Welcome to Braudit. This Privacy Policy explains how Braudit Ltd (UK) and Braudit Solutions (Nigeria) (collectively referred to as “Braudit”, “we”, “our” or “us”) collect, use, disclose, and protect your personal data when you use our products, services, websites, mobile applications, and other tools (collectively, the “Services”).

This Privacy Policy applies to all users of Braudit including organization admins, managers, members, and collaborators. It covers (1) any of our websites or apps including https://www.braudit.app and any forums and social network or similar accounts that we operate; and (2) any of our products or services (including support services and any other features, apps, technologies, software, products, or services offered by us, on any platforms or which may be accessible via a web application, third party platform or social network. Most of the information we collect will be provided by you. You might also provide information to help us market our services.

By accessing or using our Services, you agree to the practices described in this Privacy Policy.

• Personal Data means any information relating to an identified or identifiable natural person.
• NDPA refers to the Nigeria Data Protection Act.
• Braudit refers to both Braudit Ltd (UK) and Braudit Solutions (Nigeria), who jointly provide and manage the Braudit platform and its services.
• Services refers to all Braudit software, websites, web applications, and related features including but not limited to productivity tracking, performance reviews, workday logging, project management, and billing.

Braudit is a Work Performance Optimization (WPO) platform designed to help individuals, teams and organizations manage, track, and improve productivity and performance. Our platform is owned and operated by:

• Braudit Ltd, a company registered in the United Kingdom, serving as the parent company and data controller for international users.
• Braudit Solutions, a company registered in Nigeria, primarily managing operations, customer support, and compliance for Nigerian users.

We are committed to protecting your personal data and complying with all applicable privacy laws including the Nigeria Data Protection Act (NDPA), the GDPR, and any other applicable regulations.

We collect the following categories of personal data to provide and improve our Services:

• We collect account-related data such as your name, email address, password, phone number, organisation details, and user roles. Additionally, we collect profile and usage data including but not limited to activity logs, productivity scores, workday durations, performance ratings, and task history. Billing and payment data are collected when you fund your workspace wallet or complete a transaction, though actual payment details are processed through third-party payment processors.
• We also collect device and technical information such as IP address, browser type, device identifiers, and operating system through cookies and usage tracking tools. Support data including inquiries, tickets, and feedback submitted through our help channels are also collected and stored securely.
• We may collect Third-Party Information where users utilize third-party services integrated with our platform. These third-party tools may share limited information with us to facilitate their functionality within our ecosystem. Your use of these third-party tools is governed by their respective privacy policies.
• Additionally, we collect Geo-location Data for certain functionalities, especially the Workday feature. Depending on your device settings and permissions, we may collect both precise and approximate location data using technologies such as GPS, Wi-Fi networks, and cellular data. This data enables features like logging workday start and end times from specific locations.
• We do not collect or process special categories of sensitive personal data in the course of our business. Where it is necessary to process your sensitive personal data for any reason, we depend on your prior consent for any voluntary processing.

We process your personal data to deliver and improve our Services, ensure security, and meet our legal obligations. Specifically, we use your information to:

• Provide, operate, and maintain the Braudit platform and its features including but not limited to productivity, performance, billing, and collaboration features.
• Manage your account and user role within workspaces, including admin, manager, member, and collaborator roles.
• Enable performance tracking, generate performance reviews, log workdays, and measure productivity trends.
• Process workspace funding, deduct wallet fees, and generate invoices for completed tasks, projects, or other billing events.
• Communicate with you regarding service updates, security issues, support inquiries, and billing notices.
• Monitor, detect, investigate, and help prevent technical problems, security incidents and other malicious, deceptive, fraudulent, or illegal activity, and help protect rights and property of ours and others.
• Comply with our legal and financial obligations.
• Improve the overall experience of using our Services through analytics and user feedback.

We may also disclose personal data to Service Providers who support our platform infrastructure. These include providers of cloud hosting, artificial intelligence infrastructure, backup systems, security services, customer support tools, communication systems, and data analytics. All such providers are contractually bound to protect your information and act only on our instructions.

In the event of a Merger, Acquisition, or Sale of Braudit, your personal data may be part of the assets transferred to the acquiring or successor entity. We will notify you by email and/or through a prominent notice on our website before your personal data becomes subject to a new privacy policy. We will make reasonable efforts to ensure any acquiring entity uses your data in a way that aligns with this Privacy Policy.

We process your data based on your consent, our contractual obligations, legal requirements, or our legitimate interests.

We share information about you in limited circumstances, and with appropriate safeguards to protect your privacy. These are spelled out below:

Third-Party Vendors

We may share information about you with third party vendors, consultants, and advisors who help us provide our Services or who otherwise perform services for us. This includes vendors that help us provide our Services to you (like payment providers, data storage providers, SMS messaging providers, Artificial Intelligence Infrastructure providers and support service providers that help us communicate with you), those that assist us with our marketing efforts (like sending emails to our marketing list), those that help us understand and enhance our Services (like analytics providers), those that make tools to help us run our operations (like programs that help us with task management, scheduling, word processing, email and other communications, and collaboration among our teams), those in connection with events organised by braudit and other third-party tools that help us manage operations. We require vendors to agree to privacy commitments in order to share information with them so trust that your information remains safe and private;

Affiliates

We may disclose information about you to a current or future parent company, any subsidiaries, joint ventures, or other companies under a common control (collectively, “Affiliates”), in which case we will require our Affiliates to honour this Privacy Policy;

Business Transfers

In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that we go out of business or enter bankruptcy, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy;

Legal, Regulatory & Other Obligations

We may disclose information about you if we believe in good faith that such disclosure is necessary to (a) resolve disputes, investigate problems, or enforce our Terms of Service; (b) comply with relevant laws, or warrants, subpoenas, court orders, and other enforceable legal process; or (c) protect the property or rights belonging to braudit, you, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose the least amount of information as possible to address the emergency without delay; and

With Your Consent

We may share and disclose information with your consent or at your direction.

We rely on the following legal bases to process your personal data:

• Consent: Where required, especially for marketing and optional cookies.
• Performance of a Contract: To deliver services as agreed under our Terms of Use.
• Legal Obligation: To comply with regulatory and tax requirements.
• Legitimate Interests: For analytics, platform improvements, fraud prevention, and customer support, provided these interests are not overridden by your data protection rights.

We reserve the right to disclose anonymous information or other information that cannot reasonably be used to identify you publicly without restriction.

We generally discard information about you when it’s no longer needed for the purposes for which we collect and use it — described in the section above on “How We Use the Information” - and we’re not legally required to keep it.

For example, we keep web server logs for a few months. We retain the logs for this period of time in order to, among other things, analyse traffic, and investigate issues if something goes wrong.

In assessing the suitable duration for retaining personal data, we take into account various factors including the quantity, type, and sensitivity of the data, the potential risks associated with unauthorised access or disclosure, the purposes for which we utilise the data, the feasibility of achieving these purposes through alternative methods, and the relevant legal, regulatory, tax, accounting, or other obligations.

Under certain conditions, we may anonymize your personal data, rendering it unidentifiable to you, for research or statistical analysis. In such instances, we reserve the right to utilise this anonymized information indefinitely without providing additional notification. Wallet balances that remain inactive for 24 months may expire.

Because our Services are offered worldwide, the information about you that we process when you use the Services in a country may be used, stored, and/or accessed by individuals operating outside that country who work for us, other members of our group of companies, or third-party data processors. This is required for the purposes listed in the “How We Use Your Information” section above. We apply safeguards such as Standard Contractual Clauses where legally required.

When providing information about you to entities outside your country, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Policy as required by applicable law. These measures include entering into approved standard contractual arrangements with entities based in countries outside your country.

We take the security of your information seriously. We employ industry-standard security measures to protect your information from unauthorised access, disclosure, alteration, or destruction. Here's how we ensure the security of your data:

Encryption At Rest

Your data is encrypted on disk using Linux Unified Key Setup (LUKS) encryption technology. This means that even if someone gains physical access to our servers, they won't be able to access your data without the decryption key.

Encryption In Transit

We encrypt all data transmitted between your device and our servers using Secure Sockets Layer (SSL) encryption. This ensures that your data remains secure while it's being transmitted over the internet, protecting it from interception by unauthorised parties.

Access Control

We implement strict access controls to limit access to your data only to authorised personnel who require it for legitimate technical purposes. This includes using strong authentication mechanisms and regularly reviewing and updating access permissions.

Regular Security Audits

We conduct regular security audits and assessments to identify and address any potential vulnerabilities in our systems and processes. This helps us stay proactive in mitigating security risks and ensuring the ongoing security of your data.

Data Backups and Disaster Recovery

We maintain regular backups of your data and have a comprehensive disaster recovery plan in place to ensure the integrity and availability of your information in the event of unforeseen incidents or emergencies.

While we take every precaution to protect your data, it's essential to remember that no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

Update the Information You Provide

You can review, change, and/or delete parts of your provided personal information by logging into the braudit web app and accessing your account page.

Opt Out of Marketing Communications

You may opt out of receiving promotional communications from us. Just follow the instructions in those communications or navigate to "emails" in your profile settings page or reach out to us. If you opt out of promotional communications, we may still send you other communications, like those about your account and legal notices.

Set Your Browser to Reject Cookies

You can usually choose to set your browser to remove or reject browser cookies before using our Sites, with the drawback that certain features may not function properly without the aid of cookies.

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These rights are to:

• Request access to your personal data.
• Request correction or deletion of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.
• Request to transfer your personal data to another party in limited circumstances (You will be notified if we are not able to comply with your request of transfer for specific legal or other reasons)
• Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us at hello@braudit.app.

A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:

• The use is necessary in order to fulfil our commitments to you under the applicable terms of service or other agreements with you or is necessary to administer your account — for example, in order to enable access to our service on your device; or
• The use is necessary for compliance with a legal obligation; or
• The use is necessary in order to protect your vital interests or those of another person; or
• We have a legitimate interest in using your information — for example, to provide and update our Services; to improve our Services so that we can offer you an even better user experience; to safeguard our Services; to communicate with you; to understand our user retention and attrition; to monitor and prevent any problems with our Services; and to personalise your experience; or
• You have given us your consent — for example before we place certain cookies on your device and access and analyse them later on.

If you are located in the EEA, the United Kingdom, or Switzerland and you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:

• For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
• For individuals in the UK: https://ico.org.uk/global/contact-us
• For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

No Fee Usually Required

There will be no charge for accessing your personal data or exercising any other rights. However, if your request is evidently unfounded, repetitive, or excessive, we reserve the right to impose a reasonable fee or decline to fulfil your request.

What We May Need From You

We will aim to respond to all legitimate requests as soon as we reasonably can and in any event within 90 days. If we think that it will take us longer than 90 days, we’ll let you know why and keep you updated. To safeguard your personal data and uphold your rights, we might require specific details from you to verify your identity before granting access to your personal data or facilitating other requested actions. This precautionary step helps prevent unauthorised disclosure of personal data to individuals without proper authorization. Additionally, we may reach out to you for additional information to expedite our response to your request.

Third Party Software and Services

This Privacy Policy addresses only our use and disclosure of information we collect from and/or about you on our Services. If you’d like to use third party software and services, any information you disclose to that third party is not covered by this Privacy Policy.

Our Sites may contain content or links to other websites that are not owned or controlled by us. We have no control over the privacy policies or content displayed on websites run by third parties.

Child Usage Restrictions

Our Services are not directed to children, and children are not eligible to use our Services. Protecting the privacy of children is very important to us. We do not collect or maintain personal information from people we actually know are under 13 years of age, and no part of our Services is designed to attract people under 13 years of age. If we later learn that a user is under 13 years of age, we will take steps to remove that user’s personal information from our databases and to prevent the user from utilising the Services.

Responsibility for Content

Users are responsible for all content they input into Braudit, including performance ratings and task updates. While Braudit may generate automated performance reviews using user data, users and their organizations remain responsible for the interpretation and use of such output.

Although most changes are likely to be minor, braudit may change its Privacy Policy from time to time. We encourage visitors and users to frequently check this page for any changes to our Privacy Policy. We will post any revised version of the Privacy Policy on this page, and, in some cases, we may provide additional notice (like adding a statement to our homepage or sending you a notification through email or the app). Your further use of the Services after a change to our Privacy Policy will be subject to the updated policy.

If you have any questions or concerns or complaints about our Privacy Policy or our information collection or processing practices, or if you want to report any security violations to us, please send an email to us at hello@braudit.app.