Who We Are
Gitardor Limited is a registered digital solutions company headquartered in Lagos, Nigeria. We build and operate a portfolio of digital services designed to help individuals, startups, and established businesses compete and grow in the modern digital economy.
Our services include Web Development, Ecommerce Store Development, Digital Marketing, Content Creation & Writing, Online School Platform Development, AI Chatbot Development, Digital Product Creation, Marketing Funnel Design, and the Writers' Hub — a community platform for writers and content creators.
For the purposes of this Privacy Policy, Gitardor Limited acts as the Data Controller for all personal data collected through our website (gitardor.com), our client-facing platforms, and through any direct business engagement with our team. Where we process data on behalf of our clients (for example, managing data within a client's ecommerce store or online school), we act as a Data Processor and are governed by our separate Data Processing Agreement.
Integrity is our Watchword. We treat your personal data with the same professionalism, discretion, and respect that we bring to every client relationship. Data privacy is not a compliance checkbox for us — it is a reflection of our values.
Scope of This Policy
This Privacy Policy applies to all personal data processed by Gitardor Limited across every touchpoint through which individuals interact with our company, our website, and our services.
Our Website
All pages of gitardor.com, including contact forms, service enquiry forms, blog comments, and any interactive features available on the site.
Direct Communications
Emails, WhatsApp messages, phone calls, and any other direct correspondence between you and the Gitardor team.
Writers' Hub Platform
Registration, profile management, content submission, community features, and all member interactions within the Writers' Hub platform.
Online School Platforms
Student enrolment, course access, progress tracking, and communication within any Gitardor-hosted or Gitardor-developed online learning environments.
Ecommerce & Digital Products
Purchase transactions, order data, customer accounts, and delivery information processed through Gitardor-built or managed ecommerce platforms.
AI Chatbot Interactions
Conversational data collected through any AI chatbot systems developed, deployed, or managed by Gitardor Limited on behalf of clients or on our own platforms.
This policy does not extend to third-party websites, services, or platforms that may be linked from our website or referenced in our content. We encourage you to review the privacy policies of any third-party services you access independently of Gitardor.
Data We Collect
We only collect personal data that is genuinely necessary to provide you with our services, respond to your enquiries, fulfil our legal obligations, or improve our platform. We do not collect data speculatively or in excess of what is needed.
| Data Category | Examples | Purpose |
|---|---|---|
| Identity Data | Full name, username, pen name (Writers' Hub) | AccountCommunication |
| Contact Data | Email address, phone number, WhatsApp number | CommunicationSupport |
| Business Data | Company name, industry, job title, business address | Service DeliveryInvoicing |
| Financial Data | Invoice records, payment status, billing address (no card numbers stored) | BillingCompliance |
| Technical Data | IP address, browser type, device type, operating system, session ID | SecurityAnalytics |
| Usage Data | Pages visited, time on site, links clicked, feature usage on platforms | AnalyticsImprovement |
| Content Data | Articles, essays, and creative works submitted to Writers' Hub | Platform Operations |
| Communication Data | Project briefs, email threads, enquiry form submissions, support messages | Service DeliveryRecords |
| Preference Data | Genre preferences, newsletter topics, communication frequency settings | PersonalisationMarketing |
| Marketing Data | Referral source, campaign response, content engagement metrics | MarketingAnalytics |
Sensitive Data: Gitardor Limited does not intentionally collect sensitive personal data — including racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data. Please do not include such information in any communications or forms submitted to us. If such data is inadvertently received, it will be deleted promptly.
How We Collect Your Data
We collect personal data through direct interactions, automated technical means, and — in limited circumstances — from trusted third-party sources. We are transparent about every method used.
Forms & Applications
Data you enter into our website contact form, project enquiry form, Writers' Hub registration, online school enrolment, newsletter sign-up, and any other interactive forms on our platforms.
Direct Correspondence
Information you share with us via email, WhatsApp, phone calls, video meetings, or any other form of direct communication with our team.
Automated Technologies
Technical and usage data collected automatically as you browse our website and platforms — including cookies, log files, pixel tags, and analytics tracking (see Section 5 for full details).
Payment Processing
Transaction-level data (amount, date, invoice reference, payment status) captured during billing. Full card and banking details are handled exclusively by our payment processors and are never stored by Gitardor.
Third-Party Sources
In some cases, we may receive data about you from referral partners, professional networks such as LinkedIn, or publicly available business directories where we have a legitimate interest in making contact.
Platform Interactions
Data generated through your use of Writers' Hub, hosted online schools, ecommerce stores, and AI chatbot platforms — including content you publish, courses you enrol in, and interactions you initiate.
Cookies & Tracking
Our website and platforms use cookies and similar tracking technologies to ensure functionality, measure performance, and where you consent, to personalise your experience. You have full control over non-essential cookies.
On your first visit to gitardor.com, a cookie consent banner will request your preferences. You may accept all, reject non-essential, or manage individual categories. You can update your cookie preferences at any time via the "Cookie Settings" link in our website footer. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
How We Use Your Data
We use personal data only for defined, legitimate purposes that are necessary to deliver our services and run our business. We do not repurpose data without appropriate notice.
Service Delivery
To scope, plan, build, and deliver the digital services you have commissioned — including web development, ecommerce, online schools, AI chatbots, content production, and digital marketing campaigns.
Account & Platform Management
To create and maintain your account on Writers' Hub, online school platforms, and any client dashboard we operate; to manage subscriptions, memberships, and service access.
Communication
To respond to your enquiries, send project updates, issue invoices, notify you of policy changes, and communicate service-related information relevant to your engagement with us.
Analytics & Improvement
To analyse how our services and platforms are used, identify areas for improvement, test new features, and produce internal performance reports — always using aggregated or anonymised data where possible.
Marketing & Newsletters
To send marketing communications, industry insights, product updates, and promotional offers to individuals who have opted in or who have an existing relationship with us. You may unsubscribe at any time via the link in any email.
Legal & Compliance
To maintain financial and tax records as required by Nigerian law, respond to lawful requests from regulatory bodies, enforce our Terms of Service, and prevent fraudulent or harmful activity on our platforms.
Security & Fraud Prevention
To monitor our platforms for suspicious activity, protect user accounts, verify identities where required, and safeguard the integrity and security of our digital infrastructure and client data.
Personalisation
Where you have consented, to personalise your experience on our platforms — such as recommending relevant content on Writers' Hub or tailoring communications to your service interests and preferences.
Legal Basis for Processing
In compliance with the Nigeria Data Protection Regulation (NDPR) and, where applicable to international clients, the General Data Protection Regulation (GDPR), every instance of personal data processing at Gitardor Limited rests on one of the following lawful bases.
Contractual Necessity
Where processing is necessary to perform a contract with you — for example, using your contact details and project brief to deliver a commissioned website, ecommerce store, or digital marketing campaign. This is the primary basis for most of our client data processing.
Legitimate Interests
Where we have a genuine business reason to process your data that is proportionate and does not override your fundamental rights. This includes security monitoring, platform analytics, sending relevant service updates to existing clients, and business development outreach to prospective clients. You may object to processing on this basis at any time.
Consent
Where you have freely, specifically, and unambiguously given your agreement to a specific use of your data — such as subscribing to our newsletter, enabling marketing cookies, or opting into promotional communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Legal Obligation
Where processing is required to comply with a legal obligation — for example, retaining financial records under Nigerian tax law, responding to a lawful court order, or cooperating with FIRS for tax compliance purposes.
Vital Interests
In exceptional circumstances, where processing is necessary to protect the vital interests of a data subject or another natural person — for instance, preventing a serious security threat or responding to a data breach affecting your account.
Third-Party Sharing
Gitardor Limited does not sell, rent, or trade your personal data to third parties for any commercial purpose. We share data with third parties only to the extent strictly necessary to deliver our services or meet our legal obligations.
Payment Processors
Payment transactions are processed by third-party payment gateway providers. These entities receive only the data necessary to process your transaction and are bound by their own PCI-DSS compliant security frameworks. Gitardor Limited does not store full card numbers or banking credentials.
Cloud Infrastructure & Hosting
Our platforms and client projects are hosted on reputable cloud infrastructure providers. These providers act as data processors under binding data processing agreements and do not use your data for any purpose beyond hosting and infrastructure operations.
Analytics Providers
Where analytics tools (such as Google Analytics) are used, data is shared in anonymised or pseudonymised form. We apply IP anonymisation and have configured these tools to minimise personal data exposure in line with our privacy commitments.
Marketing & CRM Platforms
Email marketing and client relationship platforms (e.g., Mailchimp, ConvertKit, or equivalent) may store your email address and name where you have opted into our communications. All such platforms are bound by data processing agreements.
Legal & Regulatory Authorities
We may disclose personal data to government agencies, law enforcement, or regulators where required by Nigerian law or a valid legal order. We will always seek to verify the legitimacy of such requests before disclosure.
Professional Advisors
Our legal advisors, auditors, and accountants may have limited access to certain client or business data in the course of providing professional services to Gitardor. All are bound by confidentiality obligations.
Data Processing Agreements: Every third-party processor that handles personal data on our behalf operates under a formal Data Processing Agreement (DPA) that legally requires them to protect your data, process it only as instructed, and apply appropriate security measures. We conduct periodic reviews of our processor relationships.
Data Retention
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, to comply with legal obligations, or to resolve disputes. The table below sets out our standard retention periods by data category.
At the end of the applicable retention period, data is securely deleted or permanently anonymised. Where you exercise your right to erasure (see Section 11), we will delete your data ahead of schedule unless retention is required by law or is necessary for the establishment, exercise, or defence of legal claims.
Backup copies of data held in secure, encrypted archives may persist for up to 90 days beyond the standard deletion date, after which they are purged in full during scheduled backup lifecycle management.
Data Security
We implement robust technical and organisational security measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. Security is a continuous operational priority, not a one-time configuration.
Encryption at Rest & Transit
All data is encrypted at rest using AES-256 and in transit via TLS 1.2 or higher. Our website enforces HTTPS across all pages and subdomains.
Access Controls
Strict role-based access control (RBAC) ensures staff access only the data required for their specific role. All access is logged and reviewed regularly.
Firewalls & Monitoring
Our infrastructure is protected by web application firewalls, DDoS mitigation, and 24/7 automated monitoring for anomalous behaviour or intrusion attempts.
Two-Factor Authentication
Two-factor authentication (2FA) is enforced for all internal team accounts accessing systems that contain personal data or client information.
Regular Backups
Data is backed up regularly to geographically distributed, encrypted storage. Backup integrity is verified through automated testing protocols.
Staff Training
All Gitardor team members receive data protection training and are bound by contractual confidentiality obligations with respect to client and user data.
Data Breach Notification: In the event of a personal data breach that poses a risk to your rights or freedoms, Gitardor Limited will notify the relevant supervisory authority (NITDA/NDPC in Nigeria) within 72 hours of becoming aware, and will notify affected individuals without undue delay where the breach is likely to result in high risk. We maintain a formal Data Breach Response Plan that is reviewed annually.
Your Rights
Under the Nigeria Data Protection Regulation (NDPR) and applicable international data protection law, you hold meaningful rights over your personal data. Gitardor Limited is committed to making the exercise of these rights straightforward and free of charge.
Right of Access
You have the right to request a copy of all personal data we hold about you, along with information about how and why it is being processed. We will respond within 30 days.
Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you may request that it be corrected or updated. We will act on such requests without undue delay.
Right to Erasure
You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where consent has been withdrawn, or where it has been unlawfully processed.
Right to Restrict Processing
You may request that we limit the processing of your data in certain circumstances — for example, while a dispute about the accuracy of the data is being resolved.
Right to Data Portability
Where processing is based on consent or contract, you may request a copy of your personal data in a structured, commonly used, machine-readable format — or ask us to transfer it directly to another provider.
Right to Object
You have the right to object to processing based on our legitimate interests or for direct marketing purposes. Upon an objection to marketing, we will cease processing immediately.
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw it at any time without penalty. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or the relevant supervisory authority in your country if you believe your data rights have been violated.
How to Exercise Your Rights: Submit a written request to [email protected] with the subject line "Data Rights Request — [Your Name]." Include your full name, the email address associated with your account or enquiry, and a clear description of the right you wish to exercise. We will acknowledge within 5 business days and fulfil the request within 30 days. There is no charge for standard requests.
Children's Privacy
Gitardor Limited's website and general business services are directed at adults aged 18 and over. We do not knowingly collect or process personal data from children under the age of 13 without verifiable parental or guardian consent.
Certain Gitardor-developed products — particularly online school platforms built for educational institutions or training providers — may serve users under the age of 18. In such cases, the operator of that platform (our client) is responsible for obtaining appropriate parental consent in accordance with applicable law. Gitardor acts as a Data Processor in these contexts and processes such data only as instructed by the client.
Writers' Hub membership is restricted to individuals aged 18 and over. If we become aware that a child under 13 has provided personal data to us without appropriate consent, we will take immediate steps to delete that data. If you believe a child under 13 has registered with our platform without parental consent, please contact us immediately at [email protected].
International Data Transfers
As a company serving clients across Nigeria and internationally, some of your personal data may be transferred to and processed in countries outside of Nigeria. We ensure that all international transfers are protected by appropriate legal mechanisms.
Where personal data is transferred to a country that does not provide an equivalent level of data protection to Nigeria or the EU, we implement one or more of the following safeguards: Standard Contractual Clauses (SCCs) approved by the relevant supervisory authority; binding corporate rules for intra-group transfers; transfer to countries recognised as providing an adequate level of data protection; or explicit consent from the data subject after being informed of the risks.
Third-party service providers we engage — such as cloud hosting providers, analytics platforms, and marketing tools — may be headquartered or operate infrastructure in the United States, European Union, or United Kingdom. Where this applies, we ensure that our agreements with such providers include the appropriate data transfer mechanisms and security commitments.
You may request information about the specific safeguards in place for any international transfer of your data by contacting us at [email protected].
Updates to This Policy
The digital landscape and the legal frameworks governing data protection continue to evolve. We review this Privacy Policy at least annually and update it whenever we make material changes to our data practices.
When we make material changes — such as introducing new types of data collection, new purposes for processing, or new third-party processors — we will notify you via email to your registered address at least 14 days before the changes take effect. The revised policy will always be accessible on our website with the updated effective date prominently displayed.
For minor, non-material changes — such as typographical corrections, clearer wording, or updated contact information — we will update the "Last Updated" date on this policy without issuing a formal notification. We encourage you to review this policy periodically.
Your continued use of our website or services following any policy update constitutes your acknowledgment of the revised terms. If you do not agree with any change, please contact us to discuss your options or to close your account before the effective date.
Contact & Data Officer
For all privacy-related matters — including exercising your data rights, raising a concern, requesting a copy of our Data Processing Agreement, or simply asking a question about how we handle your data — please reach our team using the details below.
Registered Details
Gitardor Limited
Lagos, Nigeria
Registered Digital Solutions Agency
CAC Registered
Privacy & Data Enquiries
Email: [email protected]
Subject Line: "Privacy Policy Enquiry"
Response within: 24–48 business hours
Supervisory Authority — Nigeria
If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) — the regulatory body responsible for overseeing the Nigeria Data Protection Regulation. The NDPC can be reached at ndpc.gov.ng. For EU/UK residents, the relevant data protection supervisory authority in your country of residence also has jurisdiction over cross-border complaints.
Data Rights Request Procedure
Email [email protected] with subject line "Data Rights Request — [Your Name]". Include: your full name, associated email address, the right you wish to exercise, and any relevant details. We will acknowledge within 5 business days and respond in full within 30 days at no charge.