Welcome to Tizela.
This Privacy Policy explains how Tizela Technologies Ltd ("Tizela", "we", "our", or "us") collects, uses, stores, protects, and shares your personal information when you access or use the Tizela website, mobile applications, or any of our related services (collectively, the "Platform").
Your privacy is important to us. We are committed to handling your personal information responsibly, transparently, and in accordance with the Nigeria Data Protection Act (NDPA), 2023, its General Application and Implementation Directive (GAID), and other applicable laws.
By creating an account or using our Platform, you acknowledge that you have read and understood this Privacy Policy.
1. About Tizela
Tizela is an online marketplace that connects guests with verified hosts offering:
-
Short-let apartments
-
Car rentals
Tizela provides the technology platform that facilitates discovery, booking, payments, communication, and dispute resolution. Unless expressly stated otherwise, Tizela does not own, manage, or operate the properties or vehicles listed on the Platform.
2. Who We Are - Data Controller and Data Protection Officer
For the purposes of the NDPA, Tizela Technologies Ltd is the data controller responsible for your personal information collected through the Platform.
Our designated Data Protection Officer (DPO) can be reached at
- Email: privacy@tizela.com
3. Scope of this Policy
This Privacy Policy applies to:
-
Visitors to our website
-
Guests
-
Hosts, property owners, and property managers
-
Car owners
-
Individuals contacting our customer support team
-
Anyone using our mobile applications or related services
4. Information We Collect
The information we collect depends on how you interact with Tizela.
A. Account Information
When you create an account, we may collect:
-
Full name
-
Email address
-
Mobile phone number
-
Date of birth
-
Profile photograph (optional)
-
Password (stored in encrypted form)
B. Identity Verification
To protect our marketplace and comply with legal obligations, we may request:
-
National Identification Number (NIN)
-
Driver's Licence
-
International Passport
-
Permanent Voter's Card
-
Selfie verification
-
Business registration documents (where applicable)
Verification may be required before listing a property or vehicle, receiving payouts, or completing certain bookings.
Identity verification data, including your NIN, is treated as sensitive personal information. We limit access to this data to personnel and systems that require it for verification or fraud-prevention purposes, store it separately from general account data with additional encryption at rest, and retain it only for as long as described in Section 10 (Data Retention). We do not share your NIN with hosts, guests, or any party other than the identity verification providers and regulators described in this Policy.
C. Booking Information
When you make or receive bookings, we collect information such as:
-
Booking dates, check-in and check-out dates
-
Number of guests and rental duration
-
Listing selected, booking requests, approvals, or declines
-
Cancellations, refund information, and booking history
D. Payment Information
When payments are made through Tizela, we may collect:
-
Payment reference numbers and transaction IDs
-
Payment and refund status
-
Bank account details for host payouts
For your security, debit and credit card information is processed by our licensed payment partners (including Paystack) and is not stored on Tizela's servers. Bank account details collected for host payouts are encrypted at rest and accessible only to the systems and personnel responsible for processing payouts. Our payment partners may independently retain transaction data in accordance with their own privacy policies and applicable financial regulations.
E. Communications
We collect communications made through our Platform, including:
-
Messages between guests and hosts
-
Customer support conversations
-
Reviews and ratings
-
Reports submitted to Trust & Safety
Booking and security notifications may be delivered through third-party messaging channels, including SMS and WhatsApp Business messaging. Where a message is sent via WhatsApp, your phone number and the content of that notification are processed by Meta and our messaging delivery partners in accordance with their own privacy terms, in addition to this Policy.
F. Device Information
When you access Tizela, we automatically collect technical information such as:
-
Device type, operating system, and browser type
-
IP address and device identifiers
-
Mobile network and app version
-
Crash reports and performance information
G. Location Information
With your permission, we may collect your location to:
-
Show nearby listings and improve search results
-
Recommend relevant properties
-
Match booking location against device location to detect suspicious or fraudulent activity
You may disable location access through your device settings at any time.
5. Lawful Basis for Processing
Under the NDPA, we rely on the following lawful bases, depending on the activity:
-
Performance of a contract --- to create your account, process bookings, and facilitate payments.
-
Consent --- for optional features such as location access, marketing communications, and profile photographs.
-
Legal obligation --- for identity verification, tax and financial record-keeping, and responding to lawful requests from regulators or law enforcement.
-
Legitimate interest --- for fraud prevention, Platform security, and service improvement, balanced against your rights and interests.
Where we rely on consent, you may withdraw it at any time as described in Section 11 (Your Privacy Rights).
6. How We Use Your Information
We use your information to:
-
Create and manage your account; verify your identity
-
Process bookings, payments, and refunds
-
Facilitate communication between guests and hosts
-
Prevent fraud and detect suspicious activity
-
Improve our Platform and personalize your experience
-
Respond to customer support requests
-
Send booking updates and security notifications
-
Comply with legal obligations and enforce our Terms and Conditions
7. Communications You Receive
Tizela may send you:
-
Booking confirmations, approvals, and decline notifications
-
Payment confirmations, refund notifications, and cancellation reminders
-
Security alerts and verification requests
-
Customer support updates and important policy changes
Where permitted by law, we may also send promotional communications. You may opt out of marketing messages at any time, including via WhatsApp, SMS, or email, without affecting transactional or security notifications related to your bookings.
8. How We Share Your Information
We do not sell your personal information. We only share information where necessary to provide our services.
With Hosts
When you make a booking, the host may receive information necessary to complete your reservation, including your name, phone number, profile photograph (if available), booking details, and arrival information.
With Guests
Once a booking is confirmed, guests may receive the host's name, listing information, contact information where necessary, and check-in instructions.
With Service Providers
We work with trusted third-party providers who assist us with:
-
Payment processing (including Paystack)
-
Identity verification
-
Cloud hosting
-
Customer support and analytics
-
SMS, WhatsApp, and email delivery
-
Push notifications
These providers only receive the information necessary to perform services on our behalf, and are contractually required to protect that information and use it only for the purposes we specify.
Legal Requirements
We may disclose personal information if required by law or where necessary to comply with court orders, cooperate with law enforcement, respond to lawful government requests, protect our users, prevent fraud, or protect the rights or property of Tizela.
Business Transfers
If Tizela undergoes a merger, acquisition, restructuring, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you if your personal information becomes subject to a materially different privacy policy as a result.
9. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect your information, including:
-
Encryption in transit and, for sensitive data such as identity documents and bank details, encryption at rest
-
Secure cloud infrastructure and role-based access controls
-
Continuous monitoring and fraud detection systems
-
Regular security reviews
While we strive to protect your information, no internet-based system can guarantee absolute security.
Data Breach Notification
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Nigeria Data Protection Commission (NDPC) and affected individuals without undue delay, in accordance with the timelines and procedures required under the NDPA.
10. Data Retention
We retain personal information only for as long as necessary to provide our services, complete bookings, resolve disputes, detect fraud, meet legal, tax, accounting, and regulatory obligations, and enforce our agreements. Indicative retention periods are set out below; where a specific period is not yet finalized, we retain data no longer than necessary for the stated purpose.
-
Account information: for the life of your account, plus [ 12 months] after closure
-
Identity verification documents (NIN, ID, selfie): [12 months ] after account closure, or as required by law
-
Booking and transaction records: [ 2 years] to meet tax and financial regulatory obligations
-
Messages and support conversations: [ 6 months ]
-
Device and location data: [30 days ]
Where information is no longer required, it will be securely deleted or anonymized.
11. Your Privacy Rights
Subject to applicable law, you may have the right to:
-
Access your personal information
-
Correct inaccurate information
-
Update your information
-
Delete your account or request deletion of certain personal information
-
Restrict or object to certain processing activities
-
Withdraw consent where processing is based on consent
-
Request a copy of your personal information
-
Lodge a complaint with the Nigeria Data Protection Commission (NDPC)
We may request proof of identity before processing certain requests. We aim to respond to verified requests within [30 days], or such other period as required under the NDPA.
12. Automated Decision-Making
Tizela may use automated systems to support certain decisions, such as flagging potentially fraudulent bookings or accounts for review, or ranking search results. Where an automated decision could significantly affect you --- for example, suspension of an account following a fraud flag --- you have the right to request human review of that decision. To request this, contact us using the details in Section 16.
13. Cookies and Similar Technologies
Tizela uses cookies and similar technologies to keep you signed in, remember your preferences, improve website performance, analyse usage trends, detect fraudulent activity, and enhance security.
You can control cookies through your browser settings. Some Platform features may not function properly if cookies are disabled.
14. Children's Privacy
Tizela is intended only for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18. If we become aware that such information has been collected, we will take reasonable steps to delete it.
15. Third-Party Links
Our Platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties, and we encourage you to review their privacy policies before providing personal information.
16. International Data Transfers
Your personal information may be processed or stored in countries outside Nigeria where our service providers operate, including cloud hosting infrastructure. Where this occurs, we take steps required under the NDPA to ensure an adequate level of protection, such as [Insert mechanism, e.g. standard contractual clauses with the relevant provider, or confirmation that the destination country has an NDPC adequacy decision].
ACTION NEEDED: Specify the actual safeguard mechanism once confirmed (e.g. the specific contractual clause used with your cloud or payment provider). Naming a concrete mechanism is materially stronger than generic "appropriate safeguards" language under NDPA scrutiny.
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, technology, or legal requirements. Where the changes are significant, we will notify you through appropriate channels, including email, push notifications, in-app notifications, and notices on our website.
Your continued use of the Platform after the effective date of an updated Privacy Policy constitutes your acceptance of the revised policy.
18. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or the way we process your personal information, please contact us:
-
Tizela Technologies Ltd
-
Privacy Officer / DPO: privacy@tizela.com
-
Customer Support: support@tizela.com
-
Website: www.tizela.com
You also have the right to lodge a complaint directly with the Nigeria Data Protection Commission (NDPC) if you believe your personal information has been processed unlawfully.
19. Governing Law
This Privacy Policy shall be governed by and interpreted in accordance with the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act, 2023, and any other applicable data protection or consumer protection laws.