This Privacy Policy explains how Ajaro Limited ("we", "us", "the Company") collects, uses, stores, and protects the personal data of vendors, customers, and visitors who interact with the Ajaro platform at www.ajaro.com.ng and any associated mobile applications. We are committed to handling personal data responsibly, transparently, and in full compliance with the Nigerian Data Protection Regulation (NDPR) 2019 and all other applicable Nigerian data protection laws.
Ajaro Limited is the data controller responsible for the personal data collected and processed through the Platform. Our registered details are:
| Company Name | Ajaro Limited |
| RC Number | RC 00000000 |
| Registered Address | 14 Broad Street, Victoria Island, Lagos State, Nigeria |
| Data Protection Officer | privacy@ajaro.com.ng |
| NITDA Registration No. | NITDA/DPR/2025/000000 |
As a data controller, we determine the purposes for which and the means by which personal data is processed. Where we engage third-party service providers to process data on our behalf, they act as data processors under our instructions and are bound by appropriate data processing agreements.
We collect the following categories of personal data depending on your relationship with the Platform:
We collect personal data through the following channels:
When you use the Platform, we automatically collect certain technical data through cookies, web beacons, log files, and similar technologies. This includes your IP address, browser data, and behavioural data about how you interact with the Dashboard. See Section 7 for full details on cookies.
We use personal data for the following purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Creating and managing your vendor account | Account data, identity documents | Contract performance |
| Processing orders, payments, and payouts | Transaction data, bank details | Contract performance |
| Verifying your identity and preventing fraud | Account data, ID documents, technical data | Legal obligation; Legitimate interest |
| Providing customer support | Communication data, account data | Contract performance; Legitimate interest |
| Sending service notifications (order alerts, expiry reminders) | Email, phone number | Contract performance |
| Sending marketing communications (where opted in) | Email, phone number, preferences | Consent |
| Improving Platform features and user experience | Usage data, error logs | Legitimate interest |
| Complying with legal and regulatory obligations | All applicable data categories | Legal obligation |
| Enforcing our Terms & Conditions | Account data, transaction data | Legitimate interest; Legal obligation |
| Analytics and Platform performance monitoring | Technical data, usage data | Legitimate interest |
Under the NDPR 2019, we rely on one or more of the following legal bases when processing your personal data:
The majority of data processing on the Platform is necessary to perform our contract with you as a vendor. This includes account management, order processing, payout disbursement, and subscription management. Without this processing, we cannot provide the Platform services to you.
We are required by Nigerian law to process certain personal data for compliance purposes, including KYC/AML obligations under the Money Laundering (Prohibition) Act, tax reporting requirements, and responses to lawful requests from regulatory authorities such as FIRS, the CBN, and EFCC.
We process certain data where we have a legitimate business interest in doing so, provided that interest is not overridden by your rights and freedoms. This includes fraud prevention, platform security, service analytics, and improving user experience. You have the right to object to processing based on legitimate interest — see Section 11.
Where we rely on your consent — such as for marketing emails or optional analytics cookies — we will ask for it explicitly and you may withdraw it at any time. Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal.
We do not sell your personal data to third parties. We share data only in the limited circumstances described below:
We share data with trusted third-party service providers who process it on our behalf under binding data processing agreements. These include:
| Provider Category | Purpose | Data Shared |
|---|---|---|
| Payment processors (Paystack, Flutterwave) | Transaction processing and payout disbursement | Name, bank details, transaction amounts |
| Cloud hosting provider | Platform infrastructure and data storage | All Platform data (encrypted at rest) |
| Email delivery provider | Transactional and marketing email delivery | Email address, name, message content |
| SMS/notification provider | Order and account SMS notifications | Phone number, message content |
| Identity verification service | KYC document verification during onboarding | Name, ID document images, date of birth |
| Analytics provider | Platform usage analytics (anonymised) | Anonymised usage and technical data |
| Fraud detection service | Transaction risk assessment | IP address, device data, transaction metadata |
We may disclose personal data to government agencies, regulatory bodies, or law enforcement authorities where we are required to do so by law, court order, or lawful regulatory direction. We will notify you of any such disclosure where we are legally permitted to do so.
In the event of a merger, acquisition, sale of assets, or restructuring of the Company, your personal data may be transferred to the successor entity as part of the business assets. You will be notified in advance of any such transfer, and the successor entity will be bound by privacy obligations no less protective than those in this Policy.
We use cookies and similar tracking technologies on the Platform. A cookie is a small text file placed on your device when you visit our website. Full details are available in our Cookie Policy. Below is a summary of the types of cookies we use:
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Strictly Necessary | Essential for logging in, maintaining your session, and basic Platform security. Cannot be turned off. | No |
| Functional | Remember your preferences such as language, layout, and sidebar state. | Yes |
| Analytics | Collect anonymised data about how users interact with the Platform to help us improve it. | Yes |
| Marketing | Used to show relevant advertisements if you have opted in to marketing communications. | Yes |
You can manage your cookie preferences at any time through your browser settings or via the Cookie Preferences panel accessible from the footer of the Platform. Note that disabling certain cookies may affect the functionality of the Platform.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our standard retention periods are as follows:
| Data Category | Retention Period | Reason |
|---|---|---|
| Active vendor account data | For the duration of account activity | Contract performance |
| Financial and transaction records | 7 years after transaction date | Tax law (FIRS requirements) |
| KYC and identity documents | 7 years after account closure | AML regulatory obligation |
| Closed account data | 6 years after closure | Legal claims and dispute resolution |
| Support communications | 3 years after last interaction | Quality assurance; dispute resolution |
| Marketing opt-in records | Until withdrawal of consent + 1 year | Proof of consent |
| Server and access logs | 12 months | Security monitoring |
| Analytics data | 24 months (anonymised) | Platform improvement |
When data is no longer required, we securely delete or anonymise it. Where complete deletion is not technically feasible within normal operations (e.g. backup archives), we isolate the data from further active processing until deletion is possible.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. Our security measures include:
Our primary servers are located in Nigeria. However, some of the third-party service providers we use (such as cloud hosting and analytics providers) may process your data outside Nigeria. Where this occurs, we take steps to ensure that your data receives an equivalent level of protection to that afforded under Nigerian law.
These steps include:
You may request details of the safeguards in place for any specific international transfer by contacting our Data Protection Officer at privacy@ajaro.com.ng.
Under the NDPR 2019 and applicable Nigerian data protection law, you have the following rights in relation to your personal data. You may exercise any of these rights by contacting our Data Protection Officer at privacy@ajaro.com.ng. We will respond to all valid requests within thirty (30) days.
The Ajaro Platform is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. Vendor account registration requires confirmation that the applicant is at least 18 years of age.
If we become aware that we have inadvertently collected personal data from a person under 18 without appropriate parental or guardian consent, we will take immediate steps to delete that data from our systems. If you believe we may have collected data from a minor, please contact us immediately at privacy@ajaro.com.ng.
The Platform may contain links to third-party websites, payment portals, or partner services. This Privacy Policy applies only to Ajaro and does not extend to any third-party website or service, even where accessed through a link on our Platform. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies before providing any personal data.
Third-party payment pages operated by Paystack and Flutterwave are governed by their own privacy policies. When you are redirected to a payment page, you are leaving the Ajaro Platform.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Where changes are material, we will notify you by email to your registered address and/or by a prominent notice on the Platform Dashboard at least fourteen (14) days before the changes take effect.
We encourage you to review this Policy periodically. The date at the top of the Policy indicates when it was last revised. Your continued use of the Platform after the revised Policy takes effect constitutes your acceptance of the changes. A version archive of past policies is available on request from our Data Protection Officer.
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact our Data Protection Officer:
| Data Protection Officer | Ajaro Data Protection Office |
| privacy@ajaro.com.ng | |
| Post | Data Protection Officer, Ajaro Limited, 14 Broad Street, Victoria Island, Lagos State, Nigeria |
| Phone | +234 901 234 5678 (Mon – Fri, 8am – 6pm WAT) |
| Response Time | Within 30 days of receipt of your request |
If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Bureau (NDPB) at ndpb.gov.ng or by post to: Nigeria Data Protection Bureau, No. 5 Ogunyemi Street, Wuse 2, Abuja, FCT.
This Privacy Policy was last reviewed and updated in March 2025. Document reference: DBM-PP-V2.1-2025. This policy supersedes all previously published versions.
Our Data Protection Officer is here to help. Reach out at any time and we'll respond within 30 business days.