Privacy Policy
Effective Date: 6 April 2026 | Last Updated: 6 April 2026
MOAA TECH Nigeria Limited (“MOAA TECH,” “we,” “us,” or “our”) is committed to protecting the privacy of individuals who interact with our products and services. This Privacy Policy describes how we collect, use, share, and protect personal data in connection with Sharp, Sharp+, the Sharp Console, and our website at moaatech.com (collectively, the “Services”).
This policy complies with the Nigeria Data Protection Act 2023 (“NDPA”), the Nigeria Data Protection Regulation 2019 (“NDPR”), and other applicable data protection laws.
1. Our Role: Controller vs. Processor
Understanding our role is important to knowing how your data is handled:
| Data Type | MOAA TECH’s Role | Who Controls It |
|---|---|---|
| Account and registration data (name, email, phone, organization details) | Data Controller | MOAA TECH |
| Billing and wallet data (top-up amounts, transaction history) | Data Controller | MOAA TECH |
| Message content and recipient phone numbers/emails sent via Sharp | Data Processor | Customer (the Organization sending messages) |
| Customer records stored in Sharp+ (names, appointments, custom fields) | Data Processor | Customer (the Organization using Sharp+) |
| Website usage data (analytics, cookies) | Data Controller | MOAA TECH |
When we act as a Data Processor, we process data solely on your instructions and in accordance with our Terms of Service. If you are an End User whose data is being processed by one of our Customers, please contact that Customer directly regarding your data rights.
2. Data We Collect
2.1. Information You Provide
- Account information: First name, last name, email address, phone number, organization name, account type (organization or individual).
- Authentication data: Password (stored as a one-way hash; we never store or have access to your plaintext password).
- Billing data: Wallet balance, top-up history, transaction records. Payment card details are handled entirely by our payment processor and are never stored on our servers.
- API keys: Stored as cryptographic hashes. We cannot retrieve your full API key after generation.
- Message data: Message content, recipient information, sender IDs, and delivery metadata submitted through Sharp.
- Customer management data (Sharp+): Customer names, contact details, appointment records, reminder rules, custom fields, and tags that you enter into Sharp+.
- Support communications: Content of emails or messages you send to our support team.
2.2. Information Collected Automatically
- Usage data: Pages visited, features used, actions taken within the Console, timestamps.
- Device and browser data: IP address, browser type, operating system, screen resolution, and device identifiers.
- Delivery data: Message delivery status, carrier responses, latency metrics, and error codes from upstream providers.
- Audit logs: Records of significant account actions (login, API key creation, settings changes) for security purposes.
3. How We Use Your Data
We use your data for the following purposes:
- Service delivery: To operate, maintain, and improve Sharp, Sharp+, and the Console.
- Message routing: To transmit messages to the intended recipients via appropriate channels and providers.
- Billing: To process wallet transactions, calculate message costs, and maintain billing records.
- Security and fraud prevention: To detect unauthorized access, enforce rate limits, validate OTP requests, and protect against abuse.
- Analytics: To provide you with delivery analytics, campaign performance data, and usage statistics within the Console.
- Communication: To send you service announcements, account notifications, and support responses.
- Compliance: To comply with legal obligations, regulatory requirements, and lawful requests from authorities.
4. Legal Bases for Processing
Under the NDPA, we process personal data on the following bases:
- Performance of contract: Processing necessary to deliver the Services you have signed up for (account management, message delivery, billing).
- Consent: Where you explicitly agree to specific processing activities, such as receiving marketing communications.
- Legitimate interest: Processing necessary for our legitimate business interests (security monitoring, fraud prevention, service improvement) where such interests are not overridden by your rights.
- Legal obligation: Processing required to comply with applicable laws, regulations, or court orders.
5. How We Share Your Data
We do not sell your personal data. We share data only in the following circumstances:
- Message delivery providers: We transmit message content and recipient information to telecommunications carriers and channel providers solely to deliver your messages. We use multiple providers with automatic failover to ensure reliability.
- Payment processor: Wallet top-up transactions are processed by our authorized payment provider, which receives only the data necessary to complete the transaction.
- Cloud infrastructure: Our Services are hosted on secure cloud infrastructure. Data may be processed by our hosting and infrastructure providers under strict data processing agreements.
- Legal requirements: We may disclose data to law enforcement, regulatory authorities, or courts when required by law or to protect our rights and the safety of our users.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction, subject to continued adherence to this Privacy Policy.
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Account information | Duration of account + 12 months after deletion |
| Message delivery logs | 90 days (aggregated statistics retained longer) |
| Message content | 30 days, then permanently deleted |
| Billing and wallet records | 7 years (as required by Nigerian tax law) |
| Audit logs | 24 months |
| OTP session data | 24 hours after expiry |
| Sharp+ customer records | Duration of account (deleted upon account termination at Customer’s request) |
Where applicable law requires longer retention, we will retain data for the required period.
7. Cross-Border Data Transfers
Some of our infrastructure providers and message delivery partners operate outside Nigeria. When personal data is transferred outside Nigeria, we ensure appropriate safeguards are in place, including:
- Data processing agreements with all third-party providers.
- Use of providers that maintain recognized security certifications.
- Compliance with the cross-border transfer provisions of the NDPA and NDPR, including adequacy assessments where required.
8. Your Rights
Under the Nigeria Data Protection Act 2023 and the NDPR, you have the following rights with respect to your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
- Right to data portability: Request your data in a structured, commonly used, machine-readable format.
- Right to object: Object to processing based on legitimate interest or for direct marketing purposes.
- Right to restrict processing: Request that we limit how we use your data in certain circumstances.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us at info@moaatech.com. We will respond within 30 days of receiving your request.
For End Users: If your data is being processed by one of our Customers through Sharp or Sharp+, please contact that Customer directly. We will assist the Customer in fulfilling your request as required.
9. Data Security
We implement technical and organizational measures to protect your data, including:
- Encryption of sensitive data fields (passwords, API keys, webhook secrets).
- Secure HTTPS connections for all data in transit.
- Role-based access controls and audit logging.
- Regular security reviews and infrastructure monitoring.
- Rate limiting and fraud detection mechanisms on OTP and API endpoints.
While we take reasonable precautions, no system is completely secure. We cannot guarantee absolute security of data transmitted to or stored on our platform.
10. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, as required by the NDPA.
- Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
- Document all breaches and the remedial actions taken.
11. Cookies and Similar Technologies
Our website and Console use cookies and local storage for:
- Essential functionality: Authentication tokens, session management, and user preferences. These are necessary for the Services to function and cannot be disabled.
- Analytics: Anonymous usage data to help us understand how the Services are used and to identify areas for improvement.
We do not use third-party advertising cookies or tracking pixels.
12. Children’s Data
Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us immediately and we will take steps to delete that information.
13. Third-Party Links
Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with any personal data.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated at least 30 days in advance via the Console or the email address associated with your account. The “Last Updated” date at the top of this page reflects the most recent revision.
15. Contact Us
Data Protection Officer
MOAA TECH Nigeria Limited
Suite 307, Plot 307 The Kings Plaza
Ahmadu Bello Way, Kado, Abuja
Email: info@moaatech.com
Website: moaatech.com
If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).