Privacy Policy

This Privacy Policy describes how WorkWave Technology Limited ("WorkWave", "we", "us", or "our") collects, uses, stores, and shares information about you when you use our platform, websites, and related services (collectively, the "Services").

WorkWave is incorporated under the Companies and Allied Matters Act (CAMA) 2020 and registered with the Corporate Affairs Commission (CAC) as RC-1234567. We operate under the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR).

This Policy applies to:

By using our Services, you acknowledge that you have read and understood this Policy.

We collect information you provide directly, information generated as you use our Services, and information from third parties where you have authorised such sharing.

ACCOUNT & IDENTITY DATA: Full name, work email address, phone number, business name, CAC registration number, Tax Identification Number (TIN), BVN (Business Verification Number — collected only with explicit consent and stored encrypted), National Identification Number (NIN), passport or driver's licence details where required for KYC.

PAYROLL & HR DATA: Employee names, dates of birth, addresses, salary information, bank account numbers, PFAs, PAYE computations, pension deductions, NHF contributions, leave records, performance data.

FINANCIAL DATA: Invoice data, bank account details (for reconciliation), transaction records, accounts payable and receivable information. We do not store complete card numbers.

USAGE DATA: IP addresses, browser type, pages visited, feature usage patterns, error logs, and session duration data — collected to improve the platform.

COMMUNICATIONS: Messages sent to our support team, demo requests, and survey responses.

Under the NDPA 2023, we process personal data on the following lawful bases:

CONTRACT PERFORMANCE: Processing employee payroll, generating payslips, and maintaining HR records is necessary to perform our contract with your organisation.

LEGAL OBLIGATION: We process data to comply with Nigerian law, including FIRS VAT filing obligations, PAYE remittance requirements, PenCom pension regulations, and NHF contributions.

LEGITIMATE INTERESTS: We process certain usage data to improve our platform's security, reliability, and user experience.

CONSENT: Where we use cookies for marketing analytics, or where we process sensitive personal data such as health information for sick leave, we obtain explicit consent.

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

We use the information we collect to:

We will never sell your personal data or your employees' personal data to third parties. We will never use your financial data for any purpose beyond providing you with the Services.

We share your information only in the following circumstances:

REGULATORY BODIES: We share payroll and tax data with FIRS, state IRSs (LIRS etc.), PenCom, NSITF, and Federal Mortgage Bank as required by law and as instructed by you.

SERVICE PROVIDERS: We use trusted third-party processors including Paystack (payment processing), Amazon Web Services (cloud infrastructure), Sendgrid (transactional email), and Twilio (SMS notifications). All processors are bound by data processing agreements.

YOUR EMPLOYEES: Payslips, leave balances, and relevant HR records are shared with the employees they concern.

BUSINESS TRANSFERS: If WorkWave is acquired or merges, your data may be transferred. We will notify you 30 days before any such transfer.

LEGAL REQUIREMENTS: We will disclose data if required by a valid court order, law enforcement request, or regulatory direction under Nigerian law.

We have not and will not transfer your data outside Nigeria without adequate safeguards in place.

We retain personal data for as long as necessary to provide the Services and comply with our legal obligations.

Employee data processed on behalf of your organisation is retained according to your instructions and our contractual obligations.

As a data subject under the Nigeria Data Protection Act 2023, you have the following rights:

RIGHT OF ACCESS: You may request a copy of the personal data we hold about you.

RIGHT OF RECTIFICATION: You may ask us to correct inaccurate or incomplete data.

RIGHT OF ERASURE: You may request deletion of your data where there is no lawful basis for continued processing.

RIGHT TO OBJECT: You may object to processing based on legitimate interests.

RIGHT OF PORTABILITY: You may request your data in a commonly used, machine-readable format.

RIGHT TO WITHDRAW CONSENT: Where processing is based on consent, you may withdraw at any time.

To exercise these rights, email privacy@workwave.ng. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC).

We implement technical and organisational measures to protect your data:

No system is 100% secure. If you discover a vulnerability, please report it responsibly to security@workwave.ng.

We use cookies and similar tracking technologies on our website.

ESSENTIAL COOKIES: Required for the platform to function. Cannot be disabled.

ANALYTICS COOKIES: Help us understand how users interact with our product. We use PostHog (self-hosted in Nigeria).

MARKETING COOKIES: Used to measure the effectiveness of our advertising. Only placed with your consent.

You can manage cookie preferences through the cookie banner on our site or your browser settings. Disabling non-essential cookies will not affect your ability to use the WorkWave platform.

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Continued use of the Services after the effective date of a change constitutes acceptance of the updated Policy.

For questions about this Policy, contact our Data Protection Officer at dpo@workwave.ng or write to:

Data Protection Officer

WorkWave Technology Limited

14 Adeola Odeku Street, Victoria Island

Lagos, Nigeria