Privacy Policy
Last Updated: May 26, 2026
1. Scope and Introduction
Easily Business Suite ("we," "our," "us," or "the Platform") respects the privacy and confidentiality of its users. This comprehensive Privacy Policy governs the collection, use, disclosure, storage, and protection of data processed within the Easily Business Suite multi-tenant ERP platform.
Our data processing practices comply strictly with the Nigeria Data Protection Act (NDPA), the Nigeria Data Protection Regulation (NDPR), and align with the principles of the General Data Protection Regulation (GDPR).
Data Controller: The business entity or tenant owner who registers a workspace and inputs employee, transactional, or commercial data into the Platform.
Data Processor: Easily Business Suite, acting on behalf of the Data Controller to safely host, compute, and serve the application modules.
2. Detailed Categories of Data We Process
As an extensive enterprise resource planning system, Easily Business Suite handles diverse data streams crucial for your daily business operations:
A. Customer and Tenant Account Information
During tenant registration, we collect contact and billing information including legal business names, tax identification numbers (TIN), physical branch addresses, administrator names, telephone numbers, emails, and subscription billing details.
B. Human Resources (HR) and Payroll Records
To compute payroll and manage staff files, the Data Controller inputs employee names, government identifications, residential addresses, emergency contacts, bank account coordinates, tax status codes, attendance logs, performance evaluations, and salary rates.
C. Sales, Financial and Point of Sale (POS) Records
We process transaction records, product pricing, stock volumes, invoice distributions, ledger sheets, balance sheets, expenses, supplier registries, customer receipts, and digital branch sales histories generated during operational activities.
D. Technical Logs and Metadata
To maintain secure workspaces and trace system changes, our servers log technical data such as Internet Protocol (IP) addresses, device operating systems, browser specifications, login histories, and granular audit trails mapping active edits made within the portal.
3. Purposes and Legal Bases for Data Processing
We process your information under the following legal bases:
Contractual Performance
Processing is necessary to initialize your workspace, authenticate personnel, compute inventory margins, and distribute payrolls as requested by you.
Legitimate Interests
We monitor logs to protect server nodes, troubleshoot codebase anomalies, prevent database breaches, and mitigate internal multi-tenant anomalies.
Legal Compliance
Retaining precise financial files is required to satisfy commercial tax regulations, auditing rules, and official corporate reporting laws.
4. Security Measures and Data Integrity
We implement industry-standard administrative, physical, and technical safeguards designed to guarantee the integrity of your critical operations:
- Transport Encryption (SSL/TLS): All data sent between user browsers and the Service is encrypted in transit using cryptographic security keys (SSL Certificate).
- Cryptographic Hashing: User passwords and authentication keys are stored using strong BCrypt cryptographic algorithms.
- Access Separation: Database queries utilize strictly separated multi-tenant parameters to prevent data leaks or inter-workspace interference.
- Server Infrastructure: Hosted in highly secure data centers utilizing enterprise hardware firewalls, regular system updates, and automated malware scanning.
5. Data Sharing and Third-Party Sub-Processors
We do not sell, rent, trade, or distribute your business database records under any circumstances.
We only share metadata or specific inputs with third-party sub-processors to execute active functions initiated directly by your administrators:
- Hosting Infrastructure: Secured cloud providers acting as physical server nodes.
- SMTP & Communications: Platforms utilized to deliver customer invoices, notifications, or critical system alerts.
- Financial Integrations: Secure payment gateways linked by you to process customer invoicing payments.
We reserve the right to disclose personal data when strictly required by a court of competent jurisdiction or formal regulatory mandates within Nigeria.
6. Data Retention and Destruction
We retain your information only as long as your corporate workspace remains active or as required by law.
Upon a tenant's request for workspace termination, we put the account into a secure 30-day grace period to prevent accidental loss. After this window, all database cells, uploaded employee attachments, transactions logs, and server backups are permanently and securely deleted from our active production systems.
7. Rights of Data Subjects
Under standard data protection laws (NDPR/GDPR), your employees, customers, and partners whose data you process on our platform possess distinct rights:
8. Cookies and Tracking Technologies
Our platform utilizes essential cookies to ensure operational integrity. We use secure session cookies to remember authentication states and preserve system security keys (CSRF tokens) to protect forms from cross-site scripting vulnerabilities. No behavioral or advertisement-tracking cookies are active within the workspace portal.
9. Data Security Inquiries and Compliance
We have designated a Data Protection Officer (DPO) to manage privacy inquiries and monitor compliance with global standards.
For questions, rights requests, or feedback regarding data security, please contact our team. We commit to responding to all formal requests within a maximum period of thirty (30) business days.