Home/Privacy Policy

Privacy Policy

At Qubicle, your privacy is foundational to our business. This policy explains what personal data we collect, why we collect it, and how we protect it — in plain English.

Last updated: February 28, 2026
Effective: February 28, 2026

1. Overview

Qubicle MetaAdvisory Ltd ("Qubicle", "we", "us", or "our") operates the Qubicle platform (the "Platform") — a subscription-based execution and business-services platform facilitating the delivery of professional services to entrepreneurs doing business in Africa.

This Privacy Policy governs how we collect, use, store, share, and protect personal data of users accessing our website at onqubicle.com and our Platform. We are committed to protecting your personal information in accordance with the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act 2023 (NDPA), and where applicable, the EU General Data Protection Regulation (GDPR).

By using our Platform, you consent to the practices described in this policy. If you do not agree, please do not use our services.

Qubicle is not designed for collecting, storing, or processing sensitive personal data beyond what is strictly necessary to deliver business services. We do not act as a data processor for any third-party marketing purposes.

2. Information We Collect

2.1 Information You Provide Directly

  • Account registration: Name, email address, phone number, country of residence, and password.
  • Business information: Company name, registration number, business address, and industry type.
  • Identity verification: Government-issued ID (passport, driver's licence, or NIN) when required for regulated services such as bank account opening.
  • Service intake forms: Information you provide when requesting a service, including documents, preferences, and instructions.
  • Payment information: Bank account or card details processed through our PCI-DSS compliant payment providers (we do not store raw card numbers).
  • Communications: Messages, emails, and support tickets exchanged with our team.

2.2 Information Collected Automatically

  • Device and usage data: IP address, browser type, operating system, referring URLs, pages visited, and session duration.
  • Cookies and similar technologies: See Section 9 for full details.
  • Transaction logs: Service requests, escrow transactions, and payment history.

2.3 Information From Third Parties

  • Identity verification data from KYC/AML compliance providers.
  • Business registry data from the Corporate Affairs Commission (CAC) or equivalent bodies.
  • Fraud signals and risk scores from our payment processing partners.

3. How We Use Your Information

We process your personal data for the following purposes, supported by a lawful basis under the NDPA/NDPR and GDPR:

PurposeLawful Basis
Creating and managing your accountContract performance
Processing service requests and escrow transactionsContract performance
Identity verification and KYC/AML complianceLegal obligation
Communicating service updates and notificationsContract performance
Improving Platform features and user experienceLegitimate interests
Sending product updates and founder resources (opt-in)Consent
Fraud detection and platform securityLegitimate interests / Legal obligation
Compliance with Nigerian and applicable international lawLegal obligation

4. Information Sharing

We do not sell your personal data to third parties. We share information only in the following circumstances:

4.1 Vetted Service Partners

When you request a service, we share the minimum necessary information with our vetted partner professionals (e.g., a CAC-certified agent or a law firm) to fulfil your request. All partners are bound by confidentiality obligations and are only engaged through our vetting process.

4.2 Payment Processors

We use PCI-DSS compliant third-party payment processors (Paystack, Flutterwave, or equivalent) to process payments. These processors receive your payment details directly and are governed by their own privacy policies.

4.3 Identity & Compliance Providers

For services requiring identity verification (e.g., bank account opening), we may share your ID documents with our KYC/AML compliance partners under strict data-sharing agreements.

4.4 Legal Requirements

We may disclose information where required by law, court order, or Nigerian regulatory authorities including NITDA, CBN, and FIRS.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your data may be transferred as part of that transaction, subject to equivalent privacy protections.

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, or as required by Nigerian law:

  • Account data: Retained for the duration of your account plus 5 years after account closure, to comply with financial record-keeping obligations.
  • Service records: Retained for 7 years to comply with Nigerian tax and corporate law requirements.
  • Identity documents (KYC): Retained for 5 years post-transaction as required under the Money Laundering (Prevention and Prohibition) Act 2022.
  • Marketing data: Retained until you withdraw consent or request deletion, whichever is earlier.

When data is no longer required, we securely delete or anonymise it.

6. Data Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit.
  • Role-based access controls (RBAC) — only authorised personnel can access user data.
  • Regular security audits and penetration testing.
  • Multi-factor authentication for all administrative accounts.
  • Incident response procedures with notification timelines compliant with NDPA requirements.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Please use strong, unique passwords and enable two-factor authentication on your account.

7. Your Rights (NDPR / NDPA)

Under the Nigeria Data Protection Act 2023 and NDPR 2019, you have the following rights:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data where there is no legitimate reason to continue processing.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Restrict Processing

Request that we limit how we process your data in certain circumstances.

Right to Object

Object to processing based on legitimate interests, including direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time.

Right to Lodge a Complaint

File a complaint with the Nigeria Data Protection Commission (NDPC).

To exercise any of these rights, contact us at privacy@onqubicle.com. We will respond within 30 days of receiving your request.

8. International Data Transfers

Qubicle operates globally, serving diaspora founders and international companies. Your data may be processed in Nigeria, the United Kingdom, the European Union, or the United States.

Where we transfer personal data outside Nigeria, we ensure appropriate safeguards are in place in accordance with the NDPA, including:

  • Standard Contractual Clauses (SCCs) approved by the NDPC.
  • Transfers only to countries with adequate data protection laws.
  • Data Processing Agreements (DPAs) with all international sub-processors.

9. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate our Platform and improve your experience. For full details on the types of cookies we use and how to manage them, please read our Cookie Policy.

In summary, we use strictly necessary cookies (required for the Platform to function), performance cookies (to understand usage patterns), and functional cookies (to remember your preferences). We do not use cookies for cross-site advertising or profiling.

10. Third-Party Services

Our Platform integrates with the following categories of third-party services, each with their own privacy policies:

  • Payment processors: Paystack, Flutterwave.
  • Cloud infrastructure: AWS (Amazon Web Services) or equivalent.
  • Email communications: Postmark or SendGrid.
  • Analytics: Privacy-respecting analytics tools compliant with NDPR.
  • Customer support: Intercom or equivalent.

We encourage you to review the privacy policies of these services. Qubicle is not responsible for the data practices of third-party services outside our Platform.

11. Children's Privacy

The Qubicle Platform is intended for use by individuals aged 18 and over operating businesses. We do not knowingly collect personal data from children under the age of 18.

If you become aware that a child has provided us with personal information, please contact us immediately at privacy@onqubicle.com and we will take steps to delete such information promptly.

12. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Send an email notification to all registered users at least 14 days before the changes take effect.
  • Display a prominent notice on the Platform.

Your continued use of the Platform after the effective date constitutes your acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Protection Officer:

Company
Qubicle MetaAdvisory Ltd
General Enquiries
hello@onqubicle.com
Regulator
Nigeria Data Protection Commission (NDPC)

Questions about your data?

Our Data Protection Officer is available to help with any privacy-related queries or requests.

Contact DPO