This Privacy Policy outlines how Profitaa collects, uses, and protects personal data in compliance with the Nigeria Data Protection Act (NDPA) 2023 and the General Application and Implementation Directive (GAID) 2025.

 

1. Information We Collect
We collect personal data necessary to provide accounting services, including:
Account Information: Name, email address, phone number, and business address.
Financial Data: Bank account details, transaction history, and tax identifiers uploaded to the software.
Technical Data: IP address, device type, browser information, and usage logs (collected automatically via cookies).

 

2. Lawful Basis for Processing
We process your data under the following legal grounds:
Contractual Necessity: To provide the accounting services you subscribed to.
Consent: Where you have explicitly agreed (e.g., for marketing or specific third-party integrations).
Legal Obligation: To comply with Nigerian tax (FIRS) and financial reporting laws.
Legitimate Interest: For fraud prevention and improving platform security.

 

3. How We Use Your Data
Your data is used to:
Manage your account and process payments.
Generate financial reports and automate accounting tasks.
Ensure platform security and prevent unauthorized access.
Notify you of software updates or critical changes to our service.

 

4. Data Sharing and Recipients
We do not sell your personal data. We may share data with:
Service Providers: Cloud hosting partners (e.g., AWS, Azure) and payment processors.
Regulatory Bodies: When required by Nigerian law (e.g., NDPC, FIRS).
Third-Party Integrations: Only when you explicitly authorize the connection.

 

5. Your Rights as a Data Subject
Under the NDPA 2023, you have the right to:
Access: Request a copy of your personal data in a structured electronic format.
Correction: Rectify inaccurate or incomplete information.
Erasure: Request the deletion of your data when it is no longer necessary.
Portability: Transfer your data to another service provider.
Withdraw Consent: Rescind your consent at any time without penalty.
Lodge a Complaint: Report grievances directly to the Nigeria Data Protection Commission (NDPC).

 

6. Data Security and Retention
Security: We implement technical measures including SSL/TLS encryption, firewalls, and regular security audits to protect your data.
Retention: We store personal data only as long as your account is active or as required for legal and tax compliance (typically 6–7 years for financial records).

 

7. Cross-Border Data Transfers
Data may be transferred outside Nigeria for cloud hosting purposes. We ensure these transfers comply with NDPA standards through Standard Contractual Clauses (SCCs) or by ensuring the destination country provides an adequate level of data protection.

 

8. Contact Us
For any privacy-related inquiries or to exercise your rights, contact our Data Protection Officer (DPO) at:

Email: [email protected]
Address: 213, Shetimma Ali Mungono Crescent, Utako District – Abuja, Nigeria