Legal

Privacy Policy

Last updated: April 2026 · ProStack NG Technologies Ltd

1. Introduction

ProStack NG Technologies Ltd ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the ProStack NG Developer Platform.

2. Information We Collect

Account information

When you register, we collect: full name, email address, company name (optional), hashed password. We never store plaintext passwords — all passwords are hashed with bcrypt.

API usage data

We log: API request method, endpoint, HTTP status code, response latency, and client IP address. This is used for debugging and usage analytics displayed in your dashboard.

Transactional data

Data submitted through our APIs (phone numbers, email addresses, BVN/NIN values) is processed and logged for your account's audit trail. BVN and NIN values are treated as sensitive and are not exposed in API responses beyond the original lookup.

3. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate API requests and prevent abuse
  • To display usage analytics in your dashboard
  • To send service-critical emails (account verification, security alerts)
  • To improve platform reliability and performance
  • To comply with legal obligations under Nigerian law

4. API Keys

API keys are stored as SHA-256 hashes. The plaintext key is shown only once at creation and cannot be recovered. We recommend storing keys in environment variables or a secrets manager. Revoked keys are soft-deleted and cannot be re-activated.

5. Third-Party Providers

We route requests through the following third-party providers, each subject to their own privacy policies:

  • Termii — SMS delivery (Nigeria)
  • Paystack — Payment processing (Nigeria)
  • Flutterwave — Payment processing (Africa)
  • Dojah — Identity verification (Nigeria)

Data submitted to these providers is governed by their respective privacy policies and Nigerian data protection regulations.

6. Data Security

We implement industry-standard security practices:

  • All data in transit is encrypted via TLS 1.2+
  • Passwords hashed with bcrypt (cost factor 12)
  • API keys stored as SHA-256 hashes only
  • JWT tokens expire after 30 days
  • Rate limiting prevents brute-force attacks
  • Generic error messages — no internal details exposed to clients
  • HMAC-SHA512 webhook signature verification

7. Data Retention

Account data is retained while your account is active. API request logs are retained for 90 days. You may request deletion of your account and associated data by contacting us. Deletion is processed within 30 days.

8. Your Rights (NDPR)

Under the Nigeria Data Protection Regulation (NDPR), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to certain processing of your data
  • Lodge a complaint with the National Information Technology Development Agency (NITDA)

9. Cookies

The ProStack NG dashboard does not use tracking cookies. We use localStorage only to persist your authentication token and environment preference on your device. No third-party analytics or advertising cookies are used.

10. Contact

For privacy-related requests or questions, contact our Data Protection Officer at contact@prostackng.com.ng or write to: ProStack NG Technologies Ltd, Port Harcourt, Rivers State, Nigeria.