← NairAlpha

Privacy Policy

Effective: 11 April 2026 · Last updated: 11 April 2026

This Privacy Policy explains how NairAlpha Analytics Ltd ("NairAlpha", "we", "us") collects, uses, stores, and shares your personal data when you use the NairAlpha platform at www.nairalpha.com. We comply with the Nigerian Data Protection Act 2023 (NDPA) and the Nigerian Data Protection Regulation (NDPR).

1. Who we are

NairAlpha Analytics Limited is a private company limited by shares, incorporated in Nigeria under the Companies and Allied Matters Act 2020 on 12 March 2026. Our CAC registration number is RC 9409256 and our Tax Identification Number is 2622443956544. Our registered office is 2, Godspower Inegbenosun Street, Oshorun Estate, Isheri Opic, Lagos State, Nigeria. For any privacy-related request you can reach our Data Protection Officer at privacy@nairalpha.com.

2. What personal data we collect

Data you give us directly

  • Account identifiers: email address, display name (optional).
  • Authentication state: device fingerprint, browser user agent, and a random per-device session identifier used to enforce device-bound sign-in.
  • Payment data: when you subscribe to a paid plan we capture the Paystack transaction reference, the amount charged, the currency, the channel, the billing cycle, and the plan tier. We do not receive or store your card number, CVV, or bank credentials — those are handled entirely by Paystack.
  • Support conversations: any message you send to support@nairalpha.com.

Data we collect automatically

  • Usage telemetry: which pages you visit on the platform, which features you click on, and aggregate performance metrics such as page load times.
  • Technical logs: IP address, timestamp, HTTP status codes, and error stack traces when something goes wrong. These are retained for up to 30 days and used for security monitoring and incident response.

3. Why we collect it (legal basis)

  • To provide the service you signed up for — performance of a contract under NDPA s.25(1)(b). Without your email we cannot authenticate you or deliver entitlement.
  • To process payments and issue receipts — contractual necessity and compliance with tax law.
  • To send service emails — welcome, renewal reminders, trial nudges, payment receipts, and expiry notices. These are transactional and you cannot opt out of them while you hold an active account.
  • To secure the platform and detect fraud — legitimate interest under NDPA s.25(1)(f).
  • To comply with applicable law — including responding to lawful requests from regulatory or law-enforcement authorities.

4. Who we share data with

We share the minimum necessary data with the following data processors, all of whom are bound by contractual confidentiality obligations:

  • Paystack Payments Ltd — payment processing. Paystack receives your email, the amount charged, and metadata identifying the plan tier. Paystack's own privacy policy governs how they handle that data.
  • Resend, Inc. — transactional email delivery. Resend receives your email address and the message body for each transactional email we send.
  • Railway Corp and Vercel Inc. — infrastructure hosting. Both process user traffic and store application data at rest.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

5. How long we keep it

  • Account and subscription records: for as long as your account is active, and for up to 6 years after account closure to satisfy Nigerian tax-record retention requirements.
  • Technical logs: up to 30 days.
  • Support conversations: up to 2 years after resolution.

6. Your rights under NDPA

Subject to the exemptions in the NDPA, you have the right to:

  • Request a copy of the personal data we hold about you.
  • Ask us to correct inaccurate personal data.
  • Ask us to delete your account and associated personal data (subject to our legal retention obligations).
  • Object to processing based on legitimate interest.
  • Withdraw any consent you previously gave.
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe we have mishandled your data.

To exercise any of these rights, email privacy@nairalpha.com. We will respond within 30 days.

7. Cookies and similar technologies

We use a strictly necessary session cookie (na_session) to keep you signed in on a device. This cookie is essential to the service and cannot be disabled without signing you out. If we add any non-essential cookies in the future (for example, product analytics), we will request your consent first via a banner.

8. International transfers

Some of our infrastructure processors operate servers outside Nigeria. Where personal data is transferred internationally, we rely on the safeguards in NDPA s.41, including transfers to jurisdictions with an adequate level of protection and the use of standard contractual clauses.

9. Security

We encrypt data in transit using TLS, we salt and hash all authentication tokens, we enforce device-bound sessions, and we follow the principle of least privilege for internal access. No system is perfectly secure, but we work continuously to reduce the risk of unauthorised access.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to your registered address at least 14 days before they take effect. The "Effective" date at the top of this page always reflects the current version.

11. Contact

Data Protection Officer, NairAlpha Analytics Ltd — privacy@nairalpha.com.