Privacy Policy

Last updated: 30 March 2026

What Data We Collect

When you use our services or fill out forms on our website, we may collect:

  • Your name and contact details
  • Phone numbers and WhatsApp numbers
  • Business information (name, industry, requirements)
  • Bank account details (for partner referral payments)

Why We Collect It

We use your data to:

  • Provide web design and development services
  • Communicate with you about your project
  • Process referral commission payments to our partners

How We Store Your Data

Your data is stored in a secure Notion database. Access is limited to authorised members of the Pejji team on a need-to-know basis.

Third-Party Services

We use the following third-party services:

  • Google Analytics -to understand website traffic and usage patterns
  • Paystack -to process payments securely
  • Cloudflare -to host and deliver our website
  • WhatsApp Cloud API (Meta Platforms) -delivery channel for our WhatsApp-delivered onboarding service. Meta receives message metadata required to deliver messages between you and Pejji. Governed by the WhatsApp Business Policy.
  • Anthropic Claude (US-hosted AI processing) -powers AI-assisted onboarding conversation, site copy generation, and voice-note transcription. Data is processed under Standard Contractual Clauses (SCCs) per NDPA Articles 26-27. Inputs are limited to the minimum necessary and are NOT retained for model training. See our DPIA for full details.

Each of these services has its own privacy policy governing how they handle data.

Cookies

Our website uses:

  • Google Analytics (GA4) cookies -to collect anonymous usage data such as pages visited, session duration, and traffic sources
  • localStorage -to remember your theme preference (dark/light mode) and cookie consent choice

Data Retention

We retain client data for the duration of our service relationship plus 12 months after the engagement ends. After this period, your data is securely deleted unless we are required by law to retain it longer.

Customer Photos & Voice Notes

When you submit product photos or voice notes during onboarding (or any later interaction), we process them to render your website and to transcribe voice input. Specific retention by data type:

  • Product photos -retained for the lifetime of the website (up to 12 months after last login). Deleted within 30 days of subscription cancellation OR on written request to [email protected].
  • Voice notes (audio) -deleted within 30 days. Transcribed text is retained only when used as site copy.
  • Right to erasure -you can request immediate deletion of any photo or voice note at any time. We act within 7 days per NDPA.

Voice audio is never used to train any AI model.

Cross-Border Data Transfer Disclosure

Some of our service providers process data outside Nigeria. The Nigeria Data Protection Act (NDPA) and the General Application & Implementation Directive (GAID) require us to disclose this and document the legal basis:

  • Anthropic (United States) -AI processing. Governed by Standard Contractual Clauses (SCCs) incorporated into our service agreement. See our DPIA for the full risk assessment + mitigations.
  • Cloudflare (global edge) -website hosting + WAF. Edge data is processed near the requester; persistent data is stored in Nigerian-anchored configuration where supported.
  • Meta (US, via WhatsApp Cloud API) -message delivery only. Bound by Meta's privacy framework + our Business API agreement.

You can request the SCC text or the full DPIA by emailing [email protected]. See our DPIA summary page for a public excerpt.

Your Rights

You have the right to request access to, correction of, or deletion of your personal data at any time. To exercise these rights, email us at [email protected].

NDPA 2023 Compliance

Pejji complies with the Nigeria Data Protection Act 2023. We process personal data lawfully and transparently. For data protection inquiries, contact [email protected].

Breach Notification

In the event of a data breach that affects your personal information, we will notify you and the relevant authorities within 72 hours of becoming aware of the breach, in accordance with NDPC requirements.

Contact Us

If you have any questions about this privacy policy, email us at [email protected].