Privacy Policy

RegBridge is a Nigerian blockchain and crypto compliance intelligence platform operated by RegBridge Ltd, a company registered in the Federal Republic of Nigeria. We provide AI-powered compliance assessments, document generation, and access to a directory of verified compliance officers.

This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the Nigerian Data Protection Act 2023 (NDPA) and its implementing regulations.

Contact: privacy@regbridge.ng

We collect the following categories of personal data:

Account data: Your name, email address, company name, and password when you create an account.

Assessment data: Business type, transaction volumes, customer types, custody model, and any additional description of your business that you provide during a compliance assessment.

Usage data: Pages visited, features used, assessment and document counts, and timestamps of activity.

Payment data: Payment references and transaction amounts processed through Paystack. We do not store card numbers or bank account details — these are handled entirely by Paystack.

Officer profile data: If you apply as a compliance officer, we collect your professional details including name, firm, location, qualifications, and contact information.

Communications: Emails you send to us and email logs of automated messages we send to you.

Under the NDPA 2023, we process your data on the following legal bases:

Contract performance: We process your account and assessment data to deliver the RegBridge service you subscribed to.

Legitimate interests: We process usage data to improve the platform, prevent abuse, and ensure security.

Consent: We process your data for marketing emails only with your explicit consent, which you can withdraw at any time.

Legal obligation: We may retain certain records to comply with applicable Nigerian law.

We use your personal data to:

• Create and manage your account
• Generate your compliance assessment and documents using AI
• Process your subscription payments through Paystack
• Send transactional emails (assessment results, payment receipts, introductions to officers)
• Display your officer profile in our directory if you are a listed compliance officer
• Send monthly usage summaries and compliance updates (if you have opted in)
• Detect and prevent fraud and abuse
• Improve our AI models and compliance knowledge base (anonymised data only)

We do not sell your personal data to any third party. We do not share your data with any party except as described in this policy.

RegBridge uses artificial intelligence to generate compliance pathways and documents. The AI processes your business description and quiz answers to produce tailored output. Your input data is sent to Groq Inc. (our AI provider) for processing. We have data processing agreements in place with Groq to ensure your data is not used for model training.

All AI-generated content is clearly labelled as AI-generated. It does not constitute legal advice. You should verify all compliance recommendations with a qualified legal professional before acting on them.

RegBridge uses the following third-party services that may process your data:

• Supabase — database and authentication (data stored in the EU)
• Paystack — payment processing (PCI DSS compliant, Nigerian company)
• Resend — transactional email delivery
• Groq Inc. — AI inference for compliance generation
• Firecrawl — website scraping for business analysis (only when you provide a URL)
• Upstash — rate limiting (IP addresses only, no personal data)
• Vercel — application hosting and CDN

We enter into data processing agreements with all third-party processors handling personal data. Where data is transferred outside Nigeria, we ensure adequate protections are in place.

We retain your personal data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it by law.

Assessment data and documents are retained for the life of your account and deleted within 30 days of account deletion.

Payment records are retained for 6 years in compliance with Nigerian tax and financial regulations.

Audit logs are retained for 12 months.

As a data subject under Nigerian law, you have the following rights:

• Right of access: Request a copy of all personal data we hold about you
• Right to correction: Request correction of inaccurate personal data
• Right to deletion: Request deletion of your personal data (you can do this directly in Settings → Delete account)
• Right to portability: Request your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for marketing emails at any time

To exercise any of these rights, email us at privacy@regbridge.ng. We will respond within 30 days.

We implement industry-standard security measures including:

• All data encrypted in transit using TLS 1.3
• Database row-level security ensuring users can only access their own data
• API keys stored server-side only, never exposed to the browser
• Rate limiting on all API endpoints to prevent abuse
• Content Security Policy headers on all pages

In the event of a data breach that affects your personal data, we will notify you and the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach.

RegBridge uses only essential cookies required for authentication (session management via Supabase). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

We store your theme preference (light/dark) in your browser's local storage. This is not a cookie and contains no personal data.

RegBridge is a business compliance tool intended for organisations and individuals operating or planning to operate blockchain businesses in Nigeria. We do not knowingly collect data from anyone under 18 years of age. If you believe a minor has created an account, contact us at privacy@regbridge.ng and we will delete the account immediately.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email and by posting a notice on the platform. The date at the top of this page indicates when the policy was last updated. Continued use of RegBridge after changes constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your rights, contact us at privacy@regbridge.ng.

If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpb.gov.ng.