Legal

Privacy Policy

NISOLABS LIMITED (trading as Pade) is committed to protecting the privacy of every business owner and their customers. This policy explains what data we collect, how we use it, and the rights you hold under Nigerian law.

Effective: May 15, 2026Last updated: May 15, 2026Questions? legal@pade.ng

1. Who We Are

NISOLABS LIMITED (RC 8609726), a company incorporated under the laws of the Federal Republic of Nigeria and trading as Pade, is the data controller for the information processed through the Pade platform (“Service”). Our registered address is in Abuja, Nigeria.

When this policy says “Pade”, “we”, “us”, or “our”, it means NISOLABS LIMITED. When it says “you”, it means the business owner or authorised user of the Pade account.

We are bound by the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation (NDPR) 2019 as implemented by the Nigeria Data Protection Commission (NDPC).

2. Data We Collect

2.1 Account Data

When you sign up for Pade, we collect:

  • Full name, business name, and business type
  • Email address and phone number (used as your login and for WhatsApp connection)
  • Country and state (used to apply the correct currency and tax rules)
  • Password (hashed; we never store it in plain text)
  • Subscription plan and billing history

2.2 Business & Debt Data

The core purpose of Pade is to manage credit sales. When you use the Service, we store:

  • Debt records: customer name, amount, due date, status, notes you add
  • Payment records: amounts received, payment method, date, and reconciliation status
  • Invoice records: items, amounts, and send/view history
  • Reminder history: messages sent, delivery status, and customer responses

2.3 Your Customers' Data

When you add a debtor to Pade, you provide us with limited personal data about that person — typically their name, phone number, and WhatsApp or Instagram handle. This data belongs to you. Pade acts as a data processorfor your customers' data; you remain the data controller and are responsible for having a lawful basis to share and process that data.

Your responsibility as a controller: Before sending a WhatsApp reminder to your customer via Pade, you should be satisfied that your customer has consented to receive communications from your business on WhatsApp, or that there is another lawful basis under the NDPA 2023 (e.g. contractual necessity for a debt they owe you).

2.4 Payment Data

When your customers pay through Pade-generated payment links (via Paystack or Flutterwave), we receive a webhook notification confirming the transaction. We store the transaction reference, amount, payment method type, and timestamp. We do not store card numbers, bank account details, or BVN — those are held solely by our payment processors.

2.5 WhatsApp & Instagram Message Data

When you connect your WhatsApp Business number to Pade, we process incoming and outgoing messages through Meta's official WhatsApp Business API. Specifically:

  • Outbound messages:reminder text drafted by you or our AI, sent to your customer's WhatsApp number
  • Inbound messages: customer replies that you forward to Pade for debt extraction — we read the content to identify amounts, names, and dates; we do not retain the full message thread beyond the extraction result
  • Message metadata: delivery timestamps, read receipts, and sender phone numbers

For Instagram DM (available on paid plans), we only process messages exchanged within the 24-hour messaging window permitted by Meta's Messaging Policy. We cannot and do not send cold first messages on Instagram.

2.6 Technical & Usage Data

  • IP address and approximate location (country/city)
  • Browser type, device model, and operating system
  • Pages visited, features used, and session duration
  • Error logs and performance diagnostics

3. How We Use Your Data

We use your data to:

  • Deliver the Service — maintain your debt book, send reminders, match payments, generate invoices
  • Power AI features — draft reminder messages, extract debt signals from forwarded chat, detect overdue patterns; AI processing happens within the Service and is not used for advertising
  • Process payments — pass payment link instructions to Paystack or Flutterwave and reconcile incoming webhooks
  • Communicate with you — billing receipts, service alerts, product updates, and (with your consent) marketing messages
  • Improve and secure the Service — diagnose errors, prevent fraud, and develop new features using aggregate, anonymised usage data
  • Meet legal obligations — tax records, regulatory compliance, and responding to lawful requests from Nigerian authorities

Legal basis (NDPA 2023): We rely on performance of a contract for core service delivery, legitimate interests for fraud prevention and service improvement, legal obligation for tax and regulatory compliance, and consent for optional marketing communications.

4. WhatsApp, Instagram & Meta Platforms

4.1 WhatsApp Business API

Pade integrates with WhatsApp via the official WhatsApp Business API, operated by Meta Platforms, Inc. By connecting your WhatsApp Business number to Pade, you authorise us to send and receive messages on your behalf through this API.

  • Meta processes message content on its own infrastructure. Meta's Privacy Policy and Business Messaging Policy govern their handling of that data.
  • We do not use WhatsApp message content to build advertising profiles or share it with third-party advertisers.
  • Pade stores only the reminder text, delivery status, and customer phone number — not the full WhatsApp conversation history unless you explicitly forward it for debt extraction.
  • You must comply with Meta's WhatsApp Business Messaging Policy, including obtaining appropriate opt-in from customers before messaging them.

4.2 Instagram DM (Meta Graph API)

For customers who engage with your business via Instagram, Pade can send debt reminders through the Instagram Messaging API. This integration is subject to:

  • The 24-hour messaging window — Pade can only reply to a customer who has messaged your Instagram Business account within the previous 24 hours. We cannot send unsolicited first messages.
  • We access your Instagram Business account only to send reminder messages; we do not read your personal inbox or other account content.
  • Meta's Platform Terms and Messaging Policy apply to this integration.

4.3 Facebook / Instagram OAuth

To connect your Instagram Business account, Pade uses Facebook Login (OAuth). We request only the permissions needed to send DMs and verify your business account. We do not access your personal Facebook profile, friends list, or ad account.

Meta data restriction:Pade does not use any data obtained through WhatsApp or Instagram APIs for advertising targeting, data brokering, or any purpose prohibited by Meta's Platform Terms.

5. Third-Party Processors & Sharing

We share data with third parties only as necessary to deliver the Service. All processors are contractually bound to handle your data securely and only for the purposes we specify.

ProcessorPurposeData shared
Meta (WhatsApp / Instagram)Sending & receiving messagesPhone numbers, message text, delivery metadata
PaystackPayment link generation & webhook reconciliationTransaction amount, reference, payment method
FlutterwavePayment link generation (multi-currency)Transaction amount, reference, payment method
AI model providersDrafting reminder messages, debt extractionMessage text passed for processing; not used to train models
Cloud infrastructure (Nigeria)Hosting, storage, databaseAll service data, stored in Nigeria

We do not sell your data, rent it, or share it with advertisers. We may disclose data if required by a valid court order or lawful request from a Nigerian regulatory authority, and we will notify you where we are legally permitted to do so.

6. Data Storage & Retention

All Pade data is stored on servers located within Nigeria. We do not transfer personal data outside Nigeria except where strictly necessary to deliver the WhatsApp or Instagram integrations through Meta's global infrastructure (covered by Meta's own transfer mechanisms).

Retention periods:

  • Active accounts: Data retained for the lifetime of your subscription.
  • After account deletion: We delete or anonymise your account and business data within 30 days of deletion, except where we are required to retain it by law.
  • Payment records: Retained for 7 years to meet Nigerian tax and financial record-keeping obligations.
  • WhatsApp message metadata: Retained for 90 days after the interaction, then deleted.
  • Logs and diagnostics: Retained for 90 days, then purged.

7. Your Rights Under the NDPA 2023

Under the Nigeria Data Protection Act 2023 and the NDPR 2019, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to correction — ask us to correct inaccurate or incomplete data
  • Right to deletion — request that we delete your data (subject to legal retention obligations)
  • Right to data portability — export all your data (debts, customers, payment history) as CSV or PDF at any time from your dashboard; or request a full export via email
  • Right to object — object to processing based on legitimate interests, including direct marketing
  • Right to lodge a complaint — if you believe we have mishandled your data, you may file a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng

To exercise any of these rights, email legal@pade.ng with the subject line “Data Rights Request”. We will respond within 14 business days.

8. Security

We protect your data with:

  • TLS 1.2+ encryption for all data in transit
  • Encryption at rest for the database and storage volumes
  • Role-based access controls — Pade staff can only access data necessary for their role
  • Regular security audits and penetration testing
  • Automatic session expiry and secure token management

No system is perfectly secure. If you discover a security vulnerability, please report it responsibly to security@pade.ng.

9. Children

Pade is a business tool intended for adults who operate a registered or informal business. We do not knowingly collect or process personal data from anyone under the age of 18. If you believe a minor has created an account, please contact us at legal@pade.ng and we will promptly delete the account and its data.

10. Changes to This Policy

We may update this Privacy Policy as our Service evolves or as legal requirements change. For material changes (changes that affect how we use your data or your rights), we will notify you by:

  • Sending a WhatsApp or email notification at least 30 days before the change takes effect
  • Posting a prominent notice on the Pade dashboard
  • Updating the “Last updated” date on this page

Continued use of the Service after the effective date of a material change constitutes acceptance of the updated policy.

11. Contact & Data Requests

For any privacy questions, data rights requests, or concerns, contact our data protection team:

Data Requests & Legal
legal@pade.ng
General Support
support@pade.ng
Security Reports
security@pade.ng
Registered Address
Abuja, Nigeria
Terms & Conditions →Contact us →