1. Our commitment

At Pine we protect the privacy, confidentiality and integrity of personal and financial information processed through our accounting platform. This policy explains the data we collect, why we collect it, how we secure it, and the rights available to you under the Nigeria Data Protection Act 2023 (NDPA) and related NDPC guidance.

2. Who this applies to

This policy applies to:

All users of Pine (businesses, accountants, employees, and partners).
All staff, contractors and third parties with access to Pine data.
All systems, integrations and storage that process Pine data (cloud or on-premise).

3. What we collect

Depending on your use of our service we may collect:

Personal information: names, contact details, business registration details, login credentials.
Financial information: invoices, transactions, payroll, tax records, bank details (tokenized/masked for display).
Technical data: IP address, device/browser details, access logs and usage metrics.
Billing data: subscription and payment information.

4. Why we process data

We process data to:

Deliver accounting, payroll and reporting services.
Meet contractual and legal obligations (tax, audits, regulatory reporting).
Protect the platform from fraud and abuse, and to improve our product.
Communicate service notices and, with consent, marketing communications.

5. Legal bases

We rely on lawful bases under NDPA including:

Contract performance (e.g. subscription).
Legal compliance (tax and financial reporting obligations).
Consent (where required).
Legitimate interests (security, continuous improvement) balanced against data subject rights.

6. Data subject rights

You have rights under Nigerian law, including the right to:

Access the personal data we hold about you.
Request correction, deletion, restriction or portability of your data.
Withdraw consent where consent is the lawful basis.
Object to certain processing activities.

To exercise any right contact our Data Protection Officer (DPO) — contact details are in the contact panel.

7. Security & technical measures

We protect data using best‑practice controls tailored for financial systems:

Strong encryption at rest and in transit (TLS/HTTPS).
Role-based access controls and least-privilege permissions.
Multi-factor authentication for privileged accounts.
Regular backups, vulnerability scans, penetration tests and secure development practices.

8. Payroll & sensitive financial data

Payroll data, bank account numbers and payslips are treated as highly confidential. We apply additional safeguards:

Payslips and payroll exports are encrypted; when emailed we use secure links or encrypted attachments.
Bank details are tokenized or masked in the UI, and stored using strong encryption.
Access to payroll functions is restricted to roles explicitly granted by account administrators.

9. Third parties & processors

We work with trusted third-party providers (hosting, payment processors, email delivery). We:

Only use processors that meet security and confidentiality standards.
Execute Data Processing Agreements (DPAs) with all processors.
Regularly review and audit key processor safeguards.

10. Cross‑border transfers

When data is transferred outside Nigeria we ensure compliance with NDPA requirements by:

Transferring to jurisdictions with adequate protection; or
Using contractual safeguards (approved contractual clauses) or NDPC‑approved mechanisms.

11. Data retention & disposal

We retain personal and financial records only as long as required for operational, legal, tax or audit reasons. When data is no longer required it is securely deleted or irreversibly anonymized.

12. Incident response & breach notification

We maintain an incident response plan. In the event of a personal data breach we will:

Contain and investigate the incident immediately.
Notify the NDPC within 72 hours if required by law.
Inform affected data subjects without undue delay when their rights may be at risk.

13. DPIAs and risk assessments

Before launching new features or integrations that could pose high privacy risk, we conduct Data Protection Impact Assessments (DPIAs) and document mitigation measures.

14. Compliance, audits & registration

Pine is committed to NDPC registration and compliance. We maintain records of processing activities and conduct periodic internal and external audits to demonstrate compliance with NDPA and NDPC guidance.

15. Changes to this policy

We may update this policy to reflect legal, regulatory or operational changes. When we update it we will publish a new effective date on this page.

Privacy Policy

Effective date: [Insert date]

1. Introduction

Pine collects and processes personal information to deliver accounting and payroll services. This policy explains what we collect, why, and your rights.

2. Data we collect

Identity & contact: name, email, phone
Financial: invoices, transactions, payroll, bank details (encrypted)
Technical: IP, device, logs

3. How we use your data

To provide services, comply with law, improve the product, and communicate with you. We rely on contract, legal obligation, consent or legitimate interests.

4. Sharing and transfers

We do not sell personal data. We share with processors (hosting, payments) under DPAs. Cross-border transfers use safeguards per NDPA.

5. Your rights

Access, correction, deletion, portability, object, withdraw consent. Contact: privacy@pine.ng

6. Retention

We retain data only as long as required for service, legal or tax obligations, then securely delete or anonymize.

7. Security

We use encryption, access control, backups, and audits to protect data.

8. Updates

We may update this policy; changes will be posted here with a new effective date.

PINE

Usage Policies

Data Protection Policy