Data Retention Policy

1. Introduction

Civiqli Technologies Limited (“Civiqli”, “we”, “us”, or “our”) is committed to retaining personal data only for as long as is necessary, lawful, and proportionate to the purposes for which such data is collected and processed.

This Data Retention Policy defines how long personal data is retained, the criteria used to determine retention periods, and the procedures for secure deletion or anonymization, in compliance with the Nigeria Data Protection Act, 2023 (NDPA) and relevant regulatory guidance issued by the Nigeria Data Protection Commission (NDPC).

---

2. Scope of This Policy

This Policy applies to:

• All personal data processed by Civiqli
  
• All users of the Civiqli platform, including minors
  
• All employees, contractors, service providers, and partners who process data on behalf of Civiqli
  
• All data processed across CivicTech, EdTech, MediaTech, and GovTech functions of the Platform

---

3. Legal and Regulatory Basis

This Policy is aligned with:

• Nigeria Data Protection Act, 2023
  
• NDPC Regulations and Guidelines
  
• Applicable sectoral laws governing education, media, and digital platforms
  
• International data-protection principles, including storage-limitation and accountability standards reflected in GDPR

Where conflicts arise, Nigerian law shall prevail.

---

4. Data Retention Principles

Civiqli adheres to the following retention principles:

1. Purpose Limitation – Data is retained only for specific, lawful purposes.
   
2. Data Minimization – Data retained is limited to what is necessary.
   
3. Storage Limitation – Data is not retained longer than required.
   
4. Security – Retained data is protected against unauthorized access or loss.
   
5. Accountability – Retention decisions are documented and reviewable.

---

5. Categories of Data and Retention Periods

A. Account and Identification Data

Includes:

• Name
  
• Phone number
  
• Email address
  
• User role and language preference

Retention Period:

• Retained for the duration of the user’s account
  
• Deleted or anonymized within 12 months of account deactivation, unless required by law

---

B. Demographic and Contextual Data

Includes:

• State of origin
  
• State of residence

Retention Period:

• Retained for the duration of the user’s account
  
• Anonymized within 12 months of account closure

---

C. Chatbot Queries and User Inputs

Includes:

• Queries submitted to the chatbot
  
• Reports or feedback provided by users

Retention Period:

• Retained for up to 24 months for platform improvement, quality assurance, and accountability
  
• Thereafter anonymized or deleted, unless required for legal or regulatory purposes

---

D. Technical and Usage Data

Includes:

• IP address
  
• Device information
  
• Log files
  
• Interaction timestamps

Retention Period:

• Retained for 6–12 months for security, fraud prevention, and analytics
  
• Aggregated or deleted thereafter

---

E. Communications Data

Includes:

• Support requests
  
• Email or in-app communications

Retention Period:

• Retained for 24 months after resolution of the communication

---

F. Data Relating to Minors

Includes:

• Any personal data relating to users under the age of 18

Retention Period:

• Retained only for as long as strictly necessary for educational and civic purposes
  
• Subject to enhanced review and early deletion where no longer required

---

6. Legal Holds and Exceptions

6.1 Personal data may be retained beyond stated periods where necessary to:

• Comply with legal or regulatory obligations
  
• Respond to lawful requests from authorities
  
• Resolve disputes or enforce legal rights
  
• Preserve evidence in anticipation of litigation or investigation

6.2 Such data shall be restricted from routine processing during the retention extension.

---

7. Anonymization and Aggregation

Where feasible, Civiqli will anonymize or aggregate personal data so that it no longer identifies individuals. Anonymized data may be retained indefinitely for research, analytics, and platform improvement.

---

8. Data Deletion and Disposal

8.1 Upon expiry of the applicable retention period, personal data shall be:

• Securely deleted, or
  
• Permanently anonymized

8.2 Deletion methods shall ensure that data cannot be reconstructed or retrieved.

---

9. User Rights Relating to Retention

Users have the right to:

• Request deletion of their personal data
  
• Request restriction of processing
  
• Request information on applicable retention periods
  

Requests shall be processed in accordance with NDPA timelines and limitations.

---

10. Third-Party Data Processors

Where personal data is processed by third-party service providers:

• Retention obligations shall be contractually enforced
  
• Data shall not be retained longer than authorized by Civiqli
  
• Deletion or return of data shall occur upon termination of service

---

11. Oversight, Review, and NDPC Compliance

11.1 Civiqli maintains records of data-retention activities as part of its accountability obligations under the NDPA.

11.2 This Policy shall be reviewed periodically to reflect:

• legal changes
  
• operational developments
  
• NDPC guidance

---

12. Contact Information

Requests or inquiries relating to data retention may be directed to:

Data Protection Contact:
 [To be provided]