Privacy Policy

How TapXora handles personal data.

This policy explains how TapXora collects, uses, stores, protects and discloses personal data when people use our website, contact us, or interact with QR, NFC and guest-facing digital experiences we operate or support.

Effective date: May 31, 2026 Applies to website, inquiries and service delivery

1. Scope and who we are

TapXora provides QR code solutions, NFC touchpoints, guest-facing digital pages, event portals and related digitalization services for hotels, restaurants, bars, lounges, events and other customer-facing businesses.

This policy applies to personal data processed through:

  • our public website and contact channels;
  • lead-generation and inquiry forms;
  • communications with prospects, clients, vendors and partners;
  • digital experiences hosted, operated or maintained directly by TapXora; and
  • project delivery, support and account-management activities.

This policy does not automatically replace any separate privacy notice that may apply to a client’s own website, event portal, reservation flow or customer system. In some projects, TapXora acts only as a service provider or data processor on a client’s instructions.

2. The types of data we collect

The exact information we collect depends on how you interact with us. Common categories include the following:

Category Examples Typical source
Identity and contact data Name, phone number, email address, company or event name, job title Contact forms, WhatsApp, calls, email, proposals
Project and inquiry data Venue type, service interest, timeline, business needs, briefing notes, approvals Client communications and service requests
Usage and device data IP address, browser type, device information, basic interaction logs, timestamps Website hosting, analytics or technical logs
Hosted experience data Data submitted through QR pages, NFC-linked pages, event portals or guest forms that we host End users of the hosted experience
Transaction and commercial data Quotes, invoices, payment status, engagement records Contracting and account administration

We do not intentionally collect more personal data than we reasonably need for our services, communications, compliance or business operations.

3. How we use personal data

We may use personal data to:

  • respond to inquiries, quote requests and support messages;
  • plan, design, deploy, host, maintain or improve our services;
  • operate QR code pages, NFC-linked pages, event portals or digital access tools;
  • communicate about proposals, projects, billing, maintenance and account matters;
  • verify service integrity, troubleshoot faults and maintain security;
  • keep internal records of client instructions, approvals and deliverables;
  • comply with legal, regulatory, tax, audit or enforcement requirements; and
  • analyze performance in a limited and business-relevant way, such as understanding which service pages are receiving interest.

We do not use personal data for unlawful profiling, hidden resale, or unrelated exploitation.

4. Lawful bases for processing

Where applicable under the Nigeria Data Protection Act, 2023 and other relevant law, TapXora relies on one or more lawful bases for processing personal data, including:

  • consent where you voluntarily submit information or opt into a specific activity;
  • contract where processing is necessary to provide requested services, prepare proposals or manage client engagements;
  • legitimate interests where reasonably necessary to run and protect our business, respond to inquiries, improve service delivery or prevent abuse, provided those interests do not override your rights; and
  • legal obligation where we must keep records, respond to lawful requests or meet regulatory duties.

5. Client-hosted projects and TapXora’s role

For some hosted pages, guest portals, QR destinations or NFC-linked experiences, TapXora may process personal data on behalf of a client. In those cases, the client may be the primary data controller and TapXora may act as a processor or technical service provider.

If you use a client-branded portal or page that was built or hosted by TapXora, we may process information only to the extent necessary to host, secure, support or improve the specific service, and usually under the client’s instructions or service agreement.

Where a client provides its own privacy notice or event-specific notice, that notice should also be reviewed because it may explain the client’s purpose for collecting your information.

6. When we share or disclose data

We may disclose personal data only where reasonably necessary, including to:

  • hosting, infrastructure, email, messaging, analytics or technical support providers who help us operate our services;
  • payment, invoicing or accounting providers for business administration;
  • professional advisers such as lawyers, auditors or insurers where required for legitimate business needs;
  • regulators, law enforcement or public authorities where disclosure is legally required or reasonably necessary to protect rights, safety or property; and
  • buyers, investors or transaction counterparties in a merger, restructuring or sale, subject to appropriate confidentiality protections.

We do not sell personal data. We do not rent personal data. We do not trade lists of personal data to advertisers or data brokers.

7. Cookies, analytics and technical logs

Our website or hosted pages may use limited cookies, similar technologies or server logs for basic functionality, security, performance measurement and troubleshooting. These tools may help us understand page visits, device types, service reliability or abnormal activity.

We do not use cookies or analytics as a pretext to secretly sell personal data. Where cookies are used, we aim to keep them proportionate to the purpose of the site and the services being delivered.

Third-party tools may also place their own cookies or collect diagnostics in accordance with their own policies. Those third parties are responsible for their own processing practices.

8. Data retention, security and transfers

Retention

We keep personal data only for as long as reasonably necessary for the purpose it was collected, including service delivery, records management, legal compliance, dispute handling, billing, audit and security. Where we no longer need the data, we aim to delete, anonymize or securely archive it, subject to legal and operational requirements.

Security

We use commercially reasonable administrative, technical and organizational safeguards appropriate to the nature of our business. These may include access controls, account protection, limited permissions, monitoring, secure hosting choices and internal handling controls. However, no system can guarantee absolute security.

Cross-border processing

Some hosting, communication or support providers may process data outside Nigeria. Where this occurs, we aim to use reasonable contractual, organizational or technical safeguards appropriate to the transfer and the sensitivity of the information involved.

9. Your rights

Subject to applicable law, you may have rights to request access to personal data we hold about you, correction of inaccurate information, deletion, restriction, objection, withdrawal of consent where consent is the basis of processing, and in some cases portability.

You may also have the right to complain to the Nigeria Data Protection Commission if you believe your privacy rights have been violated.

To help protect privacy and security, we may request information to verify identity before fulfilling certain requests. Some requests may be limited where exceptions apply, including legal, security, contractual or technical constraints.

10. Children’s data and sensitive data

TapXora’s website and services are generally intended for businesses, event organizers and adult users. We do not knowingly target children with our website or intentionally collect children’s personal data except where a client’s lawful event or service context requires it and appropriate responsibility sits with the client or guardian.

We ask users and clients not to submit sensitive personal data unless it is clearly necessary, lawful and agreed for the relevant service.

11. Third-party links and client environments

Our website or hosted experiences may link to client pages, social media platforms, maps, payment providers, messaging tools or other third-party services. We are not responsible for the privacy practices of those third parties. Their own terms and privacy policies will govern their platforms.

12. Policy updates

We may update this policy from time to time to reflect business changes, legal developments, new services or technical changes. The updated version will be posted on this page with a revised effective date where appropriate.

13. Contact and complaints

If you have questions, requests or concerns about this policy or about how TapXora handles personal data, please contact us at:

If you are dissatisfied with our response and applicable law gives you that right, you may lodge a complaint with the Nigeria Data Protection Commission.