MagByte Analytics

Privacy Policy

Last Updated: December 4, 2025

1. Introduction

MagByte Analytics ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you use our data analytics services and website.

This Privacy Policy is designed to comply with the Nigeria Data Protection Regulation (NDPR) issued by the National Information Technology Development Agency (NITDA) and other applicable data protection laws.

By using our services, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

  • Register for an account
  • Request our services
  • Subscribe to newsletters or communications
  • Contact us for support or inquiries
  • Upload data for analysis

Personal information may include:

  • Full name
  • Email address
  • Phone number
  • Company name and position
  • Billing and payment information
  • Business identification numbers

2.2 Financial and Sensitive Data

In providing our analytics services, you may submit financial documents and data, including but not limited to:

  • Bank statements
  • Transaction records
  • Financial reports
  • Business performance data
  • Tax information

We recognize that bank statements and financial documents contain sensitive personal information. We implement stringent security measures to protect this data in accordance with NDPR requirements.

2.3 Technical and Usage Data

We automatically collect certain information when you visit our website or use our services:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Pages visited and time spent
  • Referring website addresses
  • Cookies and similar tracking technologies

2.4 Data You Submit for Analysis

Any datasets, files, or information you upload to our platform for analytics purposes. This may include business data, customer information, operational metrics and other data relevant to your analytics needs.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • To provide, operate and maintain our analytics services
  • To process and analyze the data you submit
  • To generate reports, visualizations and insights
  • To communicate with you about your projects and deliverables
  • To provide customer support and respond to inquiries

3.2 Business Operations

  • To process payments and manage billing
  • To send administrative information, updates and notices
  • To monitor and improve our services
  • To detect, prevent and address technical issues
  • To comply with legal obligations and enforce our terms

3.3 Analytics and Improvements

  • To analyze usage patterns and optimize user experience
  • To develop new features and services
  • To create aggregated, anonymized benchmarks and industry insights
  • To conduct research and analysis for service improvement

3.4 Marketing and Communications

With your consent:

  • To send promotional materials and newsletters
  • To inform you about new services or features
  • To conduct surveys and gather feedback

You may opt out of marketing communications at any time.

5. Data Security Measures

We take the security of your data seriously and implement comprehensive technical and organizational measures:

5.1 Encryption

  • All data transmitted between your devices and our servers is encrypted using industry-standard SSL/TLS protocols
  • Sensitive data, including bank statements and financial information, is encrypted both in transit and at rest using AES-256 encryption
  • Database encryption and secure key management systems

5.2 Access Controls

  • Role-based access control (RBAC) limiting employee access to data on a need-to-know basis
  • Multi-factor authentication (MFA) for all administrative accounts
  • Regular access audits and reviews
  • Strict password policies and credential management

5.3 Infrastructure Security

  • Secure cloud hosting with reputable providers
  • Regular security patches and updates
  • Firewall protection and intrusion detection systems
  • Automated backup systems with encrypted storage
  • Disaster recovery and business continuity plans

5.4 Operational Security

  • Employee training on data protection and NDPR compliance
  • Non-disclosure agreements (NDAs) for all staff and contractors
  • Incident response procedures for data breaches
  • Regular security assessments and penetration testing
  • Secure data disposal protocols

5.5 Physical Security

  • Restricted access to facilities housing servers and equipment
  • Surveillance and monitoring systems
  • Environmental controls to protect hardware

Security Disclaimer

Please note: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to using industry best practices.

6. Data Retention and Deletion

6.1 Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific retention periods:

  • Account information: Retained for the duration of your active account plus 12 months after account closure
  • Financial data submitted for analysis: Retained for the duration of the project plus 90 days, unless you request earlier deletion or agree to extended retention
  • Bank statements and sensitive financial documents: Automatically deleted 90 days after project completion, unless you explicitly authorize extended retention
  • Transaction and billing records: Retained for 7 years in compliance with Nigerian tax and financial regulations
  • Marketing communications data: Retained until you withdraw consent or unsubscribe

6.2 Data Minimization

We collect and retain only the minimum amount of data necessary to provide our services effectively.

6.3 Secure Deletion

When data is deleted, we use secure deletion methods to ensure it cannot be recovered. This includes:

  • Overwriting data multiple times
  • Cryptographic erasure for encrypted data
  • Physical destruction of decommissioned hardware

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

7.1 Service Providers

We may engage trusted third-party service providers to assist in delivering our services, such as:

  • Cloud hosting providers
  • Payment processors
  • Email service providers
  • Analytics tools

These providers are contractually bound to protect your data and use it only for the specified purposes. We ensure they comply with NDPR requirements.

7.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Court orders or legal processes
  • Requests from government authorities or law enforcement
  • Protection of our rights, property, or safety
  • Investigation of fraud or security issues

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and your options regarding your data.

7.4 With Your Consent

We may share your information with third parties when you explicitly authorize us to do so.

7.5 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you individually for industry research, benchmarking, or marketing purposes.

8. Your Rights Under NDPR

As a data subject under the Nigeria Data Protection Regulation, you have the following rights:

8.1 Right of Access

You have the right to request access to the personal data we hold about you and obtain a copy of such data.

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data under certain circumstances, including:

  • When the data is no longer necessary for the purposes collected
  • When you withdraw consent
  • When the data has been unlawfully processed

8.4 Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes or based on legitimate interests.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format and transmit it to another data controller.

8.6 Right to Restrict Processing

You have the right to request restriction of processing your personal data in certain circumstances.

8.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the National Information Technology Development Agency (NITDA) if you believe your data protection rights have been violated.

Exercising Your Rights

To exercise any of these rights, please contact us at: privacy@magbyte.biz

We will respond to your request within 30 days in accordance with NDPR requirements.

10. International Data Transfers

Our primary data processing occurs within Nigeria. However, some of our service providers may be located outside Nigeria. When we transfer data internationally, we ensure:

  • Adequate data protection safeguards are in place
  • Compliance with NDPR requirements for international transfers
  • Standard contractual clauses or equivalent mechanisms
  • Recipient countries have adequate data protection laws

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

  • Essential Cookies: Required for website functionality and security
  • Performance Cookies: Help us understand how visitors use our website
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Collect information about website usage and performance

11.2 Cookie Management

You can control and delete cookies through your browser settings. However, disabling certain cookies may affect website functionality.

11.3 Third-Party Cookies

We may use third-party analytics services (such as Google Analytics) that place cookies on your device. These services are subject to their own privacy policies.

12. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete such information.

14. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify NITDA within 72 hours of becoming aware of the breach (as required by NDPR)
  • Notify affected individuals without undue delay
  • Provide information about the nature of the breach and measures taken
  • Offer guidance on steps you can take to protect yourself

15. Compliance and Audits

MagByte Analytics is committed to ongoing NDPR compliance:

  • We conduct regular data protection impact assessments (DPIAs)
  • We maintain records of processing activities
  • We appoint a Data Protection Officer (DPO) as required
  • We undergo periodic compliance audits
  • We stay updated on regulatory changes and adjust practices accordingly

We recommend consulting with a legal professional for NDPR audits specific to your business needs.

16. Future Developments

16.1 Financial Advisory Services

Should MagByte Analytics expand to provide financial advice or investment recommendations in the future, we will:

  • Obtain necessary licenses and certifications
  • Update this Privacy Policy accordingly
  • Obtain fresh consent for new processing activities
  • Comply with additional regulatory requirements for financial services

16.2 Banking Integrations

If we develop direct integrations with banking institutions, we will:

  • Establish formal partnerships with licensed financial institutions
  • Implement additional security protocols
  • Obtain explicit consent for bank account access
  • Comply with banking regulations and industry standards

17. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending email notifications to registered users
  • Obtaining fresh consent if required by law

Your continued use of our services after such modifications constitutes acceptance of the updated Privacy Policy.

18. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

MagByte Analytics

Email: data@magbyte.biz

Website: www.magbyte.biz

For NDPR Compliance Issues:

National Information Technology Development Agency (NITDA)

Website: www.nitda.gov.ng

Email: info@nitda.gov.ng

19. Acknowledgment

By using MagByte Analytics services, you acknowledge that you have read, understood and agree to this Privacy Policy and consent to the collection, use and disclosure of your information as described herein.