Privacy Policy

This Privacy Policy explains how Maxella ("we", "our", "us") collects, uses, stores, discloses and protects your personal data when you visit and interact with our website at maxella.ai (the "Website"). [Maxella is a product/brand operated by [insert registered legal entity name], a company registered under the laws of the Federal Republic of Nigeria with registered address at [insert address]. Confirm the correct contracting entity with counsel.]

The Website is primarily an information and marketing site for our products and services aimed at financial institutions and other organisations. Where we make platform or account-based services available through the Website, the relevant parts of this Policy will apply to your use of those services.

By accessing or using the Website, you agree to the terms of this Privacy Policy and consent to the processing of your personal data to the extent permitted by law. You have the right to withdraw your consent at any time, provided we do not have another lawful basis to continue processing your personal data.
We may update this Privacy Policy from time to time. Where changes are made, the revised date will be shown at the top of this Policy. In some cases we may give you additional notice, such as a statement on the Website or an email notification. We encourage you to review this Policy periodically.

We collect only the information we need for the purposes described in this Policy. Depending on how you interact with the Website, this may include:

• Information you provide to us – for example when you complete a contact form, request a demo, subscribe to updates, or otherwise communicate with us. This typically includes your name, work email address, phone number, company or organisation name, job title, and the content of your message or enquiry.
• Account and onboarding information – where we make platform or account-based services available and you register for them, the information needed to create and manage your account.
• Technical and usage data – such as IP address, browser type, device and operating system information, referring URLs, pages viewed, and general location inferred from your IP address, collected automatically as you use the Website.
• Cookies and similar technologies – information collected through cookies and similar technologies, as described in the "Cookies" section below.
• Records of communications – records of your correspondence with us, including emails, support queries, and (where applicable) information you share with us through social media platforms.

We use the personal data we collect for the following purposes:

• To respond to your enquiries, demo requests and contact form submissions, and to provide customer support.
• To provide, maintain, operate and improve the Website and, where applicable, our platform services.
• To communicate with you about our products, services, updates and events, where we have a lawful basis to do so. Where required by law, we will obtain your consent for marketing communications, and you may opt out at any time.
• To send administrative and service messages, including security alerts and updates relevant to your use of the Website or any services you have requested.
• To understand how the Website is used, monitor usage trends, and improve user experience and our service offerings.
• To protect the security and integrity of the Website, prevent fraud and misuse, and verify the legitimacy of enquiries.
• To comply with applicable laws, regulations and lawful requests, and to establish, exercise or defend legal claims.

[Maxella / the operating entity] is based in Nigeria, and our processing of your personal data is governed by the Nigeria Data Protection Act 2023 (NDPA) and any other applicable data protection laws in Nigeria. By using the Website or providing information to us, you consent to the processing of your information in and, where applicable, transfer to Nigeria.

The Website uses cookies and similar technologies to function properly, remember your preferences, measure traffic, and understand how the Website is used. Cookies are small files stored on your device. You can control or disable cookies through your browser settings, although some parts of the Website may not function properly if you do so.

[Confirm which cookies/analytics tools are actually in use (e.g. analytics, marketing pixels) and list the categories here. Do not claim tools you are not using.]

We do not sell your personal data. We may disclose personal data in the following limited circumstances:

• To trusted service providers and contractors who process personal data on our behalf (for example, hosting, analytics, email and customer-engagement providers). These parties act on our instructions and are required to protect your data in line with the NDPA and appropriate confidentiality and security measures.
• To our affiliates, where this is necessary to operate the Website and provide our services.
• Where required by law, regulation or legal process, such as in response to a court order, subpoena, or lawful request from a regulator or law enforcement authority. We will disclose only the data necessary to meet such requirements.
• Where necessary to detect, prevent or address fraud, security issues, or other prohibited or illegal activity, or to protect the rights, property or safety of Maxella, our users, or others.
• In connection with a merger, acquisition, financing, or sale of all or part of our business, subject to appropriate confidentiality arrangements.
• With your consent or at your direction.
• In aggregated or de-identified form that cannot reasonably be used to identify you.

Where we transfer personal data to another country, we will take steps to ensure the transfer complies with the NDPA, including ensuring an adequate level of protection or putting appropriate safeguards in place.

We take reasonable technical and organisational measures to protect personal data from loss, theft, misuse, and unauthorised access, disclosure, alteration and destruction. These measures may include access controls limiting data to authorised personnel, encryption in appropriate cases, and staff awareness measures. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

The personal data we collect may be transferred to, stored, and processed in locations outside Nigeria, including where our service providers or data centres are located. Where this happens, we take steps to ensure your personal data is handled securely and with an appropriate level of protection, and that such transfers are conducted lawfully in accordance with applicable data protection laws. By submitting your personal data, you consent to this transfer, storage and processing in accordance with this Policy.

Subject to applicable law, you have the following rights in relation to the personal data we hold about you:

• Right of access – to request a copy of the personal data we hold about you. We will respond within the timeframe required by law (generally within one month), and where we cannot meet that timeframe we will let you know and may request additional time.
• Right to rectification – to have inaccurate personal data corrected.
• Right to erasure – to ask us, in certain circumstances, to delete the personal data we hold about you.
• Right to restrict processing – to ask us to restrict processing in certain circumstances.
• Right to data portability – to receive your personal data in a structured, commonly used, machine-readable format, or to have it transferred to another organisation where technically feasible.
• Right to object – to object to the processing of your personal data in certain circumstances, including for direct marketing.

To exercise any of these rights, please contact us at dpo@suretree.com or write to us at [insert postal address].

In the event of a personal data breach, we will assess and respond in accordance with the NDPA. Where required, we will report the breach to the Nigeria Data Protection Commission (NDPC) within 72 (seventy-two) hours of becoming aware of it. Where we determine that the breach is likely to be detrimental to your rights and freedoms, we will take steps to inform you of the breach, the associated risks, and the measures taken or proposed to address it.

The Website and our services are intended for businesses and for individuals who are at least 18 years old. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

If you have any questions or concerns about this Privacy Policy, or wish to contact us for any reason, you can reach us at:
Email: dpo@suretree.com