Go Send Am Ltd · Legal

Privacy Policy

How we collect, use, share, and protect personal data on the Go Send Am platform — in compliance with the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation (NDPR).

Last Updated
Version 2.0 | April 22, 2026
Controller / Processor
Go Send Am Ltd
DPO Email
[email protected]
Website
www.gosendam.com

Who We Are

Go Send Am Ltd ("we," "us," or "our") provides a dispatch operating system for logistics companies managing rider fleets in Nigeria.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, who we share it with, and what rights you have over it. It applies to all users of the Go Send Am platform, including:

  • Logistics company account holders and their administrative staff.
  • Riders whose information is entered into the platform by logistics companies.
  • Delivery recipients whose address and contact data is entered into the platform in connection with a delivery.
  • Shippers and vendor customers who interact with logistics companies using our platform.

We comply with the Nigeria Data Protection Act 2023 ("NDPA") and the Nigeria Data Protection Regulation ("NDPR"). As a platform that processes data on behalf of logistics companies, we operate primarily as a Data Processor in relation to the personal data of riders, recipients, and vendor customers. The logistics company using our platform is the Data Controller for that data. For data we collect directly about our own account holders (logistics company contacts), we act as Data Controller.

1. Data We Collect, Why We Collect It, and Our Legal Basis

We collect only the data necessary to provide and operate the platform. The table below summarises each category of data, our purpose for collecting it, and the legal basis under the NDPA.

Category What We Collect Why We Collect It Legal Basis
Business Verification Data (CAC No. & Director NIN) CAC registration number and NIN of an authorised director or representative, submitted at onboarding. To confirm that your business is legally registered in Nigeria before granting platform access (Know-Your-Business compliance). Legal obligation (NDPA Art. 25(1)(c)). Raw identifiers are NOT stored — see note below.
Account Contact Data Names, email addresses, and phone numbers of account holders and their administrative staff. To create and manage your account, communicate about the service, and send operational notifications. Contract (NDPA Art. 25(1)(b)) — necessary to provide the service you signed up for.
Rider Profile Data Names, phone numbers, and profile details of riders added to the platform by the logistics company. To enable job assignment, performance tracking, and fleet management reports within the platform. Legitimate interests of the logistics company as Data Controller (NDPA Art. 25(1)(f)). Riders must be informed of their enrolment by the logistics company before their data is entered.
Dispatch and Job Data Job records, pickup and delivery addresses, declared cargo values, delivery fees, and proof-of-delivery records. To operate the core dispatch function, generate operational reports, and calculate platform service fees. Contract (NDPA Art. 25(1)(b)).
Recipient and Vendor Customer Data Names, phone numbers, and delivery addresses of recipients and vendor customers entered per job. To complete deliveries and allow the logistics company and riders to contact recipients. Legitimate interests of the logistics company as Data Controller (NDPA Art. 25(1)(f)) in fulfilling delivery obligations.
Rider GPS Location Data Real-time GPS coordinates of riders, collected through the rider-facing app during active deliveries. To provide live delivery tracking for the logistics company and enable status updates. Consent (NDPA Art. 25(1)(a)). Riders are informed and consent during app onboarding. GPS is collected only while a job is active, not when the rider is offline or between jobs.
Payment and Wallet Data Wallet funding records, transaction amounts, fee deductions, and payment confirmation references. To process wallet funding, deduct service fees, and maintain accurate financial records. Contract and legal obligation (NDPA Art. 25(1)(b) and (c)) — financial record-keeping requirements.
Platform Usage and Technical Data Log data, device and browser type, session timestamps, and feature interaction data. To monitor platform stability, diagnose errors, and improve service performance. Legitimate interests (NDPA Art. 25(1)(f)) in maintaining a secure and functional platform.
Analytics Cookie Data Aggregated, anonymised data about how users interact with the platform interface. To understand usage patterns and improve the platform. Not used for individual profiling or marketing. Consent (NDPA Art. 25(1)(a)) — set only after you accept analytics cookies.

Important Note: Business Verification Data (CAC No. & NIN)

At onboarding, you submit your CAC registration number and the NIN of an authorised director or representative. We transmit these identifiers directly to the Corporate Affairs Commission (CAC) system and the National Identity Management Commission (NIMC) system to confirm registration status. We do not store your CAC number or NIN on our servers. Once the government system returns a verified status, the raw identifiers are immediately discarded. We retain only the verification outcome (confirmed or failed) and the name of the verified representative, linked to your account record. No Go Send Am employee or system can retrieve a submitted NIN or CAC number after the verification session ends.

2. How We Share Your Data

We do not sell your data. We do not share your data with advertisers. We share personal data only in the following circumstances, and only to the minimum extent necessary.

2.1 With Riders (Controlled by the Logistics Company)

When a job is dispatched, the logistics company's dispatcher assigns a job to a rider through the platform. The rider receives the job details they need to complete the delivery: the pickup address, delivery address, and any relevant contact information for the recipient. This data flow is controlled by the logistics company as Data Controller. We facilitate it as Data Processor.

2.2 With Shippers and Vendor Customers (Support and Coordination)

Where a logistics company uses the platform to manage deliveries for shippers or vendor customers, limited information about the logistics company (such as their business name and contact details) may be made available to those shippers or customers to enable delivery coordination and support. This disclosure is made on the instructions of the logistics company as Data Controller and is limited to what is necessary for that coordination purpose.

2.3 With Prembly Limited (Identity Verification)

We use Prembly Limited ("Prembly"), a licensed identity verification and compliance technology provider, to support fraud detection and identity verification processes on our platform. Prembly's services may process data submitted during the onboarding and verification stages of your account registration.

Prembly processes this data as a sub-processor operating under their own privacy policy, accessible at https://prembly.com/privacy. By using Go Send Am's verification process, you acknowledge that data submitted for verification purposes may be processed by Prembly in accordance with their policy and applicable Nigerian data protection law. Prembly's use of your data is governed by the following purposes, as disclosed in their privacy policy:

  • Processing, operating, and managing access to their verification services.
  • Complying with regulatory provisions, including KYC and KYB obligations.
  • Detecting, preventing, and containing data breaches and fraud.
  • Ensuring network and information security.
  • Compiling anonymised aggregate statistics on verification service usage.

Prembly does not use your data for advertising. For questions about Prembly's data practices, contact them directly at [email protected].

2.4 With Payment Processors

When you fund your platform wallet, payment data is processed by our authorised third-party payment processor partners. These partners operate under their own privacy policies and comply with applicable financial regulations and the NDPA. We share only the payment data necessary to complete the transaction.

2.5 With Platform Infrastructure and Technology Providers

We use third-party cloud hosting, database, and technology vendors to operate the platform. These providers act as sub-processors and are contractually bound to process personal data only on our documented instructions and in compliance with the NDPA. We conduct due diligence on all sub-processors and maintain records of sub-processing arrangements as required by law.

2.6 Cross-Border Data Transfers

Where our infrastructure or any sub-processor stores or processes data outside Nigeria, we ensure that appropriate safeguards are in place in compliance with the NDPA's cross-border transfer requirements, including adequacy determinations or contractual protections as applicable.

2.7 With Regulators and Law Enforcement

We will disclose personal data to the Nigeria Data Protection Commission (NDPC) or law enforcement agencies where we are legally compelled to do so. We will notify affected users of any such disclosure where we are legally permitted to.

3. How Long We Retain Your Data

We retain personal data only for as long as necessary for the purpose it was collected, or as required by applicable law. The table below sets out our retention periods and the rationale for each.

Data Type Retention Period Rationale
CAC number (raw) Not retained Discarded immediately after the government verification system confirms registration status.
NIN (raw) Not retained Discarded immediately after identity confirmation is returned by NIMC.
Verification outcome record Duration of active account + 1 year after closure To evidence regulatory compliance during and after the account relationship.
Account contact data Duration of active account + 1 year after closure To manage the account relationship and handle post-closure queries.
Rider profile data Duration of rider's active status on the platform + 1 year Retained by the logistics company as controller for operational records and dispute resolution.
Dispatch and job records 7 years from date of transaction FIRS financial record-keeping requirements applicable to commercial transactions.
Recipient and vendor customer data 90 days after delivery completion Retained for a reasonable period to resolve delivery disputes and support post-delivery queries, after which it is deleted as it is no longer operationally necessary.
Rider GPS data 90 days from delivery completion Retained for a reasonable period to resolve disputes about delivery routes or timing. GPS data has no business purpose beyond this window and is permanently deleted thereafter.
Wallet and payment records 7 years Financial regulation compliance under applicable Nigerian law and FIRS requirements.
Analytics cookie data Up to 12 months from the expiry of the cookie Standard analytics retention to assess platform usage trends over a meaningful period.
Platform usage and log data 12 months Security monitoring, error diagnosis, and platform improvement.

After the applicable retention period, data is securely deleted or irreversibly anonymised so that it can no longer be attributed to an individual.

4. Your Rights Under the NDPA

As a data subject, you have the following rights in respect of your personal data. These rights apply regardless of whether Go Send Am is acting as Data Controller or Data Processor in relation to your data. Where we are acting as a Processor, we will direct you to the relevant logistics company as Controller where appropriate.

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of any inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data where we no longer have a lawful basis to retain it.
  • Right to Object: Object to processing where our legal basis is legitimate interests.
  • Right to Data Portability: Request your data in a structured, commonly used, and machine-readable format.
  • Right to Withdraw Consent: Where processing is based on your consent (such as GPS tracking or analytics cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at any time if you believe your data has been mishandled.

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond to all verified requests within 30 days. In complex cases, we may extend this by a further 30 days and will inform you if that applies.

5. Data Security

We implement technical and organisational measures to protect your personal data against unauthorised access, loss, disclosure, or misuse. Our security measures include:

  • SSL/TLS encryption for all data transmitted to and from the platform.
  • Encryption at rest for all sensitive data stored on our servers.
  • NIN and CAC numbers are transmitted to government verification systems over encrypted connections and are never written to our database.
  • Role-based access controls limiting which personnel within Go Send Am can access personal data, on a need-to-know basis.
  • Regular security reviews and vulnerability assessments of our systems and infrastructure.
  • Contractual data processing obligations imposed on all third-party sub-processors, including Prembly and our payment processor partners.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the NDPC within 72 hours of becoming aware of the breach, and will inform affected users without undue delay where required by the NDPA.

6. Cookies and Tracking Technologies

We use cookies and similar technologies on the Go Send Am platform. You can manage your preferences through our cookie banner or your browser settings. The table below explains the types of cookies we use.

Cookie Type Purpose Can Be Disabled? Consent Required?
Essential Keeps you logged in and verifies wallet funding transactions. Required for the platform to function. No No
Security Supports account security and fraud detection. Does not store or transmit NIN or CAC data. No No
Analytics Helps us understand how users interact with the platform to improve it. Data is aggregated and not used to profile individuals for marketing. Yes Yes
Functional Remembers your dashboard preferences on return visits. Yes Yes

For the full list of specific cookies we use, their duration, and their providers, see our Cookie Policy at www.gosendam.com/cookie-policy.

7. Children's Data

The Go Send Am platform is a business tool intended solely for use by registered companies and their authorised personnel. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor's data has been submitted to our platform in error, contact us immediately at [email protected] and we will take steps to delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time as our services evolve or regulatory requirements change. When we do, we will update the version number and "Last Updated" date at the top of this document. For material changes, we will notify registered account holders via their registered email address at least 14 days before the change takes effect. Your continued use of the platform after the effective date constitutes acceptance of the revised policy.

9. Contact Our Data Protection Officer

For any questions, complaints, or requests to exercise your rights under this Policy, contact us at:

Email
[email protected]
Address
100, Olokonla Road, Off Lekki-Epe Expressway, Lekki, Lagos
Website
www.gosendam.com

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at any time. Information about how to contact the NDPC is available at www.ndpc.gov.ng.

Go Send Am Ltd | Privacy Policy v2.0 | April 2026 | Compliant with NDPA 2023 and NDPR