Klario is an AI-powered personal finance app for Nigerians. It connects all your bank accounts in one place, tracks your spending with AI, automates savings, and lets you pay bills without leaving the app.

No. Klario is a financial intelligence platform, not a bank. We do not hold or custody your funds. All banking and payment functions run through licensed CBN-regulated partners.

How does Klario connect to my bank accounts?

Klario uses licensed open banking infrastructure to read your bank data securely. Your bank login credentials never touch Klario's servers. We receive read-only data through cryptographically signed APIs.

Is Klario safe to use?

Yes. Your data is encrypted with AES-256 at rest and TLS 1.3 in transit. We use biometric authentication, BVN verification, and row-level database security so users cannot access each other's data.

How much does Klario cost?

Klario has three tiers: Free at ₦0 per month, Money Manager at ₦1,900 per month, and Financial Executive at ₦5,400 per month. Annual billing is 10% cheaper.

Who is behind Klario?

Klario is a product of Klario Finance, operated by Raavon Limited (RC-9537604, www.raavon.com). The team is based in Nigeria and focuses exclusively on Nigerian financial users.

When can I download the Klario app?

Klario is currently in pre-launch. Join the waitlist on klario.finance to be notified the moment we go live on iOS and Android.

Klario: Your Money, Finally Making Sense

01Definitions

Personal data: any information relating to an identified or identifiable natural person, including name, contact details, identification numbers, location data, online identifiers and financial information.
Sensitive personal data: data relating to health, genetic or biometric data, race or ethnicity, religious or similar beliefs, political opinions or sex life, or such other data as the NDPC may classify as sensitive.
Processing: any operation performed on personal data, including collection, recording, storage, retrieval, use, disclosure, restriction, erasure or destruction.
Data controller: the entity that determines the purposes and means of processing. Data processor: the entity that processes personal data on behalf of a controller.

02Data Protection Principles

In line with Section 24 of the NDPA 2023, the Company ensures that personal data is:

Processed fairly, lawfully and transparently;
Collected for specified, explicit and legitimate purposes, and not further processed in a manner incompatible with those purposes;
Adequate, relevant and limited to what is necessary (data minimisation);
Accurate and kept up to date, with inaccurate data corrected or erased without delay;
Retained for no longer than is necessary for the purposes for which it was collected;
Processed with appropriate security, integrity and confidentiality.

The Company applies privacy by design and by default in the development of all venture products.

03Lawful Bases for Processing

The Company processes personal data only where at least one lawful basis under Section 25 of the NDPA 2023 applies:

The data subject has given consent, which must be freely given, specific, informed and unambiguous, and may be withdrawn at any time;
Processing is necessary for the performance of a contract with the data subject, or to take steps at their request prior to entering a contract;
Processing is necessary for compliance with a legal obligation;
Processing is necessary to protect the vital interests of the data subject or another person;
Processing is necessary for a task carried out in the public interest or the exercise of official authority;
Processing is necessary for the legitimate interests of the Company or a third party, except where overridden by the rights and freedoms of the data subject.

Sensitive personal data is processed only under the stricter conditions of Section 30 of the NDPA 2023. We do not process the personal data of children without verifiable parental or guardian consent, and apply appropriate age-verification mechanisms in ventures whose users may include persons under eighteen (18).

04Your Rights as a Data Subject

Under Sections 34 to 37 of the NDPA 2023, you have the right to:

Be informed about the processing of your personal data through clear privacy notices;
Access your personal data and obtain a copy;
Rectification of inaccurate or incomplete data;
Erasure of personal data where there is no lawful justification for retention;
Restriction of, or objection to, processing, including for direct marketing;
Data portability in a structured, commonly used and machine-readable format;
Withdraw consent at any time without affecting prior lawful processing;
Not be subject to a decision based solely on automated processing producing legal or similarly significant effects, without appropriate safeguards;
Lodge a complaint with the Nigeria Data Protection Commission.

Requests should be directed to privacy@raavon.com and are resolved without undue delay and within any timeline prescribed by the NDPC. Identity is verified before any request is actioned.

05Data Protection Officer

The Company has designated a Data Protection Officer (DPO), reachable at privacy@raavon.com, responsible for compliance monitoring, maintenance of the Record of Processing Activities, data subject and regulator liaison, DPIA oversight and breach coordination.

06Security of Personal Data

We implement appropriate technical and organisational measures proportionate to the risk, including:

Encryption of data in transit (TLS 1.2 or higher) and at rest;
Role-based access control and least privilege;
Multi-factor authentication on critical systems;
Logging and monitoring;
Secure development practices;
Pseudonymisation or masking where full data is not required;
Secure disposal of data and media.

07Personal Data Breach Management

All suspected personal data breaches are reported immediately to the DPO at privacy@raavon.com.
The DPO assesses the breach, coordinates containment and remediation, and maintains an internal breach register.
Where a breach is likely to result in a risk to the rights and freedoms of data subjects, we notify the NDPC within seventy-two (72) hours of becoming aware of it.
Where the breach is likely to result in a high risk, affected data subjects are informed without undue delay, with advice on protective steps.
Where the Company acts as a data processor, it notifies the relevant data controller without undue delay.

08Third Parties and Data Processors

We engage only processors and sub-processors that provide sufficient guarantees of compliance with applicable data protection legislation. All processing by third parties is governed by a written data processing agreement covering confidentiality, security measures, sub-processing, assistance with data subject rights, breach notification, audit rights, and return or deletion of data at the end of the engagement. Where a venture relies on regulated partners (such as banking, payments or open-banking providers), data sharing is limited to the minimum data necessary for the service.

09Cross-Border Data Transfers

Personal data is not transferred outside Nigeria except in accordance with Sections 41 to 43 of the NDPA 2023, under a mechanism affording adequate protection or another lawful condition such as the data subject's informed consent. Where ventures use cloud infrastructure hosted outside Nigeria, the DPO ensures an appropriate transfer mechanism is in place and recorded.

10Retention, Disposal and Impact Assessments

Personal data is retained only as long as necessary for the purpose collected, or as required by law (including financial-sector record-keeping obligations). On expiry, data is securely deleted, anonymised or destroyed.

A Data Protection Impact Assessment (DPIA) is carried out before any processing likely to result in high risk to data subjects, including large-scale processing of financial data, profiling, the adoption of new technologies (including AI-assisted features), or processing of sensitive personal data.

11Contact

Raavon Limited (RC-9537604)

Data Protection Officer: privacy@raavon.com

Parent Company: www.raavon.com

Data Protection Policy

Introduction