This Privacy Policy explains how Decipher Media Solutions LTD ("Decipher", "we", "us", "our") collects, uses, stores, and protects your personal data when you visit decipher.ng, submit a project request, contact us, or engage our Systems or Hosting services. We are registered in Lagos, Nigeria and act as the data controller for the personal data described below.
We process personal data in accordance with the Nigeria Data Protection Act 2023 ("NDPA") and the regulations and guidance issued by the Nigeria Data Protection Commission ("NDPC").
1. Who we are
Decipher Media Solutions LTD is a Nigerian private limited company registered with the Corporate Affairs Commission and headquartered in Lagos. For the purposes of the NDPA, Decipher is the data controller of personal data collected through this website and during client engagements.
You can reach us at hello@decipher.ng. For privacy-specific requests, see Contact and complaints below.
2. Data we collect
2.1 Data you give us directly
When you fill in the project request form at decipher.ng/start, contact us by email or WhatsApp, or engage us as a client, we collect:
- Identity data: your name, the name of your business or organisation, your role.
- Contact data: your email address, phone or WhatsApp number.
- Engagement data: the service you are interested in (Systems or Hosting), a description of your project, budget range, timeline, and any context you choose to share in free-text fields.
- Payment data: for signed engagements, we record invoice-level information. We do not store card numbers, bank account numbers, or payment credentials. Payments are processed by our payment providers.
2.2 Data we collect automatically
When you visit the website or submit a form, our servers and security tooling record:
- Technical data: your IP address, browser type and version, device and operating system, referring URL, pages visited, and timestamps.
- Security data: bot-protection signals from Google reCAPTCHA v3 (a score indicating the likelihood that a submission is automated). We do not receive your interactions with Google services; Google does.
- Rate-limit data: hashed IP-based counters used to prevent form abuse.
2.3 Data we do not collect
We do not knowingly collect sensitive personal data such as health information, religion, ethnic origin, political opinions, biometric data, or financial account credentials through this website. If you believe you have submitted such data to us in error, contact us and we will delete it.
3. Why we collect it
We process your personal data for specific, stated purposes:
- To respond to your enquiry: replying to project requests, quoting, and proposing a scope.
- To deliver services: providing the Systems or Hosting services you engage us for.
- To operate and secure the website: keeping the site online, preventing spam and fraud, investigating abuse.
- To meet legal and tax obligations: issuing invoices, recording VAT, responding to lawful requests from authorities, and retaining records as required by Nigerian law.
- To improve our services: understanding which pages are visited and how forms perform, in aggregate. We do not build behavioural profiles of individual visitors.
4. Lawful basis
Under the NDPA, every act of processing personal data must rest on a lawful basis. Ours are:
- Consent. Where you voluntarily submit a project request form or subscribe to our communications. You may withdraw consent at any time.
- Performance of a contract. Where you engage us under a Master Services Agreement, Service Addendum, or Scope Document, and we need to process data to deliver.
- Legitimate interest. To operate and secure our website (e.g. spam filtering, rate-limiting), follow up on enquiries you initiated, and maintain business records. Our legitimate interests are balanced against your rights; you may object at any time.
- Legal obligation. To retain invoices, tax records, and other statutory information for the periods required by Nigerian law.
5. Who we share it with
We do not sell personal data. We share it only with a small, disclosed set of processors and partners strictly for the purposes above:
| Recipient |
Purpose |
Data shared |
| Zoho Corporation |
Business email hosting and transactional email delivery |
Name, email, message content |
| Google LLC (reCAPTCHA v3) |
Bot and abuse protection on forms |
IP address, browser signals (collected directly by Google) |
| Cloudflare, Inc. |
Content delivery, DDoS protection, DNS |
IP address, request metadata |
| Our hosting infrastructure |
Storage and serving of the website and application logs |
All data collected as described above |
| Our payment providers |
Processing payments for engagements (Korapay, Paystack, Flutterwave where applicable) |
Invoice-level identifiers only; card data is handled by the provider |
| Professional advisers |
Legal, tax, and accounting advice |
Only where necessary and under confidentiality |
| Law enforcement or regulators |
Where required by Nigerian law or valid legal process |
Strictly limited to what is required |
All processors are bound by contract or applicable law to process your data only on our instructions and to keep it secure.
6. How long we keep it
We keep personal data only as long as necessary for the purpose it was collected, unless a longer period is required by law.
- Project enquiries that do not become engagements: up to 24 months from last contact, then deleted or anonymised.
- Signed engagements: for the duration of the engagement plus 7 years after completion, to meet Nigerian tax and company record-keeping obligations.
- Security and rate-limit logs: up to 90 days.
- Backups: data in backups is retained for up to 90 days after the primary record is deleted and is not actively processed.
7. How we protect it
We use reasonable organisational and technical measures to protect personal data, including:
- HTTPS/TLS on all public pages and forms.
- Form-level protections: rate limiting, anti-spam honeypots, CSRF tokens, reCAPTCHA v3 bot scoring, input validation.
- Access controls on admin systems with strong authentication and principle of least privilege.
- Encrypted, off-server backups of client systems.
- Security hardening of our infrastructure (firewall, intrusion detection, automated updates).
- Written confidentiality obligations for everyone on the Decipher team and every subcontractor.
No system can be guaranteed secure. In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the NDPC and affected individuals in line with our obligations under the NDPA.
8. International transfers
Some of our processors (for example, Zoho, Google, Cloudflare) host data outside Nigeria. Where this happens, we rely on:
- Adequacy decisions issued under the NDPA where applicable; or
- Appropriate contractual safeguards, including standard data protection clauses, that place equivalent obligations on the recipient; or
- Your explicit consent where no other lawful basis is available.
You can request a description of the safeguards applied by writing to us at hello@decipher.ng.
9. Your rights
Under the NDPA you have the right to:
- Be informed about how your data is processed (that is what this policy is for).
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Erase data where it is no longer needed, you withdraw consent, or you object and no overriding legitimate basis exists.
- Restrict processing in certain circumstances.
- Object to processing based on legitimate interests or for direct marketing.
- Portability. Receive data you provided to us in a structured, commonly used, machine-readable format.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with the Nigeria Data Protection Commission.
To exercise any of these rights, email us at hello@decipher.ng with the subject line "Data Subject Request". We will respond within 30 days, and may ask you for information that helps us verify your identity before we act.
10. Cookies and tracking
Our site uses a minimal set of cookies:
- Strictly necessary cookies: session cookies that keep forms working and security checks in place.
- Functional cookies: a small preference cookie to remember whether you chose dark or light theme.
- Third-party cookies: Google reCAPTCHA v3 sets cookies required for bot detection. If you decline reCAPTCHA, forms will not submit.
We do not use advertising cookies, cross-site tracking pixels, retargeting, or session replay.
You can control cookies through your browser settings. Blocking strictly necessary cookies may prevent the site from working correctly.
11. Children
Our services are directed at businesses and professional users. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has submitted data to us, contact us and we will delete it.
12. Changes to this policy
We update this policy when our practices change or when the law requires. The version number and effective date at the top of this page indicate when it was last revised. Material changes will be notified on the homepage or by email to active engagements.
For any question about this policy, a data subject request, or a privacy concern:
If you believe we have not handled your personal data in accordance with the NDPA, you can lodge a complaint with the
Nigeria Data Protection Commission at
ndpc.gov.ng. We would also appreciate the chance to address your concern directly first.
