Privacy Policy | Revenue Cone

Revenue Cone ("we", "our", or "the platform") provides smart revenue coordination software for agencies and organisations that manage revenue collection. This privacy policy describes how we collect, use, store, and protect personal data in line with the Nigeria Data Protection Regulation (NDPR) and best practices.

1. What data we collect

We collect and process the following in the course of providing revenue administration services to organisations:

Taxpayer / payer data: Name, TIN, NIN, phone, WhatsApp, email, address, ward, city, state, GPS coordinates, property/business type, establishment photos, assessments, bills, and payment history.
Staff (user) data: Email, name, role, organisation, password (hashed), last login, and audit log of actions.
Technical data: IP address, user agent (for security and audit); webhook payloads (for idempotency and audit).

2. Why we collect this data

For revenue administration, security and compliance, and service improvement. We do not sell personal data or use it for marketing without explicit consent.

3. How long we store data

Active records: While active and as required for revenue administration.
Financial and audit records: At least 7 years for legal and audit purposes.
Deleted records: Anonymized per our procedures; audit and financial data may be retained in anonymized form for the 7-year period.

4. Who has access

Authorised staff within the relevant organisation (administrators, finance directors, and field officers within their own organisation); Revenue Cone platform administrators for operational support; trusted processors (hosting providers, email delivery, payment gateways). We do not share personal data across organisations or for third-party marketing.

5. Your rights (NDPR)

You have the right to access, correct, request deletion or anonymization (subject to retention rules), object or withdraw consent, and lodge a complaint with NITDA or the relevant data protection authority. Contact the relevant organisation (for taxpayer data) or us directly (for platform or user data). We will respond within the timeframe required by law.

6. Data security

We apply encryption where configured, HTTPS for all communications, role-based access control, multi-factor authentication, webhook verification, account lockout policies, and comprehensive audit logging.

7. Contact

For privacy questions or data requests: privacy@revcone.com. For data held by a specific organisation, you may also contact that organisation directly.

This policy may be updated from time to time; the "Last updated" date above indicates the latest revision.