Privacy Policy

VNSIS Technologies Limited (RC: 9316302), a company registered under the laws of the Federal Republic of Nigeria and incorporated by the Corporate Affairs Commission, is the Data Controller responsible for personal data collected through this website and its associated services. Registered address: Asaba, Delta State, Nigeria. Contact: vnsistech@gmail.com

Through our intake form at vnsis.com/contact, we collect the following categories of personal data when you initiate an engagement inquiry: • Full name • Corporate entity name • Official corporate email address • Selected service tier • Description of operational bottleneck (business context — not personal sensitive data) • Referral source (optional) • Consent record (timestamp, IP hash, user agent) We do not collect payment card data, government-issued identification numbers, health records, or any special categories of personal data as defined under the NDPA 2023 through this website.

We process your personal data on the following legal bases under the NDPA 2023: • Consent: You provide explicit, opt-in consent before submitting the intake form. Consent is specific to the purpose of evaluating your engagement inquiry. • Legitimate interest: We have a legitimate interest in responding to business inquiries directed to us through our published contact channels. • Contract performance: Where an engagement is initiated, processing is necessary for the performance of a services contract.

Your personal data is processed exclusively for the following purposes: • Evaluating your engagement inquiry and preparing a response • Communicating with you regarding your inquiry and any resulting engagement • Maintaining records of client engagements for legal and compliance purposes • Sending transactional communications directly related to your engagement We do not use your data for marketing purposes without separate, specific consent. We do not sell, rent, or trade your personal data to any third party.

Inquiry records are retained for 24 months from the date of submission, unless an engagement contract is executed, in which case data is retained for the duration of the engagement plus 36 months for legal and compliance purposes. Inquiry records where no engagement follows are archived after 6 months and purged at the 24-month mark. You may request earlier deletion under Section 7.

We use the following third-party processors, each bound by appropriate data processing agreements and compliance frameworks: • Supabase Inc. (database infrastructure) — SOC 2 Type 2 certified, data processed within contracted regions • Resend Inc. (transactional email delivery) — processes email addresses solely for the purpose of delivering your inquiry confirmation • Cloudflare Inc. (Turnstile bot protection, edge network) — processes minimal request metadata for security verification No personal data is transferred to countries without adequate data protection frameworks without appropriate safeguards in place.

As a data subject under the Nigeria Data Protection Act 2023, you have the following rights, which you may exercise at any time by contacting us at vnsistech@gmail.com: • Right of access: Request a copy of the personal data we hold about you • Right to rectification: Request correction of inaccurate personal data • Right to erasure: Request deletion of your personal data, subject to legal retention obligations • Right to restrict processing: Request that we limit how we use your data • Right to data portability: Receive your data in a structured, machine-readable format • Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing • Right to object: Object to processing based on legitimate interest We will respond to all rights requests within 30 days of receipt.

We implement the following technical and organisational security measures: • TLS 1.3 encryption for all data in transit • AES-256 encryption for all data at rest • Row-Level Security (RLS) enforced at the database layer — preventing cross-tenant data access even in the event of application-layer misconfiguration • IP hash storage only (raw IP addresses are never persisted) • Access to the leads database restricted to authenticated service-role operations only

For all data protection inquiries, rights requests, or complaints, contact: VNSIS Technologies Limited Data Protection Officer vnsistech@gmail.com If you are unsatisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

This policy is reviewed annually and updated when our data processing practices change materially. The effective date at the top of this page reflects the most recent revision. Continued use of our services after a material update constitutes acceptance of the revised policy.