Privacy Policy

Ardisio by NexonGraphs ("we", "us", "our") is committed to protecting your privacy and complying with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, hosting services, domain registration, email hosting, and all related products and services (collectively, the "Services"). By using our Services, you consent to the practices described in this policy. If you do not agree, please discontinue use of our Services and contact us to delete your data.

We collect the following types of information: Account Information When you register, we collect your name, email address, phone number, billing address, and payment information. Service Usage Data We automatically collect information about how you interact with our Services, including IP addresses, browser type, operating system, pages visited, timestamps, and referring URLs. Hosting and Domain Data When you use our hosting or domain services, we process domain registration details, server configuration data, and resource usage metrics. Communications When you contact us, we collect the content of your messages along with your name and email address. Payment Information Payment card information is handled exclusively by Paystack and is never stored on our servers. Cookies and Tracking We use cookies and similar technologies to improve your experience.

We use the information we collect to: - Provide, maintain, and improve our Services. - Process transactions and send billing information. - Create and manage your account. - Respond to inquiries and provide customer support. - Send service-related notifications including maintenance alerts and security updates. - Send promotional communications (only with your consent — you may opt out at any time). - Monitor and analyze usage trends to improve performance. - Detect, prevent, and address fraud, abuse, and security issues. - Comply with legal obligations and enforce our Terms of Service.

Under the Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA), we process your personal data based on: - Contractual Necessity: Processing required to provide the Services you have requested. - Legitimate Interests: Processing for our legitimate business interests such as improving our Services and preventing fraud. - Consent: Where you have given explicit consent, such as for marketing communications. You may withdraw consent at any time. - Legal Obligation: Processing required to comply with applicable Nigerian laws and regulations.

We do not sell your personal information. We may share your information with: Service Providers - Paystack (payment processing) - Namecheap and Whogohost (domain registration) - DigitalOcean (VPS and cloud infrastructure) - Firebase/Google (authentication and database) - Brevo (email delivery) All providers are contractually obligated to protect your data. Legal Requirements We may disclose your information if required by Nigerian law, court order, or governmental request. Business Transfers In the event of a merger or acquisition, your information may be transferred. We will notify you with at least 30 days notice.

We implement industry-standard security measures including: - TLS 1.2+ encryption for all data in transit. - AES-256-GCM encryption of sensitive data at rest. - Regular security audits and vulnerability assessments. - Role-based access controls on a strict need-to-know basis. - Firewalls, intrusion detection, and DDoS protection. - Audit logging of all administrative actions. In the event of a data breach, we will notify you and the NDPC within 72 hours as required by the NDPA.

We retain your personal information for as long as your account is active or as needed to provide the Services: - Account data: Duration of account plus 12 months after closure. - Billing records: 7 years as required by Nigerian tax law. - Support communications: 2 years. - Security logs: 90 days. When data is no longer needed, it is securely deleted or anonymized.

You have the following rights regarding your personal data: - Right of Access: Request a copy of the personal data we hold about you. - Right to Rectification: Request correction of inaccurate or incomplete data. - Right to Erasure: Request deletion of your personal data, subject to legal retention requirements. - Right to Restriction: Request that we restrict processing in certain circumstances. - Right to Data Portability: Request your data in a structured, machine-readable format. - Right to Object: Object to processing based on legitimate interests or for direct marketing. - Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing. To exercise any of these rights, contact us at contact@ardisio.com. We will respond within 30 days.

Our servers and service providers may be located outside Nigeria. By using our Services, you consent to the transfer of your information to these countries. We ensure appropriate safeguards are in place including standard contractual clauses and data processing agreements with all third-party processors.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take immediate steps to delete that information.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. For material changes, we will notify you via email at least 14 days before the changes take effect.

If you have any questions regarding this Privacy Policy, please contact us: - Email: contact@ardisio.com - Website: https://ardisio.com/contact - Address: Lagos, Nigeria You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.