Last updated: March 2026

Privacy Policy

Cognyfai Limited ("Heimly", "we", "us", or "our") operates the Heimly platform — including the website at heimly.ng and all associated mobile and web applications (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Platform.

By accessing or using the Platform you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Platform.

1. Information We Collect

1.1 Information you provide directly

  • Account information — name, email address, phone number, password, profile photo.
  • Identity verification (KYC) — government-issued ID number (NIN or BVN), date of birth, and facial biometric data processed through our third-party verification partner QoreID.
  • Property information — addresses, descriptions, photographs, videos, pricing, and lease terms you submit when listing a property.
  • Payment information — billing details and saved card authorisations processed by our payment processor Paystack. We do not store full card numbers on our servers.
  • Communications — messages exchanged through the in-app messaging system, maintenance requests, and support tickets.
  • Organisation data — company name, CAC registration number, and related business information for B2B users.

1.2 Information we collect automatically

  • Usage data — pages visited, features used, search queries, clicks, and time spent on the Platform.
  • Device & log data — IP address, browser type, operating system, referring URLs, and error logs.
  • Cookies and similar technologies — see our Cookie Policy for full details.

1.3 Information from third parties

  • Social login providers (Google, Facebook) when you choose to sign in via OAuth.
  • Identity verification data returned by QoreID following a NIN/BVN or CAC lookup.
  • Payment status updates from Paystack via webhook.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and provide the services you request.
  • Verify your identity and prevent fraud or abuse.
  • Process payments and billing, including subscription renewals and refunds.
  • Connect landlords, agents, and tenants through our marketplace.
  • Send transactional notifications (lease updates, maintenance requests, payment receipts).
  • Send marketing communications where you have given your consent (you may opt out at any time).
  • Improve, personalise, and develop the Platform.
  • Monitor for security threats, enforce our Terms of Service, and comply with legal obligations.
  • Generate anonymised, aggregated analytics for internal business purposes.

3. Legal Bases for Processing (NDPR)

Under Nigeria's National Data Protection Regulation (NDPR) and its 2023 Act, our lawful bases for processing your personal data include:

  • Contract — processing necessary to deliver the services you have subscribed to.
  • Legitimate interests — fraud prevention, security monitoring, and improving the Platform.
  • Consent — marketing communications and optional analytics cookies.
  • Legal obligation — compliance with applicable laws and regulations.

4. Sharing Your Information

We do not sell your personal data. We share it only in these circumstances:

  • Other users — your public listing information is visible to other Platform users. Your contact details are shared only when you explicitly initiate a connection or lease transaction.
  • Service providers — QoreID (identity verification), Paystack (payments), cloud infrastructure providers, and email delivery services. All are bound by data processing agreements.
  • Legal requirements — when required by law, court order, or to protect the rights, property, or safety of Heimly, our users, or the public.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. After account deletion, we retain certain data for up to 7 years to comply with Nigerian tax and financial regulations. Anonymised analytics data may be retained indefinitely.

6. Your Rights

Under the NDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erasure — request deletion of your data, subject to legal retention requirements.
  • Restrict processing in certain circumstances.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at info@heimly.ng. We will respond within 30 days.

7. Security

We implement industry-standard technical and organisational measures including TLS encryption in transit, encrypted data at rest, HTTPOnly cookie authentication, role-based access controls, and regular security reviews. However, no system is completely secure and we cannot guarantee absolute security.

8. International Transfers

Your data is primarily processed and stored within Nigeria. Where data is transferred to service providers outside Nigeria, we ensure equivalent protections are in place through contractual safeguards.

9. Children's Privacy

The Platform is not directed to persons under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on the Platform at least 14 days before they take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.

11. Contact Us

For privacy-related questions or complaints, contact our Data Protection Officer at:
Cognyfai Limited
Email: info@heimly.ng
Website: heimly.ng

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.