Legal

Privacy Policy

Last updated: 1 March 2025  ·  Effective: 1 March 2025

Inventino ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights in relation to it. It applies to all users of the Inventino platform, website, and related services. By using our services, you agree to this policy.

1. Who We Are

Inventino is a software-as-a-service (SaaS) inventory and point-of-sale management platform operated by Inventino Technologies Ltd., a company registered in Nigeria. We act as the data controller for personal information you provide when using our website and as a data processor for data you enter about your own customers within the platform.

If you have any questions about this policy, contact our Data Protection Officer at: privacy@inventino.shop.

2. Data We Collect

We collect the following categories of personal data:

2.1 Account Data

  • Full name, email address, and password (hashed, never stored in plain text)
  • Business name, address, phone number, and industry type
  • Profile picture (optional)

2.2 Usage Data

  • IP address, browser type, operating system, and device identifiers
  • Pages visited, features used, session duration, and click patterns
  • Error logs and performance metrics

2.3 Transaction Data

  • Billing information (plan type, payment method type, but not full card numbers — handled by our payment processors)
  • Subscription history and invoices

2.4 Business Data You Enter

When you use Inventino, you input data about your own products, staff, customers, and transactions. You are the data controller for this data; we process it on your behalf under our Data Processing Agreement.

2.5 Communication Data

  • Messages you send us via email, WhatsApp, or our contact form
  • Support tickets and their content

3. How We Use Your Data

We use your data for the following purposes:

  • Service delivery — to create and manage your account and provide the platform features
  • Billing — to process subscription payments and send invoices
  • Support — to respond to your enquiries and resolve issues
  • Security — to detect fraud, prevent unauthorised access, and protect platform integrity
  • Improvement — to analyse usage patterns and improve product features (using aggregated, anonymised data where possible)
  • Legal compliance — to comply with applicable laws, regulations, or court orders
  • Communications — to send service notifications, security alerts, and (with your consent) product updates and offers

4. Legal Basis for Processing

Under the Nigeria Data Protection Regulation (NDPR) and NDPA 2023, we rely on the following legal bases:

  • Contract — processing necessary to deliver the service you subscribed to
  • Legitimate interests — security monitoring, fraud prevention, and product analytics
  • Consent — for marketing communications (you may withdraw consent at any time)
  • Legal obligation — where law requires us to retain or report specific data

5. Data Sharing

We do not sell your personal data. We share it only with:

  • Payment processors (Paystack, Flutterwave) — for billing, subject to their own privacy policies
  • Cloud infrastructure providers — for hosting and data storage, under strict data processing agreements
  • Analytics providers — anonymised usage data only
  • Law enforcement or regulators — only when legally required

All third parties we engage are contractually required to protect your data and process it only for specified purposes.

6. Data Retention

We retain personal data for as long as your account is active. After account deletion:

  • Account data is deleted within 30 days
  • Billing records are retained for 7 years as required by Nigerian tax law
  • Anonymised, aggregated usage data may be retained indefinitely
  • Backup copies are purged within 90 days

7. Your Rights

Under the NDPA 2023, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request corrections to inaccurate or incomplete data
  • Erasure — request deletion of your data (subject to legal retention obligations)
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Restriction — request that we limit processing in certain circumstances
  • Withdraw consent — for any processing based on consent, at any time

To exercise your rights, email privacy@inventino.shop. We will respond within 30 days.

8. Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, regular penetration testing, and automated threat monitoring. Despite these measures, no system is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you within 72 hours as required by the NDPA.

9. Cookies

We use cookies to operate the platform, remember your preferences, and analyse usage. See our Cookie Policy for full details and how to manage your cookie preferences.

10. Changes to This Policy

We may update this policy periodically. When we do, we will update the "Last updated" date, notify you by email for material changes, and post the updated version on this page. Continued use of Inventino after the effective date constitutes acceptance.

11. Contact

For privacy-related enquiries:

  • Email: privacy@inventino.shop
  • Address: Inventino Technologies Ltd., Lagos, Nigeria
  • Data Protection Officer: Available at the email above

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpb.gov.ng.

Related Legal Documents

Terms of Service → Cookie Policy → Data Protection Policy →