Privacy Policy

July, 2025

Important Notice: This Privacy Policy explains how Stika collects, uses, and protects your personal information. We are committed to protecting your privacy and handling your data responsibly in accordance with Nigerian data protection laws and international best practices.

1. INTRODUCTION

1.1 About This Policy

This Privacy Policy applies to all users of the Stika platform, including advertising agencies, clients, riders, and fleet owners. It describes how we collect, use, store, and protect your personal information when you use our mobile advertising marketplace services.

1.2 Data Controller

Stika, operated by Stika Technologies LTD, is the data controller responsible for your personal information. We are committed to complying with the Nigeria Data Protection Regulation (NDPR) and other applicable privacy laws.

1.3 Contact Information

If you have questions about this Privacy Policy or our data practices, please contact our Data Protection Officer at privacy@stika.ng.

2. INFORMATION WE COLLECT

2.1 Personal Information

We collect different types of information depending on your user role:

User Type	Information Collected	Purpose
All Users	Name, email, phone number, password, profile information	Account management, authentication, communication
Agencies	Business registration, tax information, bank details, client relationships	Business verification, payment processing, compliance
Clients	Company information, industry, budget preferences, campaign history	Service delivery, campaign optimization, reporting
Riders	Identity documents, bank account, tricycle details, location data	Identity verification, payment processing, performance tracking
Fleet Owners	Business information, fleet details, rider relationships, commission preferences	Fleet management, payment processing, performance analytics

2.2 Location Data

For riders and fleet operations, we collect:

Real-time GPS coordinates: During active campaigns for route tracking and verification
Geofence presence data: To verify campaign compliance and calculate earnings
Movement patterns: For anti-fraud measures and performance optimization
Historical location data: For analytics and route optimization (anonymized)

2.3 Technical Information

We automatically collect:

Device information (model, operating system, unique identifiers)
App usage data and interaction patterns
Network information and connection quality
Camera and photo metadata for verification purposes
Performance metrics and error logs

2.4 Financial Information

We collect financial data necessary for platform operations:

Bank account details for payment processing
Transaction history and payment records
Campaign budgets and spending patterns
Commission and fee calculations
Tax-related information as required by law

3. HOW WE USE YOUR INFORMATION

3.1 Primary Uses

We use your information for the following purposes:

Service Delivery

Creating and managing user accounts
Processing campaign creation and management
Facilitating rider-campaign matching
Providing real-time tracking and verification
Processing payments and commissions

Platform Operations

Fraud detection and prevention
Performance analytics and optimization
Customer support and dispute resolution
System maintenance and security
Compliance with legal obligations

3.2 Analytics and Insights

We analyze data to provide valuable insights including:

Campaign Performance: ROI metrics, coverage analysis, effectiveness reports
Market Intelligence: Traffic patterns, demographic insights, pricing optimization
Operational Efficiency: Route optimization, rider performance, system improvements
Predictive Analytics: Demand forecasting, risk assessment, market trends

3.3 Communication

We may contact you for:

Account-related notifications and updates
Campaign status and performance reports
Payment confirmations and financial statements
Platform updates and new feature announcements
Customer support and technical assistance
Marketing communications (with your consent)

4. LEGAL BASIS FOR PROCESSING

4.1 Lawful Basis

We process your personal information based on the following lawful grounds:

Contract Performance

Account creation and management
Service delivery and campaign execution
Payment processing and financial transactions
Customer support and dispute resolution

Legitimate Interests

Fraud prevention and security measures
Platform optimization and analytics
Business development and market research
Direct marketing to existing customers

Legal Compliance

Tax reporting and financial compliance
Anti-money laundering requirements
Data protection and privacy obligations
Regulatory reporting and audits

Consent

Marketing communications to prospects
Optional data sharing for enhanced services
Location tracking for non-essential features
Third-party integrations and partnerships

5. DATA SHARING AND DISCLOSURE

5.1 Internal Sharing

Within the Stika platform, we share information as necessary for service delivery:

Agency-Client Sharing: Campaign performance data, reports, and analytics
Fleet-Rider Sharing: Performance metrics, payment information, communication
Platform Analytics: Aggregated, anonymized data for market insights

5.2 Third-Party Service Providers

We share limited information with trusted service providers:

Payment Processors: Monnify, Paystack, Flutterwave, banks for transaction processing
Cloud Infrastructure: AWS, CloudOcean for data storage and processing
Analytics Services: Performance monitoring and business intelligence tools
Communication Platforms: Email, SMS, and WhatsApp for user communications
Security Providers: Fraud detection and cybersecurity services

5.3 Legal Disclosures

We may disclose information when legally required:

Compliance with court orders, subpoenas, or legal processes
Cooperation with law enforcement investigations
Protection of Stika's legal rights and property
Prevention of fraud or illegal activities
Public safety or national security requirements

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction, subject to equivalent privacy protections.

6. DATA SECURITY

6.1 Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards

End-to-end encryption for sensitive data transmission
Advanced encryption standards (AES-256) for data storage
Multi-factor authentication for account access
Regular security audits and penetration testing
Automated threat detection and response systems

Administrative Safeguards

Role-based access controls and principle of least privilege
Employee background checks and security training
Data access logging and audit trails
Incident response and breach notification procedures
Regular security awareness and compliance training

Physical Safeguards

Secure data centers with 24/7 monitoring
Biometric access controls and surveillance systems
Environmental controls and backup power systems
Secure disposal of hardware and storage media

6.2 Data Breach Response

In the event of a data breach, we will:

Contain and investigate the breach immediately
Notify affected users within 72 hours when feasible
Report to relevant authorities as required by law
Provide recommendations for user protection
Implement additional safeguards to prevent recurrence

7. DATA RETENTION

7.1 Retention Periods

We retain different types of data for varying periods based on legal requirements and business needs:

Data Type	Retention Period	Reason
Account Information	Duration of account + 7 years	Legal compliance, audit requirements
Financial Records	7 years from transaction date	Tax obligations, financial audits
Campaign Data	5 years from campaign completion	Performance analytics, dispute resolution
Location Data (Detailed)	2 years from collection	Verification, fraud prevention
Location Data (Aggregated)	Indefinitely (anonymized)	Market research, platform optimization
Communication Records	3 years from interaction	Customer support, compliance
Technical Logs	1 year from creation	Security monitoring, system optimization

7.2 Data Deletion

When retention periods expire, we securely delete or anonymize data using industry-standard methods. Users may request earlier deletion subject to legal and contractual obligations.

8. INTERNATIONAL DATA TRANSFERS

8.1 Cross-Border Transfers

We may transfer your information outside Nigeria for:

Cloud infrastructure and backup services
Third-party service provider operations
Group company operations and support
Legal compliance in multiple jurisdictions

8.2 Transfer Safeguards

When transferring data internationally, we ensure adequate protection through:

Standard contractual clauses and data processing agreements
Adequacy decisions from recognized privacy authorities
Binding corporate rules for group company transfers
Certification schemes and codes of conduct compliance

9. YOUR PRIVACY RIGHTS

9.1 Access Rights

You have the right to:

Access: Request copies of your personal information
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your personal information
Portability: Receive your data in a portable format
Restriction: Limit how we process your information
Objection: Object to processing for certain purposes

9.2 Exercising Your Rights

To exercise your privacy rights:

Submit a written request to privacy@stika.ng
Include verification of your identity
Specify the right you wish to exercise
Provide relevant details about your request

We will respond to your request within 30 days and may request additional information for verification.

9.3 Limitations

Your rights may be limited when:

Information is required for legal compliance
Data is necessary for contract performance
Processing is required for fraud prevention
Information affects rights of other individuals

10. CHILDREN'S PRIVACY

10.1 Age Restrictions

The Stika platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.

10.2 Parental Notice

If we become aware that we have collected information from a minor, we will delete such information promptly and notify the relevant authorities if required by law.

11. COOKIES AND TRACKING

11.1 Cookie Usage

We use cookies and similar technologies for:

Essential Cookies: Authentication, security, and basic functionality
Performance Cookies: Analytics, error tracking, and system optimization
Functional Cookies: User preferences, language settings, and customization
Marketing Cookies: Targeted advertising and campaign effectiveness (with consent)

11.2 Cookie Management

You can control cookies through:

Browser settings and preferences
Third-party opt-out tools and services
Device-level privacy controls

12. THIRD-PARTY LINKS

Our platform may contain links to third-party websites or services. This Privacy Policy does not apply to such third parties, and we are not responsible for their privacy practices. We encourage you to review their privacy policies before providing any information.

13. UPDATES TO THIS POLICY

13.1 Policy Changes

We may update this Privacy Policy periodically to reflect:

Changes in our data practices
New legal requirements or regulations
Platform features and service enhancements
Industry best practices and standards

13.2 Notification

We will notify users of material changes through:

Email notifications to registered users
In-app notifications and announcements
Platform banners and pop-up notices
Website posting with effective date updates

14. REGULATORY COMPLIANCE

14.1 Nigerian Compliance

This Privacy Policy complies with:

Nigeria Data Protection Regulation (NDPR)
Nigerian Communications Commission (NCC) guidelines
Central Bank of Nigeria (CBN) data requirements
Corporate Affairs Commission (CAC) regulations

14.2 International Standards

We also align with international privacy frameworks:

EU General Data Protection Regulation (GDPR) principles
ISO 27001 information security standards
SOC 2 Type II compliance requirements
Privacy by Design and Default principles

15. CONTACT INFORMATION

15.1 Data Protection Officer

Email: privacy@stika.ng

15.2 General Privacy Inquiries

Email: support@stika.ng

Subject Line: "Privacy Policy Inquiry"

15.3 Regulatory Complaints

If you believe we have not properly addressed your privacy concerns, you may file a complaint with:

Nigeria Data Protection Bureau (NDPB)

Email: info@ndpb.gov.ng

Website: www.ndpb.gov.ng

Last Updated: September 2025

Version: 1.0

Next Review Date: July 2026