NINFix: Building a Compliant Subscription App for a Real Problem

NINFix started with a frustration almost every Nigerian shares: sorting out your NIN (National Identification Number) is confusing, stressful, and full of dead ends. The product is a mobile-first web app that diagnoses your exact NIN problem, builds a personalized resolution plan with a document checklist and cost/timeline estimate, and tracks your progress, plus a free readiness checker for people who don't have a NIN yet.

The stack

It's built on Next.js 14 with the App Router and TypeScript in strict mode, Tailwind and shadcn/ui for the interface, and Supabase for Postgres, auth, and row-level security. Billing runs on Paystack recurring subscriptions, server-side and webhook-driven, with Resend for transactional email and TanStack Query plus react-hook-form and Zod holding the data layer together.

Subscriptions are a backend problem, not a button

The naive version of subscriptions is 'add a pay button.' The real version is webhooks: Paystack tells your server when a payment succeeds, fails, or renews, and your server is the single source of truth for who has access. Getting that right, idempotent webhook handling, gracefully handling failed renewals, never trusting the client, was where most of the careful engineering went.

Compliance as a feature, not an afterthought

• We never scrape or auto-poll the government portal, status is user-reported by design.
• We store the minimum: name, email, optional phone, issue category, and billing identifiers.
• We never store full BVN, biometrics, or ID scans; a NIN, if entered, is masked to the last 4 digits.
• NDPA consent is captured at signup, and account and data deletion are fully supported.

The takeaway

NINFix taught me that for products touching sensitive data, your privacy and compliance posture isn't a legal checkbox, it's part of the product and part of the trust. Building it deliberately conservative, storing less, promising less, being honest about what it does and doesn't do, made it something I'm genuinely proud to put my name on.

When you're handling people's identity data, the most impressive thing you can build is restraint.