Legal
Privacy Policy
Effective date: 1 May 2026 · Last updated: 1 May 2026
This policy describes how VIJOSAK Technology Limited (RC RC 9036268) collects, uses, and protects personal information in line with the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act 2023 (NDPA).
1. Who We Are
VIJOSAK Technology Limited is a company registered under the Companies and Allied Matters Act (CAMA) 2020 in Nigeria (RC RC 9036268), located in Akure South, Ondo State. We operate vijosak.com — a cloud-based platform offering AI tools and a group-buy marketplace for African businesses.
For data protection enquiries: info@vijosak.com
2. Data We Collect
Account & Workspace
- Full name, email address, company name, and workspace slug when you register
- Authentication tokens issued by Supabase (stored client-side, never on our servers)
- Conversation history and workspace files you create via AI Workspace or AI Assistant
Deals Marketplace
- Bank Verification Number (BVN), government-issued ID image, and full legal name (KYC for deal participation)
- Payment transaction references and amounts processed via Paystack
- Inventory proof documents uploaded by sellers
Usage Data
- AI token usage counts (for billing) — no message content is retained for training
- Standard server access logs (IP address, browser, request paths)
3. How We Use Your Data
- To create and manage your workspace account
- To process payments and issue invoices via Paystack
- To verify identity and prevent fraud on the Deals Marketplace
- To deliver AI responses and maintain your workspace files
- To send transactional emails (account alerts, payment receipts)
- To comply with Nigerian financial and tax obligations (FIRS VAT, CAMA)
We do not sell your personal data. We do not use your data for advertising profiling.
4. NDPR / NDPA Compliance
As a data controller under the NDPA 2023, we:
- Process data only on lawful bases (contract performance, legal obligation, legitimate interest)
- Retain KYC data for a minimum of 5 years as required by AML regulations
- Retain transaction records for 7 years for tax purposes
- Delete account data within 30 days of account closure (excluding legally required retention)
- Implement technical safeguards including encrypted storage, TLS in transit, and access controls
You have the right to access, correct, or request deletion of your personal data by emailing info@vijosak.com. We will respond within 21 days.
5. Third-Party Services
- Paystack — payment processing. Subject to Paystack's Privacy Policy.
- Brevo (Sendinblue) — transactional email delivery. EU-based processor with GDPR compliance.
- Oracle Cloud Infrastructure — server hosting and object storage (Nigeria-proximate region).
- Cloudflare — DNS, CDN, and DDoS protection.
- DeepSeek / Anthropic / OpenAI — AI model providers. Messages are transmitted to your chosen provider's API; refer to their respective privacy policies. We do not share account identifiers with AI providers.
6. Data Security
We use TLS encryption for all data in transit, encrypted object storage for sensitive files, row-level security on our database (Supabase PostgreSQL), and role-based access controls. BVN data is stored at rest and will be encrypted at the field level in a future compliance release.
7. Cookies
We use only session cookies required for authentication. We do not use advertising or analytics cookies.
8. Changes to This Policy
We will notify registered users by email at least 14 days before any material change to this policy.
9. Contact
VIJOSAK Technology Limited · Akure South, Ondo State, Nigeria
Email: info@vijosak.com · RC RC 9036268