Skip to main content
ASIRI
Legal/Privacy Notice

How we handle your data.

Plain English. NDPA-aligned. Updated as the law and our practice evolve.

Contact the DPO Trust & security
Effective: 1 May 2026 · Version 2.1
§ 1

Who we are

ASIRI Compliance Ltd ("ASIRI", "we") is a company registered in Nigeria, headquartered in Yaba, Lagos. We are a licensed Data Protection Compliance Organisation (DPCO) under the Nigeria Data Protection Commission (NDPC).

§ 2

What this notice covers

This notice describes how we process personal data when you visit asiri.ng, request tenant access, contact sales, attend an event, or otherwise interact with us. It does not cover how our customers use ASIRI to process their own data subjects’ information — that is governed by each customer’s own privacy notice.

§ 3

Data we collect

Account data (name, work email, role, employer), tenant configuration, billing data via our payment processors, product telemetry, support correspondence, and standard server logs (IP, user agent, timestamps) for security and abuse prevention.

§ 4

Lawful bases (NDPA s.25)

Performance of contract (delivering the service), legitimate interest (security, product improvement, fraud prevention), consent (marketing communications, optional cookies), and legal obligation (tax, NDPC reporting, court orders).

§ 5

How long we keep it

Account data: for the life of the account plus 12 months. Billing records: 7 years (FIRS). Security logs: 12 months. Marketing data: until you withdraw consent. Support tickets: 24 months.

§ 6

Who we share it with

Sub-processors listed at /policy/sub-processors (cloud hosting, email, analytics, payments, support). We do not sell personal data. We disclose only when legally required and notify affected customers unless prohibited.

§ 7

Cross-border transfers

Primary processing is in AWS af-south-1 (Cape Town). Some sub-processors operate outside Nigeria; transfers rely on adequacy assessments and Standard Contractual Clauses under NDPA s.41.

§ 8

Your rights

Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Email privacy@asiri.ng. We respond within 30 days. You may also lodge a complaint with the NDPC at ndpc.gov.ng.

§ 9

Security

Details at /company/trust-security: AES-256 at rest, TLS 1.3 in transit, hash-chained audit log, RPO 5 min, RTO 1 hour, ISO 27001 audit in progress.

§ 10

Changes

Material changes are announced 30 days in advance via email and in-product banner. Past versions are available on request.

§ 11

Contact

Data Protection Officer · privacy@asiri.ng · ASIRI Compliance Ltd, Yaba, Lagos, Nigeria.