Home › Data Protection Policy

Data Protection Policy

Last updated: May 28, 2026

1. Introduction

Civiqli Technologies Limited (“Civiqli”, “we”, “us”, or “our”) is committed to protecting the privacy, confidentiality, and security of personal data entrusted to us by users of the Civiqli platform.

This Data Protection Policy sets out the principles, standards, and practices adopted by Civiqli in the collection, processing, storage, use, disclosure, and protection of personal data, in compliance with the Nigeria Data Protection Act, 2023 (NDPA) and other applicable data protection laws and best practices.

2. Scope of This Policy

This Policy applies to:

  • All personal data processed by Civiqli
  • All users of the Civiqli mobile and web applications
  • All employees, contractors, consultants, partners, and service providers acting on behalf of Civiqli
  • All data processing activities relating to CivicTech, EdTech, MediaTech, and GovTech services provided by Civiqli

3. Legal and Regulatory Framework

This Policy is informed by and aligned with:

  • Nigeria Data Protection Act, 2023 (NDPA)
  • Regulations and guidance issued by the Nigeria Data Protection Commission (NDPC)
  • Relevant sectoral laws governing digital platforms, media, education, and civic engagement
  • International best practices, including principles reflected in the GDPR, where applicable

Where conflicts arise, Nigerian law shall prevail for users within Nigeria.

4. Definitions

For the purposes of this Policy:

  • Personal Data means any information relating to an identified or identifiable individual.
  • Data Subject means the individual to whom the personal data relates.
  • Processing includes collection, storage, use, transmission, disclosure, or deletion of personal data.
  • Data Controller refers to Civiqli, which determines the purposes and means of processing personal data.
  • Data Processor refers to third parties that process personal data on behalf of Civiqli.

5. Categories of Personal Data Processed

Civiqli may process the following categories of personal data:

a. Identification and Contact Data

  • Name (where provided)
  • Phone number
  • Email address
  • User-selected language and role
  • Gender
  • Date of Birth

b. Demographic and Contextual Data

  • State of origin
  • State of residence
  • User role (e.g., student, educator, activist, concerned citizen)
  • Level of Education
  • Institution

c. Technical and Usage Data

  • Device information
  • IP address
  • App usage logs
  • Interaction timestamps

d. User-Generated Content

  • Chatbot queries
  • Feedback and reports submitted by users

Civiqli does not intentionally collect sensitive personal data except where strictly necessary and permitted by law.

6. Lawful Basis for Processing

Civiqli processes personal data based on one or more of the following lawful bases under the NDPA:

  • Consent of the data subject
  • Performance of a contract (use of the platform)
  • Compliance with legal obligations
  • Legitimate interests, including platform security, service improvement, and fraud prevention
  • Public interest, where applicable to civic intelligence and educational functions

7. Data Protection Principles

Civiqli adheres to the following principles:

  1. Lawfulness, fairness, and transparency
  2. Purpose limitation
  3. Data minimization
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality
  7. Accountability

8. Data Subject Rights

In accordance with the NDPA, data subjects have the right to:

  • Access their personal data
  • Request correction of inaccurate data
  • Request deletion of data (subject to legal and operational constraints)
  • Object to certain processing activities
  • Withdraw consent at any time
  • Lodge complaints with the Nigeria Data Protection Commission

Requests may be made via designated contact channels provided by Civiqli.

9. Data Security Measures

Civiqli implements appropriate technical and organizational measures to safeguard personal data, including:

  • Secure servers and access controls
  • Encryption where appropriate
  • Role-based access to data
  • Regular system monitoring
  • Vendor due diligence for third-party processors

10. Third-Party Data Processing

Civiqli may engage third-party service providers (e.g., SMS gateways, analytics providers, AI services) to process data on its behalf.

Such providers are:

  • Bound by contractual data protection obligations
  • Required to implement adequate security measures
  • Restricted from using data for unauthorized purposes

11. Cross-Border Data Transfers

Where personal data is transferred outside Nigeria, Civiqli ensures that:

  • Adequate safeguards are in place
  • Transfers comply with NDPA requirements
  • Appropriate contractual and technical protections are implemented

12. Data Breach Management

Civiqli maintains procedures for identifying, responding to, and reporting data breaches in accordance with NDPA requirements, including notification to affected data subjects and regulators where required.

13. Training and Awareness

All employees and contractors with access to personal data receive appropriate data protection training and are bound by confidentiality obligations.

14. Review and Updates

This Policy shall be reviewed periodically and updated to reflect:

  • Legal and regulatory changes
  • Operational developments
  • Emerging risks and best practices

15. Contact Information

For questions or requests relating to this Policy or personal data, users may contact:

Data Protection Contact:
 [To be provided]

Scroll to Top