PRIVACY POLICY
Vehicle Records Platform
Last Updated: 17th March, 2026
1. Introduction
This Privacy Policy explains how Afripoint Consult Ltd (“Company”, “we”, “us”, or “our”)
collects, uses, discloses, and protects personal data in connection with the Vehicle Records
platform (“Platform”).
This Policy is issued in compliance with the Nigeria Data Protection Act 2023 and reflects
internationally accepted data protection principles. By accessing or using the Platform, you
acknowledge that your personal data will be processed in accordance with this Policy.
2. Scope of Application
This Policy applies to all users of the Platform, including individual users, auto dealers, and
enterprise/API users, as well as any individual whose data is processed in connection with the
services provided.
3. Data Controller
For the purpose of applicable data protection laws, Afripoint Consult Ltd is the Data Controller
responsible for determining the purposes and means of processing personal data collected
through the Platform.
4. Categories of Personal Data Processed
The Company processes personal data necessary to provide and improve its services. Such
data includes identity and contact information such as full name, email address, phone
number, and account credentials. It also includes account activity records, login history, and
customer support communications.
Vehicle-related data processed includes VIN (Vehicle Identification Number), vehicle
specifications, ownership history, valuation data, and other vehicle intelligence obtained
through internal systems and third-party providers. Where such data is linked to an
identifiable individual, it may constitute personal data.
Transaction-related data includes payment references, transaction amounts, timestamps, and
payment status. The Company does not store sensitive financial information such as card
details.
Technical data is also collected, including IP address, device information, browser type, usage
logs, API activity logs, and system performance data.
5. User Accounts and Access
Access to the Platform may be obtained either through the creation of a registered user
account or through limited guest access, depending on the nature of the service being utilized.
Registered Users are required to create an account by providing accurate, complete, and up-
to-date information, including identification and contact details. Registered Users are
responsible for maintaining the confidentiality of their login credentials and for all activities
conducted under their accounts. Afripoint Consult Ltd shall not be liable for any loss or
damage arising from unauthorized use of an account resulting from a failure to adequately
safeguard access credentials.
Guest Users may access certain services on the Platform without creating a formal account.
However, as a condition for accessing paid services, Guest Users are required to provide
minimum personal data, including a valid email address and phone number, prior to
completing any transaction.
Such personal data is collected and processed for clearly defined purposes, including
transaction verification, service delivery, report generation, usage tracking, customer support,
fraud prevention, and dispute resolution. The processing of this data is necessary for the
performance of a contract between the user and Afripoint Consult Ltd, and also constitutes a
legitimate interest of the Company in maintaining platform integrity, security, and service
accountability.
By proceeding to use the Platform as a Guest User, the user acknowledges and agrees that
their personal data will be processed in accordance with the Privacy Policy, and that such
processing is necessary to deliver the requested services.
Guest Users operate strictly on a pay-per-usage model. Access to any report or service shall
only be granted upon successful completion of payment through designated payment
channels. The absence of a registered account does not limit the applicability or enforceability
of these Terms of Use.
Afripoint Consult Ltd reserves the right to impose limitations on guest access, including
restrictions on transaction volume, feature access, or mandatory account registration where
usage patterns, security concerns, or regulatory obligations require enhanced user
identification or monitoring.
All users, whether Registered Users or Guest Users, are required to ensure that the
information they provide is accurate, complete, and not misleading. The Company reserves
the right to suspend, restrict, or deny access where false or incomplete information is
provided, or where such use presents a risk to the security, integrity, or lawful operation of
the Platform.
6. Methods of Data Collection
Personal data is collected directly from users when they register, input VIN details, make
payments, or interact with the Platform. Data is also collected automatically through system
logs, cookies, and similar technologies. Additionally, data may be obtained from third-party
service providers, including vehicle data sources and payment processors.
7. Purpose of Processing
The Company processes personal data for legitimate and defined purposes, including the
provision of vehicle intelligence services, generation of reports, processing of payments,
management of user accounts, operation and maintenance of the Platform, fraud detection
and prevention, enforcement of contractual terms, and compliance with legal and regulatory
obligations.
8. Legal Basis for Processing
Processing of personal data is carried out on one or more of the following lawful bases: where
it is necessary for the performance of a contract with the user; where it is required to comply
with legal obligations; where it is necessary for the legitimate interests of the Company,
provided such interests do not override the rights of the data subject; and where consent has
been obtained, where applicable.
9. Data Sharing and Disclosure
The Company may disclose personal data to carefully selected third parties where necessary
to provide services. These include vehicle data providers, payment processing companies,
cloud hosting and infrastructure providers, analytics service providers, and professional
advisers.
Personal data may also be disclosed to regulatory authorities, law enforcement agencies, or
other competent bodies where required by law or in response to valid legal processes.
All third-party processing is subject to appropriate contractual safeguards to ensure data
protection and confidentiality.
10. International Data Transfers
Where personal data is transferred outside Nigeria, the Company ensures that such transfers
are carried out in accordance with applicable legal requirements. Appropriate safeguards are
implemented to ensure that personal data remains adequately protected, including
contractual protections and reliance on approved transfer mechanisms.
11. Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes for which it was
collected. This includes retention for service delivery, legal compliance, dispute resolution,
fraud prevention, and financial record-keeping.
Where data is no longer required, it is securely deleted or anonymized in accordance with
internal data retention policies.
12. Data Subject Rights
Subject to applicable law, individuals have the right to access their personal data and obtain
information about how it is processed. They may request correction of inaccurate or
incomplete data, request deletion of their data where appropriate, and object to or restrict
certain types of processing.
Where processing is based on consent, individuals have the right to withdraw such consent at
any time without affecting the lawfulness of prior processing.
Requests to exercise these rights may be submitted to the Company through designated
contact channels and will be handled within legally prescribed timelines.
13. Automated Decision-Making
The Platform may use automated systems to generate vehicle reports based on submitted VIN
data. Such processing does not constitute automated decision-making that produces legal or
similarly significant effects on individuals without human involvement.
14. Data Security
The Company implements appropriate technical and organizational measures to protect
personal data against unauthorized access, loss, misuse, or alteration. These measures include
encryption, access controls, secure infrastructure, and monitoring systems.
Despite these safeguards, no system is entirely secure, and users acknowledge the inherent
risks associated with electronic data transmission.
15. Data Breach Management
In the event of a personal data breach, the Company will take prompt steps to contain and
mitigate the impact. Where required by law, affected individuals and relevant regulatory
authorities will be notified within the prescribed timeframe.
16. Children’s Privacy
The Platform is not intended for use by individuals under the age of 18. The Company does
not knowingly collect personal data from minors. Where such data is identified, it will be
promptly deleted.
17. Third-Party Links and Services
The Platform may contain links to third-party services. The Company is not responsible for the
privacy practices of such third parties, and users are encouraged to review their respective
policies.
18. Updates to this Policy
This Privacy Policy may be updated from time to time to reflect changes in legal, regulatory,
or operational requirements. Updated versions will be published on the Platform, and
continued use constitutes acceptance of such updates.
19. Contact and Data Protection Enquiries
All enquiries relating to this Privacy Policy, including requests to exercise data subject rights or
complaints, may be directed to Afripoint Consult Ltd through its designated data protection
contact channel.
The Company will respond to all legitimate requests in accordance with applicable data
protection laws.