Privacy Policy

WHO WE ARE

We are Ark Frontier Limited ("Ark Frontier", "ARK", "we", "us" or "our"). We process your personal data when you access and use our inventory, warehousing, procurement, fulfilment and shipment management application ("Platform" or "Service"), whether via web or any other interface we provide.

If you have any questions about how we collect, use or share your data, please contact Ark Frontier Limited at info@storeatark.com, or on our social media at @storeatark.

When we collect and process your personal data, we are regulated under the Nigeria Data Protection Act, 2023 ("NDPA") and any other applicable data protection legislation.

WHAT IS THE PURPOSE OF THIS POLICY?

We are committed to protecting the privacy of our customers and users. This Privacy Policy explains, in clear terms:

  • what personal data we collect,
  • how and why we use it,
  • who we share it with,
  • how long we keep it, and
  • the rights you have in relation to your personal data.

This Policy applies when you:

  • act as an Authorised User of a customer account (e.g. staff, Warehouse Manager, Manager, Admin),
  • use our Platform in connection with your organisation's inventory, procurement, fulfilment or shipment workflows, or
  • otherwise interact with us (for example, by contacting support).

THE PERSONAL DATA WE COLLECT

We collect personal data in two main ways:

  • Information you provide directly, and
  • Information we collect automatically when you use the Platform.

Information You Provide to Ark Frontier

Depending on how you use ARK, we may collect the following categories of data you provide to us or that your organisation configures into the Platform.

(a) Account and Contact Data

When you register or are invited to use ARK, we will collect your:

  • first name and last name;
  • email address;
  • phone number;
  • your role or title (e.g. Staff, Manager, Warehouse Manager, Admin);
  • the organisation or customer account you are linked to.

This allows us to create and manage your user account and to associate you with the correct customer.

(b) Credentials and Authentication Data

To enable secure access to the Platform, we collect:

  • username or login identifier;
  • password;
  • in the case of Single Sign-On (SSO), identity provider identifiers (such as SSO username/UPN, email, and tokens issued by your organisation's identity provider).

Your organisation may also configure role-based access controls, assigning you certain permissions within the Platform.

(c) Operational Data Entered by Customers

Customers use ARK to store and manage operational information, which may contain personal data. This may include:

  • Staff data: names, emails, phone numbers and roles of your internal staff involved in inventory, procurement, warehousing, logistics and finance.
  • Supplier and vendor contacts: names, emails, phone numbers and role descriptions of supplier staff.
  • Shipment and logistics data: sender names, recipient names, addresses, phone numbers and other contact details associated with shipments or deliveries created through ARK; shipment descriptions, values and references that may refer to individuals.
  • Scan logs: user identifiers, timestamps, warehouse locations and codes scanned during intake and dispatch workflows.
  • Documents for compliance: uploaded Standard Operating Procedures (SOPs), contracts, policies or other documents, which may contain names, signatures and contact details of individuals.

In these cases, our customer is responsible for ensuring they have a lawful basis to input such data, and we process it on their instructions.

(d) Payment and Billing Data

For subscription and shipment-related payments processed via integrated payment providers, we may receive limited payment-related information, including:

  • name of the payer or billing contact;
  • transaction reference or ID;
  • payment method type (e.g. card, transfer);
  • transaction status and amount.

We do not store full payment card details; these are handled by the payment provider.

(e) Communications Data

If you contact us or we communicate with you, we may process:

  • email messages and support tickets;
  • records of in-app support conversations;
  • the fact and content of your communications (questions, feedback, complaints).

(f) Marketing and Preference Data

When you sign up to receive updates from Ark Frontier, we may collect:

  • your contact details;
  • your marketing preferences;
  • information about your engagement with our marketing (such as email opens or link clicks), where permissible.

Information We Collect Automatically

When you use the Platform, Ark Frontier and its service providers may automatically collect certain information using logs, cookies and similar technologies.

(a) Log and Security Data

Our servers may automatically record:

  • IP address;
  • device and browser type;
  • operating system and version;
  • login timestamps;
  • authentication success and failure events;
  • error logs and system events.

We use this to operate, secure and troubleshoot the Platform.

(b) Technical Data

We may collect:

  • device identifiers;
  • browser plug-in types and versions;
  • information about how your device interacts with our Platform.

(c) Usage and Analytics Data

We may collect data about how you use the Platform, for example:

  • which services you access (e.g. Inventory, Purchases, Shipments, Administration);
  • actions taken (such as creating a purchase request, approving a purchase order, scanning a code, uploading a document);
  • pages and screens viewed;
  • feature usage patterns and configuration choices.

This helps us understand how the Platform is used and where improvements are needed.

(d) Operational Logs and Scan Data

In connection with intake and dispatch workflows, and other operational actions, we may collect:

  • user ID or username;
  • timestamps of scans and actions;
  • associated warehouse or fulfilment centre;
  • request or document references (e.g. purchase order, transfer ID);
  • whether the scan was successful or rejected (e.g. duplicate or out-of-scope).

(e) Cookies and Similar Technologies

Some of the data we collect automatically is facilitated by cookies and similar technologies. Cookies help us:

  • keep you logged in and maintain your session;
  • remember your preferences;
  • understand how the Platform is used.

Sensitive Data

Ark Frontier does not seek to collect sensitive personal data (such as health data, religious beliefs, or biometric identifiers) through the Platform.

However, customers may occasionally upload documents or photos (for example, proof-of-delivery photos or scanned contracts) that incidentally contain such information. In such cases, the customer is responsible for ensuring they have a lawful basis to process that data and that it is appropriate to upload it into the Platform.

Children Data

ARK is a business-to-business (B2B) platform and is not directed at children. We do not knowingly collect personal data relating to children under 18 years of age, and customers should not input such data into the Platform. If we become aware that we have unintentionally processed children's personal data, we will take appropriate steps to delete it.

HOW WE USE YOUR PERSONAL DATA

We use personal data for the following purposes:

(a) To Set Up and Administer Accounts

  • creating and managing customer accounts and user profiles;
  • onboarding new users and organisations;
  • configuring roles, permissions and access to the Platform.

(b) To Provide and Operate the ARK Platform

  • enabling you and your Authorised Users to use the Platform's services, including inventory management, purchases, fulfilment, stock transfers, shipments, dashboards, and notifications;
  • maintaining audit trails and activity logs so that you can see who performed which actions, and when;
  • facilitating integrations with third-party services such as identity providers, payment processors and shipping platforms (for example, Active Directory SSO, Paystack, Shipbubble and couriers).

(c) To Authenticate Users and Maintain Security

  • verifying login attempts, including via SSO;
  • monitoring access and use for suspicious or fraudulent activity;
  • enforcing access controls and role-based permissions;
  • detecting, investigating and preventing security incidents and misuse.

(d) To Process Payments and Manage Subscriptions

  • processing subscription fees and transaction-based charges;
  • processing shipping payments where applicable;
  • issuing invoices and receipts;
  • maintaining accounting and financial records.

(e) To Communicate With You

  • sending service and transactional communications (for example, verification emails, notifications of subscription status, system alerts);
  • responding to queries, incidents and support requests;
  • sending notifications about changes to the Platform or to these Terms or this Policy.

(f) To Improve and Develop the Platform

  • analysing usage and performance data to understand how features are used;
  • diagnosing problems and optimising performance;
  • developing new features and improving user experience.

(g) Legal and Regulatory Compliance

  • complying with applicable laws, regulations and court orders;
  • responding to lawful requests from regulators or law enforcement;
  • enforcing our agreements and protecting our rights, property and safety, and those of our users and third parties.

(h) Marketing

  • sending information about updates, features or services that may be relevant to our existing or prospective customers;
  • managing marketing preferences and opt-outs.

We do not sell your personal data.

LEGAL BASIS FOR THE PROCESSING OF USERS' DATA

We process personal data on one or more of the following legal bases under the NDPA and similar data protection laws.

Performance of a Contract

We process your personal data where it is necessary to enter into or perform a contract with you or with the customer you represent. This includes:

  • creating and maintaining your ARK user account;
  • enabling you to access and use core Platform functions (inventory, purchases, fulfilment, shipments, dashboards, notifications);
  • processing subscription and shipment-related payments;
  • managing your organisation's subscription, plan and usage;
  • providing customer support and resolving issues;
  • sending essential service communications (for example, verification emails, password reset links, important operational notifications).

Compliance With Legal Obligations

We process certain personal data to meet our legal and regulatory obligations, which may include:

  • maintaining appropriate business, tax, accounting, and financial records;
  • complying with anti-fraud, anti-money laundering and sanctions requirements where applicable;
  • responding to lawful requests from regulators, law enforcement or other competent authorities;
  • complying with data protection and information security obligations.

Legitimate Interests

We process personal data where it is necessary for our legitimate interests or those of a third party, and where those interests are not overridden by your rights and freedoms. These legitimate interests include:

  • ensuring the security, integrity and availability of the Platform;
  • monitoring and preventing unauthorised access, misuse, fraud or abuse;
  • maintaining audit trails, logs and records that support compliance, dispute resolution and internal governance;
  • understanding how the Platform is used so we can improve functionality, performance and usability;
  • supporting users, and obtaining feedback to improve our services;
  • managing relationships with our customers and prospective customers;
  • sending communications about updates or improvements to existing services.

Consent

In limited cases, we rely on your consent, for example:

  • sending certain types of marketing communications, where consent is required;
  • using non-essential cookies or similar technologies for analytics or personalisation, where consent is required.

Where processing is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing prior to withdrawal.

WHO WE SHARE YOUR PERSONAL DATA WITH

We treat your data with care and do not sell your personal data. We may share personal data with the following categories of recipients, only as necessary and subject to appropriate safeguards:

(a) Service Providers

We use trusted third-party service providers to help us deliver the Platform. These may include:

  • Cloud hosting and infrastructure providers who host our application and databases;
  • Email and notification providers used to send verification emails, alerts and other communications;
  • Payment processors (such as Paystack) for subscription and shipping payments;
  • Shipping and logistics integration providers (such as Shipbubble and downstream couriers) to enable shipment creation, tracking and status updates;
  • Analytics, monitoring and logging services to help us understand performance and detect issues.

These providers are contractually required to process personal data only on our instructions and to apply appropriate security measures.

(b) Legal and Regulatory Authorities

We may disclose personal data:

  • where required to do so by law, regulation, court order or other lawful request;
  • where necessary to establish, exercise or defend legal claims;
  • where necessary to protect our rights, property or safety, or those of our users or the public.

DATA RETENTION

Ark Frontier will only retain your personal data for as long as reasonably necessary to fulfil the purposes the data was collected, including the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we will consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which the data is to be processed and whether the purposes can be achieved through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

When we no longer require the personal data we have collected about you, we may either delete it or de-identify, aggregate or anonymise it. If we de-identify, aggregate or anonymise your personal data (so that it can no longer be associated with you), we may use the anonymised data indefinitely without further notice to you.

YOUR RIGHTS

Subject to certain conditions and exceptions under applicable law, you have the following rights in relation to your personal data:

  • Right of access: You have the right to ask us for copies of your personal data.
  • Right to rectification: You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Right to erasure: You have the right to ask us to erase your personal data in certain circumstances.
  • Right to restriction of processing: You have the right to ask us to restrict the processing of your personal data in certain circumstances.
  • Right to object to processing: You have the right to object to the processing of your personal data in certain circumstances.
  • Right to data portability: You have the right to ask that we transfer the personal data you provided us to another organisation.
  • Right to withdraw consent at any time: Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Exercising These Rights

You may submit these requests by email to info@storeatark.com. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal data). If we reject any request you may make (whether in whole or in part), we will let you know our grounds for doing so at the time, subject to any legal restrictions.

Your Right to Lodge a Complaint with the Nigeria Data Protection Commission

In addition to your rights outlined above, if you are not satisfied with our response to a request you made, or how we process your personal data, you can make a complaint to the Nigeria Data Protection Commission by mail to info@ndpc.gov.ng or a letter addressed to No.12 Dr. Clement Isong Street, Abuja.

We would, however, appreciate the chance to deal with your concerns first, so we encourage you to contact us in the first instance.

HOW DO WE PROTECT YOUR PERSONAL DATA?

We have adopted appropriate technical and organisational measures to secure your personal data as required by law. Our security systems are designed to prevent the loss, unauthorised destruction, damage, and/or access to your personal data from unauthorised third parties. Some of our security measures include physical access controls to our premises, cybersecurity controls, and information access authorisation controls.

While we are dedicated to securing our systems and services, you are responsible for securing and maintaining the privacy of your password(s) and account/profile registration information and verifying that the personal data we maintain about you is accurate and up to date.

We will duly inform you of any breaches that may threaten the security and confidentiality of your personal data.

UPDATES TO THIS PRIVACY POLICY

We understand that things change, so we will continue to review the effectiveness of this policy and make sure it is achieving its goals. We might update the policy from time to time, and we will post the most recent version on this page. If we make a change to this policy that we consider material, we will notify you.