Privacy Policy

DataXLive Concepts ("DataXLive", "we", "our", or "us") operates the DataXLive invoice management platform (the "Platform"), a FIRS-compliant e-invoicing solution for Nigerian businesses. This Privacy Policy explains how we collect, use, store, and protect information when you use the Platform.

1. Information We Collect

When you register and use DataXLive, we collect:

• Business information: business name, Tax Identification Number (TIN), address, phone number, email address, bank account details, and business logo.
• User account information: full name, email address, role, and a securely hashed password.
• Client information: names, TINs, addresses, phone numbers, and email addresses of your clients, entered by you for invoicing purposes.
• Transaction data: invoices, credit notes, debit notes, payments, expenses, and other income records that you create on the Platform.
• Usage data: login timestamps, IP addresses, and actions taken on the Platform, recorded in our audit log for security and compliance purposes.

We do not collect National Identification Numbers (NIN), Bank Verification Numbers (BVN), or any other sensitive personal identifiers beyond what is necessary for FIRS-compliant invoicing.

2. How We Use Your Information

• To provide the invoicing, payment tracking, and reporting features of the Platform.
• To generate FIRS-compliant electronic invoices (UBL 2.1 XML) and submit them to the Federal Inland Revenue Service (FIRS) on your behalf when you choose to do so.
• To send invoice and payment receipt notifications to your clients via email, when you initiate this action.
• To maintain an audit trail of account activity for security, compliance, and dispute resolution.
• To communicate with you about your account, platform updates, or support requests.

3. Data Storage and Security

• All data is stored in a PostgreSQL database hosted on Supabase infrastructure (West EU - Ireland region), accessed exclusively over encrypted HTTPS/TLS connections.
• Passwords are hashed using bcrypt and are never stored or transmitted in plain text.
• User sessions are managed via signed JWT tokens with a 24-hour expiry.
• Row Level Security (RLS) is enabled on all database tables, providing database-level isolation between businesses ("tenants") in addition to application-level access controls.
• All significant account actions (logins, invoice creation, edits, FIRS submissions, payments, and data imports) are recorded in a tamper-evident audit log, including the user, timestamp, and IP address.

4. Multi-Tenant Data Isolation

DataXLive is a multi-tenant platform: each registered business operates within its own isolated workspace. Application logic and database-level Row Level Security policies work together to ensure that one business can never access another business's data, including invoices, clients, payments, or reports.

5. Sharing of Information

We do not sell, rent, or trade your information. We share data only in the following circumstances:

• With FIRS: when you submit an invoice for e-invoicing compliance, relevant invoice data is transmitted to FIRS in accordance with Nigerian tax regulations.
• With email delivery providers: when you choose to email an invoice or receipt to your client, the recipient's email address and a secure download link are processed by our email delivery provider (Resend) solely to deliver that message. The invoice PDF itself is not attached to or stored by the email provider — recipients download it directly from DataXLive via a secure link.
• With infrastructure providers: our hosting provider (Render.com) and database provider (Supabase) process data on our behalf under their respective security and privacy commitments, solely to operate the Platform.
• As required by law: where disclosure is required to comply with a legal obligation, court order, or regulatory request from FIRS, NITDA, or another competent Nigerian authority.

6. Data Retention

We retain business, client, and transaction data for as long as your account remains active, and thereafter as required to meet tax record retention obligations under Nigerian law (currently a minimum of six years for tax-related records). Audit logs are retained to support security investigations and regulatory compliance.

7. Your Rights

As a registered user, you have the right to:

• Access the personal and business data we hold about you and your clients.
• Request correction of inaccurate information through your account settings.
• Request export of your data (Excel exports are available for invoices, payments, expenses, and income).
• Request deletion of your account and associated data, subject to statutory tax record retention requirements.
• Withdraw consent for email notifications to clients at any time.

To exercise these rights, contact us at privacy@dataxlive.ng.

8. Cookies and Session Management

DataXLive uses essential cookies only, specifically a secure, HTTP-only session cookie used to keep you logged in. We do not use third-party advertising or tracking cookies.

9. Children's Privacy

DataXLive is a business platform intended for use by adults operating or working within registered businesses. We do not knowingly collect information from individuals under the age of 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will indicate the date of the most recent update at the top of this page.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how your data is handled, please contact:

DataXLive Concepts
Email: privacy@dataxlive.ng
Platform: dataxlive.ng