Abimbola🥷

KLED BROKE OUR LAWS. @ndpcngr look into this. I am making this last post before i put it to rest. Kled AI collected personal data from 25,000 Nigerians, sold it to AI labs and governments, then IP-banned the entire country. What they did not tell you is that while they were operating in Nigeria, they appear to have been breaking Nigerian law. Here is the legal case, point by point, with every source linked. FIRST. UNDERSTAND WHAT KLED ACTUALLY IS Kled, registered as Nitrility Inc., is not a neutral tech platform. By their own published terms of service (https://t.co/MI7mKazGty), the moment you upload anything to Kled, you are not just sharing content. You are irrevocably selling it. Their exact words: "YOU UNDERSTAND AND AGREE THAT YOU ARE IRREVOCABLY SELLING SUBMITTED CONTENT TO COMPANY TO BE USED FOR ANY PURPOSE." They then grant themselves the right to "sell, share, sublicense, transfer and/or distribute Submitted Content to our affiliates, our customers, partners and/or prospective customers and partners to be used for any purpose, including without limitation the development of artificial and machine learning products." Their own website (https://t.co/XfLUED7gkT) states they power the world's leading AI companies, governments, and research institutions. Your photos, videos, and identity documents were being sold the moment you hit upload. But here is the part that exposes the entire "we pay you fairly" narrative as a trap. Their terms also contain this clause: "If the consents, covenants, releases and/or rights granted to Company are deemed legally unenforceable or otherwise revoked, reversed, invalidated, or withdrawn with respect to any Submitted Content, then you are required to immediately refund to Company any compensation you previously received in connection with such Submitted Content." Read that again. If a Nigerian court or the NDPC ever rules that their consent clause is unenforceable under Nigerian law, Kled can legally demand every naira they paid you back. They built a clause to reclaim payments the moment their legal framework gets challenged. They did not come to empower you. They came to extract from you, and they made sure they could take back even the few dollars they offered if anyone tried to hold them accountable. That is not fair compensation. That is a legal trap dressed as an opportunity. VIOLATION ONE: OPERATING WITHOUT NDPC REGISTRATION The Nigeria Data Protection Act 2023 classifies any organization that processes the personal data of more than 200 Nigerian users within six months as a Data Controller of Major Importance. That classification triggers a mandatory legal obligation to register with the Nigeria Data Protection Commission before operating at scale. Kled had 25,000 Nigerian users. The NDPC maintains a public register of all compliant organizations here: https://t.co/mUGGEBsMJO Search for Kled or Nitrility Inc. yourself. They are not on it. ( I have provide screenshots below) Operating on Nigerian user data at that scale without NDPC registration is a direct violation of the Act. VIOLATION TWO: PROCESSING DATA AFTER CONSENT WAS COMPROMISED By his own public admission, Nigerian users were actively submitting KYC documents through Kled's verification system. He stated this himself in his original post when he described being "flooded with thousands of fake Japanese passports and identity cards with Nigerians photoshopped onto them" in their KYC system. The NDPA requires that when a user's ability to complete the consent process is blocked or their data is rejected, all processing of their personal data must stop immediately. But Kled's own App Store developer responses, which you can verify yourself (https://t.co/9z0fn7U0D9), show a pattern of telling users that uploaded content remains in processing even after their accounts are rejected or flagged. Their terms of service (https://t.co/MI7mKazGty) confirm this further, stating explicitly that if consent is ever deemed unenforceable, the company retains the right to reclaim payments while making no commitment to delete the data already collected. Nigerian users went through KYC. He confirmed that himself. Their data was retained after rejection. His own terms confirm that. Under the NDPA, that is unlawful data processing. VIOLATION THREE: UNLAWFUL CROSS-BORDER DATA TRANSFER The NDPA is explicit. Nigerian user data can only be transferred abroad if the receiving organization provides a level of data protection substantially equivalent to Nigerian law (https://t.co/sHLmqkGFKe). Kled's business model is selling Nigerian user data to AI labs, governments, and research institutions internationally. Their own terms of service (https://t.co/MI7mKazGty) confirm they sell, share, sublicense, transfer and distribute submitted content to customers, partners, and prospective partners for any purpose. Nowhere in their privacy policy (https://t.co/MTkBBNa7VT) do they disclose whether those buyers meet Nigeria's data adequacy standards. That is not a minor oversight. That is a legal violation. Their governing law clause makes it even worse. Their terms state: "This Agreement shall be governed by the laws of the State of Delaware." Nigerian law is not mentioned anywhere in their entire terms of service. They designed this contract to operate entirely outside Nigerian legal jurisdiction while collecting data from Nigerian citizens. VIOLATION FOUR: NO DATA PROTECTION OFFICER Under the NDPA and the GAID 2025 (https://t.co/zhHP6zEPqd), every Data Controller of Major Importance must appoint a qualified Data Protection Officer to monitor compliance, handle user rights requests, and liaise with the NDPC. Kled processed the data of 25,000 Nigerians at millions of uploads per day. They have never publicly disclosed the appointment of a DPO for their Nigerian operations. VIOLATION FIVE: NO COMPLIANCE AUDIT FILED Data Controllers of Major Importance are required to conduct annual compliance audits and submit Compliance Audit Returns to the NDPC (https://t.co/L2mLqfLyxs). A company that processed 10 million uploads from Nigerian users, collected biometric identity data through KYC, and sold that data to third parties internationally, has no public record of submitting a single compliance audit to Nigeria's data protection authority. THE PRECEDENT THEY SHOULD BE WORRIED ABOUT The NDPC and FCCPC jointly fined Meta $220 million for the same category of violations, including unauthorized data collection, failure to file a compliance audit, and unlawful cross-border data transfers. That fine was upheld by a Nigerian tribunal on April 25, 2025 (https://t.co/z74rdNJZ1H). The NDPC has also launched formal investigations into Temu over improper handling of Nigerian user data. This is not a toothless regulatory environment. It is a live one. Kled processed data from 25,000 Nigerians, transferred it internationally to unnamed AI labs and governments, collected biometric identity information through KYC, built a contract designed to reclaim payments if their legal framework is ever challenged, and did all of this without registering with the NDPC, without appointing a Data Protection Officer, without filing a compliance audit, and without disclosing whether their data buyers meet Nigerian legal standards. That is not a business decision. That is a compliance failure with legal consequences. WHAT YOU CAN DO RIGHT NOW If you are a Nigerian who uploaded data to Kled, you have rights under the NDPA. You have the right to know what data they hold on you, the right to request deletion, and the right to know exactly who they sold your data to. File a formal complaint directly with the Nigeria Data Protection Commission here: https://t.co/pENCZWHgpQ Read the full NDPC resources and official documents here: https://t.co/CHIMrg9fiH They banned Nigeria. Nigeria has a law. Use it. @ndpcngr Please take this seriously.

nnamdiobiii's tweet photo. KLED BROKE OUR LAWS.

@ndpcngr look into this.

I am making this last post before i put it to rest.

Kled AI collected personal data from 25,000 Nigerians, sold it to AI labs and governments, then IP-banned the entire country.

What they did not tell you is that while they were operating in Nigeria, they appear to have been breaking Nigerian law.

Here is the legal case, point by point, with every source linked.

FIRST. UNDERSTAND WHAT KLED ACTUALLY IS

Kled, registered as Nitrility Inc., is not a neutral tech platform. By their own published terms of service (https://t.co/MI7mKazGty), the moment you upload anything to Kled, you are not just sharing content. You are irrevocably selling it.

Their exact words: "YOU UNDERSTAND AND AGREE THAT YOU ARE IRREVOCABLY SELLING SUBMITTED CONTENT TO COMPANY TO BE USED FOR ANY PURPOSE."

They then grant themselves the right to "sell, share, sublicense, transfer and/or distribute Submitted Content to our affiliates, our customers, partners and/or prospective customers and partners to be used for any purpose, including without limitation the development of artificial and machine learning products."

Their own website (https://t.co/XfLUED7gkT) states they power the world's leading AI companies, governments, and research institutions. Your photos, videos, and identity documents were being sold the moment you hit upload.

But here is the part that exposes the entire "we pay you fairly" narrative as a trap.

Their terms also contain this clause:

"If the consents, covenants, releases and/or rights granted to Company are deemed legally unenforceable or otherwise revoked, reversed, invalidated, or withdrawn with respect to any Submitted Content, then you are required to immediately refund to Company any compensation you previously received in connection with such Submitted Content."

Read that again. If a Nigerian court or the NDPC ever rules that their consent clause is unenforceable under Nigerian law, Kled can legally demand every naira they paid you back.

They built a clause to reclaim payments the moment their legal framework gets challenged.

They did not come to empower you. They came to extract from you, and they made sure they could take back even the few dollars they offered if anyone tried to hold them accountable.

That is not fair compensation. That is a legal trap dressed as an opportunity.

VIOLATION ONE: OPERATING WITHOUT NDPC REGISTRATION

The Nigeria Data Protection Act 2023 classifies any organization that processes the personal data of more than 200 Nigerian users within six months as a Data Controller of Major Importance.

That classification triggers a mandatory legal obligation to register with the Nigeria Data Protection Commission before operating at scale. Kled had 25,000 Nigerian users.
The NDPC maintains a public register of all compliant organizations here: https://t.co/mUGGEBsMJO

Search for Kled or Nitrility Inc. yourself. They are not on it. ( I have provide screenshots below)

Operating on Nigerian user data at that scale without NDPC registration is a direct violation of the Act.

VIOLATION TWO: PROCESSING DATA AFTER CONSENT WAS COMPROMISED

By his own public admission, Nigerian users were actively submitting KYC documents through Kled's verification system.

He stated this himself in his original post when he described being "flooded with thousands of fake Japanese passports and identity cards with Nigerians photoshopped onto them" in their KYC system.

The NDPA requires that when a user's ability to complete the consent process is blocked or their data is rejected, all processing of their personal data must stop immediately.

But Kled's own App Store developer responses, which you can verify yourself (https://t.co/9z0fn7U0D9), show a pattern of telling users that uploaded content remains in processing even after their accounts are rejected or flagged.

Their terms of service (https://t.co/MI7mKazGty) confirm this further, stating explicitly that if consent is ever deemed unenforceable, the company retains the right to reclaim payments while making no commitment to delete the data already collected.

Nigerian users went through KYC. He confirmed that himself. Their data was retained after rejection. His own terms confirm that. Under the NDPA, that is unlawful data processing.

VIOLATION THREE: UNLAWFUL CROSS-BORDER DATA TRANSFER

The NDPA is explicit. Nigerian user data can only be transferred abroad if the receiving organization provides a level of data protection substantially equivalent to Nigerian law (https://t.co/sHLmqkGFKe).

Kled's business model is selling Nigerian user data to AI labs, governments, and research institutions internationally.

Their own terms of service (https://t.co/MI7mKazGty) confirm they sell, share, sublicense, transfer and distribute submitted content to customers, partners, and prospective partners for any purpose. Nowhere in their privacy policy (https://t.co/MTkBBNa7VT) do they disclose whether those buyers meet Nigeria's data adequacy standards.

That is not a minor oversight. That is a legal violation.

Their governing law clause makes it even worse.

Their terms state:
"This Agreement shall be governed by the laws of the State of Delaware."

Nigerian law is not mentioned anywhere in their entire terms of service. They designed this contract to operate entirely outside Nigerian legal jurisdiction while collecting data from Nigerian citizens.

VIOLATION FOUR: NO DATA PROTECTION OFFICER
Under the NDPA and the GAID 2025 (https://t.co/zhHP6zEPqd), every Data Controller of Major Importance must appoint a qualified Data Protection Officer to monitor compliance, handle user rights requests, and liaise with the NDPC.

Kled processed the data of 25,000 Nigerians at millions of uploads per day. They have never publicly disclosed the appointment of a DPO for their Nigerian operations.

VIOLATION FIVE: NO COMPLIANCE AUDIT FILED
Data Controllers of Major Importance are required to conduct annual compliance audits and submit Compliance Audit Returns to the NDPC (https://t.co/L2mLqfLyxs).

A company that processed 10 million uploads from Nigerian users, collected biometric identity data through KYC, and sold that data to third parties internationally, has no public record of submitting a single compliance audit to Nigeria's data protection authority.

THE PRECEDENT THEY SHOULD BE WORRIED ABOUT
The NDPC and FCCPC jointly fined Meta $220 million for the same category of violations, including unauthorized data collection, failure to file a compliance audit, and unlawful cross-border data transfers. That fine was upheld by a Nigerian tribunal on April 25, 2025 (https://t.co/z74rdNJZ1H).

The NDPC has also launched formal investigations into Temu over improper handling of Nigerian user data. This is not a toothless regulatory environment. It is a live one.

Kled processed data from 25,000 Nigerians, transferred it internationally to unnamed AI labs and governments, collected biometric identity information through KYC, built a contract designed to reclaim payments if their legal framework is ever challenged, and did all of this without registering with the NDPC, without appointing a Data Protection Officer, without filing a compliance audit, and without disclosing whether their data buyers meet Nigerian legal standards.

That is not a business decision. That is a compliance failure with legal consequences.

WHAT YOU CAN DO RIGHT NOW
If you are a Nigerian who uploaded data to Kled, you have rights under the NDPA. You have the right to know what data they hold on you, the right to request deletion, and the right to know exactly who they sold your data to.

File a formal complaint directly with the Nigeria Data Protection Commission here: https://t.co/pENCZWHgpQ

Read the full NDPC resources and official documents here: https://t.co/CHIMrg9fiH

They banned Nigeria. Nigeria has a law. Use it.

@ndpcngr Please take this seriously.

811

198

65K

fohlabi retweeted

B33JAY🪽

@beejay0x

about 1 month ago

I just confirmed that @MTNNG steals data from their users‼️‼️💔 I’ve been having suspicions that MTN have been stealing data because of the rate at which my data finishes so fast even if I don’t download anything So yesterday by 3:52 PM I bought 11GB data for 3500 naira I put my phone on power saving mode so no app in the background will be able to use data I didn’t download or upload any videos and I’ve been using my phone lightly. I felt like all this wasn’t enough so i decided to download an app that tracks my data usage This afternoon MTN sent me a message that I have just 4GB of data left Checked the app and saw I used only 3GB from the 11GB I bought yesterday Now my question to MTN is this If I used 3GB from 11GB that means I should have 8GB left Why do I have just 4GB left? Where did my remaining 4GB go??? All evidence attached in the screenshots below👇👇👇 We need to call out MTN for these recent thefts as I’m sure I’m not the only one facing this problem

beejay0x's tweet photo. I just confirmed that @MTNNG steals data from their users‼️‼️💔

I’ve been having suspicions that MTN have been stealing data because of the rate at which my data finishes so fast even if I don’t download anything

So yesterday by 3:52 PM I bought 11GB data for 3500 naira

I put my phone on power saving mode so no app in the background will be able to use data

I didn’t download or upload any videos and I’ve been using my phone lightly.

I felt like all this wasn’t enough so i decided to download an app that tracks my data usage

This afternoon MTN sent me a message that I have just 4GB of data left

Checked the app and saw I used only 3GB from the 11GB I bought yesterday

Now my question to MTN is this

If I used 3GB from 11GB that means I should have 8GB left

Why do I have just 4GB left?
Where did my remaining 4GB go???

All evidence attached in the screenshots below👇👇👇

We need to call out MTN for these recent thefts as I’m sure I’m not the only one facing this problem

16K

Who to follow

🫧Tech | Growth | 👩‍💻Product Manager @ Serlzo | Founder of PMC 📚 → Helping startups bridge the gap & execute with Clarity ✍︎

about 1 month ago

You see that code that you want to refactor to look cleaner, don't try it.

Abimbola🥷 @fohlabi

about 1 month ago

@_JhsFortune 7hrs?? It's been for the past 36 hours here

Abimbola🥷 @fohlabi

about 1 month ago

@callmidavid Well, you can't understand the whole codebase even in 2 weeks. But you should be able to start working on issues the second day of onboarding. As you track bugs, the whole thing becomes more clearer.

Abimbola🥷 @fohlabi

about 1 month ago

@oluwalosheyii This is so real!!

Abimbola🥷 @fohlabi

about 1 month ago

Yeah, this approach is also good, but I think a more balanced approach will be to persist just enough (email, OTP, timestamp)and nothing more until verification. That way, if OTP delivery fails, recovery is trivial. Full profile waits till they verify. A cron handles the cleanup.

𝕽𝖎𝖉𝖜𝖆𝖓𝖚𝖑𝖑𝖆𝖍🥰

@oluwalosheyii

about 1 month ago

The downside to this is, let’s say your email sending provider did you dirty and didn't deliver the mail, what's going to happen since the cache has a TTL? If the data is stored in the DB and there's no ‘email_verified_at’ yet and the person attempts to login since they received a success message when they registered, you can easily trigger another OTP flow and redirect them instead because you have the user's records. You can setup a cron that checks your table to see records older than a certain number of days without verification and clear them out to avoid keeping useless data for long.

833

Abimbola🥷 @fohlabi

about 1 month ago

@_techafresh I prefer learning on the job.

fohlabi retweeted

LEYE

@leyeConnect

about 2 months ago

Ambitious people are my type. I can’t even hide it, once you start talking about doing impossible work, the kind of talk that inspires greatness, you have my allegiance till the wheels fall off. We may fail (woefully) but we will never be guilty of not trying.

117

176K