Skip to content
SabiBooks SabiBooks
Start Free

DRAFT -- This privacy policy is under professional legal review and will be finalized before public launch. Last updated: March 2026.

Privacy Policy

Last updated: March 2026

1. Data Controller

SabiBooks Technology Ltd ("SabiBooks", "we", "our", "us") is the data controller responsible for your personal data. We are registered in Lagos, Nigeria and are committed to protecting the privacy of our users.

2. NDPR Compliance

This privacy policy is issued in compliance with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023. We process personal data lawfully, fairly, and in a transparent manner. We are committed to implementing appropriate technical and organizational measures to protect your data.

3. What Data We Collect

We collect the following categories of personal data when you use SabiBooks:

  • Email address -- Your primary identifier for account creation and authentication via OTP or Google Sign-In
  • Phone number -- Collected for identification purposes
  • Business information -- Business name, type, address, and CAC registration number (if provided)
  • Transaction data -- Sales records, inventory data, expense records, and customer credit information you enter into the platform
  • Customer records -- Information about your customers that you store in SabiBooks (names, phone numbers, credit balances)
  • Device information -- Device type, operating system, browser version, and IP address for security and fraud prevention
  • Usage data -- How you interact with the platform, features used, and error reports

4. How We Use Your Data

We use the data we collect to:

  • Provide and improve our services -- Deliver the SabiBooks platform, process your business transactions, and improve features
  • Authenticate your identity -- Verify your email via OTP or Google Sign-In for secure access
  • Process transactions -- Facilitate POS payments, generate receipts, and reconcile transactions
  • Detect and prevent fraud -- Monitor for suspicious activity, unauthorized access, and abuse
  • Comply with regulations -- Meet requirements set by the Central Bank of Nigeria (CBN), FIRS, and other regulatory bodies
  • Communicate with you -- Send service notifications, security alerts, and (with your consent) product updates via SMS or WhatsApp

5. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Consent -- When you register for a SabiBooks account, you consent to the collection and processing of your data as described in this policy
  • Legitimate interest -- For security monitoring, fraud prevention, and platform improvement
  • Legal obligation -- To comply with CBN regulations, anti-money laundering requirements, tax reporting obligations (FIRS), and other applicable Nigerian laws
  • Contractual necessity -- To deliver the services you signed up for

6. Data Retention

  • Active accounts -- Your data is retained for as long as your account remains active
  • Deleted accounts -- After account deletion, we retain your data for 90 days to allow recovery and to comply with CBN regulatory requirements
  • Transaction records -- Financial transaction records are retained for a minimum of 5 years as required by CBN regulations and FIRS tax record requirements
  • Security logs -- Authentication and security event logs are retained for 12 months

7. Third-Party Data Sharing

We share your data with the following categories of third parties, only as necessary to provide our services:

  • Payment processors -- Moniepoint and Paystack process POS and online payments on your behalf. They receive only the data necessary to complete transactions
  • Email providers -- Resend delivers OTP verification codes and service notifications to your email address
  • Identity providers -- Google provides authentication via Google Sign-In (only when you choose to sign in with Google)
  • Error monitoring -- Sentry receives anonymized crash reports and performance data to help us fix issues. No personally identifiable information is sent
  • Cloud infrastructure -- Our hosting providers process data on our behalf under strict data processing agreements

We never sell your personal data. We do not share your data with advertisers or data brokers.

8. Data Subject Rights

Under the NDPR and NDPA, you have the right to:

  • Access -- Request a copy of the personal data we hold about you
  • Correction -- Request correction of inaccurate or incomplete personal data
  • Deletion -- Request deletion of your personal data, subject to regulatory retention requirements (see Section 6)
  • Data portability -- Export your business data in a machine-readable format
  • Objection -- Object to processing of your personal data for direct marketing purposes
  • Restriction -- Request restriction of processing in certain circumstances

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data at rest and in transit (TLS 1.2+)
  • JWT-based authentication with short-lived access tokens
  • Multi-tenancy isolation ensuring each business can only access its own data
  • Regular security assessments and vulnerability testing
  • Access controls and audit logging for administrative operations

10. Cookies and Local Storage

SabiBooks uses minimal cookies, limited to session management and authentication state. We do not use advertising or tracking cookies. For full details, see our Cookie Policy.

11. Children's Privacy

SabiBooks is a business management tool designed for adults. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us at [email protected].

12. International Data Transfers

Your data may be processed on servers located outside Nigeria for cloud hosting and infrastructure purposes. Where this occurs, we ensure appropriate safeguards are in place, including data processing agreements that comply with the NDPR and NDPA requirements for cross-border data transfers.

13. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will notify you via SMS, WhatsApp, and in-app notification at least 14 days before the changes take effect. Your continued use of SabiBooks after changes take effect constitutes acceptance of the updated policy.

14. Contact the Data Protection Officer

If you have questions about this privacy policy or how we handle your data, contact our Data Protection Officer:

If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).