Last updated: July 2026
3650HQ TECHNOLOGIES LIMITED (hereinafter "we", "us" or "our") respects the personal data (the "Personal Data") of individuals. We set forth in this privacy policy (the "Policy") how we or companies commissioned by us (data processors) collect, use, process, store, and share the Personal Data that visitors of our website, our clients, or their respective end-customer users (collectively as the "Clients" or "you" or "your" or "yours") provide to us, or that we gather from any use of our website (https://3650hq.com/), software applications, APIs, chatbots, dashboards, or any other products and services provided by us (the "Products and Services").
In line with relevant data protection laws, primarily the Nigeria Data Protection Act, 2023 ("NDPA"), the Nigeria Data Protection Regulation, 2019 ("NDPR"), and where applicable to cross-border data flows, the European General Data Protection Regulation ("GDPR"), and other applicable international data protection laws (collectively known as "Applicable Laws"), we collect, use, process, store, and transfer the Personal Data of our Clients.
Personal Data means any information relating to an identified or identifiable living individual. Different pieces of information, which collectively identify a particular person, also constitute personal data.
You will be asked to consent to the terms of this Policy when making an enquiry, registering an account, integrating third-party communication channels, or interacting with us via our Products and Services. To the extent permitted by Applicable Law, your continued use of our Products and Services constitutes your consent to the Policy.
If you do not agree to this Policy, please do not provide any Personal Data when requested and refrain from using our Products and Services.
We process Personal Data if one of the following legal bases under the NDPA applies:
Depending on the type of Products and Services that are used, we may collect the following types of information:
We use and process Personal Data for the following primary business operations:
We utilize standard analytic tools, browser cookies, and fast-access server-side memory engines (such as Redis cache models) to securely maintain active application sessions and track data usage.
You can configure your browser or device settings to block or delete cookies; however, doing so may cause active workspace features or session-validation states within the dashboard to break or function incorrectly.
Only with your explicit opt-in consent will we use your registered contact information to send product updates, promotional offers, or feature releases. You may freely opt out of marketing communications at any exact moment by clicking the "Unsubscribe" links inside our emails or contacting our data office directly. Transactional alerts (e.g., low coin balance notifications, security alerts) will continue to send regardless of your marketing status.
We store Personal Data only for the duration necessary to satisfy the specific collection purposes or as long as your corporate workspace remains active with us.
We share infrastructure metrics and communication data strictly on a need-to-know basis with trusted partners to keep your service running:
We employ industry-standard technical controls to defend your data. All communication records and customer details are encrypted at-rest inside our cloud production environments using AES-256-GCM standards and in-transit using TLS 1.2 or higher web transmission security protocols.
We apply strict "least-privilege" access limits internally so only authorized developers can access technical systems under strict confidentiality mandates. In the event of a security anomaly or data breach, we will initiate our security incident response protocols and notify the affected individuals and the NDPC in direct alignment with statutory regulatory timelines.
Under the Nigeria Data Protection Act, 2023, you enjoy complete legal ownership of your information, including:
Our Products and Services are built strictly for businesses and corporate enterprises. We do not knowingly collect, solicit, or process information belonging to individuals under the age of 18.
When you use 3650HQ to manage your customers' WhatsApp, TikTok, or Email DMs, you are the Data Controller and we are the Data Processor. We process your customers' messages strictly to display them on your dashboard as instructed by your API linkages. We will never use your end-customers' personal communications for our own separate operational purposes or advertising layouts.
Our services connect directly with external apps and networks via API integrations. We have no direct administrative jurisdiction over the privacy policies of third-party platforms (like Meta or TikTok). We strongly urge you to review the official developer privacy declarations of those third-party integration providers prior to linking your business accounts to our workspace.
This Privacy Policy is directly incorporated into and forms an inseparable part of our global Terms of Use, which can be reviewed at any time at our Terms of Service.
We reserve the right to modify this Policy as software features evolve or as updated mandates are released by the NDPC. We will broadcast updates via system alerts on your dashboard or via direct email notifications. Amendments take effect thirty (30) days following publication, and continued platform usage constitutes acceptance of those variations.
If any specific clause or sentence within this Policy is determined by a competent Nigerian court to be invalid, void, or unenforceable, that independent provision shall be severed without impacting the legality or validity of the remaining text sections.
This Policy shall be governed by, and construed in all respects in accordance with, the laws of the Federal Republic of Nigeria.
Any dispute, controversy, or claim arising out of or relating to this Privacy Policy, including its validity, interpretation, performance, or breach, shall first be subjected to mutual amicable settlement negotiations. If the parties fail to resolve the issue amicably within thirty (30) days, the dispute shall be referred to and finally resolved by Arbitration in accordance with the Arbitration and Mediation Act, 2023.
To exercise your data access rights, file an official inquiry, or communicate directly with our security office, contact our Data Protection Officer at: privacy@3650hq.com.