Privacy Policy

We collect information you provide directly to us and information generated automatically when you use our services.

Account & Registration Data When you create a WazobiaMail account, we collect your name, email address, password (hashed), company name, and billing information. If you sign in via Google or GitHub OAuth, we receive your public profile data from those providers.

Usage & Technical Data We automatically collect log data including IP addresses, browser type, operating system, referring URLs, pages visited, and timestamps. We also collect email sending activity such as send volumes, delivery rates, bounce rates, open rates, and click-through rates.

Email Content To provide the service, we process the email content you send through our platform, including recipient addresses, subject lines, message bodies, and attachments. This content is processed solely to deliver your emails and is never used for advertising purposes.

Payment Information Billing data is processed through our payment partners (Paystack and Stripe). We do not store full card numbers — only tokenised references provided by the payment processor.

Custom Domains & DNS When you add a sending domain, we collect domain names and DNS configuration details needed to authenticate your emails via SPF, DKIM, and DMARC.

We use collected information for the following purposes:

• •Service Delivery — To provision your account, process email sends, manage your mailboxes, and provide analytics dashboards.
• •Billing & Payments — To process subscription payments, issue invoices, and manage plan upgrades or downgrades.
• •Security & Fraud Prevention — To detect abuse, prevent spam relay, enforce sending quotas, and protect the integrity of our infrastructure.
• •Communications — To send transactional emails such as account verification, password resets, billing receipts, and important service announcements.
• •Product Improvement — Aggregated, anonymised usage data helps us improve performance, reliability, and features.
• •Legal Compliance — To meet our obligations under applicable Nigerian, EU (GDPR), and international data protection laws.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

We share your information only in the following limited circumstances:

Service Providers We engage trusted third-party vendors to operate our infrastructure, including cloud hosting (Cloudflare), payment processing (Paystack, Stripe), and email relay infrastructure. These vendors are contractually bound to process data only as instructed by us.

Legal Requirements We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Bonifade Technologies, our users, or the public.

Business Transfers In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our platform before your data becomes subject to a different privacy policy.

With Your Consent We may share your information with third parties when you explicitly authorise us to do so.

We retain your personal data for as long as your account is active or as needed to provide you with services.

• •Account data is retained for the duration of your subscription and for up to 90 days after account deletion to allow for recovery requests.
• •Email logs and analytics are retained for up to 12 months on active accounts, and 30 days after account closure.
• •Billing records are retained for 7 years to comply with financial regulations.
• •Audit logs are retained for up to 24 months for security and compliance purposes.

You may request deletion of your account and associated personal data at any time by contacting us at [email protected]. Data subject to legal hold obligations may be retained beyond these periods.

Depending on your location, you may have the following rights regarding your personal data:

• •Access — Request a copy of the personal data we hold about you.
• •Rectification — Request correction of inaccurate or incomplete data.
• •Erasure — Request deletion of your personal data ("right to be forgotten").
• •Portability — Request your data in a structured, machine-readable format.
• •Restriction — Request that we restrict processing of your data in certain circumstances.
• •Objection — Object to processing of your data for direct marketing or legitimate interest purposes.
• •Withdraw Consent — Where processing is based on consent, you may withdraw that consent at any time without affecting prior processing.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. For users in the European Economic Area, you also have the right to lodge a complaint with your local supervisory authority.

We take the security of your data seriously and implement industry-standard safeguards:

• •Encryption in Transit — All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• •Encryption at Rest — Sensitive data fields (including passwords, which are hashed with bcrypt cost-12) are encrypted at rest.
• •Access Controls — Role-based access control (RBAC) limits internal access to customer data to authorised personnel only.
• •Audit Logging — All administrative actions are logged and monitored for anomalous activity.
• •API Security — API keys are stored as one-way hashes; you will never be able to retrieve a key after creation.
• •Infrastructure — Our infrastructure is hosted on Cloudflare Workers and managed PostgreSQL with automated backups and point-in-time recovery.

Despite these measures, no system is 100% secure. We encourage you to use a strong, unique password and enable two-factor authentication when available.

We use cookies and similar tracking technologies to operate and improve our services.

Essential Cookies — Required for authentication, session management, and security (e.g., CSRF protection). These cannot be disabled.

Analytics Cookies — We may use anonymised analytics tools to understand how users interact with our platform. No personally identifiable information is shared with analytics providers.

Preference Cookies — Used to remember your settings such as dark mode preference, language, and dashboard layout.

You can control non-essential cookies through your browser settings. Please note that disabling cookies may affect the functionality of the WazobiaMail dashboard.

Bonifade Technologies is headquartered in Nigeria. If you are accessing our services from outside Nigeria — including from the European Economic Area (EEA), United Kingdom, or other jurisdictions — your data may be transferred to, stored in, and processed in Nigeria or other countries where our infrastructure providers operate.

Where we transfer personal data of EEA or UK residents, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission. By using our services, you consent to such transfers in accordance with this Privacy Policy.

WazobiaMail is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected] and we will take prompt steps to delete such data.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email and/or by placing a prominent notice on our platform at least 14 days before the change takes effect.

The "Last Updated" date at the top of this policy reflects the most recent revision. Your continued use of WazobiaMail after changes become effective constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

Bonifade Technologies Data Privacy Team 📧 [email protected] 🌐 wazobiamail.com

For users in the EU/EEA who wish to escalate a complaint, you may contact your local Data Protection Authority (DPA).