MiTax
Log in Get started
Legal

Privacy Policy

This policy explains what MiTax does with your information. We aim for two things: do the job (file your tax, take your payment, keep your records) and protect your data while doing it. Nothing more.

Last updated: 21 May 2026

1.What this policy covers#

This policy covers every part of MiTax: the consumer app, MiTax Pro for tax firms, MiTax State portals, the website at mitax.io, and any official MiTax integration. It applies whether you are an individual filing your own tax, a Pro accountant filing on behalf of clients, or an employer running payroll.

The data controller is Worllet Ltd, a Nigerian company, registered as a data controller under the Nigeria Data Protection Act 2023 (NDPA). Our Data Protection Officer is reachable at dpo@mitax.io.

2.Information we collect#

Account information. Your name, email, phone number, password (always stored hashed), Tax ID (TIN), and, where you use phone OTP, your verified mobile number. If you sign up as a business, we also collect your RC or BN, business name, and the names of any directors you add.

Tax information. The figures you enter or upload so MiTax can calculate, file, and pay your tax. This may include income, expenses, invoices, receipts, payroll records, employer details, crypto trades, rental income, and supporting documents you keep in your vault.

Device and usage information. The kind of device you use, the version of MiTax you are running, the screens you visit, the actions you take (for example, "submitted a filing", "downloaded a receipt"), error logs, and approximate IP-based location. We use this to make MiTax faster and safer; we do not sell it.

3.How we use your information#

To run the service: calculate your tax, file your returns, take your payments, store your receipts, and keep your records in your vault. None of this needs your data to leave the systems built for it.

To keep the platform safe: detect fraud, block suspicious sign-ins, protect against attacks, and meet our anti-money-laundering and counter-terrorism-financing obligations.

To support you: respond to your messages, debug issues you report, train staff on the kinds of cases we see, and improve product clarity. When we look at usage to improve MiTax, we work from aggregated patterns where possible, not from one person's data.

4.Who we share with#

The Nigeria Revenue Service (NRS) and the State Internal Revenue Services we integrate with. When you file or pay a tax, the relevant tax authority receives the filing and the payment record. They are the legal recipient of the data on a return; we are the rails that get it there.

Payment service providers. Paystack and Flutterwave handle the movement of money from your bank or card to the government account. They see the transaction details they need to process the payment, no more.

Service providers we choose carefully. Hosting (Supabase, hosted in compliant regions), email and SMS providers, error monitoring, and analytics. We use the minimum data they need, under contracts that bind them to confidentiality.

We never share your data with advertisers, and we never sell personal data. We also never share with third parties for their own marketing.

5.Where your data lives#

MiTax is built Nigeria-first. Our primary storage for taxpayer records is in a hosted Postgres database, with daily encrypted backups. Where our hosting partner offers a Nigeria or West-Africa region, we use it; where they do not yet, we use the nearest region with NDPA-compatible safeguards in place.

Cross-border transfers are kept to a minimum. When they happen, they are protected by standard contractual clauses, encryption in transit and at rest, and access controls that limit which staff can see what.

6.Your rights#

Under the NDPA 2023, you have the right to know what we hold about you, to ask for a copy, to ask for corrections if it is wrong, to ask for deletion (subject to legal retention for tax records), to restrict or object to certain processing, and to lodge a complaint with the Nigeria Data Protection Commission (NDPC).

To use any of these rights, write to dpo@mitax.io from the email on your account. We will respond inside 30 days. There is no charge for a normal request.

For deletion: tax filings, payment records, and the supporting documents the law requires us to keep are retained for the statutory period (usually six years). After that, they are deleted.

7.Data retention#

We keep account data for as long as your account is active. We keep filings, payment records, and tax-related documents for six years from the end of the relevant tax year, as Nigerian law requires.

We keep support conversations for two years, system logs for 90 days, and security event logs for one year. Anything kept beyond active use is encrypted and access-controlled.

8.Cookies#

The MiTax website uses a small number of cookies. The essentials keep you signed in and remember your plan choice. We also use privacy-respecting analytics to count visits and learn which pages are useful; this does not track you across other sites.

You can disable cookies in your browser, but parts of the site (sign-in, billing) need them to work.

9.Children#

MiTax is for people aged 18 and over. We do not knowingly collect data from children. If a parent or guardian discovers that a child has opened a MiTax account, please write to dpo@mitax.io and we will close the account and remove the data.

10.Contact#

Privacy questions: dpo@mitax.io. Everyday support: support@mitax.io. Office: Plot 12, JCP House, Victoria Island, Lagos.

If you would prefer to escalate, you can contact the Nigeria Data Protection Commission (NDPC) directly. See section 7 of our NDPA notice for how.