Privacy Policy

Last Updated: January 26, 2025

At EduPassify ("we," "us," or "our"), we are deeply committed to protecting the privacy and security of our users, particularly students and minors. This comprehensive Privacy Policy explains in detail how we collect, use, store, share, and protect your personal information when you access or use our website (edupassify.com), mobile applications (iOS and Android), AI-powered learning tools, educational content, and all related services (collectively, the "Platform" or "Services"). This Privacy Policy also outlines your rights regarding your personal data and how you can exercise them.

1. Information We Collect

We collect various types of information to provide, improve, and personalize our Services. Below is a comprehensive breakdown of the data we collect and why we collect it.

1.1 Personal Identification Information

This is information you actively provide when creating an account, updating your profile, or contacting us:

• Basic Identity: Full name, email address, phone number, date of birth
• Account Credentials: Username, password (stored in encrypted form), security questions
• Profile Information: Educational level (JSS1, JSS2, JSS3, SS1, SS2, SS3), school name, state of residence
• Exam Preferences: Exams you're preparing for (WAEC, NECO, JAMB, Post-UTME), subjects of interest
• Parental/Guardian Information: For users under 18, parent/guardian name and contact information (optional but recommended)
• Profile Picture: Optional photo or avatar for your account
• Referral Information: Referrer code, referral earnings, refer-a-friend data

1.2 Payment & Billing Information

When you subscribe to premium plans, we collect:

• Payment Method: Credit/debit card details, bank account information, mobile money numbers (processed securely by Flutterwave - we do NOT store full card numbers)
• Billing Address: For invoicing and tax compliance
• Transaction History: Payment receipts, subscription dates, renewal information, refund requests
• Tax Information: VAT/tax numbers where applicable

Note: Payment processing is handled by our secure third-party processor, Flutterwave, which is PCI-DSS compliant. We receive only limited payment information (last 4 digits of card, transaction status) necessary for subscription management.

1.3 Educational & Learning Data

To personalize your learning experience and track progress, we collect:

• Study Activity: Past questions accessed, subjects studied, topics reviewed, study time and frequency
• Assessment Performance: Practice exam scores, quiz results, question accuracy rates, time spent per question
• AI Interactions: Questions asked to our AI study assistant, conversation history, topics discussed, concepts requested for explanation
• Learning Progress: Completed lessons, skill mastery levels, performance trends over time
• Study Roadmap: Personalized study plans, goal settings, milestone achievements
• Bookmarks & Notes: Saved questions, personal study notes, flashcards created
• Performance Analytics: Strengths, weaknesses, improvement areas, predicted exam readiness

Purpose: This data enables us to provide personalized recommendations, identify knowledge gaps, and help you focus on areas needing improvement.

1.4 Technical & Device Information

We automatically collect technical data when you access our Platform:

• Device Information: Device type (mobile, tablet, desktop), manufacturer, model, operating system (iOS, Android, Windows, etc.), browser type and version
• Network Information: IP address, approximate geographic location (city/state level based on IP), internet service provider
• Mobile Device Identifiers: Unique device IDs (for mobile app users), advertising IDs, push notification tokens
• Usage Metrics: Pages visited, features used, clicks, scrolling behavior, session duration, entry/exit pages
• Performance Data: App crashes, errors, loading times, API response times (for debugging and optimization)
• Log Files: Server logs recording access times, requested URLs, HTTP status codes

1.5 Communication Data

When you contact us or communicate through our Platform:

• Support Tickets: Customer service inquiries, bug reports, feature requests, feedback
• Email Correspondence: Messages sent to/from support@edupassify.com or other EduPassify email addresses
• Phone Call Records: Call recordings (with consent) for quality assurance and training purposes
• Survey Responses: Feedback forms, satisfaction surveys, feature polls
• Social Media Interactions: Comments, messages, or mentions on our social media pages

1.6 Cookies & Similar Technologies

We use cookies, web beacons, local storage, and similar tracking technologies. See Section 8 for detailed information about cookies and how to manage them.

2. How We Use Your Information

2. How We Use Your Information

We use the information we collect for legitimate business purposes that enhance your educational experience and enable us to provide, improve, and secure our Services. Below are the specific ways we use your data:

2.1 Service Delivery & Platform Operation

• Account Management: Create, maintain, and secure your user account; authenticate your identity when you log in
• Content Delivery: Provide access to past questions, study materials, practice exams, and educational resources
• AI Assistance: Power our AI study assistant to answer your questions, explain concepts, and provide educational guidance
• Progress Tracking: Monitor your study progress, track performance metrics, and generate analytics dashboards
• Subscription Management: Process payments, manage billing, renew subscriptions, handle refunds
• Feature Access: Enable premium features based on your subscription level

2.2 Personalization & Recommendations

• Customized Learning: Tailor content recommendations based on your educational level, exam goals, and subject preferences
• Adaptive Difficulty: Adjust question difficulty based on your performance to optimize learning
• Study Roadmaps: Generate personalized study plans aligned with your strengths, weaknesses, and time availability
• Content Suggestions: Recommend relevant topics, practice questions, and study materials you may find helpful
• Performance Insights: Provide data-driven insights to help you focus on areas needing improvement

2.3 Communication & Support

• Customer Support: Respond to inquiries, resolve technical issues, provide educational assistance
• Transactional Emails: Send subscription confirmations, payment receipts, password reset links, account notifications
• Educational Updates: Notify you of new content, features, exam preparation tips, study reminders
• Marketing Communications: Send newsletters, promotional offers, feature announcements (you can opt-out anytime)
• Push Notifications: Deliver mobile app notifications for study reminders, achievement alerts, and important updates

2.4 Platform Improvement & Research

• Product Development: Analyze usage patterns to develop new features and improve existing ones
• AI Training: Use anonymized AI conversation data to train and improve our machine learning models for better accuracy
• Quality Assurance: Identify and fix bugs, errors, and performance issues
• Educational Research: Conduct aggregated, anonymized research on learning effectiveness and educational outcomes
• User Experience: Test new designs, features, and content formats (A/B testing)

2.5 Security, Fraud Prevention & Legal Compliance

• Security Monitoring: Detect and prevent unauthorized access, hacking attempts, and security breaches
• Fraud Detection: Identify fraudulent payments, account sharing violations, and abusive behavior
• Terms Enforcement: Ensure compliance with our Terms and Conditions and Community Guidelines
• Legal Obligations: Comply with applicable laws, regulations, court orders, and government requests
• Dispute Resolution: Investigate and resolve user complaints, refund requests, and disputes

2.6 Analytics & Business Operations

• Usage Analytics: Understand how users interact with our Platform to inform business decisions
• Performance Metrics: Track key performance indicators (user growth, engagement, retention)
• Market Research: Analyze trends in educational technology and exam preparation
• Reporting: Generate internal reports for management and operational purposes

2.7 Legal Basis for Processing (GDPR & NDPR Compliance)

For users in regions with data protection laws (including Nigeria, EU), we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to provide Services under our Terms and Conditions
• Consent: You've given explicit consent for specific processing activities (e.g., marketing communications)
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, platform improvement) while respecting your rights
• Legal Obligation: Compliance with applicable laws and regulations

3. AI Study Assistant: Data Processing & Privacy

3. AI Study Assistant: Data Processing & Privacy

Our AI-powered study assistant (including Voice Tutor and Education Chat) is a core feature of EduPassify. Understanding how we handle AI-related data is crucial:

3.1 What AI Data We Collect

• Conversation Content: Questions you ask, clarifications you request, and AI responses provided
• Interaction Metadata: Timestamp, conversation length, topics discussed, response ratings (thumbs up/down)
• Voice Data (Voice Tutor): Audio recordings of your voice inputs (processed and deleted after transcription, unless saved for quality improvement with your consent)
• Context Data: Your current study topic, recent questions viewed, performance on related topics (to provide contextual responses)

3.2 How We Use AI Conversation Data

• Provide Responses: Generate accurate, relevant, and helpful answers to your educational questions
• Conversation History: Store your chat history so you can reference past explanations
• Model Improvement: Analyze anonymized conversations to improve AI accuracy, reduce errors, and enhance response quality
• Safety & Compliance: Monitor for inappropriate usage, abuse, or attempts to manipulate the AI
• Content Quality: Identify common misunderstandings or knowledge gaps to improve educational content

3.3 AI Data Privacy Protections

• Anonymization: AI training data is anonymized and stripped of personally identifiable information
• No Sharing with Other Users: Your AI conversations are private and never shared with other students or displayed publicly
• Third-Party AI Providers: We use reputable AI service providers (OpenAI) who also comply with strict data protection standards
• Sensitive Information Warning: Do not share sensitive personal information (passwords, addresses, financial details) in AI conversations - the assistant is for educational purposes only
• Data Deletion: You can request deletion of your AI conversation history through account settings or by contacting support

3.4 Voice Tutor Specific Privacy

For users of our Voice Tutor feature:

• Voice recordings are processed to convert speech to text
• Original audio is typically deleted immediately after transcription
• You can opt-in to allow us to retain voice samples for improving speech recognition accuracy
• Voice data is never shared with third parties for marketing or advertising

4. Information Sharing & Disclosure

WE DO NOT SELL YOUR PERSONAL INFORMATION. We will never sell, rent, or trade your personal data to third parties for their marketing purposes. We share your information only in the limited circumstances described below:

4.1 Trusted Service Providers

We share information with carefully vetted third-party service providers who assist in operating our Platform. These providers are contractually obligated to protect your data and use it only for the specific services they provide to us:

• Payment Processors: Flutterwave (for secure payment processing and fraud detection)
• Cloud Hosting: AWS, Google Cloud, or Microsoft Azure (for data storage and platform infrastructure)
• Email Services: SendGrid, Mailchimp, or similar (for sending transactional and marketing emails)
• Analytics Providers: Google Analytics, Mixpanel (for usage analytics and performance monitoring)
• Customer Support Tools: Zendesk, Intercom (for managing support tickets and live chat)
• AI Services: OpenAI (for powering our AI study assistant)
• SMS Providers: Twilio, Termii (for sending SMS notifications and verification codes)
• Push Notification Services: Firebase Cloud Messaging, OneSignal (for mobile app notifications)

Each service provider has been assessed for data security practices and signs data processing agreements to ensure NDPR/GDPR compliance.

4.2 Legal Requirements & Law Enforcement

We may disclose your information if required to do so by law or in good faith belief that such action is necessary to:

• Comply with court orders, subpoenas, or legal processes
• Respond to government or regulatory requests (Nigerian authorities, data protection agencies)
• Enforce our Terms and Conditions or investigate violations
• Protect the rights, property, or safety of EduPassify, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Comply with child protection laws or prevent harm to minors

4.3 Business Transfers & Corporate Transactions

If EduPassify is involved in a merger, acquisition, bankruptcy, corporate reorganization, or sale of assets, your personal information may be transferred as part of the transaction. We will:

• Notify you via email at least 30 days before the transfer
• Provide details about the acquiring entity and their privacy practices
• Offer you the option to delete your account before the transfer (if desired)
• Ensure the new entity maintains the same or higher privacy standards

4.4 Aggregated & Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. Examples include:

• Statistical reports (e.g., "75% of JAMB candidates improved scores after using EduPassify")
• Research publications on educational technology and learning outcomes
• Market trends and usage statistics for business partnerships
• Public dashboards showing platform-wide metrics (total users, questions answered)

4.5 With Your Explicit Consent

We may share your information for purposes not described in this Privacy Policy, but only with your explicit, informed consent obtained at the time of sharing.

5. Data Security & Protection Measures

5. Data Security & Protection Measures

We implement comprehensive technical, administrative, and physical security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. However, please understand that no internet transmission or electronic storage method is 100% secure.

5.1 Technical Security Measures

• Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.2+ (Transport Layer Security)
• Data Encryption at Rest: Sensitive data (passwords, payment information) is encrypted in our databases using industry-standard AES-256 encryption
• Password Security: Passwords are hashed using bcrypt with salt, making them unreadable even to our staff
• Secure APIs: All API endpoints require authentication and use HTTPS
• Firewalls: Multi-layered firewalls protect our servers from unauthorized access
• Intrusion Detection: Automated systems monitor for suspicious activity and potential breaches

5.2 Administrative Security Measures

• Access Controls: Strict role-based access controls limit employee access to user data on a need-to-know basis
• Staff Training: All employees undergo data protection and security awareness training
• Confidentiality Agreements: Employees and contractors sign confidentiality agreements prohibiting unauthorized data disclosure
• Regular Audits: Quarterly internal audits of data access logs and security practices
• Vendor Management: Third-party service providers are evaluated for security compliance before engagement

5.3 Operational Security Practices

• Regular Updates: Software, systems, and dependencies are kept up-to-date with security patches
• Vulnerability Scanning: Automated vulnerability scans run weekly
• Penetration Testing: Annual third-party penetration testing to identify security weaknesses
• Backup & Recovery: Daily encrypted backups with disaster recovery procedures
• Incident Response Plan: Documented procedures for responding to data breaches or security incidents

5.4 User Security Responsibilities

You also play a crucial role in protecting your account:

• Strong Passwords: Use unique, complex passwords (min. 8 characters, mix of letters/numbers/symbols)
• No Sharing: Never share your password or account credentials with others
• Device Security: Keep your devices secure with screen locks and up-to-date security software
• Logout: Log out after using EduPassify on shared or public computers
• Suspicious Activity: Report any unauthorized access or suspicious activity immediately to support@edupassify.com

5.5 Data Breach Notification

In the unlikely event of a data breach that compromises your personal information:

• We will notify you via email within 72 hours of discovering the breach
• We will notify relevant authorities (Nigeria Data Protection Bureau) as required by law
• We will provide details about what information was compromised and steps we're taking
• We will offer guidance on protecting yourself (e.g., changing passwords, monitoring accounts)

6. Your Privacy Rights & Choices

You have significant rights regarding your personal data. Below are the rights available to you and how to exercise them:

6.1 Right to Access

You have the right to access and obtain a copy of your personal information we hold. To request your data:

• Email privacy@edupassify.com with subject line "Data Access Request"
• Include your registered email address and account username for verification
• We will provide your data in a structured, commonly used format (PDF or JSON) within 30 days

6.2 Right to Correction (Rectification)

You can update or correct inaccurate personal information:

• Most profile information can be updated directly in your account settings
• For information you cannot update yourself, contact support@edupassify.com
• We will correct inaccuracies within 14 days of your request

6.3 Right to Deletion (Right to be Forgotten)

You can request deletion of your account and personal information. Upon deletion:

• Your account will be permanently deactivated within 48 hours
• Personal information will be deleted from active systems within 30 days
• Some information may be retained for legal compliance (e.g., transaction records for tax purposes up to 7 years)
• Anonymized data used for research/analytics cannot be deleted as it's no longer linked to you
• Backup copies will be deleted in our next backup rotation cycle (up to 90 days)

To delete your account: Go to Account Settings → Privacy → Delete Account, or email privacy@edupassify.com with "Account Deletion Request"

6.4 Right to Data Portability

You can request your data in a portable format to transfer to another service:

• Email privacy@edupassify.com with "Data Portability Request"
• We'll provide your data in JSON or CSV format within 30 days
• Includes: Profile info, study history, performance data, AI conversations (where applicable)

6.5 Right to Restriction of Processing

You can request that we limit how we process your data in certain circumstances (e.g., while disputing data accuracy). Contact privacy@edupassify.com with specific details.

6.6 Right to Object to Processing

You can object to processing of your data for:

• Marketing: Opt-out of marketing emails via unsubscribe links or account settings
• Profiling: Object to automated decision-making (though we don't make decisions significantly affecting you solely by automated means)

6.7 Managing Cookies & Tracking

Control cookie preferences:

• Use our Cookie Consent Manager when you first visit the site
• Adjust browser settings to block or delete cookies
• Note: Disabling essential cookies may limit platform functionality

6.8 Communication Preferences

• Marketing Emails: Unsubscribe via links in emails or Account Settings → Notifications
• Push Notifications: Disable in mobile app settings or device settings
• SMS Notifications: Reply "STOP" to SMS messages or contact support
• Transactional Emails: Cannot be disabled as they're essential for account security and service delivery

7. Data Retention Periods

7. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Retention Schedule by Data Type

• Active Account Data: Retained while your account is active and for 90 days after account deletion (for recovery)
• Study History & Performance: Retained while account is active; deleted 90 days after account closure
• AI Conversation Logs: Retained for 1 year (anonymized after 6 months for improvement purposes)
• Transaction Records: 7 years (required for tax compliance and financial auditing)
• Support Tickets: 3 years (for customer service continuity and dispute resolution)
• Marketing Data (for opted-out users): 30 days after opt-out
• Security Logs: 2 years (for fraud detection and security investigations)
• Anonymous Analytics Data: Indefinitely (cannot be linked back to individuals)

7.2 Reasons for Retention

• Legal obligations (tax records, financial audits, regulatory compliance)
• Dispute resolution and litigation defense
• Fraud prevention and security
• Service improvement and product development
• Preserving evidence of Terms compliance/violations

8. Cookies & Similar Technologies

We use cookies, web beacons, pixels, local storage, and similar technologies to enhance your experience, analyze usage, and deliver personalized content.

8.1 Types of Cookies We Use

a) Essential/Strictly Necessary Cookies

Required for basic platform functionality. Cannot be disabled without breaking core features.

• Authentication tokens (keeping you logged in)
• CSRF tokens (security protection)
• Load balancing cookies
• Session management

b) Functional/Preference Cookies

Remember your settings and preferences for enhanced experience.

• Language preferences
• Font size and display settings
• Notification preferences
• Recently viewed questions

c) Analytics/Performance Cookies

Help us understand how you use the Platform to improve services.

• Google Analytics: Page views, session duration, bounce rate, traffic sources
• Mixpanel: Feature usage, user flows, conversion tracking
• Hotjar: Heatmaps, session recordings (anonymized), user feedback

d) Advertising/Marketing Cookies

Track visits across websites to deliver relevant ads and measure campaign effectiveness.

• Facebook Pixel (retargeting ads on Facebook/Instagram)
• Google Ads conversion tracking
• LinkedIn Insight Tag
• Twitter Pixel

8.2 Managing Cookie Preferences

You can control cookies through:

• Our Cookie Consent Tool: Displayed on your first visit; adjust preferences anytime in Account Settings → Privacy → Cookie Preferences
• Browser Settings: Most browsers allow you to block or delete cookies via settings (Chrome, Firefox, Safari, Edge instructions available online)
• Opt-Out Tools:
  • Google Analytics Opt-Out: tools.google.com/dlpage/gaoptout
  • NAI Opt-Out Tool: optout.networkadvertising.org

Note: Disabling cookies may affect platform functionality (e.g., you may need to re-enter preferences, or some features may not work properly).

9. Children's Privacy (Under 18 Users)

EduPassify is designed for students aged 13 and above. We are committed to protecting the privacy of minors in accordance with Nigerian child protection laws and international standards (COPPA principles).

9.1 Age Requirements

• Minimum Age: Users must be at least 13 years old
• Parental Consent: Users under 18 must have parent/guardian permission to use EduPassify
• Under 13: We do not knowingly collect personal information from children under 13 without verified parental consent

9.2 Parental Rights & Controls

Parents and guardians of minors using EduPassify have the right to:

• Review their child's personal information
• Request correction or deletion of their child's data
• Refuse further collection or use of their child's information
• Withdraw consent for data processing

To exercise parental rights, email privacy@edupassify.com with subject "Parental Privacy Request" and include proof of guardianship.

9.3 Limited Data Collection for Minors

For users identified as minors (under 18), we:

• Collect only data necessary for educational services
• Do NOT use their data for behavioral advertising without parental consent
• Do NOT sell minor data to third parties
• Implement additional security safeguards

9.4 If We Discover Underage Users

If we discover a user under 13 has provided personal information without parental consent:

• We will immediately suspend the account
• We will attempt to contact parents/guardians
• If parental consent cannot be obtained within 30 days, we will delete all collected data

10. International Data Transfers

10. International Data Transfers

EduPassify is based in Nigeria, but our service providers and infrastructure may be located in other countries. Your personal information may be transferred to, stored in, and processed in countries outside Nigeria, including the United States, European Union, and other jurisdictions.

10.1 Countries Where Data May Be Transferred

• United States: Cloud hosting (AWS, Google Cloud), AI services (OpenAI), analytics (Google)
• European Union: Email services, customer support tools
• Singapore: Data backup and redundancy

10.2 Safeguards for International Transfers

When transferring data internationally, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs): EU-approved model contracts for data transfers
• Data Processing Agreements: Binding contracts with all third-party processors
• Adequacy Decisions: Transfers to countries recognized by Nigeria/EU as having adequate data protection
• Certification Programs: Service providers certified under Privacy Shield, ISO 27001, or similar standards
• Encryption in Transit: All data transfers encrypted using TLS 1.3

10.3 Your Rights Regarding International Transfers

You have the right to:

• Request information about where your data is stored and processed
• Object to transfers to specific countries (though this may limit service availability)
• Request copies of safeguards in place (e.g., SCCs)

Contact privacy@edupassify.com with questions about international data transfers.

11. Third-Party Services & Links

Our Platform may contain links to third-party websites, services, or resources that are not owned or controlled by EduPassify. This Privacy Policy applies only to our Platform and Services.

11.1 Third-Party Links

We are not responsible for the privacy practices or content of:

• External educational resources we link to
• Exam board websites (WAEC, NECO, JAMB)
• Social media platforms (Facebook, Twitter, Instagram, LinkedIn)
• Payment processor websites
• Third-party plugins or integrations

We strongly encourage you to review the privacy policies of any third-party sites you visit. Clicking links to external sites is at your own risk.

11.2 Social Media Features

Our Platform includes social media sharing buttons (Facebook, Twitter, WhatsApp). These features may collect your IP address, track pages you visit on our site, and set cookies. Your interactions with these features are governed by the privacy policies of the companies providing them.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational, legal, or regulatory reasons.

12.1 Notification of Changes

When we make material changes to this Privacy Policy:

• Email Notification: We will send an email to your registered address at least 14 days before the effective date
• Platform Notice: A prominent banner will appear on our Platform announcing the update
• Updated "Last Updated" Date: The date at the top of this policy will be revised
• Version History: Previous versions will be archived and accessible for your review

12.2 Your Acceptance of Changes

Your continued use of EduPassify after the effective date of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes:

• You may delete your account before the effective date
• Your data will be handled according to the previous policy until deletion
• You will not be entitled to refunds for remaining subscription time (unless legally required)

12.3 Minor Changes

For non-material changes (typo corrections, clarifications, contact info updates), we may update the policy without prior notice. We recommend reviewing this Privacy Policy periodically.

13. Compliance & Regulatory Framework

13.1 Nigeria Data Protection Regulation (NDPR) 2019

As a Nigerian-based platform, we fully comply with the NDPR 2019 issued by the National Information Technology Development Agency (NITDA). Our compliance includes:

• Lawful basis for all data processing activities
• Transparent data collection and usage practices
• Data subject rights (access, correction, deletion, portability)
• Data security and breach notification procedures
• Registration with Nigeria Data Protection Bureau (NDPB)

13.2 GDPR Principles (for International Users)

While EduPassify primarily serves Nigerian users, we adhere to GDPR principles for any EU residents who use our Platform:

• Right to access, rectification, erasure, and data portability
• Right to restriction of processing and right to object
• Right to lodge complaints with supervisory authorities
• Lawful basis and explicit consent requirements

13.3 Educational Data Privacy

We recognize the sensitive nature of student data and commit to:

• Never selling student data for advertising or marketing
• Limiting data collection to educationally necessary information
• Providing transparency to students and parents/guardians
• Implementing enhanced security for minor data

14. Contact Us & Data Protection Officer

If you have questions, concerns, requests, or complaints regarding this Privacy Policy or our data practices, please contact us:

14.1 General Privacy Inquiries

• Email: privacy@edupassify.com
• Data Protection Officer: dpo@edupassify.com
• Customer Support: support@edupassify.com
• Phone: +234 813 356 8786 (Mon-Fri, 9 AM - 6 PM WAT)
• Mailing Address: EduPassify Nigeria Ltd, Attention: Privacy Team, Lagos, Nigeria

14.2 Response Time

We strive to respond to all privacy inquiries within:

• Urgent Security Issues: Within 24 hours
• Data Access Requests: Within 30 days
• General Inquiries: Within 5 business days
• Deletion Requests: Account deletion within 48 hours; full data removal within 30 days

14.3 Regulatory Complaints

If you believe we have violated your data protection rights, you have the right to lodge a complaint with:

• Nigeria Data Protection Bureau (NDPB)
• Website: ndpb.gov.ng
• Email: info@ndpb.gov.ng
• Address: National Information Technology Development Agency (NITDA), Abuja, Nigeria