Industry
Retail businesses

Stores, restaurants, offline merchants

Internet companies

Startups, Online, API driven companies

Customers
Company
About us

Learn more about our mission

Why Brass?

Our story and our path forward

Careers

Explore opportunities with us

Press resources

Press assets and guidelines

Resources
Blog

Stay updated on news and products

Business Guide Book

The ultimate guide book for your business

Community

Join our community of entrepreneurs

Guides

Everything your business needs to know

Help

Get support for your business

LoginOpen an account

Privacy policy

Last Updated: October 2, 2025

1. Introduction

Copper Brass is a software as a service provider that provides business banking platform offering secure, fast, and versatile financial services such as payments, invoicing, and cashflow management through its licensed partners and affiliates. This Privacy Policy (the “Policy ” ) applies to Copper Brass Limited's online interface (i.e., website or mobile application) and any service provided by Copper Brass Limited's in connection with its affiliate(s), or subsidiary that is linked to this Policy, (individually referred to as a “site” , and, collectively, “sites” ). The term “the company ” or "Brass" or " we" or " us" or "our" in this Policy shall refer to Copper Brass Limited, and any banking and non-banking affiliates or subsidiaries of Copper Brass Limited that is linked to this Policy. This Policy describes how the Sites may collect, use, and share information from or about you, and explains how information may be collected and used for advertising purposes.

Brass takes the privacy of your information very seriously. This Policy explains how and for what purposes we may use the information collected from you via the Site.

Additional information on our Privacy Policy may be found on our Sites and within Frequently Asked Questions (FAQs) as set out on the Sites.

Please read this Policy carefully. By using the Site and any services we offer via the Site, you are agreeing to be bound by this Policy with respect to the information collected about you via this Site.

2. Personal information collected

We may collect the following information from you:
  • name, username, gender, date of birth;
  • Contact information (e.g. email address, postal address, telephone number);
  • passport photo, nationality, identity card;
  • BVN; NIN
  • occupation;
  • Utility bill;
  • Your interests;
  • Financial Information (e.g., account number, card number and expiry date);
  • Business Information (e.g. business name, description, industry, address, business online presence);
  • Signature;
  • and any other information that may be required in order to provide the relevant services.

Although it is not compulsory to give us this information, if you do not, we may not be able to provide you with the full range of services that Brass has to offer.

3. Your Data Protection Rights

Under the Nigeria Data Protection Act (NDP Act) 2023, and the NDP Act General Application Implementation Directive (GAID) 2025, and other applicable laws, you have the following rights regarding your personal information:
  • Right of Access - You can request confirmation of whether we process your personal information and, if so, obtain a copy.
  • Right to Rectification - You can request correction of inaccurate or incomplete personal information.
  • Right to Erasure ("Right to be Forgotten") - You can request that we delete your personal information, subject to our legal and regulatory obligations.
  • Right to Restriction of Processing - You can request that we restrict the way we use your personal information in certain circumstances.
  • Right to Object - You can object to the processing of your personal information for direct marketing or where we rely on legitimate interests as the basis for processing.
  • Right to Data Portability - You can request a copy of your personal information in a structured, commonly used, and machine-readable format, and request that we transmit it to another controller.
  • Right to Withdraw Consent - Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
To exercise any of these rights, please contact our Data Protection Officer (DPO) using the details provided in the “Contact Us” section. We will respond to your request within the timeframes required by law.

In addition, where you believe your rights have been violated, you can issue a data subject Standard Notice to Address Grievance (SNAG) to us through the details provided in the “Contact Us” section.

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or your local data protection authority if you are based outside Nigeria.

4. Lawful Basis for Processing Personal Information

We will only process your personal information where we have a lawful basis under the NDPA and the GAID. The lawful bases we rely on include:
  • Consent
    Where you have given us explicit permission to process your personal information for a specific purpose. Example: subscribing to receive marketing communications.
    NB: You may withdraw your consent at any time by contacting us.
  • Contractual Necessity
    Where processing is necessary for the performance of a contract we have with you or to take steps at your request prior to entering into a contract. Example: opening and managing your account, or providing services you request.
  • Legal Obligation
    Where processing is necessary for compliance with a legal or regulatory obligation. Example: record-keeping to meet Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), tax, or reporting obligations.
  • Legitimate Interests
    Where processing is necessary for our legitimate business interests or those of a third party, provided that your fundamental rights and freedoms are not overridden. Example: fraud prevention, ensuring network and information security, improving services, or conducting business analysis.
We will not use your personal information for purposes that are incompatible with those described in this Policy, unless required or permitted by law.

5. Use of collected information

The information we collect is to provide users with a secure, smooth, efficient, and customised experience.

The information we collect may also be used to: provide our additional Services which you may subscribe to and customer support; process transactions and send notices about your transactions; verify your identity, including during account creation and password reset processes; resolve disputes, collect fees, and troubleshoot problems; manage risk, or to detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities; detect, prevent or remediate violations of policies or applicable user agreements; improve the offering of our Services to you by customising your user experience; measure the performance of our Services and improve their content and layout; manage and protect our information technology infrastructure; provide service update notices, and deliver promotional offers based on your communication preferences; contact you at any telephone number, by placing a voice call or through text (SMS) or email messaging; perform creditworthiness and solvency investigation, and compare information for accuracy and verify it with third parties.

We may also contact you via electronic means to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, or as otherwise necessary to service your account.

Conclusively, we may contact you with the information provided as necessary to enforce our policies, applicable law, or any agreement we may have with you. When contacting you via phone, to reach you as efficiently as possible we may use autodialled or pre-recorded calls and text messages. Where applicable and permitted by law, you may decline to receive certain communications.

6. Record Retention

Brass shall maintain all necessary records on transactions; all records obtained through CDD measures, account files and business correspondences and results of any analysis undertaken for at least five (5) years following completion of the transaction. This will enable Brass to comply swiftly with information requests from Competent authorities in tandem with FATF Recommendation. To accomplish this, document retention policies have been set and procedures are established for maintaining AML/CFT records. In establishing document retention policy, Brass would be guided by both statutory requirements and the needs of the investigating authorities on the one hand and commercial considerations, on the other.

The broad categories of AML/CFT-related records are:

  • Customer identification and verification documents.
  • Transaction records, including currency transaction reports.
  • Suspicious transaction reports, together with supporting documentation.
  • AML/CFT-related records may be maintained by way of original documents, stored in microfiche, and in computerized or electronic form, subject to the provisions of the law on what is acceptable as evidence.


The Compliance Officer or other designated officer shall be responsible for ensuring that all AML/CFT records are maintained properly and kept for no less than five ( 5 ) years before they are sent to the archives.

7. Sharing collected information

Services available on this Site are offered in conjunction with some of our business partners, including Paystack Payments Limited and Abeg Technologies Limited (the "business partners").

In order for services to be provided, we may share some necessary details about you with the Business Partners, and according to our business dynamics and the continued provision of efficient services to you, we may, from time to time, transfer such details to other Business Partners as we deem fit. However, under any circumstance, we will take steps to ensure that your privacy rights continue to be protected.

We may transfer your personal information to any other third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected.

In addition, we may pass your information on to one of our carefully selected business partners or to other carefully selected third parties to enable them to send you information which may be of interest to you but only if you have given us permission to do so. You can stop receiving such mail whenever you choose by unsubscribing via the link to be provided.

Other than as set out above, we will not disclose any of your personal information without your permission unless we are required by law to do so (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime).

8. Information automatically collected from your computer

We and our third-party service providers may collect and use other information in a variety of ways, including:
  • Log files/IP addresses: When you visit the Site, our web server automatically records your IP address. This IP address is not linked to any of your personal information. We use IP addresses to help us administer the Site and to collect demographic information for aggregation purposes.
  • Other technologies including pixel tags, web beacons, and clear gifs: These may be used in connection with some Site pages, downloadable mobile applications and HTML-formatted email messages to measure the effectiveness of our communications, the success of our marketing campaigns, to compile statistics about usage and response rates, to personalise/tailor your experience while engaging with us online and offline, for fraud detection and prevention, for security purposes, for advertising, and to assist us in resolving account holders' questions regarding the use of our Site.
  • Aggregated and de-identified data: Aggregated and De-identified Data is data that we may create or compile from various sources, including but not limited to accounts and transactions. This information, which does not identify individual account holders, may be used for our business purposes, which may include offering products or services, research, marketing or analysing market trends, and other purposes consistent with applicable laws.
  • Through your browser or device: Certain information is collected by most browsers and/or through your devices, such as your Media Access Control (MAC) address, device type, screen resolution, operating system version and internet browser type and version. We use this information to ensure Sites function properly, for fraud detection and prevention, and security purposes.

9. Cookies

When you visit the Site we may store some information (commonly known as a cookie ) on your computer. Cookies are small files of information which use a unique identification tag and are stored on your device as a result of using the Site or other services we provide to you. A number of cookies we use last only for the duration of your session and expire when you close your browser. Other cookies are used to remember you when you return to the site and will last for longer. A cookie helps you get the best out of the Site and helps us to provide you with a more customised service. We use cookies:
  • so that you will not have to re-enter your details each time you visit the Site to track how our Site is used and to improve and update our content
  • store your preferences
  • customise elements of the layout and/or content of the site for you
  • collect statistical information about how you use the site so that we can improve the site
You can refuse to accept these cookies and most devices and browsers offer their own privacy settings for cookies. You will need to manage your cookie settings for each device and browser you use. However, if you do not accept these cookies, you may experience some inconvenience in your use of the Site and some online products and services. For example, we will not be able to recognize your device and you will need to answer a challenge question each time you log on. You also may not receive tailored advertising or other offers from us that may be relevant to your interests and needs.

10. Advertisement and information about other products and services

From time to time we may send you information about other financial products and services offered by the Company that we think may be of interest to you.

Brass advertises online (e.g., pages within our Sites and mobile apps, through the Company's managed social media presence, and on other sites and mobile apps not affiliated with Brass) and offline (e.g. in banking centres, through call centres, and direct marketing). In order to understand how our advertising performs, we may collect certain information on our Sites and other sites and mobile apps through our advertising service providers using cookies, IP addresses, and other technologies. The collected information may include the number of page visits, pages viewed on our Sites, search engine referrals, browsing activities over time and across other sites following your visit to one of our Sites or Apps, and responses to advertisements and promotions on the Sites and on sites and apps where we advertise.

Brass uses the information described in this Policy to help advertise our products and services. We use such information to:
  • Present tailored ads to you, including; Banner ads and splash ads that appear as you sign on or off of your online accounts on our Sites, within mobile banking and other mobility applications;
  • E-mail, postal mail, and telemarketing;
  • On other sites and mobile apps not affiliated with Brass;
  • Analyse the effectiveness of our ads; and
  • Determine whether you might be interested in new products or services
You can tell us to stop this at any time by sending an email to [email protected].

Advertising on third party sites and mobile apps: Brass contracts with advertising companies to advertise our products and services on sites and mobile apps not affiliated with us. We may use Aggregated and De-identified Data and information provided by you to these third-party sites and mobile apps to select which of our advertisements or offers may appeal to you, display them to you and monitor your responses. Third-Party Sites and mobile apps are not subject to Brass Privacy Policy. Please visit the individual sites and mobile apps for additional information on their data and privacy practices and opt-out policies.

11. Changes to your details

Keeping your account information accurate and up to date is very important. If your account information is incomplete, inaccurate or not current, please use the Contact Us option on our Site, or call or write to us at the telephone numbers or appropriate address for changes listed on your account statements, records, online or other account materials. You can also speak to a customer representative from the Company.

12. Use of forums or chat rooms

The Site may from time to time include chat rooms, forums, message boards, and/ or news groups on which you can post information. Any information that you post in these areas becomes public information and you should always be careful when deciding to disclose your personal details as part of that information.

13. Security

We use appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include:
  • Secure server software (SSL) encryption for financial data transmission;
  • Strict access controls and authentication measures;
  • Regular security assessments and monitoring of our IT systems;
  • Oversight of third-party service providers to ensure they maintain adequate data protection measures.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Nigeria Data Protection Commission (NDPC) within the timelines required by law.

14. Linking to third-party websites and other aggregation website

Linking to other sites: We may provide links to third party sites, such as service providers or merchants. If you follow links to sites not affiliated or controlled by Brass, you should review their privacy and security policies and other terms and conditions, as they may be different from those of our Sites. Brass does not guarantee and is not responsible for the privacy or security of these sites, including the accuracy, completeness, or reliability of their information.

We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our Site and recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.

Using Other Aggregation Websites: Other companies offer aggregation websites and services that allow you to consolidate your financial account information from different sources (such as your accounts with us or with other financial institutions) so that you can view all your account information at one online location. To do this, an aggregation provider may request access to personal information, such as financial information, usernames and passwords. You should use caution and ensure that the aggregator company has appropriate policies and practices to protect the privacy and security of any information you provide or to which they are gaining access. We are not responsible for the use or disclosure of any personal information accessed by any company or person to whom you provide your Site username and password.

If you provide your Site username, password or other information about your accounts with us to an aggregation website, we will consider that you have authorized all transactions or actions initiated by an aggregation website using access information you provide, whether or not you were aware of a specific transaction or action. If you decide to revoke the authority you have given to an aggregation website, we strongly recommend that you change your password for the Site to ensure that the aggregation website cannot continue to access your account.

15. Social media sites

Brass provides experiences on social media platforms including, but not limited to, Facebook®, Twitter®, and LinkedIn® that enable online sharing and collaboration among users who have registered to use them. Any content you post on official Brass managed social media pages, such as pictures, information, opinions, or any personal information that you make available to other participants on these social platforms, is subject to the Terms of Use and Privacy Policies of those respective platforms. Please refer to them to better understand your rights and obligations with regard to such content. In addition, please note that when visiting any official Brass social media page, you are also subject to Brass Privacy Policy.

16. Updates to this privacy policy

This privacy policy is subject to change. Please review it periodically. If we make changes to the Policy, we will revise the "Last Updated" date at the top of this Policy. Any changes to this Policy will become effective when we post the revised Policy on the Site. Your continued use of the Site following these changes means that you accept the revised Policy.

17. Contact us

If you have any questions, concerns, or wish to exercise your data protection rights, you can contact our Data Protection Officer (DPO) at: [email protected]
Industry
Retail businessesInternet companies
About
CustomersCompanyWhy BrassPress resourcesCareers
Support
BlogGuidesHelpBBC
Legal
Terms of servicePrivacy policy
Follow
TwitterLinkedInInstagramYoutube
Contact
02013303333[email protected][email protected][email protected]

Big starts small.

Available on web and also on
Financial services carried out through licensed Partnerships which are backed by Wema Bank & Titan Trust Bank which are regulated by the Central Bank of Nigeria
Brass web and mobile applications are properties of Copper Brass Limited, a company registered with the Corporate Affairs Commission with RC Number: 7483800.