Legal & Compliance

Privacy Policy

We are committed to protecting your business data and privacy. This policy outlines how we handle information with transparency and care.

Effective Date

February 24, 2026

Last Updated

February 24, 2026

Company

Bluewand Technology

Table of Contents

This Privacy Policy explains how Bluewand collects, uses, stores, shares, and protects information when you use our B2B SaaS platform and related services. It also includes disclosures required for our Meta API integrations (Facebook and Instagram).

1. Scope: Who this policy applies to

This policy applies to:

  • Business customers that subscribe to our Services
  • Authorized users of a Customer account (employees, contractors)
  • Visitors to our website and people who contact us

Note: Our Services are intended for organizations, not for personal or consumer use.

2. Roles: Controller vs Processor

Customer as Controller

The Customer is the data controller for Customer Data it uploads or connects.

Bluewand as Processor

We act as a data processor, processing data only to provide and secure the Services.

For account administration and billing info, Bluewand may act as an independent controller.

3. Information We Collect

A. Business & Contact Information

Company name, business email, phone, address, and billing contacts.

B. User Account & Credentials

User names, work emails, and role assignments. Passwords are always hashed.

C. Operational Data (Customer Data)

Datasets, workflow definitions, reports, and configuration details.

D. Meta-sourced Data (via Meta API)

When you connect Facebook or Instagram business accounts, we may collect:

  • Insights and analytics
  • Post engagement metrics
  • Ad campaign performance
  • Messages and comments
  • Basic business profile info

Bluewand is not designed to access personal data of your end consumers except where explicitly required for workflows.

E. Tokens & Credentials

Securely stored access tokens required for third-party integrations.

F. Usage & Technical Data

Service logs, device information (IP address, browser type), and security telemetry.

4. How We Use Information

Service Operation

Create accounts, run analytics, and provide customer support.

Security & Integrity

Authenticate users and prevent unauthorized access or fraud.

Product Improvement

Diagnose issues and develop new useful functionality.

Communications

Send service-related notices and essential platform updates.

5. Meta API Disclosures

A. Collection & Usage

We retrieve data via OAuth flows to provide requested dashboards and automation. We do not sell this data or use it for advertising.

B. Storage & Security

Stored in encrypted cloud environments with strict role-based access controls.

C. Revoking Access

You can disconnect integrations directly in Bluewand settings or via Meta's application manager.

6. What We Do Not Do

  • No Sale of Data: We never sell your personal or business data.
  • No Consumer Profiling: We do not profile your customers for non-service purposes.
  • No Targeted Ads: We do not use your data for advertising purposes.
  • No Unauthorized Access: Access is strictly limited to authorized personnel.

7. How We Share Information

We may share information as follows:

A. Service providers (processors)

We use vetted vendors to support operations (e.g., hosting, monitoring, email delivery, analytics, customer support, payment processing). These providers:

  • Are restricted to using data only to provide services to Bluewand
  • Are subject to confidentiality obligations and, where appropriate, data processing agreements (DPAs)

B. Payment processors

Payment transactions are handled by third-party processors. We share only the information needed to process payments and manage subscriptions.

C. Legal, compliance, and protection

We may disclose information if we believe disclosure is reasonably necessary to:

  • Comply with law, regulation, legal process, or governmental request
  • Enforce agreements and investigate potential violations
  • Protect the rights, property, and safety of Bluewand, our Customers/Users, or the public

D. Business transfers

If Bluewand is involved in a merger, acquisition, restructuring, financing, or sale of assets, information may be transferred as part of that transaction, subject to appropriate confidentiality and security measures.

8. Security Measures

We implement industry-standard security measures including:

TLS Encryption
AES-256 Storage
RBAC Controls
Audit Trails
Incident Response
Staff Training

We continuously mature our security program toward SOC 2 alignment.

9. Data Retention

We retain information only as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.

A. Active accounts

Customer Data (including Meta-sourced data, where connected) is generally retained for as long as the Customer account is active and the data is needed to provide the Services.

B. Termination of account

Upon termination or expiration of a Customer account, we will delete or de-identify Customer Data within 90 days, unless:

  • The Customer requests deletion sooner (where feasible), or
  • We are legally required to retain certain information longer (e.g., for tax, accounting, or legal compliance)

C. Deletion requests

We will process verified deletion requests within 30 days, subject to legal and operational limitations (e.g., backups, security logs, or legal holds). Where deletion from backups is not immediate, we will isolate and protect the data and delete it on the next backup lifecycle.

D. Logs and security records

Security logs and audit trails may be retained for a limited period to maintain platform security, prevent fraud, and investigate incidents, consistent with our legitimate interests and applicable law.

10. Your Rights & Choices (including Meta data)

Bluewand provides mechanisms for Customers and Users to exercise rights over their information, subject to applicable laws (including NDPR) and our role as processor.

A. Rights you may request

Depending on your jurisdiction and relationship to the data, you may have the right to:

  • Access: request confirmation and access to information we hold
  • Correction: request correction of inaccurate or incomplete information
  • Export/Portability: request an export of your data in a standard format
  • Deletion: request deletion of information (see retention timelines above)
  • Restriction/Objection: object to or request restriction of certain processing
  • Opt-out of non-essential communications (e.g., product updates/marketing)

B. Rights relating to Meta-sourced data

  • View and export Meta-sourced data presented in the Services (where available)
  • Request deletion of Meta-sourced data stored in the Services
  • Disconnect Meta integrations (see Section 5E) to stop further collection

C. How to submit a request

Email us at privacy@bluewandltd.com (or legal@bluewandltd.com) with:

  • Your organization name and workspace identifier (if applicable)
  • The type of request (access/export/correction/deletion/objection)
  • The relevant User account email(s)

We may need to verify identity/authority before fulfilling requests. If Bluewand acts as processor for the relevant data, we may direct the request to the Customer (controller) or fulfill it as authorized by the Customer.

11. Cross-Border Data Transfers

Bluewand may process and store information in countries other than where you are located, including where our cloud service providers and other service providers operate.

Where cross-border transfers apply, we take steps designed to ensure an adequate level of protection, such as:

  • Contractual safeguards (including DPAs and appropriate transfer terms where required)
  • Access controls, encryption, and data minimization measures

12. Compliance Approach (NDPR-focused, GDPR-ready)

Bluewand operates primarily in Nigeria and is committed to compliance with the Nigeria Data Protection Regulation (NDPR) and related guidance.

We also design our privacy and security program to be GDPR-ready for Customers that may operate in or serve individuals in the European Economic Area, including principles of:

  • Lawfulness, fairness, and transparency
  • Purpose limitation and data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

13. Children/Minors

The Services are intended for business use and are not directed to children/minors. We do not knowingly collect personal data from children. If you believe a child has provided personal data to Bluewand, contact us and we will take appropriate steps to delete it.

14. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make material changes, we will provide notice through the Services, via email to account administrators, or by posting an updated version on our website.

The “Last Updated” date at the top indicates when this policy was most recently revised.

15. Contact Us

For privacy, data protection, or legal inquiries, please reach out:

DPO Contact

dpo@bluewandltd.com

Support

support@bluewandltd.com

Bluewand Technology Solutions Limited Website: https://bluewandltd.com

© 2026 Bluewand Technology Solutions Limited