Idiongo
Loading
Effective 22 May 2026 · Last updated 22 May 2026

NDPR Compliance.

Idiongo is registered with the Nigeria Data Protection Commission and aligns its data handling with the Nigeria Data Protection Regulation 2019 and the Nigeria Data Protection Act 2023. This page explains how.

What NDPR is

The Nigeria Data Protection Regulation governs the processing of personal data of Nigerian residents. It establishes principles for lawful processing, requires registered data controllers and processors to maintain documented compliance, and grants Nigerian residents specific rights over their personal data.

Our role

Idiongo acts as both a data controller (for the account and billing data of our customers) and a data processor (for the workspace content our customers upload and create). Each customer is the data controller for the personal data inside their workspace.

We maintain a Data Processing Agreement with every paying customer; Enterprise customers can sign a bespoke DPA. Standard DPA available on request from privacy@idiongo.com.

Lawful basis

We process personal data under one or more of the following bases:

  • Contract: to provide the service you've signed up for
  • Legitimate interest: to keep the service secure, prevent abuse, and improve features
  • Consent: for optional cookies, marketing emails, and case-study participation
  • Legal obligation: when required by Nigerian law or by a valid court order

Data subject rights

Under NDPR, you have the right to:

  • Be informed about how your data is processed
  • Access the data we hold about you
  • Have inaccurate data corrected
  • Have your data erased ("right to be forgotten")
  • Restrict or object to processing
  • Export your data in a structured, machine-readable format
  • Lodge a complaint with the Nigeria Data Protection Commission

To exercise any of these rights, email privacy@idiongo.com. We respond within 30 days as required by NDPR.

Cross-border transfers

Some of our infrastructure providers are based outside Nigeria. Where personal data is transferred across borders, we ensure equivalent protection through standard contractual clauses, encryption in transit and at rest, and provider commitments aligned with NDPR safeguards.

Enterprise customers can elect data residency in a specific region. Contact sales to discuss residency requirements and pricing.

DPIA & risk

For new high-risk processing activities, particularly anything involving AI-driven decisions about learners, we conduct a Data Protection Impact Assessment before deployment. DPIAs are available to enterprise customers under NDA.

Breach response

In the event of a personal data breach, we notify the Nigeria Data Protection Commission within 72 hours of becoming aware of it, and we notify affected data subjects without undue delay where the breach is likely to result in high risk to their rights.

DPO contact

Our Data Protection Officer can be reached at dpo@idiongo.com.

Idiongo Inc., a Start Innovation Hub company. Akwa Ibom, Nigeria.