PRIVACY
POLICY.
Last Updated: November 1, 2025
1. Introduction
NimbleTech LTD ("Nimboon," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event management and ticketing platform, including our website and mobile applications (collectively, the "Platform").
Legal Entity Details
NimbleTech LTD
Registration: Nigeria
Address: CUBEHUB, SUITE 100, Adebola House, 38 Opebi road, Ikeja, Lagos, Nigeria
Contact: info@nimboon.com
NDPR Compliance
This policy is designed to comply with the Nigeria Data Protection Regulation (NDPR) 2019. By using our Platform, you consent to the data practices described in this policy.
2. Information We Collect
We gather specific data points to ensure elite service delivery and platform integrity.
Direct Provision
- Full name & Username
- Email & Phone number
- Location (country, region)
- Encrypted 4-digit transaction PIN
- Password (encrypted and hashed)
Organizer & Manager Data
- Business name & address
- Tax ID (TIN) & National ID (NIN)
- Bank details for settlements
- Website & Social media links
Transaction & Billing
- Billing address
- Transaction history
- Ticket purchase details
- Attendee names & contact info
- Payment method (tokenized)
Automated & Third-Party
- Usage metrics & cookies
- Payment provider relays
- Cloud infrastructure logs (AWS)
- NIN verification states
3. How We Use Your Information
Service Provision
Processing ticket purchases, generating QR codes, facilitating payments, and providing elite customer support.
Platform Operations
Maintaining functionality, monitoring performance, ensuring security, and preventing unauthorized access.
Personalization
Customizing your experience and recommending events based on your interests and saved preferences.
Marketing
Sending promotional updates, newsletters, and push notifications with your explicit consent.
5. How We Share Your Information
We DO NOT sell your personal information.
Service Providers
We share tokenized data with payment processors and email service providers strictly for transaction and communication fulfillment.
- Payment Provider: Name, Email, Reference
- SMTP Services: Email, Name, Content
Organizers & Managers
When you purchase a ticket or book a venue, the relevant organizer or manager receives necessary attendee details (Name, Email, Phone, Ticket Type) to facilitate entry and logistics.
6. Data Security
- • Encryption in Transit: TLS/HTTPS
- • Encryption at Rest: AES-256
- • Password Security: Bcrypt with Salt
- • Secure Cloud: AWS Enterprise Infrastructure
All payment providers are PCI DSS certified. We utilize tokenization—card details are never stored on our servers.
15. Breach Notification
In the event of a data breach posing risk to your rights, we commit to notifying you within 72 hours of discovery, alongside notifying the Nigeria Data Protection Bureau (NDPB).
7. Data Retention
Account Deletion
60 Days
Data purged after request, excluding legal records.
Transaction Records
7 Years
Retained for tax and regulatory compliance.
Backup Systems
90 Days
Data retained in secure rotation backups.
8. Your Rights Under NDPR
Right of Access
Request a copy of your personal data and usage details.
Right to Rectification
Correct inaccurate or update incomplete information.
Right to Erasure
Request deletion of your data (Right to be Forgotten).
Right to Portability
Receive your data in a machine-readable format.
Right to Object
Object to marketing communications and profiling.
Lodge a Complaint
File a complaint with the NITDA/NDPB if rights are violated.
Response Time: We will respond to your rights requests within 30 days.
9. Cookies & Tracking
Essential
Authentication, session management, and security.
Duration: Session / 1 Day
Preference
Language settings and interface customization.
Duration: 1 Year
Analytics
Usage statistics and performance monitoring.
Duration: 2 Years
11. Children's Privacy
Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If discovered, such data is immediately purged.
19. Consent
By using the Nimboon Platform, you acknowledge that you have read and understood this policy, and you consent to the collection and disclosure of your data as described.
Withdrawal: You may withdraw consent at any time by contacting info@nimboon.com.