1. Who We Are (Data Controller)
DigitalAura Technologies operates the DigitalAura cloud developer platform at digitalaura.app. We are the data controller responsible for the personal data you provide when using our services.
Contact: privacy@digitalaura.app
Data Protection Officer: dpo@digitalaura.app
2. Legal Basis for Processing
We process your personal data under the Nigeria Data Protection Act 2023 (NDPA) on the following lawful bases:
- Contract — to provide and manage your account and cloud services.
- Consent — for marketing communications (you may withdraw at any time).
- Legal obligation — to retain financial records as required by Nigerian law.
- Legitimate interests — to detect fraud, abuse, and security threats.
3. Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Identity | First name, last name | Account management |
| Contact | Email address, phone | Communication, authentication |
| Financial | Card last4, billing address | Payment processing (via Paystack) |
| Technical | IP address, browser, SSH keys | Security, service delivery |
| Usage | Deploy logs, AI query history | Service delivery, support |
| Git integration | GitHub username, repositories | Git-push-to-deploy feature |
We do not process special category data (health, biometric, political, etc.).
4. Your Rights Under NDPA 2023
You have the following rights regarding your personal data:
- Right of Access — request a copy of all data we hold about you.
- Right to Rectification — correct inaccurate or incomplete data.
- Right to Erasure — request deletion of your account and personal data. Available in Settings → Delete Account.
- Right to Portability — download all your data in machine-readable format. Available in Settings → Export my data.
- Right to Object — object to processing based on legitimate interests.
- Right to Withdraw Consent — for marketing at any time.
To exercise any right, contact privacy@digitalaura.app. We respond within 30 days as required by NDPA §16.
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account profile (name, email) | Until deletion request | Contract performance |
| Financial records / invoices | 7 years after transaction | Nigerian tax & accounting law |
| Audit logs | 7 years | Legal / security compliance |
| AI conversation history | Until account deletion | Service delivery |
| Server activity logs | 1 year | Security incident response |
| Failed login attempts | 6 months | Fraud prevention |
6. Third-Party Data Processors
We share your data with the following processors under written data processing agreements:
- Paystack (paystack.com) — payment processing. Paystack is PCI-DSS compliant. Card details are never stored on DigitalAura servers.
- Anthropic (anthropic.com) — AI assistant features. Your messages and project context are processed by Claude. Review Anthropic's Privacy Policy at anthropic.com/privacy.
- GitHub (github.com) — git integration (optional). Only accessed if you connect your GitHub account.
- Hetzner Online GmbH — infrastructure hosting. Servers located in Frankfurt, Germany (EU).
7. International Transfers
Our servers are hosted in the European Union (Hetzner, Frankfurt). Anthropic processes AI queries in the United States. These transfers are protected by appropriate safeguards under NDPA §43 (standard contractual clauses and adequacy decisions).
8. Security
We protect your data using industry-standard measures: AES-256-GCM encryption for sensitive data at rest, TLS 1.2+ in transit, Argon2 password hashing, mandatory two-factor authentication, and comprehensive audit logging. We conduct periodic security reviews.
9. Data Breach Notification
In the event of a data breach that is likely to cause harm, we will notify the Nigeria Data Protection Commission (NDPC) and affected individuals within 30 days of becoming aware of the breach, as required by NDPA §41.
10. Cookies
We use strictly necessary session cookies for authentication. We do not use tracking, advertising, or analytics cookies without your explicit consent.
11. Complaints
If you believe your data protection rights have been violated, you may file a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.
12. Changes to This Policy
We will notify you by email and update the version number on this page when we make material changes. Continued use of the service after 30 days constitutes acceptance of the updated policy.
Last updated: 28 March 2026 · Version 1.0 · privacy@digitalaura.app