1. Scope of this policy

This Privacy Policy describes how Apex Grid Technologies Limited ("Apex Grid", "we", "us", "our") collects, uses, shares, and protects personal data in connection with:

  • the website at www.apexgridapps.com and its sub-paths,
  • direct communications with Apex Grid (email, contact forms, business meetings, recruitment enquiries, partnership discussions),
  • the corporate operations of Apex Grid Technologies Limited as the parent organisation.

Product-specific privacy policies. Apex Grid develops and operates product brands, including FinovaMax (core-banking software for Nigerian financial institutions) and Asotele (an applied-AI research programme). Personal data processed in connection with the use of those products by end-customers is governed by each product's own privacy policy. For FinovaMax, see finovamax.com/legal/privacy.html. This policy covers Apex Grid's corporate-parent data activities, not product-deployment data.

2. Who we are

Apex Grid Technologies Limited is a private limited company incorporated in Nigeria.

  • Registered company number (RC): 9108833
  • Country of incorporation: Nigeria
  • Headquarters: Lagos, Nigeria
  • Additional operations: Abuja, Nigeria
  • Contact email for privacy matters: [email protected]

For the purposes of the Nigeria Data Protection Act 2023 (NDPA) and its General Application and Implementation Directive (GAID, effective 19 September 2025), Apex Grid Technologies Limited is the data controller of personal data processed under this policy.

3. Personal data we collect

Through your use of apexgridapps.com and your direct communications with us, we may collect:

  • Identifiers — name, business email, business phone number, job title, organisation, country.
  • Contact-form submissions — the message text, inquiry type, and any documents you choose to attach.
  • Recruitment data — if you apply for a role, the CV or résumé you submit and supporting information.
  • Partnership / investor / advisor enquiries — the details you choose to share.
  • Technical data automatically collected — IP address, browser type and version, device type, referring URL, pages viewed, timestamps, and similar logging information used to operate the website and detect abuse.
  • Cookies and similar technologies — see Section 10.

We do not collect special-category personal data (health information, religious beliefs, biometric data, etc.) through this website.

We do not knowingly process personal data of children under 18 through this website (see Section 12).

4. How we use your data

We use personal data to:

  • Respond to enquiries submitted through the contact form, by email, or by other direct channels.
  • Manage recruitment processes when you apply for a role.
  • Evaluate and pursue partnership, investor, advisor, or vendor relationships.
  • Operate, secure, and improve the website, including diagnosing technical issues and preventing abuse.
  • Comply with legal and regulatory obligations applicable to Apex Grid Technologies Limited as a Nigerian company.
  • Engage with you about Apex Grid's products and services where you have requested such engagement or where we have a legitimate interest in doing so and you have not objected.

We do not sell personal data to third parties.

5. Legal basis for processing

We process personal data under one or more of the following lawful bases under the NDPA 2023:

  • Consent — for marketing communications, newsletters, and any optional data we collect with your explicit agreement.
  • Performance of a contract — when processing is necessary to take steps at your request before entering into a contract, or to perform an existing contract with you or your organisation.
  • Legitimate interests — for example, operating and securing the website, responding to business enquiries, evaluating partnership opportunities, and exercising or defending legal claims. Where we rely on legitimate interests, we balance our interests against your rights and freedoms.
  • Legal obligation — where processing is necessary to comply with a legal or regulatory requirement applicable to Apex Grid Technologies Limited.

You have the right to withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing before the withdrawal.

6. Who we share data with

We share personal data with the following categories of recipients, only as necessary and subject to appropriate contractual safeguards:

  • Group companies and product teams — Apex Grid's internal teams developing and operating FinovaMax, Asotele, and other Apex Grid products. Personal data shared within the group is limited to the minimum necessary.
  • Service providers (sub-processors) that support our website and business operations, including:
    • Email and SMTP delivery providers
    • Web-hosting and infrastructure providers
    • Analytics and security-monitoring tools
    • Customer-relationship-management (CRM) and ticketing tools
    • Recruitment platforms (where applicable)
  • Professional advisors — including legal, accounting, audit, and consulting professionals, where their services require limited and necessary access to personal data.
  • Regulators and authorities — where required by law or in connection with legal proceedings or regulatory enquiries.
  • Acquirers or successors — in the event of a merger, acquisition, restructuring, or sale of all or part of Apex Grid Technologies Limited, personal data may be transferred to the relevant party, subject to your continuing rights under this policy and applicable law.

Each sub-processor is engaged under a written agreement requiring confidentiality and appropriate technical and organisational measures consistent with the NDPA 2023.

7. International transfers

Some of our service providers operate from jurisdictions outside Nigeria. Where personal data is transferred outside Nigeria, we ensure that the transfer is subject to appropriate safeguards consistent with the NDPA 2023 and the GAID — including contractual commitments to data-protection standards equivalent to those required under Nigerian law.

You may request additional information about the international transfers relevant to your personal data by contacting us using the details in Section 14.

8. How long we keep data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, regulatory, accounting, or reporting requirements.

Indicative retention periods:

  • Contact-form enquiries that do not result in further engagement — up to 24 months from the last contact.
  • Recruitment applications — up to 12 months from the conclusion of the recruitment process unless you ask us to retain them longer for future opportunities.
  • Business and partnership correspondence — for the duration of the relationship and a reasonable period thereafter consistent with legal and accounting obligations.
  • Website technical logs — typically up to 12 months, longer where required for security investigations.

Specific retention periods may vary depending on the nature of the data and applicable legal requirements.

9. Your rights

Under the NDPA 2023 and the GAID, you have the following rights in relation to your personal data, exercisable by contacting us using the details in Section 14:

  • Access (§34(1)(a)–(b)) — to obtain confirmation of whether we process your personal data, and a copy of that data.
  • Rectification (§34(1)(c)) — to have inaccurate or incomplete personal data corrected.
  • Erasure (§34(1)(d)) — to request deletion of your personal data in defined circumstances ("right to be forgotten").
  • Restriction of processing — to request that we limit how we use your personal data in defined circumstances.
  • Objection — to object to processing carried out on the basis of legitimate interests, including objection to direct marketing.
  • Data portability — to receive personal data you have provided to us in a structured, commonly-used, machine-readable format, where technically feasible.
  • Withdraw consent — where processing is based on consent.
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC) — if you believe our processing of your personal data does not comply with the NDPA 2023. The NDPC may be contacted via ndpc.gov.ng.

We respond to verified rights requests within the timeframes required by the NDPA 2023 and the GAID, typically within 30 days.

10. Cookies

apexgridapps.com uses cookies and similar technologies for the following purposes:

  • Strictly necessary cookies — required for the website to function, including security and session management.
  • Analytics cookies — to understand how visitors use the site and improve it. Analytics processing is done in aggregate and does not seek to identify individual visitors.
  • Preference cookies — to remember choices you make on the site, such as language or display preferences.

You can control cookies through your browser settings, including refusing or deleting them. Refusing strictly necessary cookies may affect the functioning of parts of the website.

11. How we secure your data

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit using TLS.
  • Access controls limiting personal data to authorised personnel on a need-to-know basis.
  • Logging and monitoring of website and infrastructure activity.
  • Vendor due diligence and written data-processing agreements with sub-processors.

In the event of a personal-data breach that is likely to result in a risk to the rights and freedoms of affected data subjects, we will notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, in accordance with NDPA §40, and notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

No security measure is perfect, and no method of transmission over the internet is fully secure. We continuously work to improve our security posture.

12. Children's data

apexgridapps.com is a corporate website intended for business audiences. We do not knowingly collect personal data from children under 18 through this website. If we become aware that we have inadvertently collected personal data from a child, we will take reasonable steps to delete that information.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The "Effective" date at the top of this page indicates when the latest version came into force. Material changes will be communicated through reasonable means, which may include a notice on apexgridapps.com, an email to subscribers, or both.

We encourage you to review this policy periodically.

14. How to contact us

For any privacy-related question, request, or complaint:

Apex Grid Technologies Limited
Privacy team
Email: [email protected]

You may also exercise your rights under Section 9 by contacting us at the same email address.

For complaints to the Nigerian regulator:

Nigeria Data Protection Commission (NDPC)
Website: https://ndpc.gov.ng