Privacy Policy

1. Introduction & Who We Are

Welcome to Adstart Agency. We value your privacy and are committed to protecting your personal data. Adstart Agency is a registered trading name of Adstart Marketing Agency, a premier software engineering and digital product studio operating under the laws of the Federal Republic of Nigeria. Our electronic headquarters can be accessed via our official website adstartagency.com.

This comprehensive Privacy Policy serves to notify you of our stringent policies, professional standards, and legal safeguards implemented to govern the collection, transmission, processing, storage, and erasure of your personal information. This policy is active across all areas of our digital platform, including contact webforms, interactive estimators, client onboarding materials, email subscriptions, and direct inquiries. For any legal matters, data protection complaints, or privacy queries, you may reach our dedicated data compliance officer directly via email at adstartagency@gmail.com.

This document applies strictly to all website visitors, email newsletter subscribers, individuals submitting contact forms, entities utilizing our system planners, and active or prospective clients engaging us for software design, systems development, and consulting integrations. By browsing this website, submitting inquiry forms, or entering into software service covenants with us, you acknowledge and grant express consent to the processing patterns defined in this policy.

2. Information We Collect

In running a high-caliber technical agency, we must gather specific segments of data to run simulations, estimate scope, communicate technical terms, and structure project deliverables. We categorize the information we collect into three operational buckets:

2.1 Information you provide directly

When you interface with our tools or reach out to our team, you transmit specific identity and project profiles directly to our secure systems. This include:

• Inquiry & Onboarding Data: Full name, corporate email address, telephone contacts, company name, representative titles, prospective budget parameters, scheduling milestones, and any details or attachments uploaded to describe your system requirements.
• Newsletter Communication Data: Electronic mail addresses and subscription timestamps when you opt into our periodic product ideas, technology updates, and operational insight brochures.
• Project Implementation Records: Detailed source files, functional specifications, product briefs, system architecture wireframes, workflow diagrams, and temporary structural credentials shared to set up, build, or deploy your custom software products.
• Correspondence Footprints: Full records, transcripts, and message details of any communications passing through our email relays, online contact channels, or WhatsApp Business portals.

2.2 Information collected automatically

To maintain website health, evaluate viewport performance, and log visual loads without invading your privacy, our platform performs limited automatic tracking:

• Aggregated Visit Counting: We call a zero-cookie, no-personal-data, anonymous tracker (utilizing the FreeCounterAPI network) to increment our sitewide load counter. This tracker registers no personal information, IP addresses, or device identifiers.
• System Display Performance: Basic browser types, client viewport resolutions, rendering agents, and screen orientations. This information is processed strictly inside your active browser session to arrange graphics dynamically, and is never captured, stored, or processed on our backend hosts.

2.3 Information we do NOT collect

To shield our users from unnecessary security vectors, our architecture strictly limits data collection:

• Cardholder Financial Details: We do not capture, record, or route bank card numbers, CVVs, or payment codes. All financial transactions are managed by fully compliant, external payment processors who adhere strictly to PCI-DSS standards.
• Sensitive Personal Data: We never request or capture details relating to ethnic descent, religious beliefs, political orientations, biometric profiles, physical health details, or union affiliations.
• Children's Files: We do not target, solicit, or collect records from minors under the age of 18. If we detect that a minor has submitted personal files, we scrub the related data instantly from our repositories.

3. How We Use Your Information

We do not believe in algorithmic surveillance. We process your data exclusively to execute legitimate, high-quality agency operations, and specifically for:

• Structuring System Scope: Evaluating your direct project briefs, mapping out custom database architectures, outlining features, and formulating exact timeline and cost estimates for your product inquiry.
• Delivering Software Services: Programming, optimizing, and deploying custom code bases, managing staging servers, running QA sweeps, and coordinating live launches according to our service agreements.
• Transactional Communication: Managing project workflows, issuing progress updates, setting up development reviews, and providing support notifications regarding active systems build phases.
• Mailing Insights: Sending our periodic technical newsletters, web engineering thoughts, product building ideas, and agency news to users who have voluntarily opted-in.
• Platform Security: Auditing form submissions to protect our servers against cross-site scripting, injection attacks, and spam bots.
• Legal & Regulatory Compliance: Fulfilling auditing obligations, tax calculations, and corporate filings mandated by Nigerian tax authorities and corporate registration laws.

We firmly declare that Adstart Agency does not sell, lease, rent, trade, or distribute your personal data to advertiser pools, data brokers, or third-party profiling systems under any circumstances. We do not use your information to compile demographic pools for targeted advertising.

4. Legal Basis for Processing

Under applicable data regulations, robust legal frameworks are required to justify processing activities. We align our data handling procedures with the Nigeria Data Protection Regulation (NDPR) 2019 and the European Union's General Data Protection Regulation (GDPR). Our legal bases include:

• Explicit Consent: You give us explicit permission when you voluntarily opt into our newsletter or submit an online inquiry. You hold the absolute right to pull back or cancel this consent at any point.
• Contractual Performance: Processing is required to prepare structural SOW estimates, coordinate engineering sprints, and deploy finished software systems according to contracts executed with our clients.
• Legitimate Professional Interests: We capture basic logs and form entries to maintain security, manage incoming corporate inquiries, and communicate with partners, where such interests do not override your privacy rights.
• Statutory & Legal Mandates: Processing required to comply with local corporate records, financial filings, and legal enforcement coordinates issued by formal courts.

5. Data Storage & Security

We treat the security of your files with professional-grade caution. Our engineering workflows implement strict protocols to preserve data safety and confidentiality:

Infrastructure & Encryption: Information submitted through our online touchpoints is transmitted securely using SSL/TLS encryption. We route webform entries directly through secure APIs to Google Sheets datastores located inside our managed Google Workspace account. This business infrastructure is fully SOC 2 Type II certified and complies with global physical and network security standards. Client projects, repository setups, build files, and architectural schematics are protected inside locked cloud-hosted environments guarded by multi-factor authentication.

Authorisation Limits: Access to Google Sheets datastores, project repositories, and client databases is strictly restricted and granted only to pre-vetted, authorized Adstart Agency engineers and administrative staff who require access to complete your active deliverables.

Retention Timelines: We store personal information only for the minimum durations required to fulfill our operational and commercial relationships:

• Active Client Records: Kept for the active duration of the engineering relationship plus an additional 2 years for technical warranty, debugging support, and compliance requirements.
• Contact Form Transactions: Retained for 1 year to reference history for potential client engagements, after which they are permanently deleted from our active tracking sheets.
• Newsletter Subscriptions: Maintained continuously until the subscriber issues an official unsubscribe request, at which point the email address is removed from the active delivery path.

Breach Protocols: While no transmission system can claim absolute, invulnerable safety, we have established a rapid-response data breach protocol. In the highly unlikely event of a security compromise, we will notify the Nigeria Data Protection Commission (NDPC) and all affected individuals via email within 72 hours of detecting the incident, providing detailed steps taken to patch the systems.

6. Third-Party Services

To power our agency, route communications swiftly, and manage high-performance applications, we integrate with industry-leading third-party services. Each service operates under its own binding privacy structures:

• Google Workspace (Google LLC): We utilize secure API scripts to route webform submissions directly into managed Google Sheets. Google also hosts our corporate Gmail relays and digital document drives under strict enterprise security terms.
• WhatsApp Business (Meta Platforms, Inc.): Our website features an optional interactive float widget that links users with our WhatsApp line. Any communication exchanged via WhatsApp is governed by Meta's enterprise security and end-to-end encryption frameworks.
• Render (Render Services, Inc.): Our web platform is hosted on Render’s container servers located in the United States, operating under secure environment configurations.
• Cloudflare (Cloudflare, Inc.): Cloudflare acts as our performance and domain name service (DNS) protection layer, neutralizing distributed denial of service (DDoS) attempts and optimizing global caching assets.
• Paystack Commerce & Flutterwave: For local and international credit, debit, or bank-transfer processing, we engage secure, licensed processors (Paystack or Flutterwave). These entities comply with PCI-DSS guidelines, and we never view or record your financial credentials.
• Amazon Simple Email Service (SES): We utilize SES to coordinate automated emails, product notifications, and transactional updates for client software projects under enterprise cloud rules.
• Termii Technologies: For verification checks, security alerts, and SMS modules in client assemblies, we utilize the Termii platform to execute text message routing secure under local regulations.

7. International Data Transfers

Adstart Agency delivers custom engineering solutions to clients distributed worldwide, spanning Nigeria, the United Kingdom, continental Europe, North America, and beyond. Consequently, the data we collect may occasionally be routed, stored, or processed on cloud infrastructure maintained in jurisdictions other than where you live, primarily within secure servers located in the EU and the US.

For our international clients resident in the UK or the European Economic Area (EEA), we guarantee that any such cross-border files transfers are protected under strict legal constructs, including Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your privacy protections remain intact. For local transfers, we comply fully with Chapter 3 of the Nigeria Data Protection Regulation (NDPR) governing the transmission of files beyond sovereign borders.

8. Cookies & Tracking

We believe that modern web applications should load blazing fast and respect user privacy. Therefore, adstartagency.com does not deploy third-party advertising cookies, retargeting pixels, or invasive profiling scripts.

We do not utilize Google Analytics, Meta Pixels, or other user surveillance tools. The visitor count displayed in our footers is powered by an anonymous count of total visits fetched from freecounterapi.com, which records a simple numerical total without collecting your IP address, browser history, or behavioral details. We only process session-based, non-persistent variables inside your native browser memory (such as saving mobile menu toggle states) which vanish completely the moment you close the tab. If we decide to use privacy-respecting analytics tools in the future, we will update this section immediately.

9. Your Rights Under NDPR & GDPR

As a user, you possess absolute, legally binding ownership over your personal data. We fully support and facilitate the exercise of your privacy rights under NDPR and GDPR, which include:

• Right to be Informed: You have the right to receive clear, transparent, and detailed accounts explaining how we gather, process, and secure your files. This comprehensive document fulfills that obligation in full.
• Right of Access: You have the absolute right to request a complete copy of all personal records we have stored in our sheets or data repositories, delivered in a structured, commonly shared format.
• Right to Rectification: If any data entry we maintain is outdated, inaccurate, or incomplete, you possess the right to demand that we update and correct the records immediately.
• Right to Erasure (To be Forgotten): You may request that we wipe, delete, and scrub your email, forms history, and communications records from all of our digital repositories permanently.
• Right to Restrict Processing: You have the right to request that we pause processing activity on your data, preserving the cells in storage without using them in active workflows.
• Right to Data Portability: You hold the right to demand that we safely package and transmit your personal data direct to another service controller in a structured machine-readable shape.
• Right to Object to Processing: You possess the absolute right to object to any data processing that relies on our legitimate professional interests, or to direct marketing communications.
• Right to Withdraw Consent: You hold the right to withdraw your consent to data processing at any time, with immediate effect, by simply notifying our team.

To invoke any of these rights, please email us directly at adstartagency@gmail.com. We will process and satisfy your request free of charge within 30 days of receiving your message, following proper identity verification. For unresolved grievances, you also retain the right to file formal complaints with the Nigeria Data Protection Commission (NDPC).

10. Newsletter

Our newsletter subscription is a purely voluntary, double-opt-in digital publication where we share specialized software solutions, development ideas, and architectural insights.

We promise to maintain a curated distribution frequency, limiting newsletter dispatches to no more than twice per month, ensuring we never clutter your inbox. We will never share, sell, or trade our subscriber list with other agencies or companies. You can unsubscribe at any point by clicking the "Unsubscribe" link located in the footer of any newsletter email, or by emailing us at adstartagency@gmail.com with the subject "Unsubscribe". Unsubscribe requests are processed and finalized within 5 corporate business days.

11. Client Project Data & Confidentiality

Data integrity and corporate confidentiality form the core of our software engineering services. From the moment you share your initial briefs, systems logic, database schemas, or corporate credentials with Adstart Agency, they are guarded as highly confidential assets.

All raw specifications, design wireframes, target code assets, development credentials, and testing files are isolated inside modern, encrypted environments protected by multi-factor locks. We do not expose client identities, custom concepts, or source code systems to unauthorized third parties. We gladly provide formal, binding Non-Disclosure Agreements (NDAs) to clients before initiating deep scoping discussions. Any vetted subcontractor assisting our core staff is bound by equivalent confidentiality covenants. Once a project is finalized and handed over, we purge all temporary local credentials and temporary storage directories, unless we have signed an ongoing hosting or system maintenance agreement.

12. Children's Privacy

Adstart Agency is a professional software development studio offering services tailored exclusively for businesses, developers, startups, and individuals who have reached the legal age of majority (18+ years of age). Our website, applications, planners, and content are not designed, marketed, or intended for use by minors.

We do not knowingly collect, compile, process, or retain personal data from anyone under the age of 18. If a parent, legal guardian, or compliance observer uncovers that a minor has submitted personal profiles through our systems, they are requested to alert us immediately at adstartagency@gmail.com. Upon receiving such guidance, we will conduct an immediate audit and permanently erase the minor's records from our datastores within 24 hours.

13. Links to Third-Party Websites

For your educational benefit, and to highlight technical tools, our digital platform may contain hyperlinks to external sites, technical portals, and developer resources.

Please note that Adstart Agency does not exercise administrative control, technical oversight, or content ownership over external platforms. This privacy policy governs only adstartagency.com. We cannot be held liable for the security safeguards, tracking cookies, or data processing activities of other channels. We highly recommend reviewing the privacy statements of any website you visit via external links before providing your personal data.

14. Changes to This Policy

We reserve the right to modify, amend, rewrite, or update this Privacy Policy as our custom engineering services expand, our software architectures mature, or data protections laws evolve.

Any updates made to this policy will be marked by a revised "Last Updated" date displayed at the top of this page. We suggest reviewing this policy periodically to stay fully informed of our data security updates. If we execute highly material revisions regarding how we handle your personal data, we will notify our active, registered clients via a direct email blast. Continued use of our website or systems following the post of amendments constitutes your formal acceptance of the revised Privacy Policy.

15. Contact & Complaints

If you have questions, require clarifications regarding your rights, would like to file a data removal request, or need to lodge a technical security report, you are invited to contact our data controller directly:

Entity Name: Adstart Agency (Trading name of Adstart Marketing Agency)
Compliance Desk: Data Protection & Security Team
Email: adstartagency@gmail.com
Digital Portal: adstartagency.com/contact.html
WhatsApp Help: +234 907 987 8787

Our administrative team is committed to reviewing and responding to all official privacy-related communications within 5 operational business days. If you reside in Nigeria and feel that your data protection concerns have not been satisfactorily resolved by our compliance desk, you may lodge a formal complaint with the national authority:

Authority: Nigeria Data Protection Commission (NDPC)
Website: ndpc.gov.ng
Postal Address: No. 5, Charles de Gaulle Street, Asokoro, Abuja, Nigeria