Privacy Notice

innKorp is a KYC facilitation and vault service for African SMEs. We help businesses obtain and prepare missing KYC documents, store those documents in a vault that the SME owns and controls, and — only with the SME's explicit consent — share that data with fintechs the SME chooses to work with.

You (the SME) are the owner of your vault. innKorp acts as the custodian and processor of your data on your instructions. innKorp does not verify your documents against any government or third-party system — that remains the responsibility of the fintech you share with.

Depending on how you use innKorp, we may process:

• Business details: business name(s), type, category, RC number, TIN, addresses, contact email and phone.
• Proprietor / director / shareholder details: name, date of birth, BVN, contact details, residential address, ownership percentage, and politically-exposed-person status where applicable.
• Documents: e.g. CAC certificate, status report, MEMART, TIN certificate, utility bill, board resolution, IDs and other KYC documents you or our partners upload.
• Account & audit data: one-time passcodes, consent records, and a log of who accessed what and when.

We do not collect your financial account balances, transactions, or savings data.

We process your data on the basis of your explicit consent, given when you authenticate and approve an action inside the innKorp widget or portal. Consent is specific, informed and unambiguous, and you may withdraw it at any time (see Your rights below).

Your data is only shared in two situations, and always with your explicit consent:

• Facilitation (referral by a fintech). If a fintech refers you while your business is being registered, you may consent to that fintech sharing a minimal, purpose-limited set of data with innKorp so we can facilitate your registration and prepare your documents. That set is limited to:
  • Proposed business name(s)
  • Business type & category
  • Business email & phone
  • Business address
  • Proprietor name & date of birth
  • Proprietor phone, email & address
  • Proprietor BVN (for CAC registration)
  This data is used only for that purpose.
• Distribution (you share your vault). When you choose to share your vault with a fintech, you select exactly which documents are shared and grant a time-limited access token. The fintech receives only the documents you approved, via short-lived signed links (1 hour).

We never sell your data, and we never share it without a consent record tied to the specific purpose.

• Documents are stored privately and served only via short-lived signed links — never public URLs.
• Access tokens are scoped, signed, and expire within 24 hours.
• Every vault access, consent grant and revocation is logged.
• Data is segregated so that only you and parties you consent to can access your vault.

Your documents remain in your vault for as long as you keep your account, so you can reuse them across fintechs without re-entry. You can delete any document, revoke any fintech's access, or ask us to erase your vault at any time.

You have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate data (you can edit your profile directly);
• Erase your data (delete documents or your vault);
• Withdraw consent and revoke any fintech's access;
• Port your data to another service;
• Lodge a complaint with the Nigeria Data Protection Commission (NDPC).

You can exercise most of these directly in your innKorp vault, or by contacting us below.

For privacy questions or to exercise your rights, contact our Data Protection Officer at privacy@innkorp.io.