Privacy Policy

This policy applies to Precision InfoTech Limited (“Precision”, “we”, “us”), registered in Nigeria with its principal office in Lekki, Lagos. It covers personal data we process when you:

• Browse precisioninfotech.com, request a quote, or contact us.
• Engage us for web, mobile, cloud, AI/ML, design, or digital marketing work.
• Authorise us — as a Meta Tech Provider, Business Solution Provider, or agency — to manage Facebook Pages, Instagram business accounts, WhatsApp Business numbers, Meta Ads accounts, or Messenger inboxes on your behalf.
• Interact with a client whose Facebook Page, Instagram account, WhatsApp Business number, or Messenger experience we operate.
• Apply to work with us or receive marketing from us.

When we build or operate systems for a client, that client is normally the data controller for the personal data flowing through those systems, and we act as their data processor. When we run our own website, sales, hiring, and internal operations, we are the controller. This policy makes that split clear in each section.

From you directly

• Contact details — name, email, phone, company, role — submitted through forms, email, calls, or signed agreements.
• Project details — briefs, requirements, source code, designs, assets, credentials you choose to share, and the business data you ask us to process.
• Billing details — invoicing entity, tax IDs, and bank or card details processed through our payment provider (Paystack).
• Application data — CVs, work samples, and interview notes if you apply to a role.

From your use of our site

• Device and connection data — IP address, user-agent, referrer, approximate location derived from IP, pages viewed, and timestamps.
• Cookie and analytics identifiers — see the cookies section below.
• Session telemetry from our infrastructure providers for security and abuse prevention.

From third parties

• Meta Platforms — when a client grants us access via Meta Business Manager, we receive Page, Ad Account, Catalog, WhatsApp Business Account, Instagram, and Messenger data needed to perform the service.
• Payment providers — limited transaction status and last-four card details to reconcile invoices.
• Public sources — company information used to qualify inbound leads or verify a counterparty.

We use personal data only for the purposes it was collected for, including:

• Responding to enquiries, scoping work, and sending proposals or invoices.
• Delivering the services in our statement of work, master services agreement, or data processing addendum.
• Running, maintaining, and securing our website, internal tools, and client production systems.
• Operating Meta business assets on behalf of clients — publishing content, replying to messages, running ads, building audiences, and reporting on results within the scope each client authorises.
• Sending operational and (with consent) marketing communications.
• Meeting our legal, tax, accounting, and regulatory obligations in Nigeria and any jurisdiction where a client requires us to comply.
• Detecting and preventing fraud, abuse, and security incidents.

We do not sell personal data, and we do not use the contents of client production data, WhatsApp messages, or Messenger conversations to train general-purpose AI models for ourselves or any third party.

Under the Nigeria Data Protection Act 2023 (NDPA) and, where it applies, the EU/UK GDPR, we rely on one or more of these bases:

• Performance of a contract — to deliver work we have agreed with you or your employer.
• Legitimate interests — to run our business, secure our systems, qualify leads, and improve our services, where those interests are not overridden by your rights.
• Consent — for marketing emails, optional analytics cookies, and any sensitive processing.
• Legal obligation — to keep accounting records, respond to lawful requests from authorities, and meet platform requirements imposed by Meta or other providers.

We share personal data only with parties who need it to deliver our services or who we are legally required to share with. The main categories:

• Cloud and infrastructure — AWS, Microsoft Azure, Google Cloud, Vercel, and similar providers we use to host client and internal workloads.
• Communication and collaboration — Google Workspace, Microsoft 365, and similar productivity tools.
• Meta Platforms, Inc. — when we operate Facebook, Instagram, WhatsApp Business, Messenger, or Meta Ads on your behalf, data flows through Meta's APIs and is subject to Meta's own policies.
• Payments — Paystack for collections, and the destination banks for payouts and transfers.
• Professional advisors — accountants, auditors, and lawyers under confidentiality obligations.
• Regulators and courts — where compelled by law, court order, or a regulator with jurisdiction.
• Successors — if we restructure, merge, or sell part of the business, data may transfer under the same protections set out here.

Every processor we engage is bound by written terms requiring confidentiality, security controls, and limits on further sharing.

Many of our marketing and software engagements involve operating assets inside the Meta ecosystem on behalf of clients. The Meta ecosystem covered by this policy includes Facebook Pages, Facebook Groups, Facebook Ads, Instagram (business and creator accounts), WhatsApp Business (App, Business Platform / Cloud API, and On-Premises API), Messenger, Meta Business Suite, Meta Business Manager, Audience Network, Threads (where Meta exposes business tools), and related developer products such as Meta Pixel, the Conversions API, the Marketing API, and the Graph API.

Our role

For every Meta engagement we act as a processor for the client that owns the underlying asset. Access is granted through Meta Business Manager partner permissions, system user tokens, or — for WhatsApp — Embedded Signup and the Cloud API. We never claim ownership of a client’s Page, Ad Account, Catalog, WhatsApp Business Account, or Instagram account.

What we typically access

• Page and Instagram content, comments, direct messages, insights, and follower lists.
• Ad Accounts — campaigns, ad sets, ads, audiences, creatives, billing summaries, and performance reports.
• WhatsApp Business Accounts — phone numbers, message templates, conversations, and delivery analytics needed to operate the channel.
• Catalogs and Commerce — product feeds, catalog items, and order data where the client sells through Meta surfaces.
• Pixel and Conversions API events — server-side events the client sends us to attribute marketing performance.

Compliance with Meta’s rules

We follow the Meta Platform Terms, the Meta Developer Policies, the WhatsApp Business Messaging Policy, the WhatsApp Business Solution Terms, the Meta Advertising Standards, the Commerce Policies, and the Brand Resource Center. Where these documents impose stricter obligations than this policy, the stricter obligations apply.

End-user data handling

• We only retain Meta data for as long as it is needed to deliver the service or as required to comply with Meta's retention rules.
• We do not sell, license, or share Meta-derived data with data brokers or unrelated third parties.
• We do not use Meta data for credit, employment, insurance, housing, or other eligibility decisions.
• We honour deletion requests from Meta and from the underlying user within the time frames Meta requires.

When a client engages us to design, deploy, or operate WhatsApp-based experiences — using the WhatsApp Business App, the WhatsApp Business Platform (Cloud API), or the On-Premises API — we process the data required to send and receive messages, run automations, and report on performance.

What we process

• Phone numbers of the client's customers or contacts who message the WhatsApp Business number.
• Message content — text, media, location, contact cards, interactive replies, and template responses — to the extent needed to deliver the conversation.
• Display names and WhatsApp profile pictures returned by the WhatsApp API.
• Metadata such as delivery, read, and failure receipts.
• Opt-in records — including the channel, timestamp, and language in which the end user consented to be contacted.

How we use it

• Routing inbound messages to the right agent, bot, or automation.
• Sending business-initiated messages only against approved templates and a recorded opt-in.
• Building and operating chatbots, AI assistants, and CRM integrations the client has approved.
• Generating quality and performance reports for the client.

What we will not do

• We will not send promotional messages to a user who has not opted in through a verifiable channel.
• We will not export WhatsApp conversation history to third parties outside the client's authorised stack.
• We will not retain WhatsApp media beyond the period agreed with the client.
• We will not use WhatsApp data to train AI models for purposes unrelated to the client's service.
• We will not bypass WhatsApp rate limits, quality ratings, or template review processes.

End users can opt out of WhatsApp messaging at any time by replying STOP (or an equivalent keyword the client has configured), and we will record the opt-out and stop further business-initiated messages on that number.

What we process

• Public profile information of users who comment, react, message, or follow the assets we manage.
• Direct messages and comments routed to the Page or Instagram inbox.
• Audience and insights data exposed through the Page API, Instagram Graph API, and Insights endpoints.
• Lead form responses captured through Facebook or Instagram lead ads.
• Catalog and shop data where the client sells through Facebook Shops or Instagram Shopping.

How we use it

• Publishing approved content, scheduling posts, and moderating comments according to the client's playbook.
• Responding to messages, mentions, and tags as the client's authorised agent.
• Building and refining custom and lookalike audiences against signals the client owns.
• Reporting on reach, engagement, conversion, and creative performance.

We do not impersonate end users, scrape data outside the scope of the approved Meta permissions, or combine Meta-derived data with data from incompatible sources to build profiles outside the authorised use case.

When we operate a Messenger experience — including agent inboxes, chatbots, and AI assistants — we process the messages, attachments, quick replies, and metadata Meta exposes to the connected Page. We rely on Messenger’s 24-hour standard messaging window and the permitted message tags for any messages sent outside that window, and we will not send promotional content outside the conditions allowed by Meta’s Messenger Platform Policy.

Persistent menu options, ice-breakers, and welcome screens we deploy will identify the business operating the experience. Where an AI assistant handles the conversation, we will disclose that fact to the end user where Meta or applicable law requires it.

For paid acquisition we may operate Ad Accounts, deploy the Meta Pixel on client web properties, and configure the Conversions API to send hashed first-party events from the client’s server. In each case the client remains the controller of the underlying user data and decides which events to send.

• We hash personally identifying fields (email, phone, name) using SHA-256 before they leave the client's infrastructure, in line with Meta's CAPI specification.
• We configure Limited Data Use and the appropriate data processing options where required by applicable law (for example, U.S. state privacy laws routed through CAPI).
• We respect user opt-outs surfaced via the AEM framework, browser-level signals, and any consent management platform the client operates.
• We do not send special-category data (health, finance specifics, sexual orientation, religion, etc.) or data from users who appear to be under 18 through Pixel or CAPI.

When a client authorises us to operate any Meta asset on their behalf they must:

• Maintain a public-facing privacy policy that accurately describes the data they collect via Meta surfaces and that links to Meta's relevant disclosures.
• Obtain and record any consents required for marketing, retargeting, lead capture, and (for WhatsApp) business-initiated messaging.
• Provide accurate business information to Meta during business verification, identity verification, and display name approval flows.
• Avoid restricted, prohibited, or age-gated content categories on the assets we manage, and comply with the Meta Community Standards and Advertising Standards.
• Tell us promptly about any breach, regulator request, or user complaint that affects the assets we manage.

If a client instructs us in a way that would breach Meta’s policies, applicable law, or this policy, we will refuse the instruction and document the refusal.

Our website uses three categories of cookies and similar technologies:

• Strictly necessary — for authentication, security, and load balancing. These cannot be disabled.
• Functional — to remember preferences such as language and theme.
• Analytics — to understand how the site is used and improve it. We only set these after consent where consent is required.

You can manage cookies through your browser settings or through any consent banner we display. Disabling some cookies may reduce site functionality.

• Marketing leads — up to 24 months after the last interaction, then deleted or anonymised.
• Client project records — for the duration of the engagement plus 6 years for tax, audit, and dispute purposes, unless a longer period is required by law.
• WhatsApp, Messenger, and Page conversation data — for the period agreed in the client's statement of work, and in any case no longer than Meta's retention requirements allow.
• Website analytics — up to 26 months in aggregated form.
• Recruitment data — up to 12 months unless you ask us to delete it sooner.

We operate primarily from Nigeria but use international cloud and SaaS providers, including Meta’s infrastructure in the United States and the European Union. Where personal data of individuals in Nigeria is transferred outside Nigeria, we rely on the conditions set out in the NDPA — including adequacy where the Nigeria Data Protection Commission has confirmed it, contractual safeguards, or the data subject’s explicit consent. For EU/UK data subjects we use Standard Contractual Clauses or equivalent transfer mechanisms.

Subject to the NDPA and any other privacy law that applies to you, you have the right to:

• Access the personal data we hold about you.
• Ask us to correct inaccurate or incomplete data.
• Ask us to delete data we no longer need to keep.
• Object to or restrict certain types of processing, including direct marketing.
• Withdraw any consent you have given us, without affecting prior lawful processing.
• Receive your data in a portable, machine-readable format where the right applies.
• Complain to the Nigeria Data Protection Commission (NDPC) or your local supervisory authority.

If we are processing your data on behalf of a client (for example, because you messaged a WhatsApp Business number we operate) we will forward your request to the client controller, and they will respond. You can also contact the client directly.

We protect personal data with administrative, technical, and physical safeguards proportionate to the risk, including role-based access control, multi-factor authentication on production systems, encryption in transit and at rest where supported by the platform, secrets management, code review, dependency scanning, and audit logging on high-risk systems. We test our controls, train our team, and run a documented incident response process. No system is perfectly secure; we will notify affected parties and regulators of any incident on the timelines the law requires.

Our services are not directed to children under 18. We do not knowingly collect data from anyone under 13 (or the equivalent age in your jurisdiction). For Meta assets we operate, the minimum age follows Meta’s own rules — 13 for most products and 18 for WhatsApp where required. If you believe a child has provided us with personal data, please contact us and we will delete it.

We will update this policy when our practices, the law, or Meta’s requirements change. The “last updated” date at the top of the page reflects the latest revision. Material changes will be flagged on the website or notified to active clients and subscribers by email.

For privacy questions, data subject requests, or to raise a concern about a Meta asset we operate, write to us at:

• Email — privacy@precisioninfotech.com
• General — info@precisioninfotech.com
• Post — Precision InfoTech Limited, Lekki, Lagos, Nigeria
• Phone — +234 803 189 4288

You can also lodge a complaint with the Nigeria Data Protection Commission via ndpc.gov.ng.