Privacy Policy

Last Updated: November 1, 2025

1. INTRODUCTION

Nimboon Tech Ltd ("Nimboon," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event management and ticketing platform, including our website and mobile applications (collectively, the "Platform").

Company Details:

  • Legal Name: Nimboon Tech Ltd
  • Registration: Nigeria
  • Address: Blue Gate, Elebu, Ibadan, Nigeria
  • Contact: support@nimboon.com
  • Data Protection Officer: privacy@nimboon.com

NDPR Compliance

This Privacy Policy is designed to comply with the Nigeria Data Protection Regulation (NDPR) 2019 and other applicable data protection laws. By using our Platform, you consent to the data practices described in this policy.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Registration:

  • Full name (first and last name)
  • Email address
  • Phone number
  • Password (encrypted and hashed)
  • Username
  • Location (country, region, sub-region)
  • 4-digit PIN for transactions (encrypted)

Event Organizer/Hall Manager Additional Information:

  • Business name and description
  • Business address and license number
  • Tax Identification Number (TIN)
  • National Identification Number (NIN) for verification
  • Bank account details (account number, bank name, routing number)
  • Website and social media links

Transaction Information:

  • Billing address
  • Payment method details (processed by third-party payment providers)
  • Transaction history
  • Ticket purchase details
  • Attendee information (name, email, phone number)

2.2 Information Collected Automatically

We automatically collect:

  • Usage information (pages visited, features used)
  • Cookies and tracking technologies

2.3 Information from Third-Party Sources

We receive information from:

  • Payment Providers
  • Email Service Providers
  • Cloud Services (AWS)
  • Verification Services (NIN verification)

3. HOW WE USE YOUR INFORMATION

Service Provision

  • • Create and manage your account
  • • Process ticket purchases and venue bookings
  • • Generate digital tickets with QR codes
  • • Facilitate payment transactions
  • • Provide customer support

Platform Operations

  • • Maintain and improve functionality
  • • Monitor performance and reliability
  • • Ensure Platform security
  • • Prevent fraud and unauthorized access
  • • Comply with legal obligations

Personalization

  • • Customize your Platform experience
  • • Recommend events based on interests
  • • Display relevant content and promotions
  • • Save your preferences and settings

Marketing & Communication

  • • Send promotional emails about events
  • • Notify about platform updates
  • • Share newsletters and announcements
  • • Send push notifications (with consent)

5. HOW WE SHARE YOUR INFORMATION

We DO NOT sell your personal information.

We share your information only in specific circumstances outlined below.

5.1 Service Providers

We share information with trusted third-party service providers:

Payment Processors

Shared: Name, email, phone, transaction amount, payment reference

Email Service Providers:

SMTP email services

Shared: Email address, name, email content (tickets, receipts)

5.2 Event Organizers and Hall Managers

When you purchase a ticket or book a venue:

  • Event Organizers receive: Attendee name, email, phone, ticket type, quantity, special requirements
  • Hall Managers receive: Organizer name, contact information, booking details, payment status

6. DATA SECURITY

Technical Safeguards

  • Encryption in Transit: All data encrypted using TLS/HTTPS
  • Encryption at Rest: Sensitive data encrypted using AES-256
  • Password Security: Passwords hashed using bcrypt with salt
  • Secure Cloud: AWS infrastructure with enterprise-grade security

Payment Security

  • PCI DSS Compliance: Payment providers are PCI DSS certified
  • Tokenization: Payment card details tokenized and not stored on our servers
  • Fraud Detection: Automated fraud monitoring and prevention

Note: While we implement industry-standard security measures, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

7. DATA RETENTION

Account Deletion

When you delete your account, your personal data will be deleted within 60 days, except for transaction records retained for legal compliance.

Active Accounts

Data retained while your account is active

Transaction Records

Retained for 7 years (tax/regulatory compliance)

Usage Data

Aggregated and anonymized data retained indefinitely

Backup Systems

Data retained in backups for 90 days

8. YOUR RIGHTS UNDER NDPR

As a data subject under the Nigeria Data Protection Regulation (NDPR), you have the following rights:

✓ Right of Access

Request a copy of your personal data and understand how we use it

How to exercise: Log in to your account or contact privacy@nimboon.com

✓ Right to Rectification

Correct inaccurate or update incomplete information

How to exercise: Update in account settings or contact us

✓ Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data

How to exercise: Request account deletion through settings or contact privacy@nimboon.com

✓ Right to Data Portability

Receive your data in a machine-readable format

How to exercise: Request data export from account settings

✓ Right to Object

Object to marketing communications and profiling

How to exercise: Opt-out in account settings or click "unsubscribe" in emails

✓ Right to Lodge a Complaint

File a complaint with the Nigeria Data Protection Bureau (NDPB)

NITDA: https://nitda.gov.ng | info@nitda.gov.ng

Response Time

We will respond to your rights requests within 30 days of receipt. If we need additional time, we will notify you.

9. COOKIES AND TRACKING TECHNOLOGIES

Cookies are small text files stored on your device that help us provide and improve our services.

Essential Cookies

Authentication and session management, security and fraud prevention

Duration: Session or up to 1 day

Preference Cookies

Language settings, display preferences, user interface customization

Duration: Up to 1 year

Analytics Cookies

Platform usage statistics, performance monitoring, error tracking

Duration: Up to 2 years

Managing Cookies

Control cookies through browser settings or Platform settings

Note: Disabling essential cookies may affect functionality

11. CHILDREN'S PRIVACY

Age Requirement

Our Platform is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If we discover that we have collected personal information from a child under 18 without parental consent, we will delete the information immediately and terminate the account.

Report Concerns: If you believe we have collected information from a child under 18, contact us immediately at privacy@nimboon.com.

15. DATA BREACH NOTIFICATION

Our Commitment

We take data security seriously and have procedures in place to detect, respond to, and notify you of data breaches.

In the event of a data breach that poses a risk to your rights and freedoms:

  • We will notify you within 72 hours of discovering the breach
  • We will notify the Nigeria Data Protection Bureau (NDPB)
  • We will provide details about the breach and mitigation steps

If you suspect a security incident, contact us immediately at security@nimboon.com.

17. CONTACT INFORMATION

General Inquiries

Nimboon Tech Ltd

Blue Gate, Elebu

Ibadan, Nigeria

Email: support@nimboon.com

Privacy-Specific Inquiries

Data Protection Officer

Email: privacy@nimboon.com

For: Access requests, data deletion, data portability, consent withdrawal, privacy complaints

19. CONSENT

By using the Nimboon Platform, you acknowledge that:

✓ You have read and understood this Privacy Policy

✓ You consent to the collection, use, and disclosure of your personal information as described

✓ You understand your rights under NDPR

✓ You agree to receive necessary transactional communications

✓ You understand how to exercise your data protection rights

Withdraw Consent: You may withdraw consent at any time by contacting privacy@nimboon.com or adjusting your account settings.

Version: 1.0
Effective Date: November 1, 2025
Last Updated: November 1, 2025
Compliance: Nigeria Data Protection Regulation (NDPR) 2019

© 2025 Nimboon Tech Ltd. All rights reserved.

This Privacy Policy was last reviewed for NDPR compliance on November 1, 2025.