Privacy Policy

This Privacy Policy explains how Privora collects, uses, discloses, stores, and protects personal data when you visit our website, join the waitlist, apply for beta access, contact us, or use Privora Lite, Privora Pro, the client portal, APIs, documentation, support, or related services.

Privora is designed for organizations, DPCOs, DPOs, consultants, and privacy teams. If your organization uses Privora, your organization may also be a data controller for the personal data it uploads or manages in the product.

Account and contact data: name, work email, organization, role, phone number if provided, billing contact, support contact, and communication preferences.

Waitlist and beta application data: organization type, number of organizations or client workspaces, first evidence workflow, deadlines, onboarding needs, and messages you send to us.

Product and workspace data: users, roles, client or organization records, evidence metadata, tasks, assessments, comments, approvals, reports, audit logs, API usage, and configuration settings.

Technical data: IP address, device and browser information, pages visited, referring pages, approximate location, authentication events, security logs, cookies, and similar identifiers.

Payment and commercial data: plan, subscription status, billing information, invoice history, and transaction references. We do not intend to store full payment card details on our systems.

We use personal data to provide and improve Privora, operate accounts and workspaces, process waitlist and beta access requests, respond to sales and support enquiries, secure the service, maintain audit logs, communicate product updates, and comply with legal or regulatory obligations.

We may also use aggregated or de-identified information to understand product performance, improve onboarding, prioritize features, and produce internal analytics that do not identify a specific person.

Depending on context, we process personal data because it is necessary to perform a contract, take steps before entering a contract, comply with legal obligations, pursue legitimate business interests, protect security, or because you gave consent.

Privora is built with Nigerian data protection obligations in mind, including privacy notice, evidence, accountability, security, retention, and rights-management workflows. Privora does not replace legal advice or guarantee regulatory compliance.

Organizations using Privora decide what evidence, client records, employee information, documents, comments, and reports they upload. Where we process that information on behalf of a customer, we do so under our agreement with that customer and any applicable data processing terms.

Customers are responsible for ensuring they have a lawful basis and appropriate notices, consents, instructions, retention rules, and permissions for personal data they add to Privora.

Privora may include AI-assisted features for summarization, classification, drafting, or evidence review. AI outputs can be incomplete or inaccurate and must be reviewed by a qualified human before being relied on.

Where AI processors are used, we will apply access controls, vendor review, and contractual safeguards appropriate to the feature. Customers should not upload unnecessary sensitive data into AI-assisted workflows.

We may share personal data with hosting providers, authentication providers, email and communication tools, payment processors, analytics providers, support systems, professional advisers, regulators, law enforcement, and service providers that help us operate Privora.

We do not sell personal data. We require service providers to process personal data only for authorized purposes and to apply reasonable confidentiality and security protections.

Privora and its service providers may process personal data in Nigeria and other countries where our infrastructure, support, or subprocessors operate. Where required, we use appropriate safeguards for cross-border transfers.

We use administrative, technical, and organizational measures intended to protect personal data, including access controls, role separation, audit logging, backups, monitoring, and secure development practices.

We retain personal data for as long as needed to provide the service, meet legal and accounting obligations, resolve disputes, enforce agreements, maintain security, and support customer instructions. Customers may configure or request deletion of workspace data subject to legal and contractual limits.

Depending on applicable law, you may request access, correction, deletion, restriction, portability, objection, withdrawal of consent, or information about how your personal data is processed.

Send privacy requests to the address below. We may need to verify your identity and, where data belongs to a customer workspace, route the request to the relevant customer controller.

Privacy contact: privacy@privora.ng. General contact: hello@privora.ng. Security reports: security@privora.ng.

You may also contact the Nigeria Data Protection Commission where applicable. We encourage you to contact us first so we can try to resolve the issue.