Privacy Policy

1. Who we are

MyEstates is operated by Dataset Nexus Tech Limited, a company registered in Nigeria. In this policy “MyEstates”, “we”, “us”, and “our” refer to Dataset Nexus Tech Limited. We are the data controller for the personal data described below.

2. The data we collect

We collect only the data needed to operate the platform for your estate. Specifically:

• Estate and EXCO data: estate name, address, registered representative names, email addresses, phone numbers, and roles.
• Resident data: household identifiers (house numbers, addresses), resident names, phone numbers, email addresses.
• Financial data: invoices issued, payments received, fee structures, reconciliation records, and audit log entries.
• Account security: authentication credentials (passwords are hashed; 2FA secrets and recovery codes are encrypted at rest).
• Technical data: IP addresses (for security + rate limiting), browser type, request timestamps. We do NOT use third-party advertising cookies or behavioural tracking.

Card payment data: we never see or store card details. Card transactions are handled entirely by Paystack on its own infrastructure.

3. Why we collect it (purpose limitation)

We use personal data for these specific purposes:

• Operating the platform on behalf of your estate (issuing invoices, processing payments, generating reports)
• Authenticating users and protecting accounts
• Maintaining audit trails so EXCO members and residents can review activity
• Communicating with you about your account, your application, or material changes to our service
• Complying with legal obligations under Nigerian law

We do NOT use your personal data for marketing to other parties, training third-party AI systems, or any purpose outside operating the platform on your estate’s behalf.

4. Lawful basis

Our processing is grounded in:

• Contract: processing necessary to deliver the platform service your estate has signed up for.
• Legitimate interest: security operations, audit logging, fraud prevention.
• Legal obligation: retention of certain records for tax, regulatory, or audit requirements under Nigerian law.

5. How we protect it

Security is built into the platform’s architecture:

• Estate data is isolated at the database layer through Row-Level Security policies — one estate cannot see another’s data
• Every EXCO account uses two-factor authentication
• Sensitive credentials (2FA secrets, recovery codes) are encrypted at rest
• All actions are logged to a tamper-proof audit trail
• Card data is handled by Paystack on its own secured infrastructure; MyEstates never touches it

6. Who we share data with

We share data only when necessary:

• Paystack: for payment processing. Resident payment data flows to Paystack to enable transactions.
• Your estate’s authorised members: chair, treasurer, secretary, and residents see data appropriate to their role within their own estate.
• Regulators and law enforcement: when legally required to disclose, we comply with valid legal processes.

We do not sell personal data. We do not share with advertisers or marketing partners. We do not transfer data outside Nigeria except as needed for the technical operation of cloud services that host the platform.

7. Retention

Personal data is retained while your estate is an active MyEstates customer and for a reasonable period after to support transition, dispute resolution, and legal compliance.

Audit log entries are retained permanently as part of the platform’s tamper-proof history. This is a design property that protects both EXCO and residents across administration changes.

8. Your rights

Under NDPR principles, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of data (subject to retention obligations described above)
• Export your estate’s data at any time
• Object to processing in certain circumstances
• Withdraw consent where consent was the lawful basis

To exercise any of these rights, contact us at hello@myestates.online. We aim to respond within 30 days as required by NDPR.

9. Cookies and tracking

We use a minimal set of strictly-necessary cookies to operate the platform — session cookies for authentication, security cookies to protect against cross-site request forgery.

For website analytics we use Plausible, a privacy-first analytics service that does not use cookies, does not collect personal data, and does not track visitors across sites.

We do NOT use third-party advertising cookies, behavioural tracking pixels, or session replay tools.

10. Children

MyEstates is designed for adult EXCO members and residents of Nigerian estates. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a minor, contact us at hello@myestates.online and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to active EXCO accounts with reasonable advance notice via the email address registered for the account.

12. Contact

For any questions about this policy, data requests, or complaints about how we handle your data, contact us at hello@myestates.online.

You also have the right to lodge a complaint with NITDA (Nigeria Information Technology Development Agency) as the regulator under NDPR.