Overview and scope of this notice

Pin-Up handles personal data in line with Nigeria law and recognised international standards.

Personal information we may collect:

• Account and contact details: name, username, password, address, email, phone.
• Identity and KYC details: date of birth, government ID, selfie, proof of address.
• Payment and transaction information: deposits, withdrawals, partially masked card or account details.
• Device and technical data: IP address, browser, app version, device IDs, log files.
• Usage data: pages viewed, features used, time on services, online interactions.
• Location data: approximate location from IP for regulatory compliance.
• Communications: chats, emails, calls for support and dispute resolution.
• Responsible gaming records: self-exclusion, limits, affordability assessments.
• Cookies and similar technologies, as described in the cookies section.

Why we collect and use this information:

• To provide and maintain services, run the platform, and manage user accounts.
• To verify identity and age, meet KYC/AML obligations, and prevent fraud.
• To process payments and withdrawals and keep transaction records.
• To provide support, handle complaints, and resolve disputes.
• To personalise content, improve performance, and develop features.
• To comply with laws, gaming regulations, tax, and audit requirements.

Protection measures we apply:

• Encryption in transit and at rest, TLS for websites and apps.
• Role-based access, multi-factor authentication, and least-privilege controls.
• Network monitoring, logging, and incident response procedures.
• Data minimisation, pseudonymisation where feasible, and secure storage of documents.
• Staff training, confidentiality commitments, and vendor due diligence.
• Data Protection Impact Assessments for higher-risk processing.

Retention:

• Personal data is kept for the life of the account and for at least five years after closure to meet anti-money laundering and tax requirements under Nigeria law, then deleted or anonymised.
• Some records may be held longer if needed for legal claims or regulator requests.

User rights under Nigeria Data Protection Act 2023 and NDPR 2019:

• Access a copy of personal data and information about processing.
• Request correction, update, or deletion where appropriate.
• Restrict or object to certain processing and object to direct marketing.
• Data portability where technically feasible.
• Withdraw consent at any time, without affecting prior lawful processing.
• Lodge a complaint with the Nigeria Data Protection Commission.

Compliance

• Processing follows Nigeria Data Protection Act 2023, NDPR 2019, National Lottery Regulatory Commission requirements and applicable state gaming rules, the Money Laundering (Prevention and Prohibition) Act 2022, and relevant CBN directives on payments. Where relevant, processing aligns to recognised international principles similar to the GDPR.

We use personal information for lawful purposes and process it in a transparent manner.

We use data to:

• Create and manage accounts, verify identity, and provide core services.
• Process deposits, bets, game play, withdrawals, and transaction confirmations.
• Operate fraud detection, risk scoring, and responsible gaming tools.
• Provide customer support and communicate service notices.
• Improve website and app performance, fix issues, and develop features.
• Run analytics to understand usage and enhance user experience.
• Send service-related messages and, where permitted, marketing communications.
• Comply with legal, regulatory, and audit obligations and respond to lawful requests.

Marketing and preferences:

• Marketing is based on consent or legitimate interests permitted by law.
• Users can opt out of marketing without affecting essential service messages.

Users can exercise rights through account settings where available or by submitting a request via the Help Centre or contact details provided on the site. A request may require identity verification to protect the account. We aim to respond within one month, or explain any permitted extension for complex requests.

Corrections and deletions:

• Users may request updates to inaccurate or incomplete information.
• Deletion requests will be honoured where allowed by law.
• Some records must be retained for AML, tax, dispute resolution, or regulator requirements. We will restrict use to those purposes only.

By using Pin-Up, users consent to security checks for fraud, AML, and risk control. Users also consent to processing of payment data by payment providers subject to their privacy practices and Nigeria regulation.

This platform is for persons aged 18 and over. The operator cannot confirm a user’s age without identity documents, and may request documents to verify compliance. If a parent or legal guardian notifies us that a minor has provided personal data, we will close the account, delete information that we are not legally required to keep, and request proof of authority where needed.

Personal data may be processed and stored in Nigeria or in other countries where our partners and service providers operate. Using the site means users consent to such transfers and processing. We require recipients to protect confidentiality and to apply appropriate safeguards, including contractual protections, technical security, and audits where relevant. Transfers will follow Nigeria Data Protection Act rules and guidance from the Nigeria Data Protection Commission.

This disclaimer explains how certain terms may modify the scope or effect of parts of this Policy. It applies once the user accepts the Policy by signature, electronic acceptance, or other accession method made available on the site. Nothing in this Policy limits non-derogable rights or mandatory legal duties. If any term conflicts with applicable law or regulator directions, the law or direction prevails.

Cookies are small files saved on a device that store information about use of websites and apps. We use cookies for statistics, behaviour analysis, personalisation, fraud prevention, and site improvement. Unless a shorter period is stated for a specific tool, cookies are retained for up to one year.

Control:

• Essential cookies are needed for core functions such as login and security.
• Analytics and advertising cookies are optional and can be managed in browser or device settings.
• Blocking cookies may affect some features and service performance.

Using the services constitutes full acceptance of this Privacy Policy. The current version posted on this page is the version that applies. Material changes will be signposted by updating the “Effective date” and, where appropriate, by an on-site notice. Continued use after changes indicates acceptance of the updated Policy.

Personal information may be shared with third parties in limited situations:

• To comply with law, regulator requests, court orders, and to enforce our terms.
• To process payments, verify identity, prevent fraud, and manage risk.
• To provide analytics, cloud hosting, support, and other contracted services.
• To handle disputes, audits, or business continuity needs.

Categories of recipients include payment processors, banks, KYC/AML vendors, analytics providers, messaging services, customer support tools, regulators, law enforcement, and auditors. Where a list of third parties is published on the site, that list applies. If a specific party is not listed, users will be informed of the purpose and scope before sharing where legally required. Providing personal data may serve as consent where the law recognises that basis.

The site may contain links to other websites or apps that run their own privacy policies and data practices. Pin-Up is not responsible for how external sites collect or use information. Users should review the privacy notices on those destinations and take care before sharing personal details.