Privacy Policy

1. Who We Are (Data Controller)

Gated Technologies Limited is the data controller for personal data processed through the HavenPilot platform. HavenPilot is a product of Gated Technologies Limited — an estate management operating system for residential estates and HOAs, primarily in Africa and the United States.

Data Protection Officer (DPO): privacy@havenpilot.com

2. Personal Data We Collect

We collect the following categories of personal data depending on your role:

Residents

• Full name, email address, phone number(s)
• Property address and unit information
• Emergency contacts and next-of-kin information
• Medical profile data (blood type, allergies, conditions) — collected only with explicit consent for emergency response purposes
• Payment records (dues, fees, transaction history)
• Amenity booking history and service requests

Visitors

• Full name and phone number
• Government-issued ID number (where ID verification is enabled by the estate)
• Photograph (where photo capture is enabled by the estate)
• Vehicle information
• Visit purpose and entry/exit timestamps
• Device fingerprint (for access pass security)

Staff, Guards, and Vendors

• Full name, contact information, role, and badge/staff number
• Vendors: BVN, NIN, TIN — required for payment processing and KYC compliance
• GPS location data (guards only, during active shifts)

All Users

• Account credentials (managed by Supabase Auth)
• Device and browser information (for security and analytics)
• IP address and session logs

3. Legal Basis for Processing

Under NDPR 2019, Gated Technologies Limited processes personal data only where we have a lawful basis:

• Contract performance: To deliver estate management services under the agreement between Gated Technologies Limited and your estate.
• Legitimate interests: Security monitoring, fraud prevention, platform improvement.
• Consent: Medical emergency data, analytics cookies, marketing communications. You may withdraw consent at any time.
• Legal obligation: KYC data (BVN/NIN/TIN) for vendor payment processing per CBN guidelines.
• Vital interests: Emergency medical profile access by security personnel during emergencies.

4. How We Use Your Data

• Estate access control and visitor management
• Security monitoring and emergency response
• Processing of estate dues, fees, and payments
• Maintenance request management and vendor dispatch
• Community communication and announcements
• Amenity booking and concierge services
• Platform analytics and product improvement (only with consent)

5. Data Sharing and Third Parties

Gated Technologies Limited does not sell your personal data. We share data only where necessary:

• Supabase: Database and authentication infrastructure. Data hosted on AWS with AES-256 encryption at rest.
• Stripe / Paystack / Flutterwave: Payment processing. PCI-DSS compliant. Only payment-relevant data is shared.
• Your estate management: Estate administrators and staff can access resident and visitor data within their estate.
• Emergency services: In life-threatening emergencies, medical profile data may be shared with emergency responders.

All third-party processors are bound by data processing agreements consistent with NDPR requirements.

6. Data Retention

• Resident profiles: Duration of residency + 2 years after departure.
• Visitor logs: 12 months from date of visit.
• Financial records: 7 years (FIRS compliance).
• Guard GPS logs: 90 days.
• Application logs: 12 months.
• Deleted accounts: Personal identifiers anonymised within 30 days of deletion request.

7. Your Rights Under NDPR

Under NDPR 2019 and consistent with GDPR, you have the following rights. Requests are processed within 30 days:

• Access: Request a copy of personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data, subject to legal retention obligations.
• Portability: Receive your data in a structured, machine-readable format (JSON).
• Object: Object to processing based on legitimate interests.
• Restrict processing: Request suspension of processing in certain circumstances.
• Withdraw consent: Withdraw at any time without affecting prior processing.

Exercise your rights in Settings → Privacy & Data or email privacy@havenpilot.com.

8. Data Security

• AES-256 encryption at rest (via Supabase/AWS)
• TLS 1.2+ encryption in transit
• Row-level security — each user sees only their authorised data
• Role-based access control (10 distinct roles)
• Session timeouts and multi-factor authentication support
• Immutable privacy audit log

9. Data Breach Notification

In the event of a personal data breach, Gated Technologies Limited will notify NITDA within 72 hours of becoming aware, and affected data subjects without undue delay, as required by NDPR Implementation Framework 2020 (Section 4.1.5).

10. Cookies

• Essential cookies: Authentication session, security tokens. Cannot be disabled.
• Analytics cookies: Platform usage analytics. Requires your consent.

Manage preferences via the consent banner or Settings → Privacy & Data.

11. Children's Privacy

HavenPilot is not directed at children under 13. Gated Technologies Limited does not knowingly collect data from minors without parental or guardian consent. Resident profiles may include household member information for emergency purposes only, with consent of the account holder.

12. Cross-Border Data Transfers

Primary data storage is on AWS infrastructure via Supabase. Data may be stored in AWS regions outside Nigeria. Gated Technologies Limited ensures adequate safeguards consistent with NDPR cross-border transfer requirements (NDPR 2019 Article 2.12).

13. Changes to This Policy

Gated Technologies Limited will notify you of material changes via in-app notification and require re-consent where the legal basis for processing changes. The policy version and last-updated date are maintained at the top of this page.

14. How to Complain

Contact our DPO at privacy@havenpilot.com. You also have the right to lodge a complaint with NITDA at nitda.gov.ng.