Privacy Policy

Alerts

All clear
Back to Dashboard

Legal

Privacy Policy

Effective date: 26 March 2026

This Privacy Policy explains how AgriOps Technologies Limited ("AgriOps", "we", "us") collects, uses, stores, and protects personal data when you use the AgriOps platform ("Platform").

We are committed to handling personal data responsibly and in accordance with the Nigeria Data Protection Act 2023 (NDPA) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Who This Policy Applies To

This policy applies to:

  • Authorised Users — employees or contractors of our Customers who access the Platform;
  • Visitors to our marketing and documentation sites;
  • Individuals whose personal data is uploaded to the Platform as part of supply chain records (e.g. farmer names, supplier contacts).

2. Data We Collect

Account and User Data

  • Name, email address, job title, phone number;
  • Login credentials (passwords are hashed and never stored in plain text);
  • Role and permissions within the Customer's organisation;
  • Login timestamps and IP addresses (for security and audit purposes).

Supply Chain and Operational Data

This data is entered by Customers and includes:

  • Supplier names, addresses, contact details;
  • Farmer names, farm locations (GPS coordinates and polygon boundaries), land area, harvest records;
  • Purchase and sales order details, product and inventory records;
  • EUDR compliance data including deforestation risk status and reference dates.

Usage and Technical Data

  • Log data: pages visited, actions taken, timestamps;
  • Device and browser information;
  • Session data (managed via server-side session cookies).

3. How We Use Personal Data

  • To provide the Platform — processing data to deliver the features and functions of the service;
  • Security and fraud prevention — monitoring for suspicious activity, enforcing brute-force protections, maintaining audit logs;
  • Customer support — responding to queries and resolving issues;
  • Compliance — meeting our legal obligations under Nigerian law and, where applicable, EU regulations;
  • Platform improvement — aggregate, anonymised analysis of usage patterns to improve the product.

We do not sell personal data. We do not use Customer Data for advertising or marketing purposes.

4. Legal Basis for Processing (GDPR)

Where GDPR applies, we process personal data on the following bases:

  • Contract — processing necessary to perform our agreement with the Customer (Art. 6(1)(b));
  • Legal obligation — processing required to comply with applicable law (Art. 6(1)(c));
  • Legitimate interests — security monitoring, fraud prevention, and platform improvement (Art. 6(1)(f)).

5. Data Sharing

We do not share personal data with third parties except:

  • Sub-processors — infrastructure providers (hosting, email delivery) who process data on our behalf under data processing agreements. A current list of sub-processors is available on request;
  • Legal requirements — where required by applicable law, court order, or regulatory authority;
  • Business transfers — in the event of a merger or acquisition, with appropriate data protection obligations transferred.

6. International Data Transfers

AgriOps is based in Nigeria. Customer Data may be processed or stored on servers outside Nigeria. Where Customer Data includes personal data of EU residents, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) for any transfer outside the EU/EEA.

7. Data Retention

  • Account data — retained for the duration of the Customer's Subscription plus 90 days post-termination for data export, then deleted;
  • Audit logs — retained for 365 days per our internal policy;
  • Supply chain records — retained for the duration of the Subscription; Customers are responsible for exporting data before termination;
  • Login and access logs — retained for 90 days for security purposes.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate data;
  • Request deletion of your data (subject to legal and contractual obligations);
  • Object to or restrict certain processing;
  • Data portability — receive your data in a structured, machine-readable format;
  • Lodge a complaint with a supervisory authority (e.g. the Nigeria Data Protection Commission (NDPC) in Nigeria, or your national DPA in the EU).

To exercise these rights, contact us at privacy@agriops.io. We will respond within 30 days.

9. Security

We implement technical and organisational measures including encrypted data in transit (TLS), hashed passwords, session timeouts, brute-force protection, organisation-scoped access controls, and audit logging of create, update, and delete actions. We conduct periodic security reviews and ongoing hardening of sensitive write paths.

10. Cookies

We use a minimal number of cookies necessary to operate the Platform. See our Cookie Policy for details.

11. Changes to This Policy

We may update this policy to reflect changes in law or our practices. Material changes will be communicated by email or in-platform notice. The effective date above indicates the most recent revision.

12. Contact

For privacy questions or to exercise your rights: privacy@agriops.io

Data Controller: AgriOps Technologies Limited, No 25, Temple Road, Jos, Plateau State, Nigeria

Confirm Delete

This action cannot be undone.

Delete ?