Privacy Policy

Account and identity data

When you create a Resida account, we collect your full name, email address, phone number, and a secure password hash. For tenant and host KYC, we additionally collect government-issued identity documents (NIN, passport, or driver's licence) and a selfie for liveness verification.

Financial data

We do not store raw card details. Payments are processed by Paystack, a PCI-DSS Level 1 certified processor. We store balances, transaction references, amounts, purposes, and timestamps within our encrypted database.

Property and lease data

Property addresses, unit details, lease terms, rent amounts, and maintenance request descriptions are stored as part of the core platform service.

Usage data

We collect IP addresses, browser type, device identifiers, pages visited, and session durations via server logs and first-party analytics. We do not use third-party advertising trackers.

To create and manage your Resida account and verify your identity.

To process payments, manage your funds, and execute rent deductions.

To match tenants with properties and coordinate property visits.

To send transactional notifications (payment receipts, lease updates, maintenance status) via email, SMS, or in-app messages.

To generate financial reports, audit logs, and compliance records.

To improve platform performance and diagnose technical issues.

To comply with applicable Nigerian law, including the Nigeria Data Protection Act 2023 (NDPA).

Contract performance: processing your payments, managing your lease, and providing the core service.

Legitimate interests: fraud prevention, security monitoring, platform improvement, and audit logging.

Consent: marketing communications and optional data sharing — you may withdraw consent at any time from your profile settings.

Legal obligation: KYC verification, tax compliance, and responding to lawful regulatory requests.

Service providers

We share data with trusted service providers only as necessary to deliver the platform: Paystack (payments), AWS S3 / Cloudinary (document and image storage), Termii (SMS notifications), and our cloud hosting provider.

Property owners and agents

If you are a tenant, your name, contact details, and lease information are visible to the property owner and assigned agent for operational purposes.

Legal disclosure

We may disclose personal data if required by Nigerian law, court order, or a regulatory authority. We will notify affected users where legally permitted.

No sale of data

We do not sell, rent, or trade your personal data to third parties for marketing or advertising purposes.

Active account data is retained for the duration of your relationship with Resida.

Financial transaction records are retained for a minimum of seven (7) years in accordance with Nigerian financial regulations.

KYC documents are retained for the duration of the account plus five (5) years after closure.

You may request deletion of non-financial, non-legally-required data by contacting us at privacy@resida.app.

All data in transit is encrypted using TLS 1.2+.

Database data at rest is encrypted using AES-256.

JWT tokens are short-lived and stored with a Redis-backed blocklist for immediate revocation.

Administrative accounts are protected by TOTP-based two-factor authentication.

All financial operations are logged in immutable audit records with before/after state snapshots.

We conduct regular security reviews and penetration testing.

Access: request a copy of the personal data we hold about you.

Correction: ask us to correct inaccurate or incomplete data.

Deletion: request erasure of data that is no longer legally required to be retained.

Portability: receive your data in a machine-readable format.

Objection: object to processing based on legitimate interests.

Withdraw consent: opt out of marketing communications at any time.

To exercise any of these rights, email privacy@resida.app. We will respond within 30 days.

We use strictly necessary session cookies to maintain authentication state.

We use first-party analytics cookies (no third-party tracking scripts) to understand how the platform is used.

You can disable non-essential cookies via your browser settings. Disabling session cookies will prevent you from remaining logged in.

Resida is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us immediately at privacy@resida.app.

We may update this Privacy Policy periodically. Material changes will be communicated via email or an in-platform notification. The "Last updated" date at the bottom of this page always reflects the most recent revision.

Data Controller: Resida Technologies Ltd, Victoria Island, Lagos, Nigeria.

Privacy enquiries: privacy@resida.app

You may also lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.