KYC & Vendor Verification Policy

Last updated on: 26 May 2026

1. Introduction

Makeatask runs a Know-Your-Customer (KYC) programme on every user of the platform. KYC is mandatory for both Task Posters and Service Providers and is enforced before any user can post a task, submit an offer, message another user, fund their wallet, or withdraw funds. We use KYC to prevent identity fraud, to comply with Nigerian anti-money-laundering law, to satisfy the obligations of our payments partner Paystack, and to keep the marketplace safe for both sides of every transaction. This Policy explains what we collect, how we verify it, and how we treat KYC data.

2. Scope

  • KYC applies to every individual user of Makeatask, including both Task Posters and Service Providers.
  • KYC is required before a user can post a task, send an offer, chat with another user, fund their wallet, or withdraw funds.
  • Makeatask does not currently support business or organisational accounts. Where this changes, an enhanced verification process will apply.

3. Data We Collect for Verification

During KYC we collect the following data and pass it to our licensed verification partner for checking against authoritative Nigerian databases:

  • Full legal name (first name, middle name, last name) as it appears on a government-issued ID.
  • Date of birth.
  • Gender.
  • Phone number, verified by SMS one-time-passcode before KYC starts.
  • Email address, verified by one-time-passcode before KYC starts.
  • Residential address.
  • Government-issued identity number — either a National Identification Number (NIN) or a Bank Verification Number (BVN).
  • Document type and document number (e.g. NIN, driver’s licence, international passport, voter card) where relevant.
  • A live selfie image used for face-match and liveness against the photo held on the identity record.

4. Verification Partner

We use Dojah (https://dojah.io) — a Nigerian identity verification provider — to validate identity data, run face-match against NIN/BVN, and perform liveness on the selfie. Dojah is contracted under a written data-processing agreement and is only authorised to use the data we send for the verification request we initiated. We do not share the data with any other identity provider.

5. Step-by-Step Verification Flow

  • Email verification: the user enters an email and confirms it with a one-time code we send to that address. Unverified emails cannot proceed to KYC.
  • Phone verification: the user enters a Nigerian mobile number and confirms it with a one-time code we send by SMS. Unverified phones cannot proceed to KYC.
  • Personal details capture: the user enters their full legal name, date of birth, gender, and residential address inside the app.
  • ID submission: the user enters their NIN or BVN and selects the document type they will rely on.
  • Liveness selfie: the user records a live selfie inside the app. The capture is recorded with anti-spoofing controls (motion check, lighting check) and is not allowed to be a pre-existing photo from the device’s gallery.
  • Match and check: we send the captured data to Dojah, which validates the identity number against the official Nigerian databases and runs a face-match between the live selfie and the photo held on the identity record. We also store a hash of the document image to detect re-use of the same document across multiple accounts.
  • Outcome: the user is marked as verified, pending review, or rejected (see “Outcomes and Retries” below).
  • Final review: where any field comes back inconclusive — for example the NIN exists but the face-match score is borderline — the case is escalated to our internal Trust & Safety team for manual review before the user is allowed to transact.

6. Outcomes and Retries

  • Verified: the user is granted the “identity_verified” status and can post tasks, send offers, fund the wallet, withdraw, and use chat.
  • Pending review: where the case is borderline, it is escalated to our Trust & Safety team for human review. The user is told the case is in review.
  • Rejected: where the data does not match or the liveness check fails, the user is told their attempt failed. The user can correct the data and retry, up to a maximum of four (4) attempts.
  • Suspended after repeated failure: after the fifth failed attempt the user’s account is suspended and they must contact support@makeatask.com to re-open the case. This is to prevent brute-force attempts using stolen identity documents.

7. What Verification Confirms

A successful KYC confirms that (a) the identity number provided exists on the official Nigerian identity database, (b) the personal details the user gave us match that record, and (c) the live selfie matches the photo held against that record at the moment of capture. KYC does not vet a user’s skills, professional licences, or background. Where a task requires a regulated licence (medical, legal, electrical, etc.) the relevant Provider is responsible for holding and producing it; we deal with claims of unlicensed practice through our Acceptable Use Policy and dispute process.

8. Ongoing Monitoring

Passing KYC at sign-up is not the end of the story. We continue to monitor the platform for fraud, AUP breaches, and signs that an account has been taken over:

  • Behavioural signals: we flag unusual login locations, sudden changes in payout bank accounts, rapid wallet movements that look like layering, and bursts of cancellations.
  • Device signals: we tie sessions to device identifiers and flag when a verified identity suddenly switches device or appears across many accounts.
  • Transaction signals: we monitor for self-dealing (Poster and Provider operating from the same device, IP, or bank), wash-trades, and clusters of fake reviews.
  • Re-verification: we may ask a user to re-run KYC at any time, particularly after a flagged event or a long period of inactivity. The user cannot transact until re-verification completes.
  • Sanctions screening: we screen against publicly available sanctions and PEP lists where relevant, and refuse accounts that match.

9. How We Handle KYC Data

  • KYC data is collected, transmitted, and stored using encryption in transit (TLS) and encryption at rest for sensitive fields.
  • Access to KYC records is restricted to authorised members of our Trust & Safety, fraud-operations, and engineering teams, on a need-to-know basis, and is audit-logged.
  • KYC outcomes are persisted in our backend (verification status, reference identifier, document hash, timestamps). We do not store full payment-card numbers; those are handled by our regulated payments partner.
  • KYC data is retained for the life of the account and for the period required by Nigerian financial-services and anti-money-laundering law after account closure.
  • We do not sell or rent KYC data. We share it only with our verification partner (to run the check), with our payments partner (to satisfy their own KYC obligations), with cloud-infrastructure providers we use to run the platform, and with regulators or law enforcement where we are legally required to disclose.

10. Your Rights Over KYC Data

Subject to the limits of Nigerian financial-services and anti-money-laundering law, you can ask for a copy of the KYC data we hold about you, ask us to correct inaccurate fields, or ask us to delete your account. Where the law requires us to keep certain records for a defined period, we will retain only that subset and delete the rest. Requests can be made to privacy@makeatask.com. Our full position on data handling and your data-subject rights is described in the Privacy Policy.

11. Changes to This Policy

We may update this Policy when Nigerian regulation or our verification stack changes. Material changes are communicated in the app, by email, or both, and the “Last updated” date above is moved.

12. Contact

Questions about a specific KYC outcome should be raised through the in-app help flow so the support ticket is linked to your verification case. General questions about this Policy can be sent to safety@makeatask.com.