Privacy Policy

Version 2.0 · Effective 10 June 2026 · Last updated 10 June 2026

This Privacy Policy explains how AlmaDeck collects, uses, shares, stores, and protects personal information. AlmaDeck is operated by BrownDollar Digital Media Ltd, a company incorporated in Nigeria, which acts as the data controller for personal information processed through AlmaDeck. AlmaDeck processes personal data in accordance with the Nigeria Data Protection Act (NDPA) 2023 and other applicable laws. By accessing or using AlmaDeck, you acknowledge that your information will be processed as described in this Privacy Policy.

1. Information We Collect

We collect information necessary to provide and operate AlmaDeck's services.

Account Information

  • Full name
  • Email address
  • Phone number
  • Date of birth (optional)

Profile Information

  • Profile photo
  • Profession
  • Industry
  • Company or employer
  • Skills
  • Biography
  • Social media links
  • School/institution location
  • Educational information
  • Graduation year and related academic records

Association Information

  • Association memberships
  • Membership applications and requests
  • Officer roles and permissions
  • Membership status
  • Dues and participation records

Payment Information

AlmaDeck facilitates payments through Paystack and may process information relating to membership dues, donations, and event registration fees. AlmaDeck does not receive, process, log, or store full card numbers, expiration dates, or CVV/security codes. All card payments are handled through Paystack's PCI-DSS-compliant payment infrastructure; card data is transmitted directly from the user's browser to Paystack. AlmaDeck receives only transaction references, payment status, transaction amounts, and related payment metadata.

Association Settlement Information

For associations that receive funds through AlmaDeck, we collect the account holder or business name, bank code, and bank account number, used solely to establish and maintain Paystack payout and settlement accounts. The full account number is not re-exposed to users through the application after submission; only the last four digits are displayed.

Technical Information

  • Device and browser information
  • Authentication logs
  • Security and audit records
  • Error and performance information
  • IP-related request information where necessary for security and fraud prevention

2. Lawful Basis for Processing

AlmaDeck processes personal information on one or more of the following legal bases:

  • Performance of a contract with users.
  • Compliance with legal obligations.
  • Legitimate interests in operating, securing, improving, and administering the platform.
  • User consent where required by law.

3. How We Use Your Information

We use personal information to:

  • Create and manage user accounts.
  • Provide profiles, directories, digital ID cards, associations, dues management, and event services.
  • Process payments and maintain transaction records.
  • Communicate regarding account activity, verification, security, and platform operations.
  • Administer associations and membership activities.
  • Prevent fraud, abuse, and unauthorized access.
  • Maintain platform security and integrity.
  • Monitor and improve performance.
  • Comply with legal and regulatory obligations.

4. Profile Visibility and Member Directories

AlmaDeck provides user-controlled profile visibility settings. Members may choose one of the following levels:

  • Public — viewable by anyone, including signed-out visitors.
  • Members Only — viewable only by authenticated users; default.
  • Hidden — viewable only by the profile owner.

Visibility controls are enforced server-side. When visible, a profile may display: name, profile photo, bio, profession, industry, company, skills, LinkedIn URL, contact preferences, graduation and education information, and association memberships. Email addresses, phone numbers, and dates of birth are not displayed through public profiles or member directories. Association member directories display only name, profile photo, profession, industry, and graduation year. Association-level directory visibility settings may further restrict access.

5. Association Officer Access

Association officers may access certain member information where necessary for legitimate association administration, including: membership administration, member communications, dues collection and financial administration, event administration, and association governance.

Certain officer roles can access member contact information, including phone numbers, where necessary for administrative functions. Treasurer-level officers on eligible plans may generate financial reports that include member names, email addresses, and phone numbers for dues collection. Officer access is governed by role-based access controls, enforced server-side, and is independent of a member's public profile-visibility settings. Members are informed of this access in the membership agreement at the time of joining.

6. How We Share Information

We do not sell personal information. We share information only as follows:

Service Providers

  • Paystack (payments)
  • Resend (email delivery)
  • Supabase (database and authentication)
  • Vercel (hosting and infrastructure)
  • Sentry (error and performance monitoring)
  • UploadThing (file and image uploads)
  • Inngest (background job processing)
  • Twilio (SMS delivery, where enabled)
  • Google (sign-in/authentication)
  • Cloudflare R2 (encrypted database backups)

Association Administration

Information may be shared with authorized association officers as described in Section 5.

Legal Requirements

We may share information where required by law, regulation, court order, government request, or to protect legal rights, safety, or security.

Business Transfers

If AlmaDeck undergoes a merger, acquisition, restructuring, or sale, personal information may be transferred as part of that transaction.

7. Analytics, Monitoring, and Cookies

AlmaDeck does not use advertising networks, behavioral advertising, or advertising pixels. AlmaDeck does not use Google Analytics, Meta Pixel, Mixpanel, Amplitude, Segment, PostHog, or Hotjar.

AlmaDeck uses Sentry for error and performance monitoring; Sentry may capture masked session recordings when an error occurs (displayed text is masked and form inputs and media are blocked), and is configured not to collect IP addresses or attach user identity by default. Healthchecks.io is used solely for backup/infrastructure monitoring and receives no user data. AlmaDeck may use privacy-focused, cookieless analytics for aggregate traffic insights.

AlmaDeck uses only essential first-party cookies necessary for authentication, account security, and platform operation; it does not set tracking or advertising cookies. See our Cookie Policy for details.

8. Data Retention

Active Accounts

Personal information is retained while the account remains active.

Dormant Accounts

Information may be retained for up to 12 months before becoming eligible for deletion.

Deleted Accounts

Personal information is generally removed within 30 days after deletion.

Exceptions

Certain records may be retained beyond deletion where required for legal compliance, tax obligations, financial recordkeeping, fraud prevention, dispute resolution, or security investigations.

9. Data Security

AlmaDeck implements technical and organizational measures to protect personal information, including:

  • HTTPS/TLS encrypted communications
  • Password hashing using industry-standard cryptographic methods (bcrypt)
  • Role-based access controls
  • Authentication safeguards
  • Rate limiting
  • Security monitoring
  • Server-side authorization controls
  • Infrastructure-level encryption provided by hosting and database providers

No system can guarantee absolute security. Users should maintain strong passwords and protect their account credentials.

10. Data Breach Response

AlmaDeck maintains procedures for identifying, investigating, and responding to security incidents. Where required by applicable law, AlmaDeck will notify affected individuals and the relevant regulatory authorities regarding personal data breaches.

11. International Data Transfers

AlmaDeck operates primarily in Nigeria. AlmaDeck's service providers process and store personal data outside Nigeria, primarily within the European Union. Where data is transferred internationally, AlmaDeck relies on service providers that offer an adequate level of protection consistent with the NDPA 2023, and takes reasonable measures to ensure such transfers comply with applicable data-protection laws.

12. Children's Data

AlmaDeck is intended for users aged 18 and above. We do not knowingly collect personal information from anyone under 18. If we become aware that such information has been collected, we will take steps to delete it.

13. Your Rights Under the NDPA 2023

Subject to applicable law, you may have the right to:

  • Access your personal information.
  • Correct inaccurate information.
  • Request deletion.
  • Request restriction of processing.
  • Object to certain processing.
  • Request data portability.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with the appropriate regulatory authority.

14. Contact Us

For privacy-related requests, questions, or concerns:

AlmaDeck, operated by BrownDollar Digital Media Ltd.
Email: support@almadeck.com

You may also contact us through the AlmaDeck Help Center.

15. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on AlmaDeck with the effective date shown at the top. Where changes are material, we will provide notice through email or other appropriate channels.