NVITI nviti.ng
Return Back Home

Privacy Policy

Privacy Policy

Effective Date: July 8th, 2025 | Last Updated: July 8th, 2025

1. Introduction

Welcome to Nviti.ng. This platform ("Service") is owned and operated by NVITI LTD ("we," "us," or "our"). We are committed to protecting the privacy and security of data belonging to our clients ("Clients," "you") and their end-users ("End-Users").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. It also outlines your rights regarding your data. Please read this policy carefully. If you do not agree with these terms, please do not access or use the Service.

Our Role as a Data Processor: For most data processed on our platform (such as conversations between our Clients and their End-Users), NVITI LTD acts as a "Data Processor" on behalf of our Clients, who are the "Data Controllers." Our Clients are responsible for maintaining their own privacy policies and ensuring they have a legal basis to collect and process their End-Users' data through our Service.

2. Information We Collect

We collect information in several ways:

2.1. Information You Provide to Us (Client Data)

This information is collected when you, as our Client, sign up for and use the Nviti.ng service:

  • Account Information: Your name, email address, password, and contact information.
  • Company & Workspace Information: Your company name, business context/instructions for the AI, website URL, and other administrative details needed to configure the service.
  • Configuration Data: All settings you configure for your Nviti Assistants, Chat Widgets, and channel integrations.
  • API Keys and Credentials: Authentication information needed to connect third-party services (such as WhatsApp Business API, Gemini AI, Shopify, WooCommerce).
Our Commitment to Security: All sensitive information, including your account password, third-party API keys, and access tokens, is encrypted at rest in our database using industry-standard encryption algorithms. This information is only decrypted in memory when required to perform actions you've requested.

2.2. Information We Process on Your Behalf (Tenant Data)

This data is generated and processed within your isolated, multi-tenant environment when you use our Service. You are the Data Controller for this information:

  • Customer & End-User Data: Information about your End-Users that you import or that is collected through interactions, including names, phone numbers (for WhatsApp), and email addresses.
  • Conversation Data: All messages, including text, media, and attachments, exchanged between your business (via AI or human agents) and your End-Users across all integrated channels.
  • Knowledge Base Content: All articles, documents (PDFs, DOCX, etc.), and URLs you upload or link to for training and informing your AI assistants. This is your proprietary data.
  • E-commerce Data: If you connect an e-commerce platform, we import and store data about your products, orders, customers, and inventory to provide context to your AI assistant.

Encryption of Conversation Data: To enhance privacy protection for your customer communications, all messages and conversation content stored within your tenant database are encrypted at rest. This ensures that even in the unlikely event of a database breach, the content of conversations remains protected.

2.3. Information We Collect Automatically (Usage Data)

When you access our platform, we may automatically collect:

  • Log and Performance Data: Server logs, IP addresses, browser type, operating system, access times, and pages viewed to monitor performance, security, and reliability of our Service.
  • Cookies and Tracking Technologies: We use cookies to manage user sessions, maintain your logged-in state, and understand how you use our platform. You can control cookie usage at the individual browser level.

3. How We Use Your Information

We use the collected information for the following purposes:

Purpose Data Types Used
Providing and Maintaining the Service Account Info, Company Info, Configuration Data, Tenant Data (all types)
Configuring and Operating AI Assistants Company Instructions, Knowledge Base Content, E-commerce Data, Conversation Data (for history/context)
Processing and Routing Messages Conversation Data, API Keys
Improving and Personalizing the Service Usage Data, Anonymized Tenant Data patterns
Managing Your Account and Providing Support Account Info, Company Info
Communicating With You Account Info (Email)
Ensuring Security and Preventing Fraud Log Data, Usage Data

4. How We Share Your Information

We do not sell your data. We only share information under these limited circumstances:

  • With Third-Party AI & Messaging Providers: To deliver our Service, we must send data to the third-party providers you have configured:
    • When your AI Assistant creates a response, relevant conversation history and context are sent to the underlying LLM provider (e.g., Google Gemini).
    • When sending or receiving messages, content passes through the respective messaging platform (e.g., Meta for WhatsApp and Instagram).
    We recommend reviewing the privacy policies of these third-party services, as their use of your data is governed by their own policies.
  • With Service Providers (Sub-processors): We may share information with third-party vendors who perform services for us, such as cloud hosting (e.g., AWS, DigitalOcean), database management, and payment processing. These providers are contractually obligated to protect your data and use it only for the specific services they provide to us.
  • For Legal Compliance: We may disclose information when required by law or when we believe disclosure is necessary to comply with a legal obligation, protect our rights or property, prevent fraud, or ensure the safety of users or the public.
  • Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership.

5. Data Security

We implement comprehensive security measures to protect your personal and tenant data:

  • Encryption at Rest: All sensitive Client credentials and Tenant-level conversation data are encrypted in our databases.
  • Encryption in Transit: All data transmitted between your browser and our servers, and between our servers and third-party APIs, is encrypted using TLS.
  • Data Isolation: We use a multi-tenant architecture with database-per-tenant isolation, providing strong logical separation between different Clients' data.
  • Access Controls: We enforce strict access controls within our organization to ensure only authorized personnel can access system data, and only when necessary for their job functions.
  • Regular Security Audits: We conduct regular reviews of our security practices to identify and address potential vulnerabilities.

While we take reasonable steps to secure your information, please understand that no security measures are perfect. No method of data transmission can be guaranteed against interception or misuse.

6. Data Retention

We retain your Client Data for as long as your account remains active or as needed to provide you with the Service. We will retain and use this information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

We retain your Tenant Data on your behalf for as long as your account is active. As the Data Controller, you can delete your Tenant Data (e.g., conversations, knowledge base documents) through the Service. Upon account termination, we will permanently delete your tenant database and all associated data within 90 days, unless legally required to retain it longer.

7. Your Data Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Right to Access – You can request copies of your personal data.
  • Right to Rectification – You can request that we correct inaccurate information or complete incomplete information.
  • Right to Erasure – You can request that we erase your personal data under certain conditions.
  • Right to Restrict Processing – You can request that we restrict the processing of your personal data under certain conditions.
  • Right to Object to Processing – You can object to our processing of your personal data under certain conditions.
  • Right to Data Portability – You can request that we transfer data we've collected to another organization or directly to you under certain conditions.

To exercise these rights regarding your Client Data, please contact us directly. For rights regarding End-User Data (for which we are a processor), please direct your request to the relevant Client (the Data Controller).

8. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in certain jurisdictions). We do not knowingly collect personal information from children under these ages.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

10. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

NVITI LTD
Email: privacy@nviti.ng
Lagos, Nigeria