Privacy Policy

REGO360 Company Limited

1. Introduction

Welcome to REGO360 Company Limited ("REGO360," "we," "our," or "us"). REGO360 is a technology company operating across three strategic pillars: Artificial Intelligence & Machine Learning, Information Technology Solutions, and Property Technology (PropTech).

Your privacy is fundamental to how we operate. This Privacy Policy explains how we collect, use, store, share, and protect your information when you interact with our corporate website, services, platforms, and products—including our flagship mobile application, Gran.

Scope of This Policy:

  • REGO360 corporate website (www.rego360.com)
  • IT solutions and enterprise services
  • PropTech platforms and property management services
  • AI/ML products and analytics tools
  • Gran mobile application - governed by its own detailed Privacy Policy available at www.getgran.com/privacy

By using any REGO360 service, you agree to this Privacy Policy. If you do not agree, please discontinue use immediately.

2. Information We Collect

2.1 Personal Information

When you interact with our services, we may collect:

  • Contact Information: Name, email address, phone number, company name, job title
  • Account Credentials: Username, password (securely hashed), authentication tokens
  • Business Information: Company details, industry sector, project requirements
  • Billing Information: Payment details, transaction history, invoicing addresses
  • Professional Details: LinkedIn profile, professional certifications, work history (for partnerships)

2.2 Usage and Service Data

We automatically collect information about how you use our services:

  • Features accessed and pages visited
  • Time spent on platforms and interaction patterns
  • Service configurations and preferences
  • API usage and integration data (for developers)
  • Support tickets and communication history

2.3 Technical Information

  • Device identifiers, type, and operating system
  • IP address and geolocation data
  • Browser type and version
  • Cookies and similar tracking technologies
  • Error logs, crash reports, and performance metrics

2.4 Service-Specific Data

IT Solutions

Infrastructure configurations, security logs, system access records, deployment metrics

PropTech Services

Property data, tenant information, lease documents, maintenance records, financial transactions

AI/ML Products

Training data, model inputs/outputs, prediction results, algorithm performance metrics

Gran Mobile Application

Gran collects extensive user data for safety reporting features. For complete details on Gran's data collection practices, including:

  • Location data (low and high-precision)
  • SOS alerts and emergency contacts
  • Community safety reports and media uploads
  • Gamification and engagement metrics

Please refer to Gran's dedicated Privacy Policy at www.getgran.com/privacy

3. How We Use Your Information

Service Delivery & Operations

  • Provide and maintain our IT, PropTech, and AI/ML services
  • Process transactions and manage subscriptions
  • Deliver customer support and respond to inquiries
  • Authenticate users and secure accounts
  • Enable collaboration and project management

Communication

  • Send service updates, technical notices, and security alerts
  • Provide marketing communications about new products and features (with consent)
  • Respond to feedback and support requests
  • Send newsletters and industry insights (opt-out available)

Improvement & Innovation

  • Enhance existing products and develop new features
  • Train and improve AI/ML models and algorithms
  • Analyze usage patterns to optimize performance
  • Conduct research and development initiatives
  • Generate anonymized analytics and insights

Security & Compliance

  • Detect, prevent, and respond to fraud and security threats
  • Monitor for abuse and unauthorized access
  • Comply with legal obligations and regulatory requirements
  • Enforce our terms of service and acceptable use policies
  • Protect the rights, property, and safety of REGO360 and our users

4. Data Sharing and Disclosure

We do not sell your personal information to third parties.

We may share limited information only in these circumstances:

  • Service Providers: Trusted third parties who assist with hosting (Vultr, AWS), payments (Paystack), analytics, email delivery, and customer support. These providers are contractually bound to protect your data.
  • Business Partners: When you use integrated services or third-party platforms, we may share necessary information to enable those integrations (with your consent).
  • Corporate Transactions: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity (you will be notified).
  • Legal Requirements: When required by law, court order, legal process, or to protect our rights and the safety of others.
  • With Your Consent: When you explicitly authorize us to share your information for specific purposes.
  • Aggregated Data: We may share anonymized, aggregated data that cannot identify you personally for research, analytics, and business intelligence.

5. Data Storage, Security, and International Transfers

Hosting and Infrastructure

Your data is securely stored on enterprise-grade infrastructure provided by Vultr and Amazon Web Services (AWS), with data centers complying with international security standards including ISO 27001 and SOC 2.

Security Measures

  • End-to-end encryption for data transmission (TLS/SSL)
  • Encryption of sensitive data at rest using AES-256
  • Multi-factor authentication (MFA) for account access
  • Role-based access controls and least-privilege principles
  • Regular security audits and penetration testing
  • 24/7 security monitoring and incident response systems
  • Secure password storage using bcrypt/Argon2 hashing
  • Regular security patches and vulnerability management

While we implement industry-leading security measures, no system is completely immune to threats. Users are responsible for maintaining strong passwords and securing their devices.

International Data Transfers

REGO360 operates primarily in Nigeria, but our services utilize cloud infrastructure that may transfer data internationally, including to the United States and European Union.

By using our services, you consent to this international transfer. We ensure that international data transfers comply with applicable data protection laws and maintain adequate safeguards to protect your information.

6. Data Retention

  • Active Accounts: We retain your personal information for as long as your account remains active or as needed to provide services.
  • Account Deletion: After account deletion, we provide a 30-day grace period during which you can restore your account. After this period, personal identifiers are permanently removed.
  • Business Records: Certain data must be retained for longer periods to comply with legal, accounting, and regulatory requirements (typically 7 years).
  • Logs and Analytics: Technical logs and anonymized analytics may be retained indefinitely for security, performance optimization, and service improvement.
  • Backup Data: Data in backups may persist for up to 90 days after deletion from production systems.

7. Your Rights and Choices

Access & Portability

  • Request a copy of your data
  • Export data in machine-readable formats
  • Review collected information

Correction & Updates

  • Update account information
  • Correct inaccurate data
  • Modify preferences and settings

Deletion

  • Delete your account entirely
  • Request deletion of specific data
  • 30-day grace period for recovery

Communication Preferences

  • Opt out of marketing emails
  • Control notification settings
  • Manage newsletter subscriptions

Data Processing

  • Object to certain processing activities
  • Restrict processing in some cases
  • Withdraw consent where applicable

Lodge Complaints

  • File complaints with supervisory authorities
  • Contact Nigeria Data Protection Commission
  • Seek legal remedies if applicable

To exercise any of these rights, please contact us at privacy@rego360.com. We will respond to all requests within 14 business days.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content.

Types of Cookies We Use:

  • Essential Cookies: Required for basic functionality and security
  • Performance Cookies: Help us analyze how users interact with our services
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements (with consent)

You can control cookies through your browser settings. Note that disabling certain cookies may impact functionality.

9. Third-Party Services and Integrations

REGO360 services may integrate with or link to third-party platforms, including:

  • Payment processors (Paystack, RevenueCat)
  • Cloud infrastructure providers (AWS, Vultr)
  • Authentication services (Google, Apple, Microsoft)
  • Analytics platforms (Google Analytics)
  • Communication tools (email service providers)
  • CRM and marketing automation platforms

These third parties operate under their own privacy policies. We encourage you to review their policies before using integrated services. REGO360 is not responsible for third-party privacy practices.

10. Children's Privacy

REGO360's corporate services are not intended for children under 13 years old. We do not knowingly collect personal information from children under 13.

If you believe we have inadvertently collected data from a child under 13, please contact us immediately at privacy@rego360.com for prompt removal.

11. Legal Basis for Processing (GDPR/NDPR)

For users in jurisdictions with comprehensive data protection laws (e.g., GDPR, NDPR), we process your data based on:

  • Contractual Necessity: To fulfill our service agreements with you
  • Legitimate Interests: To improve our services, prevent fraud, and ensure security
  • Legal Compliance: To meet regulatory and legal obligations
  • Consent: Where you have explicitly agreed to specific processing activities
  • Vital Interests: To protect life and safety in emergency situations

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings.

We will notify you of material changes via email or prominent notice on our website. The updated policy will display a revised "Last Updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions, data requests, complaints, or to exercise your privacy rights, please contact:

REGO360 Privacy Team

REGO360 Company Limited

Lagos, Nigeria

📧 Email: privacy@rego360.com

🌐 Website: https://www.rego360.com

🏢 Gran: https://www.getgran.com

Response Time: We respond to all privacy inquiries within 14 business days.

14. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of Nigerian courts.

By using REGO360 services, you acknowledge that you have read, understood, and agree to this Privacy Policy.

REGO360 Company Limited © 2025. All rights reserved.

Privacy PolicyTerms of ServiceGran Privacy Policy

Last Updated: October 22, 2025