Skip to content
AlertNaija AlertNaija Get app

Legal

Privacy Policy

Last updated: May 1, 2026

AlertNaija ("we", "our", "us") operates the AlertNaija mobile application and the website at alertnaija.com (collectively, the "Service"). This policy explains what we collect, why, and your rights — written to be plain and aligned with the Nigerian Data Protection Act 2023 (NDPA) and underlying NDPR principles. Questions: privacy@alertnaija.com.

Data Controller: AlertNaija, registered with the Nigeria Data Protection Commission (NDPC). Data Protection Officer (DPO): contactable via dpo@alertnaija.com.

1. Information we collect

  • Account info: name, email, phone number, date of birth (required, ≥13), state and Local Government Area (LGA), and a short PIN.
  • Location data: foreground location (and optionally background) to show nearby alerts, tag incident reports, and run features like Check-on-Me and Drive Mode. You can revoke this at any time in your device settings.
  • Reports & uploads: text, photos, and voice notes you submit. Photos are screened by an automated moderation service before being shown publicly.
  • Device info: push notification tokens, OS version, app version, and basic crash data.
  • Family circle: if you add family members, we store their phone numbers/emails and your relationship to them so we can route alerts.

2. How we use your information

  • To provide the Service: nearby alerts, notifications, panic-event routing to your circle, and connecting you with verified responders.
  • To verify your identity in tiered ways (phone OTP, optional ID) so reports stay credible.
  • To detect abuse, fraud, and unsafe content (image moderation, rate limiting).
  • To send important account, safety, and service messages.
  • To improve the Service through aggregated, de-identified analytics.

3. Lawful basis (NDPA §25)

  • Consent — you consent during registration and when granting permissions (location, notifications, camera).
  • Performance of a contract — providing the Service you signed up for.
  • Legitimate interest — fraud prevention, abuse mitigation, platform integrity. Balanced against your rights and freedoms.
  • Vital interest — for panic / safety events where processing is necessary to protect a life.
  • Legal obligation — to comply with valid orders or statutory requirements.

4. What we don't do

  • We do not sell your personal information. Ever.
  • We do not share your precise location with other users unless you choose to (e.g., a panic event sent to your family circle).
  • We do not run third-party advertising trackers in the app.
  • We do not access your contacts, camera, microphone, or location without your explicit permission.

5. How information is shared

  • With your family circle — when you trigger a panic alert or miss a Check-on-Me, your designated contacts receive the alert and your live location.
  • With responders you contact — if you message or request a verified partner, they see what's needed to help you (location, contact info, request details).
  • With the public, anonymously — incident reports may appear in the community feed. Personal identifiers are removed by default.
  • With service providers — Amazon Web Services (cloud hosting), Amazon SES (email), and similar processors who handle data on our behalf under written contract.
  • Where legally required — to comply with valid Nigerian legal process (NDPC, court orders, Cybercrimes Act §38 lawful requests) or to protect someone from imminent harm.

6. Cross-border data transfer (NDPA §41–43)

Your data is processed and stored in Amazon Web Services data centres in the United States (region us-east-1). The United States has not been formally designated as having an "adequate" level of data protection under the NDPA. We rely on the following safeguards for the transfer:

  • Standard contractual safeguards with AWS through their published Data Protection Addendum, which incorporates international standard clauses NDPC accepts.
  • Your explicit consent — by registering and using the Service, you confirm you understand that your data is processed outside Nigeria.
  • Necessity — for the panic, missing-person, and family-circle features, processing in the chosen region is necessary to provide the Service.

We are evaluating a migration to AWS Africa (Cape Town) for hot data to reduce reliance on cross-border transfer. We will update this policy when that change is effective.

7. Security

Data is encrypted in transit (TLS) and at rest (AES-256). Access to production systems is restricted, audited, and logged. Sensitive records (device and vehicle registries, partner ratings, dispute resolutions) keep an immutable audit trail of every change. We undergo annual Data Protection Compliance Audits (DPCA) by an NDPC-licensed DPCO.

8. Breach notification (NDPA §40)

In the event of a personal-data breach that is likely to result in risk to your rights and freedoms, we will notify the NDPC within 72 hours and notify affected users without undue delay, with information on what happened, what data was involved, what we're doing, and what you can do.

9. Your rights as a data subject (NDPA §34)

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — correct inaccurate data, in-app or by request.
  • Right to erasure — delete your account and personal data. See /delete-account.
  • Right to restrict processing — ask us to pause processing while a complaint is reviewed.
  • Right to data portability — receive a machine-readable copy of your data.
  • Right to object — object to processing based on legitimate interest, including profiling.
  • Right to withdraw consent — at any time, without affecting processing already done.
  • Right to lodge a complaint — with the NDPC at ndpc.gov.ng if you believe we have not handled your data properly.

To exercise any right above, email privacy@alertnaija.com. We respond within 30 days.

10. Retention

  • Account profile: kept while your account is active; deleted within 30 days of account deletion.
  • Public reports: retained de-identified for the safety value of the platform; removed on valid takedown request (see /legal/takedown).
  • Audit trails: 7 years for sensitive records (device/vehicle registry, partner disputes), as required for fraud prevention.
  • Server logs: 90 days.
  • Inbound email (forwarding): 7 days.

11. Children

AlertNaija is not directed at children under 13. Registration is blocked below 13 (date of birth required). If you believe a child under 13 has created an account, contact us and we'll remove it within 7 days.

12. Cookies (website)

The marketing website at alertnaija.com sets only the cookies required to load the page. We do not use advertising or tracking cookies. The mobile app does not use web cookies.

13. Changes to this policy

We update this page when our practices change and bump the "Last updated" date. Material changes are communicated in-app before they take effect.

14. Contact

Privacy questions, data requests, complaints: privacy@alertnaija.com. DPO: dpo@alertnaija.com. To escalate to the regulator, contact the Nigeria Data Protection Commission at ndpc.gov.ng.