How ITSA Global Technologies collects, uses, protects and processes your personal data
ITSA Global Technologies Limited ("ITSA", "we", "our", or "us") is a technology company registered and operating in Nigeria. We develop and operate a suite of Software-as-a-Service (SaaS) platforms for businesses across Africa, including the ITSA Business Platform, ITSA EduClass, and ITSA CliniqPro.
This Privacy Policy applies to all visitors, users, and businesses ("you") that access our website at itsaglobal.tech or use any of our products and services, including our WhatsApp Business messaging services.
We use collected information for the following purposes:
| Purpose | Legal Basis |
| Providing, operating and improving our SaaS platforms | Performance of contract |
| Processing payments and managing subscriptions | Performance of contract |
| Sending account notifications, system alerts and platform updates | Performance of contract |
| Sending marketing communications (with your consent) | Consent (withdrawable at any time) |
| WhatsApp Business messaging for account updates and support | Consent / Legitimate interest |
| Customer support and dispute resolution | Legitimate interest |
| Fraud prevention and security monitoring | Legitimate interest / Legal obligation |
| Complying with Nigerian law and regulatory requirements | Legal obligation |
| Analytics to understand platform usage and improve our services | Legitimate interest |
| Onboarding and KYC verification of business clients | Legal obligation / Legitimate interest |
WhatsApp Business Messaging: We use the Meta WhatsApp Business API, facilitated through Twilio, to send transactional and informational messages to users who have opted in. These include booking confirmations, payment receipts, appointment reminders, and platform alerts. By providing your WhatsApp number and opting in, you consent to receiving these messages. You may opt out at any time by replying STOP or contacting us directly.
We do not sell your personal data to third parties. We share information only in the following circumstances:
We engage trusted third-party service providers who process data on our behalf, bound by strict data processing agreements:
| Provider | Purpose | Location |
| Supabase | Database hosting and authentication | USA / EU (GDPR compliant) |
| Vercel | Application hosting and deployment | USA / Global CDN |
| Paystack | Payment processing | Nigeria / USA |
| Twilio | WhatsApp Business API and SMS | USA |
| Termii | SMS messaging (Nigeria) | Nigeria |
| Zoho Mail | Transactional email delivery | USA / India |
| Anthropic (Claude AI) | AI-powered features within the platform | USA |
| Meta (WhatsApp) | Business messaging platform | USA / Global |
We may disclose your information when required by Nigerian law, court order, or regulatory authority, or when necessary to protect the rights, property, or safety of ITSA, our users, or the public.
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
We share data with third parties when you have explicitly consented to such sharing.
Our platform is built with strict multi-tenant data isolation. Each business (tenant) on our platform can only access their own data. Row-Level Security (RLS) policies enforced at the database level ensure complete separation between tenants. ITSA staff can only access tenant data for legitimate support or operational purposes.
We retain your personal data for as long as necessary to:
When you close your account, we will delete or anonymise your personal data within 90 days, except where retention is required by law or legitimate business interest. Client data you have uploaded to the platform will be deleted within 30 days of account closure unless you request an earlier deletion.
We implement comprehensive technical and organisational security measures:
You have the following rights regarding your personal data:
| Right | What it means |
| Access | Request a copy of all personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your data ("right to be forgotten") |
| Restriction | Request that we limit how we process your data |
| Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interests or for direct marketing |
| Withdraw Consent | Withdraw any consent given at any time, without affecting prior processing |
To exercise any of these rights, contact us at privacy@itsaglobal.tech. We will respond within 30 days. We may need to verify your identity before processing your request. There is no charge for most requests, but we may charge a reasonable fee for manifestly unfounded or excessive requests.
Our use of WhatsApp Business API complies with the Meta WhatsApp Business Policy and Meta Commerce Policy. Specifically:
We use the following types of cookies:
| Cookie Type | Purpose | Duration |
| Essential / Session | Authentication and security (required) | Session / 7 days |
| Functional | Remembering your preferences and settings | 30 days |
| Analytics | Understanding how the platform is used (anonymised) | 90 days |
| Marketing | Only with your explicit consent | 30 days |
You can control cookies through your browser settings. Disabling essential cookies will affect your ability to log in and use the platform. Analytics and marketing cookies can be disabled without affecting core functionality.
Our services are intended for businesses and individuals aged 18 years and above. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided us with personal data, we will delete such data promptly. If you believe a child has provided their data to us, please contact us immediately at privacy@itsaglobal.tech.
Your data may be transferred to and processed in countries outside Nigeria, including the United States and the European Union, by our service providers listed in Section 4.1. We ensure that such transfers are protected by appropriate safeguards, including standard contractual clauses and data processing agreements with our service providers.
Our platform may contain links to third-party websites or services. This Privacy Policy applies only to ITSA Global Technologies' platforms. We are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policies of any third-party services you access.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Your continued use of our services after any changes constitutes your acceptance of the updated Privacy Policy.
This Privacy Policy is governed by the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023. Any disputes will be resolved in the courts of Oyo State, Nigeria.
For any privacy-related questions, requests, or complaints, please contact us:
If you are not satisfied with our response, you have the right to lodge a complaint with the Nigerian Data Protection Commission (NDPC) at ndpc.gov.ng.