Privacy Policy

Effective Date: 1 January 2025
Last Updated: 1 January 2025
Jurisdiction: Federal Republic of Nigeria
 

This Privacy Policy explains how Thoarax Digital collects, uses, stores, and protects your personal information when you use our website or engage our services. We are committed to protecting your privacy and handling your data responsibly and transparently.

Section 01
 

About Us

Thoarax Digital (“we,” “us,” “our,” or “the Company”) is a web development and digital marketing agency registered and operating in the Federal Republic of Nigeria. We provide website development, digital marketing, social media management, community management, business management, hosting, and related digital services to individuals, businesses, and organisations.

Our registered business address is: No. 3, 3rd Avenue, 26 Road, Gwarimpa Estate, Abuja, FCT, Nigeria.

This Privacy Policy applies to all personal data collected through our website at thoarax.com, our client portal, our marketing communications, and any other service we provide.

Section 02
 

Information We Collect

We collect information about you in the following ways:

2.1 Information You Provide Directly

When you fill in a form, book a call, make a purchase, or communicate with us, we may collect:

Identity data: first name, last name, job title, business name
 
Contact data: email address, phone number, WhatsApp number, physical address
 
Project data: details about your business, website, digital goals, and service requirements as provided in our enquiry, proposal, or audit forms
 
Account data:username and encrypted password when you create a client account
 
Financial data:billing details and transaction records when you purchase a service. Note: we do not store card details directly — these are handled by our payment processors (Paystack or Flutterwave)
 
Communication data:the content of emails, WhatsApp messages, or support tickets you send us.
 
 
2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

Usage data:pages visited, time spent on the site, links clicked, referring website
 
Device data:IP address, browser type and version, operating system, screen size
 
Cookie data:preferences and session information stored via cookies (see Section 7)
 
Analytics data:aggregated and anonymised data collected via Google Analytics 4
 
2.3 Information from Third Parties

If you choose to sign in using Google or Facebook via our client portal, we receive basic profile information (name, email address) from those platforms in accordance with their own privacy policies. We do not receive your password from these platforms.

Section 03
 
 
How We Use Your Information

We use your personal information only for legitimate purposes directly related to providing our services and running our business.

PurposeData UsedBasis
Responding to enquiries and proposalsContact data, project dataLegitimate interest / Contract
Delivering website and digital servicesIdentity, contact, project dataContract performance
Processing payments and issuing invoicesFinancial data, identity dataContract performance
Managing client accounts and subscriptionsAccount data, financial dataContract performance
Sending service-related emailsContact dataContract performance
Sending marketing emails (newsletter)Contact dataConsent
Delivering the free website auditWebsite URL, emailLegitimate interest / Consent
Improving our website and servicesUsage data, device dataLegitimate interest
Complying with legal obligationsAll relevant dataLegal obligation
Preventing fraud and protecting securityUsage data, device dataLegitimate interest

We do not use your data for automated decision-making or profiling that produces legal effects on you. We do not sell your personal data to any third party.

Section 04
 

Legal Basis for Processing

We process your personal data in compliance with the Nigeria Data Protection Regulation (NDPR) 2019, issued by the National Information Technology Development Agency (NITDA), and where applicable, the Nigeria Data Protection Act (NDPA) 2023.

Our lawful bases for processing your personal information are:

Contract performance:processing necessary to deliver a service you have requested or purchased from us
Legitimate interests:processing necessary for our legitimate business interests, provided those interests are not overridden by your rights and interests (e.g. improving our services, responding to enquiries, protecting the business)
Consent:processing based on your clear opt-in, particularly for marketing emails and newsletters. You may withdraw consent at any time.
 
Legal obligation:processing required to comply with applicable Nigerian or international laws
Section 05
 

How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your data only in the following limited circumstances:

 
5.1 Service Providers

We use trusted third-party service providers who process data on our behalf, subject to confidentiality obligations:

WhoGoHost / Go54— website hosting provider (Nigeria). Your website files are hosted on their servers.
 
Cloudflare— CDN, security, and DDoS protection. Processes request data to serve and protect the site.
 
Paystack / Flutterwave— payment processing. Your financial data is governed by their respective privacy policies.
 
Google (Analytics, Workspace, Zoom)— analytics, email, and video conferencing. Data is processed in accordance with Google’s privacy policy.
 
WPManageNinja (Fluent Suite)— the FluentCRM, FluentForms, FluentCart, FluentBooking, and Fluent Support tools we use to manage client data run on our own servers, meaning your data stays on our hosting environment and is not shared with WPManageNinja.
 
 
5.2 Legal Requirements

We may disclose your information where required to do so by law, court order, or in response to lawful requests by Nigerian public authorities, including to meet national security or law enforcement requirements.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website if this occurs.

We will never: sell your personal data · share it for advertising purposes · provide it to data brokers · disclose it to unauthorised third parties.
Section 06
Data Storage & Security

Your data is stored on servers managed by WhoGoHost (Go54), a Nigerian hosting provider, located within Nigeria. We take reasonable technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction.

Security measures we implement:
SSL/TLS encryption on all data transmitted to and from our website
Cloudflare firewall and DDoS protection
Wordfence Premium security plugin — real-time threat detection and malware scanning
Two-factor authentication (2FA) on all admin accounts
Daily automated backups stored securely off-site
Limited access controls — only authorised personnel access your data
Regular security audits and vulnerability assessments
Encrypted password storage — passwords are never stored in plain text

Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. If you become aware of any security vulnerability or breach, please contact us immediately at support@thoarax.com.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant authority and affected individuals within 72 hours of becoming aware of the breach, as required under the NDPA 2023.
Section 07
 
Cookies & Tracking Technologies

Our website uses cookies — small text files stored on your device — to improve your browsing experience and help us understand how visitors use the site.

Cookie TypePurposeCan Be Declined
Essential cookiesRequired for the site to function — login sessions, security, form submissionsNo — required for functionality
Analytics cookiesGoogle Analytics 4 — anonymous data on how visitors use the site (pages visited, time on site, traffic sources)Yes
Preference cookiesRemembers your settings and preferences across visitsYes
Marketing cookiesUsed only if you engage with our paid advertising (Google Ads, Meta Ads retargeting)Yes

You can control and delete cookies at any time through your browser settings. Disabling cookies may affect some functionality on the site. For more information about cookies, visit aboutcookies.org.

We do not use any third-party tracking pixels except where you have explicitly engaged with our advertising campaigns on Google or Meta platforms.

Section 08
 
Third-Party Services & Links

Our website may contain links to external websites, including the websites of our clients (visible in our portfolio). These third-party websites have their own privacy policies, and we are not responsible for their content or data practices. We encourage you to review the privacy policy of any website you visit.

Third-party tools used on our website:
Google Analytics 4— website analytics. Data is anonymised.Google Privacy Policy ↗
Google Fonts— typography loaded from Google servers. Google may collect minimal request data.Google Privacy Policy ↗
Cloudflare— CDN and security.Cloudflare Privacy Policy ↗
Paystack— payment processing.Paystack Privacy Policy ↗
Flutterwave— payment processing.Flutterwave Privacy Policy ↗
Zoom— video calls for discovery and strategy sessions.Zoom Privacy Policy ↗
WhatsApp— client communication. Messages sent via WhatsApp are subject to Meta’s privacy policy.
Section 09
 

Your Rights

Under the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023, you have the following rights regarding your personal data:

  • Right to be informed:you have the right to know what personal data we hold about you and how we use it — which this Privacy Policy provides.
  • Right of access:you may request a copy of all personal data we hold about you. We will respond within 30 days.
  • Right to rectification:if any data we hold about you is inaccurate or incomplete, you have the right to have it corrected.
  • Right to erasure (“right to be forgotten”):you may request that we delete your personal data where there is no compelling reason for us to continue processing it.
  • Right to restrict processing:you may request that we restrict the use of your data in certain circumstances.
  • Right to data portability:where processing is based on consent or contract, you may request your data in a structured, machine-readable format.
  • Right to object:you may object to processing based on our legitimate interests, including direct marketing. We will stop immediately upon receiving a valid objection to marketing.
  • Right to withdraw consent:where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

 

To exercise any of these rights, contact us at info@thoarax.com with the subject line “Data Rights Request.” We will respond within 30 days of receiving your request. We may need to verify your identity before processing the request.

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data rights have been violated. Visit ndpc.gov.ng for contact details.

Unsubscribing from marketing emails: Every marketing email we send contains an unsubscribe link at the bottom. Click it to be removed from our mailing list immediately. Alternatively, email us at info@thoarax.com with “Unsubscribe” in the subject line.
Section 10
 

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Data TypeRetention Period
Enquiry and contact form data3 years from last contact, unless a commercial relationship follows
Client project and contract data7 years from project completion (required for tax and legal purposes)
Payment and invoice records7 years (required under Nigerian tax law)
Client account dataDuration of account + 2 years after closure
Marketing/newsletter subscriber dataUntil you unsubscribe or request deletion
Website analytics data26 months (Google Analytics default)
Support ticket data3 years from ticket closure
Security and access logs90 days

 

When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

Section 11

Children’s Privacy

Our website and services are intended for adults and businesses. We do not knowingly collect personal information from children under the age of 18.

If you are a parent or guardian and believe that your child has provided personal information to us without your consent, please contact us immediately at info@thoarax.com and we will take steps to delete that information from our records.

 

 

Section 12

International Users

Thoarax Digital is based in Nigeria and our primary operations and data processing occur within Nigeria. If you are accessing our website or engaging our services from outside Nigeria — including from the European Union, United Kingdom, United States, or other jurisdictions — please be aware that your data will be transferred to and processed in Nigeria.

By using our services, you consent to this transfer. We take appropriate safeguards to ensure your data is treated securely and in accordance with this Privacy Policy, regardless of where you are located.

For clients in the European Union or United Kingdom, we acknowledge the requirements of the General Data Protection Regulation (GDPR) and UK GDPR where applicable and will endeavour to honour equivalent data rights to those described in Section 9.

 
 
Section 13

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make significant changes, we will:

Update the “Last Updated” date at the top of this page
Post a notice on our homepage for a minimum of 14 days
Send an email notification to all registered client account holders

We encourage you to review this Privacy Policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy.

The current version of this Privacy Policy is always available at thoarax.com/privacy-policy.

 
 
 
Section 14

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us using the details below. We are committed to resolving any concerns promptly and transparently.

Thoarax Digital — Data Controller
Company:Thoarax Digital
Address:No. 3, 3rd Avenue, 26 Road, Gwarimpa Estate, Abuja, FCT, Nigeria
Email:info@thoarax.com
Support: support@thoarax.com
Phone: 08188692067
WhatsApp: wa.me/2348188692067
Website: thoarax.com
Response:Within 5 working days for all privacy enquiries

If you are not satisfied with our response, you have the right to escalate your complaint to the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

 
 
This Privacy Policy was written specifically for Thoarax Digital and reflects our actual data practices. It complies with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023. For international clients, it acknowledges GDPR principles. This document does not constitute legal advice. If you require formal legal review, we recommend consulting a qualified data protection attorney in your jurisdiction.