Privacy Policy
Last updated: June 2026
Ciniter Hub ("we", "us", "our") is operated by Ciniter Technologies. This policy explains how we collect, use, store, and protect information when you use our AI-powered business operations platform at hub.ciniter.com and related services.
By using Ciniter Hub, you agree to the practices described in this policy. This policy complies with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023.
1. Information We Collect
1.1 Account Information
When you register, we collect:
- Full name and email address
- Business name, industry, and description
- Phone number (admin number for your business)
- Payment and bank account information (for payout settlements)
1.2 Business Operational Data
Through your use of the platform, we process:
- Product catalog information (names, prices, descriptions)
- Customer records (names, phone numbers, order history)
- Orders, bookings, and transaction records
- Financial data (revenue, expenses, invoices, receivables)
- Inventory and stock level data
- Employee records (names, roles, contact information)
1.3 Communication Data
When you connect WhatsApp to your account:
- Incoming and outgoing WhatsApp messages between your business number and customers
- Media shared in conversations (images, documents, audio, video)
- Contact information of people who message your business
- Message metadata (timestamps, delivery status, read receipts)
1.4 AI-Processed Data
Our AI agents process your business data to:
- Respond to customer inquiries automatically
- Create bookings, orders, and transactions on your behalf
- Generate business reports and insights
- Send payment reminders and marketing messages
AI processing occurs on our servers and through third-party AI providers. Your data is used exclusively to provide services to your business and is never used to train AI models.
1.5 Technical Data
- IP address and approximate location
- Browser type, device information, operating system
- Pages visited, features used, and interaction patterns
- Authentication tokens stored in your browser's local storage
2. How We Use Your Information
| Purpose | Lawful Basis (NDPR) |
|---|---|
| Providing AI agent services and business operations | Contract performance |
| Processing payments and settlements | Contract performance |
| Sending transactional notifications (receipts, confirmations) | Contract performance |
| Communicating with customers on your behalf via WhatsApp | Legitimate interest (business operations you authorized) |
| Improving our services and fixing bugs | Legitimate interest |
| Preventing fraud and ensuring security | Legitimate interest |
| Marketing our services to you | Consent (you can opt out) |
| Complying with legal obligations | Legal obligation |
3. AI Agent Processing
Ciniter Hub uses artificial intelligence to automate business operations on your behalf. When you deploy an AI agent:
- The agent reads incoming WhatsApp messages to understand customer intent
- It accesses your business data (products, availability, orders) to provide accurate responses
- It can create transactions, send payment links, and update records automatically
- All actions taken by the agent are logged and visible in your dashboard
You remain responsible for the actions taken by AI agents on your behalf. You can review agent activity, disable agents, or override agent decisions at any time from your dashboard.
4. Data Sharing and Sub-Processors
We share your data with the following categories of third parties:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Meta Platforms (WhatsApp Business API) | Message delivery | Messages, contact info, media |
| OpenAI / AI providers | AI agent processing | Message content, business context (no PII in prompts where possible) |
| Flutterwave | Payment processing | Transaction amounts, customer emails, bank details |
| Supabase (Hetzner EU) | Database and authentication | All account and operational data |
| Cloudflare (R2) | File and media storage | Uploaded files, images, documents |
| Hetzner (Germany) | Application hosting | All data in transit |
We do not sell your data. We do not share your data with third parties for their own marketing purposes.
5. International Data Transfers
Your data may be processed in countries outside Nigeria, including Germany (application hosting), the United States (AI processing, Cloudflare), and the European Union (database hosting). These transfers are necessary to provide our services and are protected by appropriate safeguards including data processing agreements with each sub-processor.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 90 days after deletion |
| WhatsApp messages | 12 months from receipt (configurable) |
| Payment records | 7 years (Nigerian tax compliance) |
| Business operational data | Duration of account + 30 days |
| Activity logs | 90 days |
| Technical/access logs | 30 days |
When you delete your account, we erase your personal data within 90 days. Some data may be retained longer where required by law (e.g., financial records for tax compliance).
7. Your Rights (NDPR/NDPA)
Under Nigerian data protection law, you have the right to:
- Access — request a copy of all personal data we hold about you
- Rectification — correct inaccurate data via your dashboard or by contacting us
- Erasure — delete your account and all associated data
- Restriction — limit how we process your data in certain circumstances
- Data portability — export your data in a machine-readable format (CSV)
- Object — object to processing based on legitimate interest
- Withdraw consent — where processing is based on consent, withdraw at any time
To exercise any of these rights, contact us at privacy@ciniter.com or use the data management tools in your dashboard settings. We will respond within 30 days.
8. Data Security
- All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Authentication uses secure tokens with automatic expiration
- Database access is restricted by row-level security policies
- Payment credentials are never stored on our servers (handled by Flutterwave)
- WhatsApp messages are stored in encrypted databases accessible only to your account
- Regular security assessments and monitoring
9. Your Customers' Data
When your customers message your business WhatsApp number, their messages are processed by our AI agents on your behalf. In this context:
- You are the data controller for your customers' data
- We are the data processor acting on your instructions
- You are responsible for informing your customers that AI is handling their messages
- Customer data is isolated per tenant — no business can access another business's customer data
10. Children's Data
Ciniter Hub is a business operations platform and is not directed at children under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
11. Cookies and Local Storage
We use browser local storage for authentication tokens and user preferences. We do not use third-party tracking cookies. Analytics, where used, are privacy-respecting and do not track individuals across websites.
12. Changes to This Policy
We may update this policy to reflect changes in our services or applicable law. Material changes will be communicated via email or in-app notification at least 14 days before taking effect.
13. Contact and Complaints
Data Protection Officer:
Email: privacy@ciniter.com
Address: Lagos, Nigeria
If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.