1. Who We Are

VioTrack Ltd ("VioTrack", "we", "our", "us") is a technology company incorporated in Nigeria, building compliance infrastructure for African consumers and businesses. Our registered contact for data matters is:

• Company: VioTrack Global Ltd
• Address: A7b Primrose Drive, Pinnock Beach Estate, Lagos, Nigeria
• Email: hello@viotrack.africa
• Data Protection Officer: dpo@viotrack.africa

2. What Information We Collect

2.1 Information You Provide Directly

• Name, email address, phone number when you fill in our contact form or register for beta access
• Organisation name and your role when you enquire about partnerships or investment
• Vehicle plate numbers when you request compliance checks
• Identity information (name, phone number) only where required for regulated insurance transactions and only with your explicit consent
• Payment information processed by licensed payment processors (Paystack, Monify); VioTrack never stores raw card data

2.2 Information Collected Automatically

• IP address, browser type, and device type for security and fraud prevention
• Pages visited, time spent, and referring URLs via first-party analytics
• WhatsApp conversation metadata (message timestamps, session duration) — never message content beyond what is necessary to process your query

2.3 Information from Public Government Sources

Our compliance database is built from publicly accessible government data sources including FRSC, AutoReg, MVA, KWIRS, PayVis, and AskNIID. This information is about vehicle registrations, not individuals, and is used solely to provide compliance checking services.

3. Why We Collect This Information

• To provide compliance checking services — looking up vehicle status across government databases
• To process renewals and payments — completing government fee payments and insurance transactions on your behalf
• To improve our platform — understanding how users interact with our service to fix bugs and improve features
• To communicate about your account — renewal reminders, confirmation emails, support responses
• To comply with our legal obligations — regulatory compliance, anti-money laundering requirements, and tax obligations
• To detect and prevent fraud — protecting our users and the integrity of government data we handle

4. Legal Basis for Processing

Under NDPR and NDPA 2023, we process personal data on the following lawful bases:

• Contract performance — processing necessary to provide the service you requested
• Legitimate interests — fraud prevention, platform security, product improvement
• Consent — marketing communications, identity verification for insurance, optional features
• Legal obligation — regulatory reporting, EFCC compliance requirements

5. How We Share Your Information

We do not sell your personal data. We share it only in the following limited circumstances:

• Government agencies — when processing renewals on your behalf (FRSC, state motor licensing authorities)
• Licensed insurance partners — when you purchase insurance through our platform, we share the minimum data required to issue a valid policy
• Payment processors — Paystack processes card transactions; they are PCI-DSS compliant
• Cloud infrastructure — Google Cloud Platform hosts our services; Google acts as a data processor under our instructions
• Legal requirements — if compelled by Nigerian courts or law enforcement with valid legal process

6. Data Retention

• Account and transaction records: 7 years (Nigerian tax and regulatory requirements)
• Vehicle compliance history: Indefinite (serves as the public record of Nigeria's vehicle compliance)
• Contact form submissions: 2 years
• WhatsApp conversation data: 90 days active, then anonymised
• Analytics and usage data: 24 months, then aggregated anonymously

7. Your Rights Under NDPR/NDPA

You have the following rights regarding your personal data:

• Right to access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate personal data
• Right to erasure — request deletion of your personal data (subject to legal retention obligations)
• Right to portability — receive your data in a machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email dpo@viotrack.africa with the subject line "Data Subject Request". We will respond within 30 days.

8. Cookies and Tracking

Our website uses minimal cookies:

• Essential cookies — required for the site to function (session management, security)
• Analytics cookies — first-party analytics to understand usage patterns (no third-party advertising trackers)

We do not use Facebook Pixel, Google Ads remarketing, or any third-party advertising cookies.

9. Security

We implement industry-standard security measures including:

• End-to-end encryption for all data in transit (TLS 1.3)
• Encryption at rest for all sensitive data in Google Cloud
• Workload Identity Federation — no long-lived credentials in our infrastructure
• Role-based access controls with least-privilege principles
• Regular security reviews and penetration testing

In the event of a data breach that affects your personal data, we will notify you and the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware, as required by NDPA 2023.

10. Children's Privacy

VioTrack services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, please contact dpo@viotrack.africa immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email and update the "Last updated" date at the top of this page. Continued use of VioTrack services after notification constitutes acceptance of the updated policy.

12. How to Contact Us

For privacy questions, data subject requests, or concerns:

• General: hello@viotrack.africa
• Data Protection Officer: dpo@viotrack.africa
• Complaints: You may also lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng