How we protect your money and your data.

This page is maintained by Klovo to answer common security and privacy questions about the product. It is not a certification.
Practices

What's actually true about how Klovo is built.

Klovo is a financial technology company, not a bank. Your money sits at CBN-licensed partner banks (Wema, Providus) accessed via Anchor.
Banking via licensed partners
Data is encrypted in transit (TLS 1.3) and at rest. Secrets are managed by an HSM-backed key store, never in code or logs.
Encryption at rest & in transit
Every business's data is isolated with row-level security at the database, scoped to that business by a server-verified session — deny by default.
Tenant isolation (RLS)
Sign-in supports a second factor, and sessions and devices are visible and revocable from account settings.
Two-factor authentication
Every admin action and money movement is logged on an append-only trail — reversed, never edited, if something needs correcting.
Audit trails
BVN and NIN are processed by licensed KYC partners (NIBSS, VerifyMe). We store only what we must, always masked in the UI.
KYC / identity
We comply with the Nigeria Data Protection Act. You can request access, correction, or deletion of your data at any time.
NDPA compliance
Card PANs and full BVN/NIN — these are tokenized by our partners, not stored on Klovo's servers.
What Klovo doesn't hold

Found a security issue?

If you believe you've found a vulnerability in Klovo, please report it privately so we can investigate before any public disclosure. We won't pursue legal action against good-faith, non-destructive research reported this way.

security@klovo.ng
Get started

Run your business on infrastructure built to hold money.