Prozari logoPROZARIBack to home
NDPR Compliant

Privacy Policy

We take your privacy seriously. This policy explains how Prozari collects, uses, and protects your personal data under Nigerian law.

Last updated: April 2026

Introduction

Prozari (“we”, “our”, or “us”) is a project management platform operated by Prozari Technology Ltd, a company registered in Nigeria. We are committed to protecting your personal data and respecting your privacy rights in full accordance with the Nigeria Data Protection Regulation 2019 (NDPR) and its Implementation Framework, as administered by the National Information Technology Development Agency (NITDA).

This Privacy Policy applies to all users of the Prozari web application (app.prozari.com), our marketing website (prozari.com), and any related services (collectively, the “Services”). By creating an account or using our Services, you acknowledge that you have read, understood, and agree to the terms of this policy.

Our commitment: We do not sell your personal data — ever. We collect only what is necessary to provide our Services and we handle every byte with care.

Information We Collect

We collect information you provide directly and information generated automatically as you use the Services.

Account Information

  • Full name and email address (required at registration)
  • Password — stored exclusively as a cryptographic bcrypt hash; we never see or store your plain-text password
  • Profile photo (optional, uploaded by you)
  • Organisation or workspace name you choose during onboarding
  • Google OAuth profile data (name, email, profile picture) when you sign in with Google, subject to permissions you grant

Usage Data

  • Actions performed in the app (creating boards, cards, comments, etc.) to power features like activity feeds and analytics
  • Feature usage patterns used in aggregate to improve the product
  • Device type, operating system, and browser type (for compatibility and debugging)
  • IP address and approximate geolocation (country/city level) for security and fraud prevention
  • Log data including timestamps, pages visited, and error reports

Content You Create

  • Project boards, task cards, checklists, comments, and attachments you create or upload
  • Sprint and release data, time-tracking entries, and other work records

Billing Information

  • Subscription plan selection and billing cycle preferences
  • Payment transaction references — we do not store full card numbers; payments are processed by Flutterwave (PCI-DSS Level 1 certified)
  • Invoice history

How We Use Your Information

We process your personal data only for specific, legitimate purposes. Under the NDPR, each processing activity requires a lawful basis. We rely on the following:

  • Contract performance: To create and manage your account, deliver the Services you signed up for, and process your subscription.
  • Legitimate interests: To maintain platform security, prevent fraud, debug technical issues, and analyse aggregate usage trends to improve the product.
  • Legal obligation: To comply with applicable Nigerian laws, respond to lawful requests from NITDA or other regulatory authorities, and retain financial records as required by law.
  • Consent: To send you product updates or marketing communications — you may withdraw consent at any time.

Specifically, we use your information to:

  • Provide, operate, and improve the Prozari platform and its features
  • Send transactional emails (account confirmations, password resets, team invitations, billing receipts)
  • Send in-app and email notifications for mentions, comments, and task assignments you are subscribed to
  • Personalise your workspace experience and surface relevant features
  • Monitor and enforce our Terms of Service and prevent abuse
  • Provide customer support when you contact us
  • Fulfil our obligations under applicable Nigerian law and NDPR reporting requirements
We do not use your workspace content to train machine-learning models, and we never sell or rent your data to advertisers.

Data Sharing

We do not sell, rent, or trade your personal data to any third party, under any circumstances.

We share data only where it is strictly necessary to operate the Services, with the following categories of recipients:

  • Infrastructure providers: Cloud hosting and database services operating in accordance with internationally recognised security standards. We have data processing agreements with all such providers.
  • Payment processor: Flutterwave processes subscription payments on our behalf. We share only what is required to complete a transaction (name, email, amount). Flutterwave is PCI-DSS Level 1 certified.
  • Email delivery: A transactional email provider reliably delivers account and notification emails. Only your email address and the message content are shared.
  • Error monitoring: Anonymised error logs and stack traces may be shared with application monitoring tools to diagnose bugs. No personally identifiable content is included.
  • Legal requirements: We may disclose your data if required by law, court order, or a legitimate request from NITDA or other Nigerian regulatory authorities, and only to the minimum extent required.

All third-party service providers are contractually bound to process your data solely on our instructions, to maintain appropriate security measures, and to comply with the NDPR and applicable privacy laws.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by Nigerian law.

  • Active accounts: Your data is retained for the lifetime of your account, including all workspaces, boards, cards, comments, and attachments.
  • After account deletion: Your personal data is permanently erased within 30 days of you deleting your account (see Account Deletion below).
  • Billing records: Transaction records are retained for 7 years as required by Nigerian financial regulations (FIRS Act), after which they are securely destroyed.
  • Encrypted backups: Backups may retain data for up to 30 additional days beyond the deletion period before they are overwritten and the data is gone entirely.
  • Security and audit logs: IP addresses and access logs are retained for 90 days for fraud and abuse prevention, then permanently deleted.

Your Rights Under NDPR

The Nigeria Data Protection Regulation grants you the following rights with respect to your personal data. To exercise any right, contact our DPO at privacy@prozari.app. We will acknowledge within 5 working days and provide a full response within 30 calendar days.

Right of Access

You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data, together with information about how it is used.

Right to Rectification

You may request correction of any inaccurate or incomplete personal data we hold about you. You can update most account information directly from your profile settings in the app.

Right to Erasure

You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where processing is unlawful. See the Account Deletion section for how to exercise this right via the app.

Right to Data Portability

You may request your personal data in a structured, commonly used, machine-readable format (JSON or CSV) so that you can transfer it to another service.

Right to Object to Processing

You may object to the processing of your personal data where we rely on legitimate interests as the legal basis, or where your data is used for direct marketing. Upon a valid objection we will cease processing unless we demonstrate compelling legitimate grounds.

Right to Restrict Processing

In certain circumstances (e.g., while a rectification request is pending) you may request that we limit how we process your data without deleting it.

Right to Withdraw Consent

Where processing is based on your consent (e.g., marketing emails), you may withdraw that consent at any time via the unsubscribe link in any email or by contacting our DPO. Withdrawal does not affect the lawfulness of prior processing.

Right to Lodge a Complaint

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with NITDA — the Nigerian supervisory authority for data protection — at www.nitda.gov.ng.

Account Deletion

You have the right to delete your Prozari account and all associated personal data at any time.

How to delete your account:

  • Log into the Prozari app and navigate to Settings → Account → Delete Account.
  • You will be asked to re-authenticate (re-enter your password or use Google sign-in) and to confirm that deletion is permanent and irreversible.
  • Alternatively, send a deletion request to privacy@prozari.app from the email address associated with your account.
30-day erasure SLA: Upon confirmed account deletion, we will permanently and irreversibly erase all your personal data — including your profile, any workspaces you own, boards, cards, comments, and file attachments — within 30 calendar days. You will receive an email confirmation once erasure is complete. Financial transaction records required by law (7 years) are the only exception.

If you are the sole administrator of a workspace with other active members, we will notify those members and allow 14 days for them to elect a new administrator before the workspace is permanently deleted.

Cookies

Cookies are small text files placed on your device. We use a minimal, privacy-respecting cookie policy.

Cookie TypePurposeRequired?
AuthenticationKeeps you signed in between page loads via a secure JWT session cookie.Yes — essential
CSRF ProtectionPrevents cross-site request forgery attacks on form submissions.Yes — essential
PreferencesStores UI preferences such as sidebar state and last active workspace.Yes — functional
AnalyticsAggregate, anonymised usage statistics to improve the product.No — opt-in only
Marketing / TrackingThird-party advertising or behavioural tracking cookies.No — not used

We do not set third-party tracking or advertising cookies without your explicit consent. If optional analytics cookies are introduced in the future, you will be presented with a consent banner and can opt out at any time from your account settings.

Security

We implement technical and organisational measures appropriate to the risk level of processing your personal data, in line with NDPR Article 2.6 requirements. These include:

  • Encryption in transit: All data between your browser and our servers is encrypted using TLS 1.2 or higher. HTTPS is enforced sitewide and HSTS headers are in place.
  • Encryption at rest: Database files and backups are encrypted using AES-256.
  • Password hashing: User passwords are hashed with bcrypt (strong salt factor) before storage. Plain-text passwords are never stored or transmitted.
  • Two-factor authentication (2FA): TOTP-based 2FA is available to all users and strongly recommended. Workspace administrators can enforce 2FA for their entire team.
  • Access controls: Role-based access controls (RBAC) restrict access to personal data on a strict need-to-know basis. Production database access requires VPN and MFA.
  • Security monitoring: We continuously monitor for anomalous activity, unauthorised access attempts, and potential security incidents.
  • Vulnerability management: We conduct periodic security reviews and apply critical patches within 72 hours of availability.

In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify you and NITDA within 72 hours of becoming aware of the breach, in accordance with the NDPR.

Contact & Data Protection Officer

We have appointed a Data Protection Officer (DPO) as required for organisations processing personal data at scale under the NDPR. Our DPO oversees compliance with this policy and all applicable data protection law.

General Support

support@prozari.app

Registered Address

Lagos, Nigeria

When contacting us about a privacy matter, please include your full name, the email address associated with your account, and a description of your request. We will acknowledge receipt within 5 working days and provide a full response within 30 calendar days.

If you are not satisfied with our response, you may escalate your complaint to NITDA at www.nitda.gov.ng.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

  • Material changes (e.g., new categories of data collected, new third-party sharing, or changes to your rights) will be communicated by email to all registered users at least 14 days before they take effect.
  • Minor changes (e.g., clarifications, typographic corrections) may be published without prior notice.
  • The “Last updated” date at the top of this page will always reflect the most recent revision.
  • Your continued use of the Services after the effective date of a revised policy constitutes your acceptance of the changes. If you do not agree, you may delete your account at any time.

We encourage you to review this page periodically to stay informed about how we protect your information.

Questions about your privacy?

Our Data Protection Officer is here to help. Reach out any time.

privacy@prozari.app