Entitude Agency
Policy

Privacy Policy

What information we collect, how we use it, the safeguards we apply, and the rights you have over your personal data.

Privacy by Design

Data minimisation, purpose limitation and security built into every product and engagement.

Encryption Everywhere

TLS 1.2+ in transit and AES-256 at rest across all production environments.

Your Rights

Access, correct, port, restrict or delete your data — and we'll respond within 30 days.

Global Standards

Aligned to NDPA 2023, NDPR, GDPR and ISO/IEC 27001 controls.

Last updated: May 2026

1. Introduction

Entitude Agency Limited ("Entitude", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, retain and safeguard information when you visit entitude.com, interact with our marketing channels, or use our products and professional services including Skedula, Ordaly and the Entitude WordPress Plugins.

2. Who We Are (Data Controller)

Entitude Agency Limited is a company registered in Nigeria with its registered office at Plot 1 Adekunle Owobiyi Close, Ogba, Lagos. For privacy matters, contact our Data Protection Officer (DPO) at dpo@entitude.com.

3. Scope & Applicable Law

This policy applies to all personal data processed by Entitude as a controller or processor. We comply with the Nigeria Data Protection Act (NDPA) 2023, the Nigeria Data Protection Regulation (NDPR) 2019, and where applicable, the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

4. Information We Collect

Identity & Contact

Name, email, phone, company, role, billing address and login credentials.

Transactional

Orders, invoices, payment references and account activity (not full card data).

Technical & Usage

IP address, device, browser, pages visited, referrer, session duration, click events.

Cookies & Similar

Strictly necessary, analytics and marketing cookies (see Cookies section).

We also collect information you voluntarily provide through contact forms, support tickets, surveys, event registrations and job applications. We do not knowingly collect data from children under 13.

5. How We Collect Information

  • Directly from you — when you fill a form, sign up, buy a product, or contact us.
  • Automatically — through cookies, server logs and analytics tools when you use our digital properties.
  • From third parties — payment processors, authentication providers, public registries and social media platforms.

6. How We Use Your Information

  • To deliver, support and improve our services and products.
  • To process payments, issue invoices and prevent fraud.
  • To send transactional communications and service notifications.
  • To send marketing communications where you have consented (you can opt out at any time).
  • To personalise content and measure the performance of our website and campaigns.
  • To comply with legal, regulatory and tax obligations.
  • To recruit, evaluate and onboard talent.

7. Lawful Bases for Processing

We rely on one or more of the following bases:

  • Contract — to perform a contract with you or take steps before entering one.
  • Consent — for marketing, optional cookies and certain communications.
  • Legitimate interests — for security, fraud prevention, analytics and improving services.
  • Legal obligation — to comply with tax, accounting and regulatory requirements.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to operate our website, remember preferences, measure performance, and (with your consent) deliver relevant marketing. Categories include strictly necessary, functional, analytics and marketing cookies. You can manage your preferences via your browser settings or our cookie banner. Blocking strictly necessary cookies may impair site functionality.

9. How We Share Information

We do not sell your personal data. We share data only with:

  • Service providers & sub-processors — vetted vendors for hosting (AWS, Cloudflare), email (Resend, Google Workspace), analytics, payments and CRM, all under written data-processing agreements.
  • Professional advisers — auditors, lawyers and insurers under confidentiality obligations.
  • Regulators & law enforcement — where required by law, court order or to protect our rights.
  • Successors — in connection with a merger, acquisition or sale of assets, with notice to you.

10. International Data Transfers

Some of our service providers operate outside Nigeria. Where we transfer personal data internationally, we rely on adequacy decisions, Standard Contractual Clauses, or your explicit consent, and apply additional safeguards including encryption and access controls.

11. Data Retention

We keep personal data only for as long as needed for the purposes outlined in this policy, to satisfy legal, accounting and reporting requirements, or to defend legal claims. Typical retention periods:

  • Customer account & engagement records: duration of contract + 7 years (tax law).
  • Marketing contacts: until you unsubscribe or 24 months of inactivity, whichever comes first.
  • Website analytics: up to 26 months in aggregated form.
  • Job applicant data: 12 months, unless you ask us to retain for future roles.

12. Your Data Protection Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete information.
  • Erase your data ("right to be forgotten") where it is no longer needed.
  • Restrict or object to certain processing.
  • Port your data to another provider in a structured, machine-readable format.
  • Withdraw consent at any time without affecting prior processing.
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC) or your local supervisory authority.

To exercise any of these rights, email dpo@entitude.com. We will respond within 30 days and may request verification of identity.

13. Security Measures

We implement technical and organisational measures including: TLS 1.2+ encryption in transit, AES-256 encryption at rest, role-based access controls, multi-factor authentication, vulnerability scanning, penetration testing, secure SDLC practices, staff training and 24/7 monitoring. While we apply industry best practices, no system is 100% secure; we encourage you to use strong, unique passwords and enable MFA.

14. Data Breach Notification

In the unlikely event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware and, where required, notify affected individuals without undue delay.

15. Third-Party Links

Our websites and products may contain links to third-party sites. We are not responsible for their privacy practices and encourage you to review their policies.

16. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us so we can delete it.

17. Changes to This Policy

We may update this policy from time to time. Material changes will be notified by email or a prominent notice on our website at least 14 days before they take effect. The "Last updated" date at the top indicates the latest revision.

18. Contact & Complaints

Data Protection Officer

Entitude Agency Limited

Plot 1 Adekunle Owobiyi Close, Ogba, Lagos, Nigeria

Email: dpo@entitude.com

General privacy queries: privacy@entitude.com

Compliance hotline: compliance@entitude.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

Questions about this policy?

Our compliance team is happy to help.

Contact compliance