Amid a sudden Nigerian ban, Kled AI is accused of severe data privacy breaches

Nigerian digital rights researchers are accusing US data marketplace Kled AI of large-scale privacy violations following the app’s sudden exit from the country. Local tech advocates, including prominent voices like Nnamdi Obi on X, claim the startup breached the Nigeria Data Protection Act (NDPA) 2023 while harvesting data from thousands of local users.

Nigerian law classifies any entity processing personal data from over 200 users within six months as a “Data Controller of Major Importance”. Kled had roughly 25,000 active users in the country.

Yet, the Nigeria Data Protection Commission (NDPC) registry shows no record of the company. It filed no compliance audits and operated without a publicly appointed local data protection officer.

Critics are pointing directly to Kled’s terms of service. The agreement forces users to “irrevocably sell” their content under Delaware law, completely bypassing Nigerian jurisdiction.

Developer logs also showed that when users failed Know Your Customer (KYC) checks due to flagged IDs, their files remained in processing.

Under the NDPA, data processing must stop immediately if consent fails. Exporting biometric data to unknown foreign AI labs without proving those buyers meet local standards is a direct legal breach.

Additionally, a controversial clause allows Kled to demand that users refund their earnings if a local court invalidates the consent agreement.

Kled AI exit and its CEO’s rebuttal 

To understand how we got here, one must look at what Kled AI actually does. Registered as Nitrility Inc. in Delaware, United States, the company operates as an opt-in data marketplace for artificial intelligence.

The premise is simple: everyday users download the iOS app, upload personal photos, videos, and documents, and receive direct payments. The platform essentially turns everyday digital assets into training data for global AI models.

For a brief period, the platform represented genuine tech optimism. It offered a viable route to digital financial inclusion for young Africans. A consistent user providing high-quality training data could realistically accumulate a milestone payout of ₦1,000,000.

It turned raw, everyday digital assets into a monetisable commodity for the global AI arms race.

But that promise collapsed abruptly on Monday, May 4, 2026. Without prior warning, Kled vanished from the Nigerian Apple App Store and issued a nationwide IP ban, locking out its 25,000 local users. This triggered immediate panic over unpaid balances and the fate of sensitive government IDs previously submitted for verification.

Facing a massive public relations crisis, Kled’s 22-year-old founder, Avi Patel, pushed back firmly against the data theft claims. He stated the blackout was a strict operational necessity rather than an extraction scheme.

According to Patel, a 10 million upload sample from Nigeria revealed a 94.2% fraud rate.

He claimed users submitted blank screens, plagiarised photos, and artificially generated images at an industrial scale. The situation reached a breaking point over a single weekend. Patel noted that Kled’s verification system was suddenly flooded with thousands of fake Japanese passports featuring photoshopped Nigerian faces.

Patel noted that filtering this volume of junk data on the backend is simply too expensive for a nascent startup. He compared Nigeria to markets like Malaysia and the Philippines, which maintain fraud rates below 10% despite having much larger user bases.

Dismissing claims of racial bias, Patel framed the ban as a move to protect the trust of AI labs buying their data. He insisted the company intends to return once it improves its filtering systems, while also warning users about a fake Android clone currently impersonating the brand.

A 94% fraud rate is a valid reason to pause operations. However, business challenges do not override sovereign laws. Failing to register with the NDPC or safely handle rejected KYC data leaves Kled legally exposed. Nigerian regulators have proven they can actually bite. Last year, the NDPC and the Federal Competition and Consumer Protection Commission (FCCPC) slammed a $220 million fine against Meta for similar cross-border data offences.

For the African tech ecosystem to mature safely, foreign companies must adopt clear, rigorous governance frameworks and the same rigorous compliance frameworks and best practices that they uphold in their home market. Until they respect local data sovereignty as much as they respect their product integrity, the pipeline will remain broken and put them at loggerheads with the regulators.