Plain English. NDPA-aligned. Updated as the law and our practice evolve.
ASIRI Compliance Ltd ("Asiri", "we") is a company registered in Nigeria, headquartered in Lagos, Nigeria. We provide Nigeria-first privacy and trust operations software for teams running NDPA workflows, assurance evidence, and customer Trust Centers.
This notice describes how we process personal data when you visit asiri.ng, request tenant access, contact sales, attend an event, or otherwise interact with us. It does not cover how our customers use Asiri to process their own data subjects’ information — that is governed by each customer’s own privacy notice.
Account data (name, work email, role, employer), tenant configuration, billing data via our payment processors, support correspondence, consent evidence, product telemetry where enabled, and standard server logs for security and abuse prevention.
Performance of contract (delivering the service), legitimate interest (security, product improvement, fraud prevention), consent (marketing communications, optional cookies), and legal obligation (tax, NDPC reporting, court orders).
Account data: for the life of the account plus 12 months. Billing records: 7 years (FIRS). Security logs: 12 months. Marketing data: until you withdraw consent. Public cookie consent evidence: up to 24 months. Support tickets: 24 months.
When you use the cookie banner, we record the notice version, category choices, source of the decision, page, timestamp, Global Privacy Control status, hashed IP, and hashed user agent. The public marketing consent ledger is designed to prove accountability without storing raw IP addresses or raw browser fingerprints.
Sub-processors listed at /policy/sub-processors (cloud hosting, email, analytics, payments, support). We do not sell personal data. We disclose only when legally required and notify affected customers unless prohibited.
Primary processing is in AWS af-south-1 (Cape Town). Some sub-processors operate outside Nigeria; transfers use documented safeguards under NDPA s.41, including transfer assessments and contractual protections. Counsel or auditor review remains pending where applicable.
Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Email privacy@asiri.ng. We respond within 30 days. You may also lodge a complaint with the NDPC at ndpc.gov.ng.
Details at /company/trust-security: documented encryption, transport security, audit logging, recovery targets, and ISO 27001 readiness with external audit and restore-test evidence pending.
Material changes are announced 30 days in advance via email and in-product banner. Past versions are available on request.
Data Protection Officer · privacy@asiri.ng · ASIRI Compliance Ltd, Lagos, Nigeria.
