Privacy Policy
Effective Date: October 20, 2025
1. Introduction
Strivo Labs ("we", "our", "us") respects your privacy and is committed to protecting the personal data of individuals who use our intranet employee portal software-as-a-service platform, StrivoNET ("the Service").
This Privacy Policy describes how we collect, use, disclose, store, and protect your personal data in compliance with the Nigeria Data Protection Act (NDPA) 2023 and the Nigeria Data Protection Commission (NDPC) General Application and Implementation Directive (GAID) 2025.
2. Scope
This Privacy Policy applies to all users of StrivoNET, including employees, contractors, and administrators of client organisations who access or use the Service.
If you access StrivoNET through your employer or another organisation, that organisation acts as the Data Controller, while Strivo Labs may act as a Data Processor (or, in limited cases, a joint Controller).
3. Personal Data We Collect
We may collect and process the following categories of personal data:
Identification & Contact Information
Name, job title, work email, phone number, department, employee ID, and photo (optional).
Employment Information
Organisation name, role, start/end date, manager, location, internal permissions.
Login & Usage Data
Username, hashed password, device info, IP address, access logs, activity logs, timestamps.
Support & Communication Data
Correspondence, feedback, and technical support requests.
Optional Information
Profile photo, biography, or other voluntary data provided within the Service.
4. Purpose and Lawful Basis for Processing
We process your personal data based on one or more lawful bases under Section 25 of the NDPA:
| Purpose | Lawful Basis |
|---|---|
| To create and manage your StrivoNET user account | Performance of contract |
| To provide and maintain the Service | Performance of contract |
| To communicate with you (support, notices, updates) | Legitimate interest / Contract |
| To ensure security, prevent fraud and misuse | Legitimate interest / Legal obligation |
| To improve and personalise the Service | Legitimate interest |
| To comply with applicable legal and regulatory obligations | Legal obligation |
| To process optional features (e.g., profile info) | Consent |
5. Data Sharing and Disclosure
We may share your data only in limited circumstances:
- •With your employer or organisation (the Data Controller).
- •With trusted third-party service providers (cloud hosting, analytics, communication tools) under strict contractual confidentiality and security obligations.
- •With regulators, law enforcement, or courts, where required by law or to protect our legal rights.
- •In the event of a merger, acquisition, or restructuring, subject to data protection safeguards.
We do not sell or rent your personal data to any third parties.
6. Cross-Border Data Transfers
If we transfer your personal data outside Nigeria, we will ensure such transfers are made in accordance with the NDPA and approved safeguards (such as NDPC-approved standard contractual clauses or adequacy determinations).
7. Data Retention
We retain personal data only as long as necessary to fulfil the purposes set out in this Policy, comply with legal obligations, resolve disputes, or enforce our agreements.
When retention is no longer necessary, data will be securely deleted or anonymised.
8. Data Subject Rights
Under Sections 34–38 of the NDPA, you have the following rights:
Right to be informed about how your data is used
Right to access your personal data
Right to correct inaccurate or incomplete data
Right to erase ("be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to lodge a complaint with the NDPC
To exercise these rights, contact us at hello@strivolabs.com. We will respond within the timeframes required under the NDPA.
9. Data Security and Breach Notification
We apply appropriate technical and organisational measures to protect your personal data, including:
- •Encryption of sensitive information
- •Role-based access control
- •Regular security assessments
- •Employee confidentiality and training
If a personal data breach occurs that is likely to result in a high risk to your rights, we will notify the NDPC and affected data subjects within 72 hours (where feasible).
10. Children's Data
StrivoNET is intended for use by adults in professional settings. We do not knowingly collect or process data from individuals under 18 years of age.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. We will notify users of material updates via the StrivoNET platform or by email.
12. Contact Information
If you have questions, requests, or complaints about this Privacy Policy or our data practices, please contact: