Privacy Policy

How Go & Fill collects, uses, and protects your personal information.

Last Updated: 03 June 2026

📋 Table of Contents

  1. Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. Legal Basis for Processing
  5. Sharing Your Information
  6. Data Retention
  7. Your Rights
  8. Children's Privacy
  9. Security of Your Data
  10. Third-Party Links & Services
  11. Location Data
  12. Cookies & Tracking Technologies
  13. Mobile Application Privacy
  14. International Data Transfers
  15. Changes to This Policy
  16. Contact Our DPO

Go & Fill Nigeria Ltd ("Go & Fill", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (www.gonfill.com), mobile application (iOS and Android), and related services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. This policy is written in compliance with the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act (NDPA) 2023, and internationally recognised best practices including the GDPR.

1. Who We Are

Go & Fill Nigeria Ltd is the data controller for your personal information.
RC Number: 1234567
Registered Address: 18c Glover Rd, Ikoyi, Lagos 106104, Lagos, Nigeria
Email: support@gonfill.com
Data Protection Officer (DPO): support@gonfill.com

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Full name, email address, phone number, and password when you create an account.
  • Order Information: Delivery address, fuel type, quantity, payment method, and special delivery instructions.
  • Payment Information: We do not store full card details. Payments are processed by our PCI-DSS compliant partners (Paystack, Flutterwave). We store only the last 4 digits and transaction reference for your records.
  • Communications: Messages, support tickets, reviews, or feedback you send us.
  • Identity Verification: For business accounts, we may collect company registration documents (CAC) and BVN (in compliance with CBN regulations).

2.2 Information Collected Automatically

  • Location Data: GPS coordinates, IP-based location, and delivery addresses to provide and improve delivery services.
  • Device Information: Device ID, operating system, browser type, app version, and language preference.
  • Usage Data: Pages visited, features used, time spent, tap events, and order history within the app/website.
  • Log Data: IP addresses, server logs, error reports, and performance data.
  • Push Notification Tokens: If you allow notifications, we store your device token to send order updates.

2.3 Information from Third Parties

  • Payment processors (Paystack, Flutterwave) - transaction status and references.
  • Google Maps / mapping services - to enable delivery tracking.
  • Social login providers (if you sign in via Google or Facebook) - name, email, profile photo.

3. How We Use Your Information

We use your information for the following purposes:

  • To process and fulfil your fuel delivery orders
  • To send order confirmations and delivery updates via SMS, email, and push notifications
  • To provide customer support and respond to enquiries
  • To process payments and handle refunds
  • To verify your identity and prevent fraud
  • To track deliveries in real time using GPS
  • To improve our Service through analytics and user behaviour data
  • To personalise your experience (e.g., save your preferred delivery addresses)
  • To send marketing communications - only if you have opted in
  • To comply with legal obligations and regulatory requirements under Nigerian law
  • To ensure safety and security of our platform and users

Under the NDPR and NDPA, we process your data on the following lawful bases:

  • Contract performance: Processing necessary to deliver fuel you ordered.
  • Legitimate interests: Fraud prevention, platform security, service improvement.
  • Legal obligation: Tax records, regulatory compliance, law enforcement requests.
  • Consent: Marketing emails, push notifications, and optional analytics. You can withdraw consent at any time.

5. Sharing Your Information

We do not sell your personal data. We share it only as follows:

  • Delivery Drivers: Your name, phone number, and delivery address are shared with the assigned driver only for order fulfilment.
  • Payment Processors: Paystack and Flutterwave receive the data necessary to process your payment.
  • Mapping Services: Google Maps receives your delivery location for routing purposes.
  • Cloud Infrastructure: We use reputable cloud providers (AWS / Google Cloud) to host our platform securely.
  • Analytics: Anonymised, aggregated data may be used with analytics tools (e.g., Firebase).
  • Legal Authorities: We may disclose your information to law enforcement or government authorities when legally required, or to protect the rights, property, or safety of Go & Fill, our users, or the public.
  • Business Transfers: In the event of a merger or acquisition, your data may transfer to the new entity under the same protections.

6. Data Retention

We retain your personal data for as long as necessary to:

  • Provide ongoing services to active accounts
  • Comply with Nigerian tax and financial record-keeping requirements (minimum 7 years)
  • Resolve disputes and enforce agreements

After account deletion, most personal data is deleted within 30 days. Financial transaction records are retained for 7 years as required by law. Anonymised data may be retained indefinitely for analytics.

7. Your Rights

Under the NDPR and NDPA 2023, you have the following rights:

  • Right of Access: Request a copy of your personal data we hold.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal obligations).
  • Right to Restrict Processing: Ask us to limit how we use your data.
  • Right to Data Portability: Receive your data in a machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw any consent given at any time, without affecting prior processing.
  • Right to Lodge a Complaint: You may complain to the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

To exercise any of these rights, email us at support@gonfill.com. We will respond within 30 days.

8. Children's Privacy

Our Service is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has provided us personal information, please contact us immediately at support@gonfill.com and we will delete it promptly.

9. Security of Your Data

We implement industry-standard security measures including:

  • 256-bit SSL/TLS encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • PCI-DSS compliant payment processing (we never store raw card data)
  • Multi-factor authentication for admin access
  • Regular security audits and penetration testing
  • Access controls limiting employee data access to what is necessary

While we take all reasonable precautions, no internet transmission is 100% secure. We encourage you to use a strong password and not share your account credentials.

Our website and app may contain links to third-party websites (e.g., NNPC, payment portals). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before submitting any personal information.

11. Location Data

We collect real-time GPS location data when you:

  • Use the "Locate Me" feature to set your delivery address
  • Track your delivery in real time

Location access is optional - you can manually enter your address. You can revoke location permissions at any time in your device settings. We do not collect background location data when the app is not in use.

12. Cookies & Tracking Technologies

We use cookies and similar technologies on our website. Please read our full Cookie Policy for details. In summary:

  • Essential cookies: Required for the site to function (login sessions, cart). Cannot be disabled.
  • Analytics cookies: Help us understand how visitors use the site (Google Analytics). Opt-out available.
  • Marketing cookies: Used only with your consent for personalised advertising.

13. Mobile Application Privacy

Our mobile app (available on iOS and Android) requests the following device permissions:

  • Location (Foreground): To set delivery address and show live driver tracking. Required for core features.
  • Camera: Optional - to upload proof of delivery or business documents.
  • Push Notifications: Optional - for order status updates.
  • Phone: Optional - to auto-fill your phone number from SIM.
  • Storage: To cache the app data and images for offline use.

You can manage all app permissions in your device's Settings app at any time.

14. International Data Transfers

Your data is primarily stored on servers located within Nigeria. Where we use third-party services (e.g., AWS, Google Cloud, Paystack) that may process data outside Nigeria, we ensure they comply with the NDPR's requirements for cross-border data transfers and have appropriate safeguards in place (e.g., standard contractual clauses).

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the new policy on this page with an updated "Last Updated" date
  • Sending an email or in-app notification for material changes

We encourage you to review this policy periodically. Continued use of our Service after changes constitutes acceptance of the updated policy.

16. Contact Our Data Protection Officer

For any privacy-related requests, questions, or complaints: