Date: April 16, 2026 | Version 1.0
This Privacy Policy describes how Byteflow Technologies Limited ("we", "us", "our"), the company that operates EstateOga ("Platform", "Service"), collects, uses, processes, stores, and discloses personal data. This Policy is issued in compliance with the Nigeria Data Protection Act, 2023 ("NDPA"), the Nigeria Data Protection Regulation, 2019 ("NDPR"), and all subsidiary legislation made thereunder.
Company Name: Byteflow Technologies Limited
Trading Name: EstateOga
Registered Address: Nigeria
Email: support@estateoga.com
Website: https://estateoga.com
Role: Data Controller
Legal Basis: As a Data Controller under Section 65 of the NDPA 2023, Byteflow Technologies Limited is responsible for determining the purposes and means of processing your personal data. We are committed to lawful, fair, and transparent data processing at all times.
This Policy applies to all individuals whose personal data we process, including:
This Policy applies whether you access our services via web browser, mobile application, or any API integration. By using our Platform, you acknowledge that you have read and understood this Privacy Policy.
We collect and process personal data as defined under Section 65 of the NDPA 2023 — that is, any information relating to an identified or identifiable natural person ("data subject"). The categories of personal data we collect include:
We do not intentionally collect sensitive personal data (as defined under Section 30 of the NDPA) such as health data, biometric data, racial or ethnic origin, political opinions, or religious beliefs, unless you voluntarily provide such information in communications. Where sensitive data is inadvertently received, it will be deleted promptly.
We process your personal data only where a valid legal basis exists under Section 25 of the NDPA 2023. The legal bases we rely on are as follows:
Consent (Section 25(1)(a) NDPA): Where you have freely, specifically, and unambiguously given consent — e.g., for marketing communications or cookies. You may withdraw consent at any time.
Contract Performance (Section 25(1)(b) NDPA): Processing necessary for the performance of a contract to which you are a party — e.g., to process your estate dues and payments.
Legal Obligation (Section 25(1)(c) NDPA): Processing required to comply with applicable laws, including tax laws, financial regulations, and anti-money laundering obligations.
Legitimate Interests (Section 25(1)(f) NDPA): Processing necessary for our legitimate interests, such as fraud prevention, platform security, and service improvement, where such interests are not overridden by your rights and freedoms.
We process your personal data for the following purposes:
We do not sell your personal data to third parties. We may share your personal data with the following categories of recipients, and only to the extent necessary:
We engage carefully vetted third-party processors to help deliver our services, including payment gateway providers, cloud hosting providers, analytics services, and customer support tools. All processors are contractually bound by data processing agreements (DPAs) requiring compliance with the NDPA.
If you are a resident or landlord on a registered estate, your payment records, contact details, and estate-related data will be accessible to your estate's authorised administrators for management purposes. This is inherent to the nature of estate management services.
We may disclose personal data to government bodies, law enforcement, or regulatory agencies (including the Nigeria Data Protection Commission) where required by law or court order, or where disclosure is necessary to protect our legal rights.
In the event of a merger, acquisition, or sale of our business assets, personal data may be transferred to a successor entity, subject to equivalent privacy protections being maintained.
Cross-Border Transfers: Where personal data is transferred outside Nigeria, we ensure such transfers comply with Section 42 of the NDPA 2023, either through adequacy determinations, standard contractual clauses, or binding corporate rules approved by the Nigeria Data Protection Commission (NDPC).
We retain personal data for no longer than is necessary for the purpose for which it was collected, or as required by applicable law. Our standard retention periods are:
Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised in accordance with our data disposal procedures.
Under the NDPA 2023 (Sections 34–40), you have the following rights in respect of your personal data:
Right of Access (Section 34): You have the right to request confirmation of whether we process your personal data and to receive a copy of such data, free of charge, within 30 days.
Right to Rectification (Section 35): You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
Right to Erasure (Section 36): You may request deletion of your personal data where it is no longer necessary for the original purpose, where consent has been withdrawn, or where processing was unlawful.
Right to Restriction (Section 37): You may request that we restrict processing of your data in certain circumstances, such as where accuracy is contested.
Right to Data Portability (Section 38): You have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller.
Right to Object (Section 39): You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact our Data Protection Officer at the details set out in Section 12. We will respond to all verifiable requests within 30 days. In complex cases, we may extend this period by a further 60 days, with prior notification.
Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at www.ndpc.gov.ng, without prejudice to any other administrative or judicial remedies.
In accordance with Section 39 of the NDPA 2023, we implement appropriate technical and organisational measures to ensure the security, integrity, and confidentiality of your personal data. These measures include:
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the NDPC within 72 hours of becoming aware of the breach, and will notify affected data subjects without undue delay, in accordance with Section 40 of the NDPA 2023.
Our Platform is designed for estate managers, property owners, landlords, and adult residents. We do not knowingly collect personal data from children under the age of 18 years. In accordance with Section 8 of the NDPA 2023 and the Child's Rights Act, where we inadvertently receive data relating to a child, we will delete such data promptly upon discovery.
Where a minor's data must be processed in the context of estate inheritance or administration, we will do so only with verifiable consent from a parent or legal guardian, and to the minimum extent necessary.
Our Platform uses cookies and similar tracking technologies to improve your user experience and analyse usage patterns. The types of cookies we use include:
You can manage your cookie preferences through your browser settings or our cookie consent tool. Please note that disabling certain cookies may affect the functionality of the Platform. For more information, please see our Cookie Notice.
Byteflow Technologies Limited has designated a Data Protection Officer (DPO) to oversee our data protection compliance in accordance with Section 32 of the NDPA 2023. You may contact our DPO as follows:
DPO Contact Email: support@estateoga.com
Postal Address: Byteflow Technologies Limited, [Full Registered Address], Nigeria
Subject Line: ATTN: Data Protection Officer — Privacy Enquiry
All data subject requests, privacy concerns, or questions about this Policy should be directed to the DPO. We take all enquiries seriously and will respond within the timelines prescribed by the NDPA 2023.
We may update this Privacy Policy from time to time to reflect changes in our processing activities, applicable law, or business operations. We will notify you of material changes via email or a prominent notice on our Platform at least 30 days before the change takes effect.
We encourage you to review this Policy periodically. The ”Effective Date” at the top of this document indicates when it was last revised. Continued use of the Platform after the effective date of an updated Policy constitutes acceptance of the revised terms.
This Privacy Policy is governed by and construed in accordance with the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act 2023, the Nigeria Data Protection Regulation 2019, the Cybercrimes (Prohibition, Prevention, etc.) Act 2015, and all other applicable Nigerian law.
Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of the courts of the Federal Republic of Nigeria.