOM regulations. For some products, we act as a data processor on behalf of the underwriting insurer.
2. Who we are
InsureOnGo.Com Partnering Insurtech Limited (RC 8030897) is a digital insurance marketplace and Partnering Insurtech, headquartered in Yaba, Lagos. We are pursuing a Partnering Insurtech Licence from the National Insurance Commission (NAICOM) under the NIIRA 2025 framework.
- Registered office: Yaba, Lagos, Nigeria
- General enquiries: [email protected]
- Data protection: [email protected]
3. Data we collect
We only collect data we actually need to quote, issue and service your policy:
- Identity data — full name, date of birth, gender, NIN, BVN (only where regulation requires identity verification).
- Contact data — phone number, email, residential address, WhatsApp number.
- Policy data — the cover you request, vehicle / property / health details specific to the product, sum insured, beneficiaries.
- Transactional data — premium payments, refunds, claim payouts. We do not store full card numbers; payments are tokenised via our PCI-DSS-compliant payment partners.
- Technical data — IP address, device type, browser, pages visited, referral source. Used to keep the site secure and to improve UX.
- Communications — messages you send us by chat, email, WhatsApp or phone, and our responses.
4. How we use it
We use your personal data to:
- Generate quotes and issue policies on behalf of our partner insurers.
- Verify your identity (KYC) as required by NAICOM and NDPA.
- Process premium payments, refunds and claim settlements.
- Send you policy documents, renewal reminders and service updates.
- Investigate complaints and resolve disputes.
- Improve our products, train our support team, and detect fraud.
- Meet our legal, regulatory and tax obligations.
- Send marketing — only where you have opted in, and only until you opt out.
5. Lawful basis
We process your data under one or more of the following lawful bases:
- Contract — to deliver the insurance product you requested.
- Legal obligation — KYC, AML/CFT, tax and NAICOM reporting.
- Legitimate interest — to secure our systems, prevent fraud, and improve our service. We balance this against your rights.
- Consent — for marketing and for any optional data points. You can withdraw consent at any time.
6. Sharing with insurers & partners
InsureOnGo is a distributor, not an underwriter. To provide a quote and issue cover, we share your data with the licensed insurer you select. We may also share data with:
- NAICOM-licensed insurers we partner with (the underwriter on your policy).
- Identity-verification providers (NIMC, NIBSS, Dojah, CheckMyNINBVN) — only for KYC checks.
- Payment processors and bank partners — to process premium and claim payments.
- Communications vendors (SMS, WhatsApp Business API, email) — only to deliver service messages.
- Our regulators (NAICOM, NDPC, FIRS, EFCC) — where required by law.
- Professional advisers (auditors, lawyers, accountants) — under confidentiality obligations.
We do not sell your data and we do not allow our partners to use your data for their own marketing without your separate consent.
7. How long we keep it
We retain policy and claims records for the duration of your policy plus a minimum of seven (7) years after expiry, in line with NAICOM record-keeping requirements and the Insurance Act. Marketing data is retained until you opt out. Identity-verification artefacts are retained as required by AML/CFT rules.
8. How we protect it
We follow security best practice for a regulated financial-services platform: SSL/TLS in transit, encrypted backups, least-privilege access for staff, mandatory MFA on admin accounts, regular vulnerability scanning, and an incident-response playbook tested at least annually. No system is perfectly secure, but we work hard to keep your data safe.
9. Your rights
Under the NDPA 2023, you have the right to:
- Access the personal data we hold about you.
- Correct data that is inaccurate or incomplete.
- Request deletion (where no overriding legal or regulatory duty applies).
- Object to processing for marketing purposes.
- Restrict processing while a complaint is being investigated.
- Withdraw consent at any time, where consent is the lawful basis.
- Lodge a complaint with the Nigeria Data Protection Commission (NDPC).
To exercise any of these rights, email [email protected]. We will respond within 30 days.
10. Cookies
A cookie is a small text file stored on your device when you visit our site. We use cookies in three categories:
| Category | What it does | Can I disable? |
|---|---|---|
| Strictly necessary | Keep you signed in, remember your basket, secure your session, store your cookie-consent choice. | No — the site won't work without these. |
| Performance | Anonymous analytics (page views, errors) so we can improve the site. | Yes, via the banner. |
| Marketing | Help us show relevant ads on other platforms (Meta, Google). | Yes, via the banner. |
You can change your cookie preferences at any time by clearing your browser cookies for this site — the consent banner will reappear on your next visit. You can also block or delete cookies directly in your browser settings.
11. Children's data
Our services are intended for adults aged 18 and above. We do not knowingly collect personal data from anyone under 18 except where a parent or legal guardian is buying cover on their behalf (e.g. family HMO, child education plans). If you believe a child has provided us with data without parental consent, please contact our DPO and we will delete it promptly.
12. Changes to this policy
We review this policy at least once a year and whenever there is a material change to how we handle your data. The “Last reviewed” date at the top reflects the most recent update. For significant changes we will notify you by email, in-app banner or WhatsApp before the change takes effect.
13. Contact our DPO
Our Data Protection Officer is your single point of contact for any data-protection question, request or complaint:
- Email: [email protected]
- Post: Data Protection Officer, InsureOnGo.Com Partnering Insurtech Limited, Yaba, Lagos, Nigeria
- Regulator: Nigeria Data Protection Commission — ndpc.gov.ng