Privacy Policy

Last updated: June 3, 2026

Prolio.ng ("we", "our", "us", "the Platform") is committed to protecting your personal data in accordance with the Nigeria Data Protection Regulation (NDPR) 2019 and its Implementation Framework. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our real estate portfolio management platform.

1. Data Controller and Contact

Prolio.ng is the data controller for your personal information. Our Data Protection Officer can be reached at:
Email: privacy@useprolio.com
Address: Prolio.ng, Lagos, Nigeria.
For any data protection requests or complaints, please contact our DPO.

2. Personal Data We Collect

We collect the following categories of personal data:

  • Account Information: Full name, email address, phone number, profile photo (if uploaded), Google OAuth identifier (if used).
  • Investment Data: Property details (location, size, purchase price, current value, developer/seller name), transaction types, payment schedules, payment logs, receipts, tenancy agreements, rent rolls, and all related documents you upload.
  • Document Contents: Any images, PDFs, or other files you upload, including OCR-extracted text from receipts, letters, and agreements.
  • Payment Information: Paystack transaction references, subscription status, billing history. We do not store full credit/debit card numbers or CVV – payment processing is handled entirely by Paystack.
  • Usage Data: Pages visited, features used, time spent, clickstream data, and interactions with the platform (e.g., document uploads, report generation).
  • Technical Data: IP address, browser type and version, device identifiers, operating system, approximate location (derived from IP address), and referral source.
  • Communications: Email correspondence with our support team, in-app messages, and any feedback you provide.
3. How We Use Your Data

We process your personal data for the following purposes, relying on the lawful bases of consent, contract performance, legal obligation, and legitimate interests:

  • To provide and operate the Platform: Create and manage your account, enable property tracking, document vault, payment reminders, and portfolio reporting.
  • To process subscriptions and billing: Manage plan upgrades/downgrades, generate invoices, and handle payment confirmations via Paystack.
  • To send transactional notifications: Payment reminders (email, in-app, WhatsApp for Enterprise), account security alerts, document upload confirmations, and service updates.
  • To improve and optimize the Platform: Analyse usage patterns, fix bugs, enhance features (e.g., OCR accuracy), and personalize your experience.
  • To ensure security and prevent fraud: Monitor for suspicious activity, enforce access controls (including two-factor authentication), and maintain audit logs.
  • To comply with legal obligations: Respond to lawful requests from Nigerian law enforcement or regulatory bodies (e.g., NDPR enforcement).
4. Legal Bases for Processing (NDPR Compliance)

Under the NDPR, we process your data based on:

  • Consent: Where you have explicitly agreed (e.g., marketing communications, optional cookies). You may withdraw consent at any time.
  • Contract: Processing necessary for the performance of our Terms of Service (e.g., providing the platform, payment reminders).
  • Legal Obligation: Compliance with applicable Nigerian laws (e.g., tax reporting, anti-fraud measures).
  • Legitimate Interests: Improving our services, preventing fraud, and ensuring network security – provided your rights do not override these interests.
5. Data Sharing and Third Parties

We do not sell your personal data. We share your data only with trusted third-party service providers who process data on our behalf under strict confidentiality and security obligations:

  • Cloudinary (Document Storage): All uploaded files (PDFs, images) are stored on Cloudinary’s CDN. Files are accessed via signed, time-limited URLs. Cloudinary Privacy Policy
  • Paystack (Payment Processing): Subscription payments are processed through Paystack. We share transaction amounts, email addresses, and Paystack customer codes. Paystack Privacy Policy
  • Brevo & AhaSend (Email Delivery): Transactional emails (welcome, reminders, receipts, 2FA codes) are sent via these providers. They receive recipient email addresses and message content. Brevo Privacy Policy | AhaSend Privacy Policy
  • WhatsApp Business API (Enterprise Plan): For WhatsApp payment reminders, we share your phone number and reminder message with Meta’s WhatsApp Business API. WhatsApp Privacy Policy
  • OCR.space (Text Extraction): Uploaded documents may be sent to OCR.space for text extraction (only on Premium/Enterprise plans). Images are deleted after processing. OCR.space Privacy Policy
  • Google OAuth (Login): If you choose “Login with Google,” Google shares your name, email address, and profile picture based on your Google account settings. Google Privacy Policy
  • Legal and Regulatory Authorities: We may disclose your data if required by Nigerian law, court order, or to protect the rights, property, or safety of Prolio.ng, our users, or others.

All third-party processors are contractually obligated to implement appropriate security measures and only process data for specified purposes.

6. International Data Transfers

Your data may be transferred to and processed in countries outside Nigeria (e.g., Cloudinary servers in the US/EU, Paystack infrastructure). We ensure that any such transfer complies with the NDPR by relying on adequacy decisions, standard contractual clauses, or binding corporate rules. By using Prolio.ng, you consent to such transfers.

7. Data Security Measures

We implement industry-standard technical and organizational measures to protect your data:

  • Encryption: All sensitive data (passwords, API keys, two-factor secrets) is hashed (bcrypt) or encrypted (AES-256 at rest). Data in transit is protected by TLS 1.2+ (HTTPS).
  • Access Controls: Role-based access for staff, mandatory two-factor authentication for admin accounts, and signed URLs for document access (expire after time limit).
  • Audit Logging: All access to admin functions and significant user actions (e.g., document downloads) are logged and reviewed for anomalies.
  • Regular Testing: We conduct vulnerability scans and penetration tests on our infrastructure.
  • Employee Training: All personnel receive data protection and security awareness training.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. You are responsible for keeping your login credentials confidential and enabling two-factor authentication.

8. Data Retention

We retain your personal data for as long as your account is active. Specific retention periods:

  • Active accounts: All data retained to provide the service.
  • Deleted accounts: Upon verified deletion request, your data is anonymised within 30 days. Anonymised data (no longer attributable to you) may be retained for analytical purposes.
  • Payment and transaction logs: Retained for 7 years to comply with Nigerian tax and auditing laws.
  • Audit logs and security events: Retained for 2 years.
9. Your Rights Under the NDPR

You have the following rights regarding your personal data. To exercise any right, visit our Data Request Page or email privacy@useprolio.com. We will respond within 30 days.

  • Right to Access: Obtain a copy of the personal data we hold about you in a structured, commonly used format.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your data where it is no longer necessary for the purposes collected, or you withdraw consent (subject to legal retention obligations).
  • Right to Restrict Processing: Temporarily suspend processing of your data while disputes are resolved.
  • Right to Data Portability: Receive your data in a machine-readable format and transmit it to another controller.
  • Right to Object: Object to processing based on legitimate interests (e.g., direct marketing).
  • Right to Withdraw Consent: Withdraw any consent you previously gave (e.g., marketing emails).
  • Right to Lodge a Complaint: File a complaint with the Nigeria Data Protection Bureau (NDPB) if you believe your rights have been violated.
10. Cookies and Tracking Technologies

We use only essential cookies for authentication and session management. These cookies are strictly necessary for the platform to function. We do not use third-party advertising or analytics cookies without your explicit consent. You can disable cookies in your browser settings, but some platform features may not work properly. For more details, see our Cookie Policy.

11. Children’s Privacy

Our platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with data, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email (to the address associated with your account) and through a prominent notice on the platform at least 14 days before the change takes effect. The “Last updated” date at the top of this page indicates when the policy was last revised.

13. Contact for Privacy Concerns

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact our Data Protection Officer:
Email: privacy@useprolio.com
Postal Address: Prolio.ng, DPO Office, Lagos, Nigeria.
You also have the right to lodge a complaint with the Nigeria Data Protection Bureau (NDPB) at https://ndpb.gov.ng.