Privacy Policy

Privacy Policy

Effective Date: 11 December 2021  ·  Last Updated: 1 April 2026

1. Introduction

Welcome to Descasio (“we,” “our,” or “us”). Descasio Limited is a premier cloud, data, and AI solutions company operating primarily in Nigeria and expanding globally. We provide system integration, AI services, and our proprietary data platform, DataHub, designed to collect, process, and store personal and enterprise data securely.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (https://www.descasio.io) or use our services, platforms, and applications (collectively, the “Services”). We are committed to protecting your privacy and ensuring that your personal data is handled in compliance with applicable data protection laws, including the Nigeria Data Protection Regulation (NDPR), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

2. Our Role: Data Controller vs. Data Processor

In the context of our Services, our role regarding your personal data depends on the nature of our relationship:

  • Data Controller: We act as a Data Controller for our platform users. This means we determine the purposes and means of processing personal data collected directly from individuals who visit our website, register for our Services, or communicate with us.
  • Data Processor: We act as a Data Processor for client data within our platforms, including DataHub. When enterprise clients use our Services to process their own customers’ or employees’ data, we process that data strictly on behalf of and under the instructions of the client (the Data Controller).

3. Information We Collect

We collect information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). The types of Personal Information we collect include:

3.1 Information You Provide to Us

  • Contact Information: Name, email address, phone number, and postal address.
  • Account Credentials: Usernames, passwords, and security questions.
  • Business Information: Company name, job title, and professional details.
  • Communications: Records of your correspondence with us, including support requests and feedback.

3.2 Information Collected Automatically

  • Device and Usage Data: IP addresses, browser types, operating systems, referring URLs, and interaction data with our Services.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies for authentication, session management, analytics (e.g., Google Analytics), and marketing (e.g., Meta Pixel).

3.3 Information from Third Parties

  • Authentication Services: If you choose to sign in via OAuth (e.g., Google, Microsoft, Apple), we receive basic profile information from these providers.
  • Integrations: Data obtained through integrations with third-party services (e.g., Google Calendar, Gmail, Microsoft Outlook, Teams) as authorized by you or your organization.

4. How We Use Your Information

We use the collected information for various purposes, including:

  • Service Delivery: To provide, operate, and maintain our Services, including cloud infrastructure and AI solutions.
  • Authentication and Security: To verify your identity, manage sessions, and protect against unauthorized access or fraudulent activities.
  • Communication: To send administrative notices, updates, security alerts, and support messages.
  • Analytics and Improvement: To analyze usage trends, monitor platform performance, and enhance our service offerings.
  • Marketing: To provide you with news, special offers, and general information about other goods, services, and events we offer, subject to your consent where required.

4.1 AI and Data Usage

We leverage artificial intelligence to provide automation, insights, and workflow optimization. However, we maintain strict boundaries regarding the use of your data:

  • No Unauthorized Training: We do not use customer data to train generalized AI models without explicit consent.
  • Confidentiality: AI processing is conducted in a manner that strictly preserves user confidentiality and client ownership rights.

5. Legal Bases for Processing (GDPR Compliance)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), our legal basis for collecting and using your Personal Information depends on the context:

  • Performance of a Contract: Processing is necessary to fulfill our contractual obligations to you.
  • Legitimate Interests: Processing is necessary for our legitimate business interests, provided they are not overridden by your data protection rights.
  • Consent: You have given us explicit consent to process your data for specific purposes.
  • Legal Obligation: Processing is necessary to comply with applicable laws and regulations.

6. Data Sharing and Disclosure

We do not sell your Personal Information. We may share your data with third parties only in the following circumstances:

  • Service Providers: We engage trusted third-party vendors to assist in providing our Services, such as cloud hosting (e.g., AWS), payment processing (e.g., Paystack), and analytics. These providers are bound by strict confidentiality agreements.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred as part of the transaction.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities.

7. International Data Transfers

As a company operating initially in Nigeria and expanding globally, your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or reliance on adequacy decisions, to guarantee that your data receives a level of protection consistent with NDPR, GDPR, and CCPA standards.

8. Data Retention

We retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies. Client data processed by us as a Data Processor is retained in accordance with the client’s instructions and our Master Services Agreement.

9. Security Measures

We implement robust, enterprise-grade technical and organizational measures to secure your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Our security framework includes encryption, access controls, regular security assessments, and compliance with industry standards. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

10. Your Privacy Rights

Depending on your location, you may have the following rights regarding your Personal Information under NDPR, GDPR, or CCPA:

  • Right to Access: You can request copies of your Personal Information.
  • Right to Rectification: You can request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure (Right to be Forgotten): You can request that we erase your Personal Information, under certain conditions.
  • Right to Restrict Processing: You can request that we restrict the processing of your Personal Information, under certain conditions.
  • Right to Object to Processing: You can object to our processing of your Personal Information, under certain conditions.
  • Right to Data Portability: You can request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • Right to Opt-Out (CCPA): California residents have the right to opt-out of the sale of their personal information. (Note: We do not sell personal information).

To exercise any of these rights, please contact our Data Protection Officer using the details provided below.

11. Children’s Privacy

Our Services are not intended for use by children under the age of 18. We do not knowingly collect personally identifiable information from children. If you become aware that a child has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child without verification of parental consent, we take steps to remove that information from our servers.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact our Data Protection Officer:

Descasio Limited
Email: dpo@descasio.io
Address: 3/5 Boyle Street. 2nd Floor. Onikan, Lagos Island
Phone: +234-1-912-5048