Privacy Policy

Secure data infrastructure and privacy controls

This Privacy Policy explains what data Heapx Limited collects, why we collect it, and how we protect the information you share when engaging our pods or browsing our sites.

Effective date: 3 January 2026. We comply with the Nigeria Data Protection Regulation (NDPR) and applicable global privacy laws when serving multinational partners.

Data controller

Heapx Limited, 9 Amodu Present Street, Akute, Ogun State, Nigeria.

Email: privacy@heapxltd.com

Why we process data

To deliver contracted creative and engineering services.
To communicate with leads, clients, and partners.
To run analytics that keep our products secure and performant.

Legal bases

We rely on contractual necessity, legitimate interest, consent (for marketing), and legal obligation where applicable.

1. Information we collect

Identity data: names, job titles, company information.
Contact data: email addresses, phone numbers, social handles.
Project data: briefs, assets, call recordings, feedback.
Usage data: IP address, device/browser info, pages visited, referral sources.

2. How we use information

We use data to scope engagements, build products, manage billing, provide support, improve our platforms, and send relevant updates. Marketing emails are opt-in and include unsubscribe links.

3. Sharing and disclosure

We share information with vetted service providers (hosting, analytics, payment processors) bound by confidentiality agreements. We may also disclose information to comply with legal requests or to protect rights, property, or safety.

4. International transfers

Data may be stored in the EU or US using providers that implement Standard Contractual Clauses, NDPR-compliant safeguards, and encryption at rest/in transit.

5. Security

We enforce SSO, MFA, network segmentation, and access reviews. Incident response procedures ensure we notify affected users and regulators when required.

6. Data retention

Project artifacts are retained for the duration of your contract plus 24 months unless you request deletion sooner. Invoicing records remain for at least 7 years to comply with Nigerian tax law.

7. Your rights

Depending on your jurisdiction, you may request access, correction, deletion, restriction, portability, or objection to processing. Email privacy@heapxltd.com and we’ll respond within 30 days.

8. Cookies & tracking

We use first-party cookies for authentication and analytics plus select third-party tools (e.g., Google Analytics). You can manage preferences through your browser or by using the cookie banner on first visit.

9. Children

Heapx services are not directed to individuals under 16. If we learn that we collected such data without consent, we will delete it.

10. Updates to this policy

We will post updates here and notify active clients by email if changes are material. Continued use of our services after updates constitutes acceptance.

Need support with privacy or security?

Our privacy desk handles DSARs, DPA reviews, and security questionnaires for enterprise partners.

Days max DSAR SLA

Security assessments yearly

Compliance frameworks supported