← Back to DigitalAura

Privacy Policy

Effective: 28 March 2026 · Version 1.0

1. Who We Are (Data Controller)

DigitalAura Technologies operates the DigitalAura cloud developer platform at digitalaura.app. We are the data controller responsible for the personal data you provide when using our services.

Contact: privacy@digitalaura.app
Data Protection Officer: dpo@digitalaura.app

2. Legal Basis for Processing

We process your personal data under the Nigeria Data Protection Act 2023 (NDPA) on the following lawful bases:

  • Contract — to provide and manage your account and cloud services.
  • Consent — for marketing communications (you may withdraw at any time).
  • Legal obligation — to retain financial records as required by Nigerian law.
  • Legitimate interests — to detect fraud, abuse, and security threats.

3. Data We Collect

CategoryExamplesPurpose
IdentityFirst name, last nameAccount management
ContactEmail address, phoneCommunication, authentication
FinancialCard last4, billing addressPayment processing (via Paystack)
TechnicalIP address, browser, SSH keysSecurity, service delivery
UsageDeploy logs, AI query historyService delivery, support
Git integrationGitHub username, repositoriesGit-push-to-deploy feature

We do not process special category data (health, biometric, political, etc.).

4. Your Rights Under NDPA 2023

You have the following rights regarding your personal data:

  • Right of Access — request a copy of all data we hold about you.
  • Right to Rectification — correct inaccurate or incomplete data.
  • Right to Erasure — request deletion of your account and personal data. Available in Settings → Delete Account.
  • Right to Portability — download all your data in machine-readable format. Available in Settings → Export my data.
  • Right to Object — object to processing based on legitimate interests.
  • Right to Withdraw Consent — for marketing at any time.

To exercise any right, contact privacy@digitalaura.app. We respond within 30 days as required by NDPA §16.

5. Data Retention

Data TypeRetention PeriodReason
Account profile (name, email)Until deletion requestContract performance
Financial records / invoices7 years after transactionNigerian tax & accounting law
Audit logs7 yearsLegal / security compliance
AI conversation historyUntil account deletionService delivery
Server activity logs1 yearSecurity incident response
Failed login attempts6 monthsFraud prevention

6. Third-Party Data Processors

We share your data with the following processors under written data processing agreements:

  • Paystack (paystack.com) — payment processing. Paystack is PCI-DSS compliant. Card details are never stored on DigitalAura servers.
  • Anthropic (anthropic.com) — AI assistant features. Your messages and project context are processed by Claude. Review Anthropic's Privacy Policy at anthropic.com/privacy.
  • GitHub (github.com) — git integration (optional). Only accessed if you connect your GitHub account.
  • Hetzner Online GmbH — infrastructure hosting. Servers located in Frankfurt, Germany (EU).

7. International Transfers

Our servers are hosted in the European Union (Hetzner, Frankfurt). Anthropic processes AI queries in the United States. These transfers are protected by appropriate safeguards under NDPA §43 (standard contractual clauses and adequacy decisions).

8. Security

We protect your data using industry-standard measures: AES-256-GCM encryption for sensitive data at rest, TLS 1.2+ in transit, Argon2 password hashing, mandatory two-factor authentication, and comprehensive audit logging. We conduct periodic security reviews.

9. Data Breach Notification

In the event of a data breach that is likely to cause harm, we will notify the Nigeria Data Protection Commission (NDPC) and affected individuals within 30 days of becoming aware of the breach, as required by NDPA §41.

10. Cookies

We use strictly necessary session cookies for authentication. We do not use tracking, advertising, or analytics cookies without your explicit consent.

11. Complaints

If you believe your data protection rights have been violated, you may file a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

12. Changes to This Policy

We will notify you by email and update the version number on this page when we make material changes. Continued use of the service after 30 days constitutes acceptance of the updated policy.

Last updated: 28 March 2026 · Version 1.0 · privacy@digitalaura.app