Privacy Policy

1. Introduction

Nefe Tech LTD ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Email API service ("Service").

This policy is designed to comply with:

• Nigeria Data Protection Regulation (NDPR) 2019
• General Data Protection Regulation (GDPR) - EU
• Other applicable international data protection laws

2. Data Controller and Contact Information

Nefe Tech LTD is the data controller responsible for your personal data. For any questions or concerns about this Privacy Policy or our data practices, please contact:

3. Information We Collect

3.1 Information You Provide

Account Information: When you register for an account, we collect:

• Full name
• Email address
• Password (encrypted)
• Company name (if applicable)
• Phone number (optional)
• Billing information (payment details)

Email Content Data: When you use our Service to send emails, we process:

• Sender email address
• Recipient email addresses
• Subject lines
• Email content (body, attachments)
• Email templates
• Metadata (timestamps, delivery status)

3.2 Information Collected Automatically

Usage Data: We automatically collect information about your use of the Service:

• API requests and responses
• IP addresses
• Browser type and version
• Device information
• Access times and dates
• Pages viewed
• Referring website addresses

Cookies and Tracking Technologies: We use cookies and similar technologies to:

• Maintain your session and login state
• Remember your preferences (theme, language)
• Analyze Service usage and performance
• Prevent fraud and enhance security

See our Cookie Policy for more details.

3.3 Information from Third Parties

We may receive information about you from third-party payment processors, analytics providers, and fraud prevention services.

4. How We Use Your Information

4.1 Legal Basis for Processing (NDPR/GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide the Service you requested
• Consent: Where you have given explicit consent
• Legitimate Interest: For business operations and improvements
• Legal Obligation: To comply with applicable laws

4.2 Purposes of Processing

We use your information to:

• Provide the Service: Process and deliver your emails, manage your account
• Billing and Payments: Process transactions and send receipts
• Communications: Send service updates, security alerts, and support messages
• Improvement: Analyze usage to improve Service features and performance
• Security: Detect and prevent fraud, abuse, and security incidents
• Compliance: Comply with legal obligations and enforce our Terms of Service
• Marketing: Send promotional communications (with your consent, which you can withdraw)
• Research: Conduct research and analytics (using anonymized data)

5. How We Share Your Information

We do not sell your personal data. We share your information only in the following circumstances:

5.1 Service Providers

We share data with third-party service providers who perform services on our behalf:

• Cloud hosting providers (data storage and processing)
• Payment processors (billing and transactions)
• Email infrastructure providers (SMTP services)
• Analytics providers (usage analysis)
• Security and fraud prevention services

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Email Recipients

We transmit your email content to the recipients you specify. This is essential to providing our Service.

5.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders or legal processes
• Government or regulatory requests
• Investigations of potential violations of our Terms
• Protection of rights, property, or safety of Nefe Mails, users, or the public

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5.5 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption: Data in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Role-based access and authentication
• Monitoring: 24/7 security monitoring and intrusion detection
• Audits: Regular security assessments and penetration testing
• Employee Training: Staff trained on data protection and security
• Incident Response: Procedures for detecting and responding to breaches

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for 90 days after account closure
• Email Logs: Retained for 90 days for delivery tracking and troubleshooting
• Email Content: Not permanently stored; processed and transmitted only
• Billing Records: Retained for 7 years as required by law
• Usage Analytics: Retained for 24 months or in anonymized form indefinitely

After the retention period, we securely delete or anonymize your data. We may retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements.

8. Your Data Protection Rights

Under NDPR, GDPR, and other data protection laws, you have the following rights:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal retention requirements.

8.4 Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

8.5 Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

8.8 Right to Complain

You have the right to lodge a complaint with a supervisory authority:

• Suite C11 Lake City Plaza Gudu District, Abuja, FCT, Nigeria: National Information Technology Development Agency (NITDA)
• EU: Your local Data Protection Authority

9. International Data Transfers

Your data may be transferred to and processed in countries outside Suite C11 Lake City Plaza Gudu District, Abuja, FCT, Nigeria. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard contractual clauses approved by regulatory authorities
• Adequacy decisions by relevant data protection authorities
• Your explicit consent for specific transfers

We ensure that any international transfer complies with NDPR requirements for cross-border data transfers.

10. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately, and we will delete such data.

11. Automated Decision-Making

We may use automated systems to:

• Detect spam and abusive content
• Prevent fraud and security threats
• Optimize email delivery

You have the right to request human review of automated decisions that significantly affect you.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email notification to your registered address
• Prominent notice on our website or Service
• In-app notifications

We will provide at least 30 days' notice before material changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

13. Contact Us

For questions, concerns, or to exercise your rights under this Privacy Policy, please contact: