MagByte Analytics
Privacy Policy
Last Updated: December 4, 2025
1. Introduction
MagByte Analytics ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you use our data analytics services and website.
This Privacy Policy is designed to comply with the Nigeria Data Protection Regulation (NDPR) issued by the National Information Technology Development Agency (NITDA) and other applicable data protection laws.
By using our services, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Personal Information
We may collect personal information that you voluntarily provide to us when you:
- Register for an account
- Request our services
- Subscribe to newsletters or communications
- Contact us for support or inquiries
- Upload data for analysis
Personal information may include:
- Full name
- Email address
- Phone number
- Company name and position
- Billing and payment information
- Business identification numbers
2.2 Financial and Sensitive Data
In providing our analytics services, you may submit financial documents and data, including but not limited to:
- Bank statements
- Transaction records
- Financial reports
- Business performance data
- Tax information
We recognize that bank statements and financial documents contain sensitive personal information. We implement stringent security measures to protect this data in accordance with NDPR requirements.
2.3 Technical and Usage Data
We automatically collect certain information when you visit our website or use our services:
- IP address
- Browser type and version
- Device information
- Operating system
- Pages visited and time spent
- Referring website addresses
- Cookies and similar tracking technologies
2.4 Data You Submit for Analysis
Any datasets, files, or information you upload to our platform for analytics purposes. This may include business data, customer information, operational metrics and other data relevant to your analytics needs.
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Delivery
- To provide, operate and maintain our analytics services
- To process and analyze the data you submit
- To generate reports, visualizations and insights
- To communicate with you about your projects and deliverables
- To provide customer support and respond to inquiries
3.2 Business Operations
- To process payments and manage billing
- To send administrative information, updates and notices
- To monitor and improve our services
- To detect, prevent and address technical issues
- To comply with legal obligations and enforce our terms
3.3 Analytics and Improvements
- To analyze usage patterns and optimize user experience
- To develop new features and services
- To create aggregated, anonymized benchmarks and industry insights
- To conduct research and analysis for service improvement
3.4 Marketing and Communications
With your consent:
- To send promotional materials and newsletters
- To inform you about new services or features
- To conduct surveys and gather feedback
You may opt out of marketing communications at any time.
4. Legal Basis for Processing (NDPR Compliance)
Under the Nigeria Data Protection Regulation, we process your personal data based on the following legal grounds:
4.1 Consent
We obtain your explicit consent before processing sensitive personal data, including financial information such as bank statements. You have the right to withdraw consent at any time.
4.2 Contractual Necessity
Processing is necessary for the performance of our service agreement with you.
4.3 Legal Obligation
Processing is required to comply with applicable Nigerian laws and regulations.
4.4 Legitimate Interests
Processing is necessary for our legitimate business interests, such as improving our services, provided these interests do not override your fundamental rights.
5. Data Security Measures
We take the security of your data seriously and implement comprehensive technical and organizational measures:
5.1 Encryption
- All data transmitted between your devices and our servers is encrypted using industry-standard SSL/TLS protocols
- Sensitive data, including bank statements and financial information, is encrypted both in transit and at rest using AES-256 encryption
- Database encryption and secure key management systems
5.2 Access Controls
- Role-based access control (RBAC) limiting employee access to data on a need-to-know basis
- Multi-factor authentication (MFA) for all administrative accounts
- Regular access audits and reviews
- Strict password policies and credential management
5.3 Infrastructure Security
- Secure cloud hosting with reputable providers
- Regular security patches and updates
- Firewall protection and intrusion detection systems
- Automated backup systems with encrypted storage
- Disaster recovery and business continuity plans
5.4 Operational Security
- Employee training on data protection and NDPR compliance
- Non-disclosure agreements (NDAs) for all staff and contractors
- Incident response procedures for data breaches
- Regular security assessments and penetration testing
- Secure data disposal protocols
5.5 Physical Security
- Restricted access to facilities housing servers and equipment
- Surveillance and monitoring systems
- Environmental controls to protect hardware
Security Disclaimer
Please note: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to using industry best practices.
6. Data Retention and Deletion
6.1 Retention Period
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Specific retention periods:
- Account information: Retained for the duration of your active account plus 12 months after account closure
- Financial data submitted for analysis: Retained for the duration of the project plus 90 days, unless you request earlier deletion or agree to extended retention
- Bank statements and sensitive financial documents: Automatically deleted 90 days after project completion, unless you explicitly authorize extended retention
- Transaction and billing records: Retained for 7 years in compliance with Nigerian tax and financial regulations
- Marketing communications data: Retained until you withdraw consent or unsubscribe
6.2 Data Minimization
We collect and retain only the minimum amount of data necessary to provide our services effectively.
6.3 Secure Deletion
When data is deleted, we use secure deletion methods to ensure it cannot be recovered. This includes:
- Overwriting data multiple times
- Cryptographic erasure for encrypted data
- Physical destruction of decommissioned hardware
7. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:
7.1 Service Providers
We may engage trusted third-party service providers to assist in delivering our services, such as:
- Cloud hosting providers
- Payment processors
- Email service providers
- Analytics tools
These providers are contractually bound to protect your data and use it only for the specified purposes. We ensure they comply with NDPR requirements.
7.2 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Court orders or legal processes
- Requests from government authorities or law enforcement
- Protection of our rights, property, or safety
- Investigation of fraud or security issues
7.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and your options regarding your data.
7.4 With Your Consent
We may share your information with third parties when you explicitly authorize us to do so.
7.5 Aggregated and Anonymized Data
We may share aggregated, anonymized data that cannot identify you individually for industry research, benchmarking, or marketing purposes.
8. Your Rights Under NDPR
As a data subject under the Nigeria Data Protection Regulation, you have the following rights:
8.1 Right of Access
You have the right to request access to the personal data we hold about you and obtain a copy of such data.
8.2 Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data.
8.3 Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data under certain circumstances, including:
- When the data is no longer necessary for the purposes collected
- When you withdraw consent
- When the data has been unlawfully processed
8.4 Right to Object
You have the right to object to the processing of your personal data for direct marketing purposes or based on legitimate interests.
8.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format and transmit it to another data controller.
8.6 Right to Restrict Processing
You have the right to request restriction of processing your personal data in certain circumstances.
8.7 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
8.8 Right to Lodge a Complaint
You have the right to lodge a complaint with the National Information Technology Development Agency (NITDA) if you believe your data protection rights have been violated.
Exercising Your Rights
To exercise any of these rights, please contact us at: privacy@magbyte.biz
We will respond to your request within 30 days in accordance with NDPR requirements.
9. Consent Mechanisms
9.1 Explicit Consent for Sensitive Data
Before processing sensitive personal data, including bank statements and financial information, we obtain your explicit, informed consent through:
- Clear consent forms explaining the purpose and scope of data processing
- Opt-in checkboxes (not pre-checked)
- Separate consent for different processing purposes
- Documentation of consent with timestamps
9.2 Consent for Minors
We do not knowingly collect personal data from individuals under 18 years of age. If we discover we have collected data from a minor, we will delete it promptly.
9.3 Withdrawal of Consent
You may withdraw your consent at any time by contacting us. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.
10. International Data Transfers
Our primary data processing occurs within Nigeria. However, some of our service providers may be located outside Nigeria. When we transfer data internationally, we ensure:
- Adequate data protection safeguards are in place
- Compliance with NDPR requirements for international transfers
- Standard contractual clauses or equivalent mechanisms
- Recipient countries have adequate data protection laws
12. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete such information.
13. Third-Party Links
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
14. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify NITDA within 72 hours of becoming aware of the breach (as required by NDPR)
- Notify affected individuals without undue delay
- Provide information about the nature of the breach and measures taken
- Offer guidance on steps you can take to protect yourself
15. Compliance and Audits
MagByte Analytics is committed to ongoing NDPR compliance:
- We conduct regular data protection impact assessments (DPIAs)
- We maintain records of processing activities
- We appoint a Data Protection Officer (DPO) as required
- We undergo periodic compliance audits
- We stay updated on regulatory changes and adjust practices accordingly
We recommend consulting with a legal professional for NDPR audits specific to your business needs.
16. Future Developments
16.1 Financial Advisory Services
Should MagByte Analytics expand to provide financial advice or investment recommendations in the future, we will:
- Obtain necessary licenses and certifications
- Update this Privacy Policy accordingly
- Obtain fresh consent for new processing activities
- Comply with additional regulatory requirements for financial services
16.2 Banking Integrations
If we develop direct integrations with banking institutions, we will:
- Establish formal partnerships with licensed financial institutions
- Implement additional security protocols
- Obtain explicit consent for bank account access
- Comply with banking regulations and industry standards
17. Updates to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify you of material changes by:
- Posting the updated policy on our website with a new "Last Updated" date
- Sending email notifications to registered users
- Obtaining fresh consent if required by law
Your continued use of our services after such modifications constitutes acceptance of the updated Privacy Policy.
18. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
MagByte Analytics
Email: data@magbyte.biz
Website: www.magbyte.biz
For NDPR Compliance Issues:
National Information Technology Development Agency (NITDA)
Website: www.nitda.gov.ng
Email: info@nitda.gov.ng
19. Acknowledgment
By using MagByte Analytics services, you acknowledge that you have read, understood and agree to this Privacy Policy and consent to the collection, use and disclosure of your information as described herein.