Privacy Policy

Effective date: 1 June 2026

Fanbase Technologies Limited (“Fanbase NG”, “we”, “us” or “our”) is committed to protecting the privacy of all users of our Platform. This Privacy Policy explains how we collect, use, share and safeguard your personal data and describes your rights under the Nigeria Data Protection Regulation 2019 (NDPR) as issued by the National Information Technology Development Agency (NITDA) and the Nigeria Data Protection Act 2023 (NDPA).

Please read this policy carefully before using Fanbase NG. By accessing or using the Platform you acknowledge that you have read and understood this policy.

1. Data Controller

The data controller responsible for your personal data is:
Fanbase Technologies Limited
Lagos, Nigeria
Email: privacy@fanbaseng.com

2. Data Protection Officer (DPO)

In accordance with Article 4.1(2) of the NDPR, we have designated a Data Protection Officer. You may contact our DPO for any privacy-related queries at:
dpo@fanbaseng.com

3. Personal Data We Collect

We collect the following categories of personal data depending on how you use the Platform:

3.1 Data you provide directly

  • Account data: your name, username, email address, and password (stored as a cryptographic hash).
  • Profile data: display name, biography, profile photo, banner image, and social media links you choose to share.
  • Payment data: billing details processed by Paystack. We do not store full card numbers — these are held by Paystack under PCI DSS compliance. We receive and store transaction references, amounts and status.
  • Bank account data (creators only): bank name, account name and the last four digits of your account number to facilitate payouts. Your full account number is encrypted at rest using AES-256 and is never exposed to other users.
  • Content: posts, photos, videos, messages and comments you create on the Platform.
  • Communications: messages you send to other users and any correspondence with our support team.

3.2 Data collected automatically

  • Usage data: pages visited, features used, time and duration of sessions, and actions taken on the Platform.
  • Device and connection data: IP address, browser type and version, operating system, and device identifiers.
  • Log data: server logs including request IDs, HTTP status codes and error reports collected for security and performance monitoring.
  • Cookies and similar technologies: session tokens and authentication cookies necessary to keep you logged in. See section 11 for details.

4. Legal Basis for Processing

Under the NDPR and NDPA, we process your personal data on the following legal grounds:

  • Performance of a contract: processing necessary to provide you with the Platform services, including account management, content delivery, subscription management and payments.
  • Legitimate interests: security monitoring, fraud prevention, abuse detection, improving the Platform and product analytics — balanced against your privacy interests.
  • Legal obligation: compliance with Nigerian law, including anti-money-laundering (AML) obligations, tax reporting and responding to lawful requests from authorities.
  • Consent: for optional communications such as marketing emails and push notifications. You may withdraw consent at any time by updating your notification preferences in Settings.

5. How We Use Your Data

We use your personal data to:

  • Create and manage your account;
  • Process subscriptions, payments, tips and payouts through Paystack;
  • Deliver, personalise and improve Platform features;
  • Send transactional notifications (new subscriber, payout, etc.);
  • Detect, investigate and prevent fraud, abuse and violations of our Terms;
  • Comply with applicable Nigerian laws and regulations;
  • Respond to your support requests;
  • Maintain audit logs for security and compliance purposes.

6. Sharing Your Data

We do not sell your personal data. We share data with third parties only in the following circumstances:

  • Paystack (Paystack Payments Limited): for processing card payments and subscription billing. Paystack is a licensed payment service provider regulated by the Central Bank of Nigeria (CBN).
  • Supabase: our database and authentication infrastructure provider. Data is stored in Supabase-managed PostgreSQL databases.
  • Cloudflare: we use Cloudflare R2 for media file storage and Cloudflare Stream for video hosting and delivery. Your uploaded content is stored on Cloudflare’s infrastructure.
  • Sentry: error tracking and application monitoring. Error reports may contain limited diagnostic information such as request paths and anonymised stack traces.
  • Upstash: rate-limiting and caching service used to protect the Platform from abuse.
  • Legal and regulatory disclosures: we may disclose your data to law enforcement, courts or government agencies when required by Nigerian law or a valid legal process, or when we believe disclosure is necessary to prevent harm.
  • Business transfers: in the event of a merger, acquisition or sale of assets, personal data may be transferred to the acquiring entity, subject to equivalent privacy protections.

Where we share data with third-party processors, we enter into data processing agreements requiring them to protect your data to standards equivalent to those required by the NDPR.

7. International Data Transfers

Some of our service providers (including Supabase, Cloudflare and Sentry) operate infrastructure outside Nigeria. When your data is transferred outside Nigeria, we ensure that appropriate safeguards are in place, including contractual clauses that meet the requirements of the NDPR and the requirements set by NITDA for international data transfers.

8. Data Retention

We retain your personal data for the following periods:

  • Active account data: for as long as your account remains active.
  • Transaction and payment records: for a minimum of 6 years in accordance with Nigerian tax and financial reporting obligations.
  • Audit logs: for 24 months.
  • Content you have published: deleted when you archive or delete the content, or when your account is terminated, subject to any legal holds.
  • Deleted account data: anonymised or deleted within 90 days of account closure, except where retention is required by law.

9. Your Rights Under the NDPR and NDPA

As a data subject under the NDPR and Nigeria Data Protection Act 2023, you have the following rights:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may request correction of inaccurate or incomplete personal data. You can update most of your profile information directly in Settings.
  • Right to erasure: you may request that we delete your personal data where there is no legitimate reason for us to continue processing it.
  • Right to restriction: you may request that we restrict processing of your data in certain circumstances.
  • Right to data portability: you may request a copy of your data in a structured, commonly used and machine-readable format.
  • Right to object: you may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@fanbaseng.com. We will respond within 30 days. We may need to verify your identity before processing your request.

10. Security

We implement technical and organisational measures to protect your personal data, including:

  • Encrypted data transmission (TLS 1.2+) for all communications between your browser and our servers;
  • AES-256-GCM encryption for sensitive financial data (bank account numbers) stored at rest;
  • Row-level security (RLS) on our database ensuring users can only access their own data;
  • Rate limiting and API origin verification to prevent abuse;
  • Audit logging of all administrative and privileged actions;
  • Regular security reviews and monitoring via Sentry.

No system is completely secure. If you discover a security vulnerability, please report it responsibly to security@fanbaseng.com.

11. Cookies

We use only technically necessary cookies — specifically, session cookies issued by Supabase to keep you authenticated. We do not use advertising cookies or third-party tracking cookies. You can clear cookies through your browser settings, but doing so will log you out of your account.

12. Children’s Privacy

Fanbase NG is not directed at persons under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@fanbaseng.com and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on the Platform at least 14 days before the changes take effect. The “Effective date” at the top of this page shows when the policy was last revised.

14. How to Make a Complaint

If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with Nigeria’s data protection supervisory authority:

National Information Technology Development Agency (NITDA)
No. 28 Port Harcourt Crescent, Area 11, Garki, Abuja, FCT, Nigeria
Email: ndpr@nitda.gov.ng
Website: nitda.gov.ng

We encourage you to contact us first at privacy@fanbaseng.com so we can try to resolve your concern directly.

15. Contact Us

For any privacy-related questions or requests:
Fanbase Technologies Limited
Lagos, Nigeria
Email: privacy@fanbaseng.com
DPO: dpo@fanbaseng.com

Privacy Policy | Fanbase NG