Privacy Policy

Last Updated: February 2, 2026

1. Introduction

Ekfix VMS ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and disclose information about you when you use our vendor management platform.

2. NDPR Compliance

We comply with the Nigeria Data Protection Regulation (NDPR) and other applicable data protection laws. We act as a Data Processor for our corporate clients (Tenants) and a Data Controller for our own marketing and administrative data.

3. Information We Collect

  • Account Information: Name, email, password, and role.
  • Tenant Information: Company name, registration details (RC/BN numbers), and tax identifiers (TIN).
  • Compliance Documents: Documents uploaded for verification (e.g., CAC certificates, tax clearances).
  • Technical Data: IP address, device type, and usage data via Google Analytics (PiI-anonymized).

4. Data Sharing and Partners

We share data with the following partners to provide our services:

  • Cloudflare: Hosting, storage (R2), and security infrastructure.
  • Paystack: Payment processing and subscription management.
  • Resend: Transactional and marketing email delivery.
  • Sentry: Error tracking and performance monitoring.
  • YouVerify & Mono: Identity and business registration verification services.
  • Google Analytics: Aggregated, non-PII usage statistics.

5. Data Isolation

Each client's data is isolated at the database and storage level. Compliance documents are stored in tenant-specific directories within our encrypted storage environment.

6. Your Rights

Under NDPR, you have the right to access, rectify, or erase your personal data. You may also object to processing or request data portability. To exercise these rights, contact our Data Protection Officer at dpo@ekfix.com.

7. Marketing and Opt-out

You can opt-in to marketing communications during signup. You can opt-out at any time via the "Unsubscribe" link in any marketing email or via your profile settings. We also use your contact information (email) to send critical system notifications, security alerts, and billing updates which are necessary for the operation of your account.

8. Cookie Policy

We use cookies and similar technologies to enhance your experience and analyze platform traffic. Our use of cookies is categorized as follows:

  • Strictly Necessary: Required for the Platform to function (e.g., Auth.js session cookies, CSRF tokens). These cannot be disabled.
  • Functional: Remember your preferences (e.g., sidebar collapse state, language).
  • Analytics: Google Analytics cookies help us understand how users interact with the Platform. These are only activated if you provide consent via our cookie banner.

You can manage your cookie preferences at any time via your browser settings or our on-site consent manager.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. Following account termination, we may retain anonymized data or documents required for legal and audit compliance for up to 7 years.