
Privacy Policy
A LEGAL DISCLAIMER
This policy is based on the mandatory requirements for a Privacy Policy in Nigeria as outlined by the Nigeria Data Protection Regulation (NDPR) 2019 Implementation Framework. It explains how your personal data is collected, used, stored, and protected when you use our services, including our AI features .
Effective Date: `May 2nd 2026`
Last Updated: `[Insert Date]`
Company Name: Explore and Learn Limited
Jurisdiction: Federal Republic of Nigeria
1. Introduction
Explore and Learn Limited (“Company,” “we,” “our,” or “us”) is committed to protecting the privacy and personal data of our users ("Data Subjects") in compliance with the -Nigeria Data Protection Regulation (NDPR) 2019- and the -NITDA Data Protection Implementation Framework-.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, and educational services (collectively, the "Services"), including those that utilize Artificial Intelligence (AI).
By using our Services, you consent to the data practices described in this policy .
2. Contact Information & Data Protection Officer (DPO)
If you have any questions about this policy or your data, please contact our Data Protection Officer (DPO):
- -Email:- `[privacy@exploreandlearn.ng]`
- -Phone:- `[+234 XXX XXX XXX]`
- -Address:- `[Registered Business Address, Lagos/Abuja, Nigeria]`
3. The Personal Data We Collect
We collect the minimum personal data necessary for specific, legitimate, and lawful purposes .
-Identity & Contact Data:-
- Full name, date of birth.
- Email address, phone number, and home address.
- Parent/Guardian information for minors.
-Educational & Performance Data:-
- Student academic records, assessments, and progress reports.
- Information regarding learning preferences and challenges.
-Technical & Usage Data:-
- IP address, browser type, and device identifiers.
- Usage logs, clickstream data, and interaction with our AI tools.
- Cookies and tracking technologies (subject to consent) .
-AI Interaction Data:-
- Prompts, questions, and inputs submitted to our AI models (used strictly to provide the service).
- AI-generated responses and user feedback on those responses (e.g., thumbs up/down).
-Special Categories of Data (Sensitive Data):-
- We may collect health data (e.g., learning disabilities or medical conditions) *only* with explicit parental consent or when necessary for safeguarding.
4. Legal Basis for Processing (How We Use Your Data)
Under the NDPR, we must have a lawful reason to process your data. We rely on the following bases :
| -Purpose of Processing- | -Legal Basis (NDPR Art. 2.2)- |
| :--- | :--- |
| To register you for courses and process payments | -Contractual Necessity- (To perform our agreement with you) |
| To provide personalized AI tutoring and learning recommendations | -Consent- (You have the right to withdraw this) |
| To improve our AI models and educational content (anonymized) | -Legitimate Interest- |
| To comply with government education reporting standards | -Legal Obligation- |
| To ensure safety of minors and prevent harm | -Vital Interest- |
PRIVACY POLICY - THE BASICS
5. Artificial Intelligence (AI) & Automated Decision-Making
We utilize AI to enhance educational service delivery. Because this involves automated processing, we take specific safeguards :
- -The "AI Coach":- Our platform uses Large Language Models (LLMs) to assist with tutoring. We have conducted a -Data Protection Impact Assessment (DPIA)- to ensure data security.
- -Anonymization:- Before sending data to our AI providers (e.g., Microsoft Azure OpenAI or similar), we remove personally identifiable information (Names, IDs). AI models do not "know" who the child is.
- -No Free Text Input (for minors):- To prevent data leakage, children cannot type free text that includes their name. They select from predefined options or use anonymized prompts.
- -No Sole Automated Decisions:- We do not rely solely on AI to make significant decisions affecting a child’s education (e.g., grade promotion). A human teacher reviews critical outputs.
6. Data Sharing & Third Parties
We do not sell your personal data. We share data only under the following strict conditions :
Service Providers (Data Processors):- We use third parties for cloud storage, payment processing, and AI infrastructure. We contractually bind them to the NDPR standards.
Government Authorities:- We may share data with NITDA, the Ministry of Education, or law enforcement to comply with Nigerian law.
Business Transfers:- In the event of a merger or acquisition, your data may be transferred, but you will be notified.
7. Data Security
We implement industry-standard security measures to protect against "all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure" .
Encryption:- Data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Access Control:- Only authorized staff with signed confidentiality agreements can access personal data.
Data Processing Contracts:- We sign strict Data Processing Agreements (DPAs) with every third party who touches your data.
8. Data Retention
We retain personal data only for as long as necessary for the purpose collected .
Student Records/Academic History:- Retained for `[e.g., 3 years]` after last login, then anonymized for statistical research.
AI Chat/Interaction Logs:- Deleted after `[e.g., 90 days]`.
Marketing Data:- Retained until consent is withdrawn.
Inactivity:- If an account is inactive for `[e.g., 2 years]`, we will notify you before securely deleting the data.
9. Your Rights as a Data Subject (The NDPR Bill of Rights)
You have the following rights under the NDPR . You can exercise these rights by contacting our DPO for free.
1. -Right to Consent:- You have the right to give or withdraw consent at any time.
2. -Right to Access:- You can request a copy of all personal data we hold about you or your child.
3. -Right to Rectification:- You can correct inaccurate or incomplete data.
4. -Right to Erasure (Right to be Forgotten):- You can request deletion of your data where it is no longer needed.
5. Right to Object: You can object to processing for direct marketing or automated decision-making (including AI profiling).
6. Right to Data Portability: You can receive your data in a structured, commonly used format.
7. Right to Complain: You have the right to lodge a complaint with the NITD (National Information Technology Development Agency) if you feel your data is mishandled.
10. Cookies & Digital Consent
Our website uses cookies. We do not use pre-ticked boxes or assume consent. You will see a cookie banner asking you to actively opt-in for non-essential cookies (marketing/analytics). Essential cookies (security, login) do not require consent .
11. Children’s Privacy (Minors)
We take the protection of children’s data seriously. We comply with the NDPR requirement that -parental consent- is required for processing a child’s data .
Parents/Guardians must register on behalf of the child.
We do not knowingly collect personal information from a child under 13 without verifiable parental consent.
If a parent withdraws consent, we will stop processing the child's data immediately.
WHAT TO INCLUDE IN THE PRIVACY POLICY
12. Breach Notification
In the event of a personal data breach that poses a risk to the rights and freedoms of a data subject, we will notify -NITDA- and the affected -Data Subject- within -72 hours- of becoming aware of the breach .
13. Changes to this Privacy Policy
We may update this policy periodically. If material changes are made, we will notify you via email or a prominent notice on our website at least `[30 days]` in advance. The "Last Updated" date at the top of this policy will reflect the revision.
14. Remedies for Violation
If we violate this Privacy Policy, you are entitled to seek remedies including filing a complaint with NITDA or seeking injunctive relief to prevent further processing of your data . We commit to resolving any privacy complaints within `[15 business days]` of receipt.
---
Instructions for Implementation:
1. -Fill the Blanks:- Replace the bracketed text (`[ ]`) with your actual company details, retention periods (e.g., 3 years), and contact info.
2. -Check your AI Stack:- If you use Open AI, Google Gemini, or Meta, ensure your contract with them matches the "No training on Nigerian data" clause required by the NDPR (Section 2.11).
3. -Consent Management:- Ensure your sign-up forms have an -unticked checkbox- that says: *"I consent to Explore and Learn Limited processing my child's educational data and using AI to provide learning support"* .
4. -Audit Requirement:- Under the NDPR Implementation Framework, if you process the data of more than -2000 Data Subjects-, you are required to submit a summary of your data protection audit to NITDA annually via a licensed -Data Protection Compliance Organisation (DPCO)- .