Data Protection Policy
Last updated: December 30, 2024
Our Commitment: Springital is committed to protecting personal data in accordance with the Nigeria Data Protection Regulation (NDPR) 2019 and international best practices.
1. Data Controller
Springital acts as the Data Controller for personal data collected through our WhatsApp AI Sales Agent service. We determine the purposes and means of processing personal data.
Data Protection Officer Contact:
- Email: dpo@springital.com
- Address: Lagos, Nigeria
2. Legal Basis for Processing
We process personal data under the following legal bases:
- Consent: When you opt-in to use our service or communicate with our AI agent
- Contractual Necessity: To fulfill our service agreement with you
- Legitimate Interest: For service improvement and fraud prevention
- Legal Obligation: To comply with Nigerian laws and regulations
3. Categories of Data Processed
Business Owner Data
- Full name and contact details
- Business name and registration details
- Bank account/payment information
- Service preferences and configurations
End Customer Data
- Phone numbers (from WhatsApp interactions)
- Names (when provided in conversations)
- Order and transaction details
- Conversation history with AI agent
4. Data Processing Activities
Your data is processed for:
- Providing automated WhatsApp responses
- Processing and tracking orders
- Payment collection and reconciliation
- Service analytics and improvement
- Customer support
5. Third-Party Data Processors
We engage the following third-party processors:
- Meta (WhatsApp): WhatsApp Business API provider (USA/Ireland)
- Paystack: Payment processing (Nigeria)
- Airtable: Data storage and management (USA)
- n8n: Workflow automation (Germany)
All processors are contractually bound to protect your data and process it only as instructed.
6. International Data Transfers
Some of your data may be transferred outside Nigeria to our service providers. We ensure adequate protection through:
- Standard Contractual Clauses
- Adequacy assessments of recipient countries
- Technical and organizational security measures
7. Data Retention Periods
- Active Account Data: Retained for the duration of the service agreement
- Conversation Logs: 90 days (then anonymized or deleted)
- Transaction Records: 7 years (legal requirement)
- Inactive Accounts: Deleted after 12 months of inactivity
8. Your Data Rights (NDPR)
Under the Nigeria Data Protection Regulation, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we use your data
- Portability: Receive your data in a machine-readable format
- Objection: Object to certain processing activities
- Withdraw Consent: Revoke consent at any time
To exercise these rights, contact us at dpo@springital.com. We will respond within 30 days.
9. Security Measures
We implement robust security measures including:
- 256-bit SSL/TLS encryption for data in transit
- End-to-end encryption for WhatsApp messages
- Access controls and multi-factor authentication
- Regular security audits and vulnerability assessments
- Employee training on data protection
- Incident response procedures
10. Data Breach Notification
In the event of a data breach that poses risk to your rights:
- We will notify the National Information Technology Development Agency (NITDA) within 72 hours
- Affected individuals will be notified without undue delay
- We will provide details of the breach and remediation steps
11. Children's Data
Our service is not intended for individuals under 18 years of age. We do not knowingly collect data from children.
12. Updates to This Policy
We review and update this policy annually or when significant changes occur. Material changes will be communicated via email or through our service.
13. Complaints
If you are unsatisfied with how we handle your data, you may:
- Contact our Data Protection Officer at dpo@springital.com
- Lodge a complaint with NITDA (National Information Technology Development Agency)
14. Contact Information
For data protection inquiries:
- Data Protection Officer: dpo@springital.com
- General Inquiries: support@springital.com
- WhatsApp: +234 814 649 8446