Privacy Policy
Last Updated: 16 January 2026
This Privacy Policy (the "Policy") sets out the basis on which Kryptr (“Kryptr”, “Company” “we” “us”, , or “our”) collects, uses, discloses, and safeguards Personal Data (as defined under the Data Protection Laws) of users of its platform and services (the "Platform" or "Services"), in accordance with the provisions of the Nigeria Data Protection Act, 2023 (NDPA), the General Application and Implementation Directive, 2025 (GAID), and other relevant data protection laws and regulations in force in Nigeria (collectively referred to as the "Data Protection Laws").
This Policy applies to all individual users ("you" or "your") who access or use our Platform, website, mobile application, and any other related online services where this Policy is displayed or referenced (collectively, the "Services").
However, this Policy does not cover information obtained from sources outside the Platform or Services. Where our Platform contains links to third-party websites or services, those external sites are governed by their own privacy policies, and we assume no responsibility for their content or practices.
This Policy forms an integral part of our Terms of Use. By accessing or using our Services, you confirm that you have read, understood, and agreed to the terms of this Policy and our Terms of Use. This Policy supersedes all prior statements, notices, or representations relating to our privacy practices in respect of the Services.
By continuing to use our Services, you acknowledge that you have had the opportunity to review this Policy and that you consent to the collection, use, storage, and disclosure of your Personal Data as described herein. If you do not agree with this Policy, you are advised to immediately discontinue the use of our Services.
This Privacy Policy applies to all individual users ("you" or "your") who access or use our Platform, website, mobile application, and any other related online services where this Policy is displayed or referenced (collectively, the "Services"), including:“Account” means a registered user account created to access the Services.
Visitors to our website
Learners / Participants in Kryptr programs, simulations, events, communities, and assessments
Customers / Clients (including employers, institutions, and partners)
Applicants / Talent being considered for opportunities, placements, internships, gigs, or roles
Facilitators, Coaches, Mentors, Assessors and other experts
Corporate/Institutional Users accessing partner or enterprise features
Anyone who contacts Kryptr for support, enquiries, or business engagement
However, this Policy does not cover information obtained from sources outside the Platform or Services. Our Services may include links to third-party websites, tools, integrations, plug-ins, and applications (e.g., payment processors, video conferencing tools, analytics tools). If you click those links or enable those connections, third parties may collect or share data about you. Where our Platform contains links to third-party websites or services, those external sites are governed by their own privacy policies, and we assume no responsibility for their content or practices. If you click those links or enable those connections, third parties may collect or share data about you. We do not control third-party sites and are not responsible for their privacy practices. Please review their privacy policies when leaving our Services.
Our Website and Services are not directed at children under the age of under 18, and we do not knowingly collect, use, or disclose Personal Data from individuals within this age group without parental consent. If you are a parent or legal guardian, and you believe that If you are under 16, you may only use our Services with the permission and active involvement of a parent or legal guardian (or as required by applicable law).
We do not knowingly collect Personal Data from children \ without verified parental consent. If you are a parent or legal guardian and believe that your child has provided us with Personal Data without your consent, please contact us immediately at hello@kryptr.co and we will take appropriate steps, including deletion where required.
Where we become aware that we have inadvertently collected Personal Data from a child under the age of 18 without verifiable parental consent, we will promptly delete such data and, where feasible, notify the parent or guardian.
If we rely on consent as a lawful basis for processing Personal Data and the applicable law requires parental or guardian consent for minors, we will obtain such consent before collecting or using that Personal Data.
Personal Data: any information that identifies or can identify a person (directly or indirectly).
Sensitive Personal Data: higher-risk data such as health information, biometrics, religious beliefs, etc., as defined by applicable law.
Processing: anything done with Personal Data (collection, storage, use, sharing, deletion, etc.).
Data Controller / Data Processor: depending on context, Kryptr may act as a controller (deciding how/why data is processed) or as a processor (processing data on behalf of a partner/client).
NDPA: Nigerian Data Protection Act, 2023 (where applicable).
GAID: General Application and Implementation Directive, 2025.
Data Protection Laws: collectively refers to the NDPA, GAID, and other relevant data protection laws and regulations in force in Nigeria.
We may collect and process the following categories of Personal Data:
5.1 Identity & Profile Data
Name, username, profile photo, gender (optional), date of birth (where needed), career interests, education history, skills, work history, portfolio links, CV/resume, professional bio.
5.2 Contact Data
Email address, phone number, address (where relevant), emergency contact (only where required for programs or placements).
5.3 Account & Authentication Data
Login credentials (stored securely), account settings, verification details (where required).
5.4 Learning & Simulation Data
Program enrollments, progress/completion, assessment and quiz results, simulation performance, submitted projects, feedback, learning artifacts, certificates, attendance records, participation in cohorts/community discussions.
5.5 Opportunity / Placement Data
Applications, screening outcomes, interview scheduling, offer status, placement records, role preferences, work eligibility (where applicable), employer feedback, engagement notes.
5.6 Transaction & Payment Data (where applicable)
Payment status, transaction references, billing details.
Note: We typically do not store full card details; payments are processed by third-party payment providers.
5.7 Technical, Usage & Device Data
IP address, browser type/version, device identifiers, operating system, time zone, approximate location (city/country), referral URLs, pages viewed, clicks, session duration, error logs.
5.8 Marketing & Communications Data
Newsletter preferences, communication preferences, consent records, responses to campaigns, event/webinar registration and attendance.
5.9 Support & Feedback Data
Helpdesk tickets, email messages, chat logs, call notes, survey responses, ratings and reviews.
5.10 Sensitive Personal Data (Limited)
We only collect sensitive data where strictly necessary, lawful, and (where required) with your explicit consent—for example, accessibility accommodations for events/programs.
As a Data Controller, we collect Personal Data through lawful and transparent means, and only to the extent necessary for the purposes described in this Policy We collect Personal Data through the following methods:
6.1 Data You Provide Directly
When you:
create an account, enroll in a program, join a community, complete profile info
take assessments or simulations, submit assignments/projects
apply for opportunities or placements
register for events/webinars, respond to surveys
contact us via email, forms, WhatsApp, or customer support
fill out enquiry, registration, claim, feedback, and contact forms submitted on our Website or application.
request service quotations or complete online application forms relating to our services
6.2 Data We Collect Automatically
When you use our Services, we automatically collect technical/usage data via cookies and similar technologies that collect information about your browsing activity and preferences. Details are available in our Cookies Policy.
6.3 Data We Receive from Third Parties
We may receive data from:
Partners/Employers/Institutions (e.g., referral lists, enrollment rosters, placement feedback)
Payment processors (transaction confirmations only)
Analytics providers (aggregated insights)
Identity verification/KYC providers (where required for compliance)
Social login providers (if you use Google/LinkedIn sign-in, etc.)
Marketing agencies, analytics providers, or companies that supply consumer segmentation or classification data to help us tailor our offerings (subject to your consent or other lawful basis)
6.4 Additional Collection Methods
Through telephone calls, which may be recorded for quality assurance, training, and dispute resolution purposes.
Through our customer engagement tools such as live chat, automated chatbots, and profiling features used to provide quick assistance and service recommendations
The Personal Data you provide to us is:
a) processed fairly, lawfully, and in a transparent manner;
b) collected for a specific purpose and is not processed in a way that is incompatible with the purpose for which Kryptr collected it;
c) adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
d) kept accurate, secure, and, where necessary, kept up to date;
e) kept no longer than is necessary for the purposes for which the Personal Information is processed;
f) processed in accordance with the Data Protection Laws.
Please note that we or any of our Affiliates shall not sell your Personal Data, and we also will not permit the selling of customer data by any company that provides a service to us, as our service providers are bound by confidentiality agreements and are obligated to process data in accordance with the Data Protection Laws.
We only use Personal Data when the law allows us to. We process personal data only when a lawful basis exists under the Data Protection Laws. Depending on your location and the nature of processing, our legal bases may include:
Contractual necessity: to provide Services you request
Legitimate interests: to improve Services, maintain security, prevent fraud, grow our platform (balanced against your rights)●
Consent: where you have freely given, specific, informed, and unambiguous consent
Legal obligation: to comply with applicable laws, court orders, regulator requests
Vital interests: to protect someone’s life/safety (rare)
For sensitive personal data, processing is generally based on explicit consent, unless a lawful exception applies
The Company may collect and use Personal Data for the following lawful and legitimate purposes, in accordance with the Data Protection Laws:
9.1 Provide and Operate the Services
Create and manage accounts
Deliver programs, simulations, learning resources, and certifications
Track learning progress and performance
Provide career support and talent readiness interventions
Facilitate cohorts, community interactions, and communications
9.2 Enable Opportunities and Placements
Match learners/talent with relevant opportunities (internships, gigs, jobs)
Support screening, shortlisting, interviews, and placement processes
Share relevant profile data with employers/partners where you apply, consent, or it
is necessary to deliver the opportunity
9.3 Process Payments (where applicable)
Confirm transactions and provide paid access (via third-party processors)
9.4 Communicate with You
Contact you via email, SMS, phone calls, WhatsApp, or other electronic means regarding service updates, account issues, and operational notices
Notify you about new features, service improvements, or system maintenance
Respond to your inquiries, feedback, complaints, or support requests
Enable interactive features such as commenting, reviews, or participation in discussion forums (where applicable)
Service announcements (e.g., program updates, policy changes)
Marketing communications (with consent where required; opt-out always available) subject to your consent, we may use your Personal Data to send you promotional messages, offers, or information about products or services similar to those you have used or enquired about. You have the right to withdraw your consent to marketing communications at any time by using the unsubscribe option or contacting us directly.
9.5 Improve, Secure, and Maintain the Platform●
Analytics, troubleshooting, performance monitoring
Fraud prevention, abuse detection, access control
Feature development and product improvement
Conduct internal business audits, risk assessments, and service quality evaluations
Manage business continuity and disaster recovery
9.6 Comply With Legal and Regulatory Requirements
We process Personal Data where required by law, regulation, or governmental authority, including to:
Tax/accounting obligations (where applicable)
Comply with obligations under tax laws, educational regulations, employment laws, or other applicable regulatory requirements
NDPA compliance, lawful requests, dispute resolution, enforcement of agreements
Respond to lawful requests or investigations by the Nigeria Data Protection Commission (NDPC), or other competent authorities
Detect, prevent, and investigate fraud or other unlawful activities
Enforce our Terms of Use and protect our rights and interests in legal proceedings
Establish, exercise, or defend our legal rights in the event of a dispute, prevent misuse, unauthorized access, or breach of our systems, address and resolve user complaints or data subject requests
9.7 Business Transfers
If Kryptr undergoes a merger, acquisition, restructuring, or sale, your Personal Data may be transferred as part of that transaction, We will ensure that any recipient of such data agrees to respect your privacy in a manner consistent with this Policy, with appropriate safeguards and notice where required.
9.8 Data Storage
Store data securely using reputable cloud storage solutions within or outside Nigeria, ensuring compliance with data transfer safeguards under Section 41 of the NDPA.
We use cookies, pixels, and similar technologies to:
keep you logged in and secure accounts
remember preferences
understand site usage and improve performance
measure marketing effectiveness
provide personalized content and recommendations
You can manage cookies through your browser settings and (where available) our cookie banner/settings. Disabling cookies may affect site functionality. For more information, see our Cookie Policy.
We do not sell your Personal Data.
We may share or disclose your Personal Data with third parties only where it is lawful, necessary, and consistent with the purposes described in this Policy. In all cases, we ensure that such third parties are subject to appropriate confidentiality and data protection obligations.
We may share Personal Data with:
11.1 Employers, Clients, and Partners (Opportunities & Programs)
Where relevant to providing an opportunity, placement, program delivery, or employer-led simulation especially when you apply, opt in, or where it is necessary to deliver the Service. We may share relevant information (such as profile data, application details, and performance records) with employers, institutional partners, and organizations. Such data sharing is strictly limited to what is necessary for the execution of the opportunity and related customer support.
11.2 Service Providers (Vendors)
We may share your Personal Data with trusted third-party service providers who assist us in operating our business and providing our workforce development services. We use trusted third parties for functions such as:
hosting and storage (cloud providers)
analytics and performance monitoring
email and communications tools
customer support tools
payment processing
security and fraud prevention
identity verification, security, and compliance service providers
learning management system providers and educational technology platforms
These Service Providers act as data processors and process your Personal Data only in accordance with our written instruction They are contractually required to protect your data and only process it on our instructions subject to strict confidentiality and security measures.
11.3 Business Partners and Marketing Partners
We may share your Personal Data with trusted business partners, vendors, or marketing partners to offer joint products, services, or promotions that may be of interest to you. Such sharing will occur only with your prior consent or where otherwise permitted by law.
11.4 Legal and Safety Disclosures
We may disclose Personal Data where required to do so by law or in response to valid requests by public authorities (e.g., the Nigeria Data Protection Commission or law enforcement agencies). We may disclose data where required to:
comply with law, regulation, court order, or lawful request
enforce our Terms, protect our rights, prevent fraud or security incidents
protect users or the public from harm
Such disclosure may include cooperation in investigations, enforcement of legal rights, or compliance with reporting obligations under applicable laws.
11.4 With Your Consent
We may share data in other situations if you give us explicit consent.
11.5. Public Forums and Interactive Features
If you engage in public forums, reviews, feedback sections, community discussions, or similar interactive areas on our Platform, any information you share may be visible to other users and may be publicly distributed beyond the Platform. You should exercise caution before sharing Personal Data in public areas
11.6. S Opt-Out Rights
If we intend to share your Personal Data in a manner not described in this Policy, you will receive prior notice and have the option to opt out of such sharing. You may also request that we do not share your Personal Data with third parties, although this may affect your ability to access certain services that depend on such third-party integrations. Requests of this nature may be sent to hello@kryptr.co or any other contact address provided under this Policy.
Your Personal Data may be processed outside your country (e.g., where our cloud providers or tools operate). Where Personal Data is transferred to a recipient located outside Nigeria, such transfer shall be carried out in compliance with Sections 41–44 of the Nigeria Data Protection Act 2023. We will ensure that adequate safeguards—such as standard contractual clauses, adequacy decisions, or your explicit consent—are in place to protect your Personal Data Where required, we implement safeguards such as contractual protections and appropriate technical measures to protect your data.
We use appropriate technical and organisational security measures designed to protect your Personal Data, including access controls, encryption in transit (TLS/SSL), secure credential storage, monitoring, and vendor risk controls. However no system is 100% secure. You are responsible for keeping your login credentials confidential and notifying us if you suspect unauthorized account activity.
The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
For users who register on our Website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except that they cannot change their username). Website administrators can also see and edit that information.
Examples:
Account data: retained while your account is active, and for a reasonable period after closure
Learning and assessment records: retained to provide certificates, transcripts, program integrity, and reporting
Placement records: retained for program outcomes tracking and partner reporting (where applicable)
Logs and security records: retained for security and troubleshooting
Backups: may persist for limited periods due to technical cycles
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Website, or we are legally obligated to retain this data for longer periods.
You may request deletion, subject to legal or legitimate retention obligations.
Kryptr shall not be liable for any failure or delay caused by events beyond its reasonable control, including acts of God, government actions, labour disputes, or system failures.
You can ask us to do various things with your Personal Data. For example, at any time, you can ask us for a copy of your Personal Data, ask us to correct mistakes, change the way we use your information, or even delete it. We will either do what you have asked or explain why we cannot - usually because of a legal or regulatory issue.
Depending on your location and applicable law (including NDPA 2023, and where relevant GDPR/CCPA), you have the following rights in relation to our use of your Personal Data as guaranteed under the Data Protection Laws:
request access to your Personal Data
request correction of inaccurate data
request deletion (in certain cases)
object to processing or request restriction
request data portability (where applicable)
withdraw consent (where processing is based on consent)
opt out of marketing communications at any time (unsubscribe link or contact us)
To exercise your rights, contact us using the details below. We may need to verify your identity.
To the extent required by Data Protection Laws, you may be able to request that we inform you about the Personal Data we maintain about you and, where appropriate, withdraw your consent for certain data processing activity and/or request that we update, correct, delete, and/or stop processing your Personal Data.
We will respond to your access requests within a reasonable time and make all required updates and changes within the time specified by the Data Protection Laws.
When permitted by the Data Protection Laws, we may charge an appropriate fee to cover the costs of responding to the request. Where the timeline specified in the Data Protection Laws cannot be met, we will communicate same to you and take steps to notify you where we require an extension.
To exercise your rights, contact us using the details below. We may need to verify your identity.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information which is likely to result in a risk to the rights and freedom of the Data Subjects (as defined under the Data Protection Laws), Kryptr shall within 72 (seventy-two) hours of knowing about such breach, report the details of the breach including describing the nature of the personal data breach, the categories and approximate numbers of data subjects and personal data records concerned to the Commission.
Furthermore, we shall within 7 (seven) days of knowing the occurrence of such breach, take steps to inform the Data Subject of the breach incident, the risk to the rights and freedoms of the Data Subject resulting from such breach and any course of action to remedy said breach
If you receive marketing emails from us, you can opt out at any time by using the unsubscribe link in the email or contacting us at hello@kryptr.co.
You may still receive essential service communications (security alerts, program notifications, policy updates).
We reserve the right to modify, revise, or otherwise amend this Policy at any time and in any manner. We will notify you of any changes by posting the new Policy on our Platform. We may update this Privacy Policy from time to time. If we make material changes, we will post an updated version on this page and may notify you via email or in-platform notice, and/or a prominent notice on our Service, where appropriate, prior to the change becoming effective.
You are advised to review this Policy periodically for any changes. Please note that changes to this Policy are effective when they are posted on this Website. Continued use of the Services after updates means you accept the revised policy
If you have questions, requests, or complaints about this Privacy Policy or how we handle your Personal Data, contact
Email: [legal@kryptr.co]
General: [hello@kryptr.co]
If you are in Nigeria and believe your issue has not been resolved, you may also contact the Nigeria Data Protection Commission (NDPC).
We do not support unsolicited commercial messages. Where required, we obtain consent for marketing and always provide opt-out options.
