Legal

Privacy Policy

Last updated: 3 July 2026

This Privacy Policy explains what personal information Nookpal collects, how we use and share it, and the choices you have. It is intended to align with the Nigeria Data Protection Act (NDPA) 2023 and related regulations. It applies to hosts, teammates, agents, and guests who interact with Nookpal.

1. Who is responsible for your data

For account and platform data, Nookpal is the data controller. For the guest information a host enters or collects through their public pages, the host is the controller of that data and Nookpal acts as a processor on the host’s behalf — we process it to provide the service and under the host’s instructions.

2. Information we collect

  • Account information — your name, email, and login details, handled through our authentication provider when you sign up or sign in.
  • Content you enter — properties, units, bookings, guests, expenses, messages, documents, and related records you create in Nookpal.
  • Guest inquiry data — when a guest submits a request on a host’s public page or booking link (name, contact details, dates, and any notes they provide).
  • Usage and device data — pages visited, actions taken, approximate location derived from IP, browser and device type, and similar technical data, collected to operate, secure, and improve the service.
  • Cookies and similar technologies — see the Cookies section below.

3. How we use information

  • to provide, maintain, and secure the platform and your account;
  • to process inquiries and bookings and to generate documents you request;
  • to send transactional messages such as inquiry receipts and notifications;
  • to measure and improve how the product and public pages perform;
  • to detect, prevent, and respond to fraud, abuse, and security issues;
  • to comply with legal obligations.

4. Legal bases

We process personal data where it is necessary to perform our contract with you, where we have a legitimate interest (such as securing and improving the service), where you have consented, or where we must comply with a legal obligation.

5. Cookies and analytics

We use a small number of cookies and similar technologies:

  • Essential cookies — required to sign you in and keep the platform secure. Without these, the service will not work.
  • Product analytics — we use PostHog to understand how the product is used so we can improve it. This includes page views and interaction events, which may be associated with a signed-in user.
  • Public-page traffic measurement — to show hosts how many people view their public pages, we set a first-party cookie named np_vid when a public page loads. It stores a random identifier (not your name, email, or any personal detail), is readable only by our servers, and lasts about one year. We use it solely to distinguish unique visitors from repeat visits so counts are meaningful. These counts are estimates, not audit-grade records.

You can clear or block cookies in your browser at any time. Blocking essential cookies will prevent you from signing in; blocking the analytics or traffic cookies will not stop you from using public pages.

6. How we share information

We do not sell your personal data. We share it only with service providers who help us run Nookpal, under agreements that require them to protect it and use it only for us. These include:

  • authentication and identity management;
  • database hosting and application hosting infrastructure;
  • product analytics (PostHog);
  • rate-limiting and abuse-prevention services;
  • email delivery for transactional messages.

Where a host chooses to continue a conversation with a guest over a third-party channel such as WhatsApp, that communication is governed by that provider’s own terms and privacy policy. We may also disclose information where required by law or to protect our rights and users.

7. Data retention

We keep personal data for as long as your account is active or as needed to provide the service, and thereafter as required to meet legal, accounting, or security obligations. Hosts control the guest and booking records within their organisation and can update or remove them.

8. How we protect your data

We use access controls, organisation-level data isolation, encryption in transit, and service-provider safeguards to protect personal data. No system is perfectly secure, but we work to protect information against unauthorised access, loss, or misuse.

9. Your rights

Subject to applicable law, you have the right to access, correct, delete, or restrict the processing of your personal data, to object to certain processing, and to request a copy of your data. To exercise these rights, contact us using the details below. If you are a guest and want data corrected or removed, you can also contact the host you dealt with, who controls that data.

10. International transfers

Some of our service providers may process data outside Nigeria. Where that happens, we take steps to ensure your data remains protected in line with applicable data-protection law.

11. Children

Nookpal is not directed to children and is intended for use by adults managing hospitality businesses. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you.

13. Contact us

For privacy questions or to exercise your rights, contact us at hello@ledgeapp.co. See also our Terms of Service.