Privacy Policy
Last updated: September 14, 2025
Quick summary
- We collect account, contact, communication and usage data to operate and improve the service.
- We share limited data with professionals and service providers as needed to deliver the service.
- You control your data: request access, correction, export or deletion via our privacy contact.
1. Introduction
This Privacy Policy explains how Advoca ("Company", "we", "us", or "our") collects, uses, discloses, and safeguards personal data when you access or use our website, products, and services (the "Service"). It also outlines rights available under major data protection laws such as GDPR, CCPA/CPRA and CalOPPA. This policy applies to all visitors, users and customers of the Service.
2. Data Controller & Contact
Data Controller: Advoca is the controller under applicable laws and determines why and how personal data is processed. This is distinct from processors (e.g., payment providers) who act on our instructions.
Contact details:
- Email: advoca.pro@gmail.com — primary channel for privacy requests.
- Phone: +234 803 868 6878
- Mailing Address: C32 H2 BRICK CITY ESTATE, PHASE 2, KUBWA EXPRESSWAY, ABUJA, FCT, NIGERIA
Response time: We acknowledge requests quickly (typically within 2 business days) and resolve routine requests within 30 days (GDPR) or 45 days (CCPA), with extensions for complex cases.
Verification: We may request additional information to verify identity before fulfilling sensitive requests.
3. Personal Data We Collect
We collect categories of personal data with clear purposes and safeguards:
a. Personal identifiers
Examples: Full name, email, phone, billing/shipping addresses.
Why: To deliver services and communicate with you.
Safeguards: Encrypted in transit (TLS) and stored with access controls.
b. Account information
Examples: Credentials (hashed), profile details, consent flags.
Why: Authenticate and personalize your experience.
Safeguards: Passwords are never stored in plaintext.
c. Payment information
Examples: Payment tokens from processors; we never store full card numbers.
Why: To process transactions.
Safeguards: Payments handled by PCI-DSS compliant providers (e.g., Flutterwave).
d. Communications
Examples: Support tickets, chat logs, feedback.
Why: Provide support and improve the product.
Safeguards: Communications encrypted and anonymized where appropriate.
e. Technical & usage data
Examples: IP address (anonymized), browser, device, pages visited, timestamps.
Why: Improve performance, diagnose issues and detect abuse.
Safeguards: Aggregation and IP truncation to reduce identifiability.
Key note: We only collect data necessary for stated purposes. Sensitive data is never processed unless required by law.
4. Sources of Data
We collect data from three main sources:
- Directly from you: Account creation, forms, and support interactions.
- Automatically from your device: Cookies, server logs, and analytics.
- From third parties: Payment processors, analytics providers, and identity services.
5. Purposes of Processing & Legal Bases
We process personal data for specific purposes and rely on appropriate legal bases (e.g., performance of a contract, consent, legitimate interests, legal obligation).
| Purpose | Examples | Legal Basis |
|---|---|---|
| Provide and maintain the Service | Account setup, dashboard access | Performance of a contract |
| Authentication & security | Login verification, fraud detection | Contract + Legitimate interest |
| Payments & refunds | Process transactions | Contract + Legal obligation |
- Consent for marketing: We never pre-tick; you may withdraw consent anytime.
- Legitimate interest: Used when appropriate and documented.
6. Cookies & Tracking
We use cookies and similar technologies for categories: strictly necessary, preference, analytics, and marketing. Consent is required for non-essential cookies.
Our Cookie Preference Center (link in footer) lets you toggle categories and withdraw consent.
7. Third-Party Processors
We rely on processors bound by Data Processing Agreements (DPAs).
| Processor | Purpose | Key Safeguards |
|---|---|---|
| Google Analytics | Traffic analysis | Anonymized data; SCCs for transfers |
| Mail delivery (e.g., Resend) | Email delivery | Encrypted in transit; SCCs where applicable |
| Flutterwave | Payment processing | PCI-DSS; no full card details stored |
8. Data Sharing & International Transfers
We share data only for lawful purposes: service delivery, legal obligations, fraud prevention, or business transfers (with notice).
International transfers use SCCs, encryption, and other safeguards. Request copies of SCCs via advoca.pro@gmail.com.
9. Data Retention
We retain data only as long as necessary. Retention is driven by legal obligations and business needs.
| Data Type | Typical Retention | Why |
|---|---|---|
| Account Data | Until deletion + 7 years | Refunds, disputes, legal claims |
| Payment & Order Records | 7 years | Tax and regulatory requirements |
Deletion requests are typically handled within 30 days; backups may retain data for up to 90 days for recovery purposes.
10. Your Rights
You have rights such as access, rectification, erasure, restriction, portability and objection. California residents have CCPA/CPRA rights. To submit requests, email advoca.pro@gmail.com or use our privacy request form.
We verify identity before fulfilling requests and provide timely responses according to applicable laws.
11. Security & Breach Notification
We implement technical and organizational measures: TLS for transit, AES-256 for storage where applicable, MFA for access, monitoring and incident response. In the event of a qualifying breach we notify regulators and affected users within required timeframes.
12. Children's Privacy
The Service is not directed to children under 13 (COPPA) or under 16 in some jurisdictions. We do not knowingly collect data from children; if discovered we delete it and take necessary actions.
13. Changes to This Policy
We may revise this policy. Material changes will be communicated by email and a site banner; the "Last updated" date will reflect changes. Continued use after changes indicates acceptance.
14. Contact
Primary channel: advoca.pro@gmail.com
DPO / GDPR inquiries: dpo@advoca.pro
CCPA/CPRA: privacy@advoca.pro
We aim to acknowledge most requests within 2 business days and resolve routine requests within 30 days.