Regulatory Framework
We process personal data in compliance with the Nigeria Data Protection Regulation (NDPR), the EU General Data Protection Regulation (GDPR) where applicable, and the California Consumer Privacy Act (CCPA), as applicable to our users.
Personal Data We Collect
- Account & Profile: name, email, phone number, service number/ID, rank/role, unit/course assignments.
- Authentication & Security: passwords, session tokens, device identifiers, IP address, user agent, login activity.
- Training & Operations Data: attendance records, kilometer-walk tracking data, course activities, exam/CBT records, service paper submissions and review history.
- Location Data (Mobile): precise GPS data for kilometer-walk automation and attendance features, collected only with permission.
- Notifications: Expo push notification tokens and delivery metadata (success/failure) to send alerts to your device.
- Messaging & Files: in-app chat messages, attachments, document uploads (including service papers), comments and acknowledgments.
- Support & Contact: communications sent to us (email, phone), and any information you provide when requesting support or exercising privacy rights.
- Logs & Analytics: server logs, error reports, and usage analytics necessary to ensure reliability, security and service improvements.
How We Use Personal Data
- Provide and administer the NCCSC Portal and Mobile App features (SSO, attendance, kilometer-walk, CBT, service papers, messaging).
- Authenticate users, authorize roles, prevent fraud, and maintain security.
- Send operational communications and notifications you opt into.
- Comply with legal obligations and institutional policies, including audit and record-keeping.
- Monitor performance, troubleshoot issues, and improve services.
Legal Bases (GDPR/NDPR)
- Contract: to provide requested services and platform access.
- Legitimate Interests: service security, reliability, internal administration, and improvement.
- Consent: for specific features such as precise location collection and push notifications.
- Legal Obligation: where retention or disclosure is required by law or policy.
Sharing and Disclosure
- Internal Access: authorized NCCSC personnel with role-based controls (e.g., admin staff, instructors, course officers, supervising staff).
- Service Providers: trusted vendors providing hosting, storage, analytics, notifications (including Firebase/Google Cloud and Expo for push notifications), subject to data protection safeguards and DPAs where applicable.
- Compliance & Safety: to comply with applicable law, enforce policies, and protect rights, safety, and security.
We do not sell personal data.
Data Retention
We retain personal data for as long as necessary to fulfill the purposes outlined above, including compliance and audit requirements. Retention periods vary depending on record type (e.g., attendance, exam records, service papers) and legal/institutional obligations. We delete or anonymize data when it is no longer required.
Your Rights
- NDPR/GDPR: access, rectification, erasure, restriction, portability, and objection; the right to withdraw consent where processing is based on consent.
- CCPA (if applicable): right to know, right to delete, right to opt out of sale (we do not sell), and the right to non-discrimination for exercising these rights.
To exercise your rights, please see our Data Deletion & Rights Request page or contact us using the details below.
Security
We implement administrative, technical, and organizational measures to protect personal data, including role-based access control, encryption-in-transit, logging, and monitoring. No method of transmission or storage is 100% secure, but we strive to use industry-appropriate safeguards.
International Transfers
Where data may be processed outside your jurisdiction (e.g., with cloud providers), we implement appropriate safeguards (such as standard contractual clauses) where required by law.
Children/Younger Users
The platform is intended for registered officers/trainees and authorized personnel. Where minors or younger users participate under institutional programs, processing is limited to official purposes and subject to applicable safeguards.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Portal or Mobile App. Continued use of our services after changes become effective constitutes acceptance of the updated policy.