Privacy policy

Tracent Technologies Limited is a Nigerian company (CAC RC: 1822449) registered with the Nigeria Data Protection Commission as a Data Controller of Major Importance.

Our registered office is in Lagos, Nigeria. The data protection contact is the Compliance team, reachable at compliance@tracenttechnologies.com.

Account data: your name, work email, organisation, phone number, and country, captured when you sign up or are invited to a team.

Authentication data: hashed credentials, OAuth identifiers from Google and other providers, and session metadata such as IP address and device user-agent for security purposes.

Usage and audit data: the tool calls your organisation runs through the Tracent gateway, with personally identifiable fields replaced by vault tokens before they reach our model or telemetry surfaces.

Billing data: company name, address, tax identifier, and payment-method metadata. Card numbers themselves never reach Tracent; they are handled by our payment processors.

Support and marketing data: messages you send us, the content of webinars or events you register for, and your preferences for product updates.

We process your data under one of these lawful bases from the Nigeria Data Protection Act 2023 (§25): performance of a contract, your consent, our legitimate interest in running and securing the service, or compliance with a legal obligation.

Where consent is the basis, you can withdraw it at any time from your console settings or by writing to compliance@tracenttechnologies.com. Withdrawal does not affect processing already carried out.

To provide and secure the service: authenticate you, enforce per-organisation policies, run the seven gateway guardrails, and generate audit and compliance reports for your team.

To support your account: respond to your requests, send transactional emails such as approvals, billing notices, and security alerts, and notify your data protection contact of breaches per NDPA §40.

To improve the product: aggregated, de-identified telemetry on which tools are used, which integrations matter, and where errors happen. No personally identifiable customer data is used to train any model.

Sub-processors: a short list of vendors that process data on our behalf under written agreements, including our payment partners, error-monitoring service, transactional email provider, and cloud hosting. The current list, with location and data categories per vendor, is published at /docs/compliance/sub-processors.

Connected services you authorise: when you connect Paystack or another rail, our gateway forwards the requests your agents make. Those rails are independent data controllers for the data you give them.

Law enforcement: we disclose data only where the request meets the Nigeria Data Protection Act 2023 standard or a binding court order issued in a jurisdiction we operate in.

Customer-console data resides in Nigeria. Gateway state including the PII vault, audit log, and HITL pending records also resides in Nigeria.

Cross-border transfers are refused at the egress layer when the destination region differs from the gateway region, unless the transfer has a lawful basis under NDPA §41. We document any cross-border processing in the Data Processing Addendum.

Audit logs are retained for the period configured per Tool Group, between 90 days and 7 years. Default is 365 days.

PII vault tokens carry their own TTL, set by the policy attached to each tool call (default 1 hour). Once expired, the underlying values are unrecoverable.

Account records are kept while your organisation has an active subscription and for 30 days after cancellation; you can request earlier deletion by writing to compliance@tracenttechnologies.com.

Under the Nigeria Data Protection Act 2023 you have the right to access your personal data, rectify inaccurate data, request erasure, restrict or object to processing, and request portability.

Send rights requests to compliance@tracenttechnologies.com. We respond within 30 days. If you believe we have not handled your data properly, you may lodge a complaint with the Nigeria Data Protection Commission.

Personal data is encrypted in transit (TLS 1.2 or newer) and at rest. Vaulted PII is encrypted with pgcrypto using a key the database never sees in plaintext.

Sentry and Brevo, our observability and email providers, run a Nigeria-aware redactor before any record leaves the gateway. We are honest about the limits of name-detection in free-text fields and surface them in our security documentation.

Tracent is a business product. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us data, write to compliance@tracenttechnologies.com and we will delete it.

We update this policy from time to time. The effective date below moves when we do. Material changes are emailed to your account contact at least 14 days before they take effect.

Questions, rights requests, or breach reports: compliance@tracenttechnologies.com.

Postal address available on request from the same email.