Privacy Policy

1. Introduction

Brandible Marketing Solutions Limited ("Brandible," "we," "us," or "our") is committed to protecting the privacy and security of your personal and business information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our micro-influencer marketing platform and related services.

This policy applies to all users of our platform, including corporate clients, micro-influencers, website visitors, and campaign participants. By using Brandible's services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Corporate Client Information

When you register as a corporate client, we collect:

• Company Information: Business name, registration number, industry, company size
• Contact Details: Business address, phone number, email address, website
• Authorized Representatives: Names, titles, contact information of account managers
• Financial Information: Billing details, payment methods, transaction history
• Campaign Data: Marketing objectives, target audiences, brand guidelines, campaign budgets

2.2 Micro-Influencer Information

For our micro-influencer network, we collect:

• Personal Information: Name, age, contact details
• Content Information: Created content, performance metrics, audience interactions
• Financial Details: Payment information, earnings history, tax information
• Performance Data: Campaign participation, completion rates, quality ratings

2.3 Technical Information

We automatically collect certain technical information:

• Device Information: Device type, operating system, browser type
• Usage Analytics: We log user activity, such as pages visited, features used, and interaction timestamps to understand how our service is used.
• Push Notification Tokens: A unique token for your device to send you push notifications if you grant permission.
• Campaign Metrics: View counts, engagement rates, conversion tracking

2.4 Third-Party Information

We may receive information from third-party sources:

• Payment Processors: Transaction confirmations, payment status

2.5 Camera and Media Access

To enable full participation in our campaigns and platform features, we may request access to your device's camera and media library (photos and videos). Access is only granted with your explicit permission. We use this access for:

• Campaign Content Creation: Capturing photos or videos required for specific campaign challenges and submissions.
• Profile Customization: Uploading a profile picture to personalize your account.
• Verification: Submitting images for identity or content verification purposes to ensure the integrity of our network.

We do not access your camera or media library in the background. All access is initiated by you, and you can manage these permissions at any time through your device settings.

3. How We Use Your Information

3.1 Primary Business Purposes

We use your information for the following core business activities:

• Platform Operations: Account management, user authentication, service delivery
• Campaign Management: Influencer matching, content creation, performance tracking
• Payment Processing: Billing, payments to influencers, financial reporting
• Customer Support: Responding to inquiries, resolving issues, providing assistance
• Performance Analytics: Campaign reporting, ROI analysis, platform optimization

3.2 Marketing and Communication

With your consent, we may use your information for:

• Marketing Communications: Platform updates, new features, promotional offers
• Industry Insights: Marketing trends, best practices, case studies
• Event Invitations: Webinars, industry conferences, networking events
• Customer Success: Onboarding support, training materials, optimization recommendations

3.3 Legal and Compliance

We process information when required for:

• Legal Compliance: Meeting regulatory requirements, tax obligations
• Contract Enforcement: Ensuring compliance with terms of service
• Fraud Prevention: Detecting and preventing fraudulent activities
• Dispute Resolution: Resolving conflicts between parties

3.4 Legal Basis for Processing (NDPR)

Under NDPR, we process your personal data based on:

• Consent: When you explicitly agree to our services and marketing
• Contract Performance: To provide the services you've requested
• Legitimate Interests: For business operations and platform improvement
• Legal Obligation: To comply with applicable laws and regulations

4. Information Sharing and Disclosure

4.1 Within Our Platform

We share information between platform participants for service delivery:

• Client-Influencer Matching: Relevant audience demographics for campaign suitability
• Campaign Collaboration: Brand guidelines, content requirements, performance expectations
• Performance Reporting: Campaign metrics, engagement data, ROI analysis
• Payment Processing: Earnings data, payment confirmations, financial reporting

4.2 Service Providers

We share information with trusted third-party service providers to operate our platform. These include:

• Backend Services: We use Supabase for our database, authentication, cloud functions, Performance tracking and data analytics.
• Push Notification Services: We use Expo to facilitate the delivery of push notifications.
• Payment Processors: We use Stripe and Paystack to handle payments from clients and payouts to influencers.

4.3 Legal and Regulatory Disclosure

We may disclose information when legally required:

• Legal Proceedings: Court orders, subpoenas, legal investigations
• Regulatory Compliance: Tax authorities, business registration agencies
• Law Enforcement: Criminal investigations, fraud prevention
• Consumer Protection: Advertising standards authorities, consumer rights agencies

4.4 Business Transactions

In the event of a business transaction, your information may be transferred:

• Mergers and Acquisitions: Due diligence and transaction completion
• Asset Sales: Sale of business units or platform assets
• Corporate Restructuring: Changes in business structure or ownership
• Bankruptcy or Insolvency: Legal proceedings and asset distribution

5. Data Security

5.1 Technical Safeguards

We implement comprehensive security measures:

• Encryption: All data encrypted in transit and at rest using AES-256 encryption
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, vulnerability scanning
• Secure Infrastructure: Cloud hosting with enterprise-grade security certifications
• Data Backup: Regular encrypted backups with disaster recovery procedures

5.2 Organizational Safeguards

Our organizational security measures include:

• Staff Training: Regular privacy and security training for all employees
• Background Screening: Comprehensive checks for all personnel with data access
• Security Policies: Documented procedures for data handling and incident response
• Regular Audits: Internal and external security assessments
• Vendor Management: Security requirements for all third-party providers

5.3 Data Breach Response

In the event of a security incident, we will:

1. Immediate Response: Contain the breach and assess the scope within 1 hour
2. Investigation: Conduct thorough investigation to determine cause and impact
3. Regulatory Notification: Notify NDPC within 72 hours as required
4. User Notification: Inform affected users within 72 hours of discovery
5. Remediation: Implement measures to prevent future incidents
6. Documentation: Maintain detailed records for regulatory review

6. Your Rights and Choices

6.1 NDPR Rights

Under the Nigerian Data Protection Regulation, you have the following rights:

• Right to Information: Know what personal data we collect and how we use it
• Right of Access: Request a copy of your personal data in our systems
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data (subject to legal requirements)
• Right to Restrict Processing: Limit how we use your personal data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

6.2 Communication Preferences

You can control your communication preferences:

• Marketing Emails: Unsubscribe from promotional communications
• Platform Notifications: Adjust notification settings in your account
• Campaign Updates: Choose frequency and type of campaign communications
• Industry Insights: Opt in/out of educational content and market updates

6.3 Account Management

You can manage your account and data:

• Profile Updates: Modify your profile information at any time
• Privacy Settings: Control data sharing and visibility preferences
• Account Deactivation: Temporarily suspend your account
• Account Deletion: Permanently delete your account and associated data

6.4 Exercising Your Rights

To exercise any of these rights:

• Contact Methods: Email privacy@brandible.ng or use our online form
• Verification Process: We may require identity verification for security
• Response Time: We will respond within 30 days of receiving your request
• No Cost: Most requests are processed free of charge

7. Data Retention

7.1 Retention Periods

We retain different types of data for varying periods:

• Active Account Data: Retained while your account is active and for 12 months after deactivation
• Campaign Data: 5 years after campaign completion for performance analysis and legal compliance
• Financial Records: 7 years for accounting and tax compliance requirements
• Communication Logs: 2 years for customer support and quality assurance
• Analytics Data: 3 years in aggregated, anonymized form for business insights
• Legal Documents: Indefinitely for contracts and legal compliance

7.2 Factors Affecting Retention

Retention periods may be extended for:

• Legal Obligations: Regulatory requirements or ongoing legal proceedings
• Dispute Resolution: Active disputes or claims involving your account
• Security Investigations: Fraud prevention and security incident response
• Business Continuity: Essential business records and historical performance data

7.3 Secure Deletion

When data is no longer needed, we securely delete it using:

• Cryptographic Erasure: Secure key deletion for encrypted data
• Data Overwriting: Multiple-pass overwriting for unencrypted data
• Physical Destruction: Secure destruction of physical storage media
• Verification: Confirmation of successful deletion from all systems

8. International Data Transfers

Your data is primarily stored and processed within Nigeria. However, some of our service providers may be located outside Nigeria. When we transfer data internationally, we ensure:

8.1 Adequacy and Safeguards

• Adequate Protection: Transfers only to countries with adequate data protection laws
• Contractual Safeguards: Standard contractual clauses with international providers
• Data Processing Agreements: Comprehensive agreements governing data handling
• Regular Audits: Ongoing monitoring of international service providers

8.2 Specific Transfer Scenarios

• Cloud Storage: Encrypted data storage in certified international data centers
• Payment Processing: International payment networks with NDPR compliance
• Analytics Services: Anonymized data for platform optimization
• Customer Support: Limited support data for service delivery

9. Changes to This Privacy Policy

9.1 Policy Updates

We may update this Privacy Policy to reflect:

• Service Changes: New features, services, or business practices
• Legal Requirements: Changes in applicable laws and regulations
• Security Enhancements: Improved data protection measures
• User Feedback: Improvements based on user suggestions and concerns

9.2 Notification Process

When we make significant changes, we will:

• Website Notice: Post the updated policy prominently on our website
• Email Notification: Send email alerts to all registered users
• Platform Notifications: Display in-app notifications about policy changes
• Comment Period: Provide 30 days for feedback on major changes

9.3 Continued Use

Your continued use of our services after the effective date of changes constitutes acceptance of the updated policy. If you disagree with changes, you may:

• Contact Us: Discuss concerns with our privacy team
• Modify Settings: Adjust your privacy and communication preferences
• Close Account: Deactivate your account if you cannot accept the changes

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Nigerian Data Protection Commission

If you're not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Nigerian Data Protection Commission (NDPC):

• Website: ndpc.gov.ng
• Email: info@ndpc.gov.ng
• Phone: +234 (0) 9 291 9090

Additional Resources

• Privacy Portal: privacy.brandible.ng - Manage your privacy settings
• Data Request Form: Complete online forms for data access requests
• Security Center: security.brandible.ng - Latest security updates

11. Data Deletion

You have the right to request the permanent deletion of your account and all associated data. To initiate this process, please visit our Account Deletion page and follow the instructions. Please be aware that this action is irreversible and will result in the complete removal of your data from our systems.