EremiBack to homepage

EREMI PRIVACY POLICY

Last updated: 9 June 2026

1. About this Privacy Policy

Eremi Analytics Limited (“Eremi”, “we”, “us” or “our”) provides customer retention, replenishment and restock-support tools for participating businesses. This Privacy Policy explains how we collect, use, disclose, retain and protect personal data when you:

  • visit the Eremi website;
  • submit an application to join an Eremi pilot programme;
  • communicate with us;
  • create or use an Eremi merchant account;
  • use our platform or related services; or
  • are an end-customer whose information is provided to Eremi by a participating merchant.

This Privacy Policy is intended to operate in accordance with the Nigeria Data Protection Act 2023 (“NDPA”) and other applicable data-protection laws and regulatory requirements.

2. Who Is Responsible for Your Personal Data?

Eremi’s role depends on the circumstances in which personal data is processed.

2.1 Eremi as data controller

Eremi generally acts as a data controller where we determine why and how personal data is processed, including when we process information relating to:

  • visitors to our website;
  • pilot applicants;
  • merchant representatives and account users;
  • enquiries, complaints and correspondence;
  • platform security and misuse prevention;
  • legal, regulatory and compliance obligations; and
  • Eremi’s internal administration and business operations.

2.2 Eremi as data processor

Where a participating merchant provides its customers’ personal data to Eremi and instructs us to process that data to provide the Eremi services, the merchant generally acts as the data controller and Eremi acts as its data processor. In that context, Eremi processes customer data on the merchant’s documented instructions and in accordance with the applicable Data Processing Agreement. A merchant remains responsible for determining the appropriate lawful basis for collecting its customers’ data and using it for customer retention, replenishment or marketing communications.

3. Personal Data We Collect

The information we collect depends on how you interact with Eremi.

3.1 Website and technical information

When you visit or use our website, we may collect:

  • Internet Protocol address;
  • browser type and version;
  • device type and operating system;
  • date and time of access;
  • pages viewed and actions performed;
  • referral source;
  • security and diagnostic logs; and
  • cookie or similar technology information.

3.2 Pilot-application information

When a merchant applies to participate in a pilot programme, we may collect:

  • business or trading name;
  • registered business name, where applicable;
  • industry or business category;
  • business address and operating location;
  • website and social-media account details;
  • name, role and contact information of the applicant;
  • email address and telephone or WhatsApp number;
  • business size, sales channels and estimated order volumes;
  • customer-retention or repeat-purchase information;
  • tools currently used to manage orders or customers;
  • operational challenges and programme expectations;
  • application responses and supporting information;
  • interview, onboarding or assessment notes; and
  • correspondence relating to the application.

Please do not provide personal data that is not reasonably required for the application.

3.3 Merchant account and service information

For accepted merchants and their authorised users, we may collect:

  • account credentials;
  • authorised-user details;
  • business contact information;
  • service settings and preferences;
  • subscription and payment information, where applicable;
  • platform activity and audit logs;
  • support requests;
  • training and onboarding records; and
  • communications with Eremi.

3.4 Merchant customer data

Depending on the services selected by a merchant, Eremi may process:

  • customer name or customer reference;
  • telephone or WhatsApp number;
  • order and transaction dates;
  • products or product categories purchased;
  • quantities purchased;
  • transaction values, where required;
  • estimated product-use or replenishment cycle;
  • previous reminder activity;
  • customer responses or engagement status;
  • consent, objection or opt-out status; and
  • other limited information necessary to provide the agreed services.

Merchants must not provide sensitive or excessive information that is not required by Eremi. Unless expressly agreed in writing, merchants must not upload:

  • passwords or authentication credentials;
  • payment-card information;
  • Bank Verification Numbers;
  • National Identification Numbers;
  • passport or government identification documents;
  • biometric information;
  • medical or health information;
  • information concerning children;
  • criminal-record information;
  • precise location histories; or
  • unlawfully purchased, scraped or obtained contact lists.

3.5 Information received from third parties

We may receive information from:

  • participating merchants;
  • authorised merchant users;
  • infrastructure and communications providers;
  • identity, security or fraud-prevention providers;
  • payment providers, where applicable;
  • publicly available business sources; and
  • professional advisers or regulatory authorities.

4. How and Why We Use Personal Data

We process personal data only where we have an appropriate lawful basis.

4.1 Pilot applications

We use application information to:

  • receive and assess pilot applications;
  • evaluate business and technical suitability;
  • communicate application decisions;
  • arrange interviews, demonstrations or onboarding;
  • plan pilot cohorts and capacity; and
  • maintain records of the selection process.

Depending on the circumstances, this processing may be necessary to take steps at the applicant’s request before entering into a contract, for Eremi’s legitimate interests in operating and selecting participants for the pilot, or to comply with legal obligations.

4.2 Providing the Eremi services

We use merchant account and customer data to:

  • create and administer merchant accounts;
  • import, structure or organise customer and transaction records;
  • estimate replenishment or restock intervals;
  • identify customers who may be due for follow-up;
  • generate customer segments, suggested actions or recommended messages;
  • allow merchants to review, copy, schedule or send messages;
  • facilitate or send communications on a merchant’s behalf where that functionality has been expressly enabled;
  • provide retention, customer-lifecycle and operational analytics;
  • maintain opt-out and suppression records;
  • provide support and resolve technical issues; and
  • monitor service performance.

This processing may be necessary to perform our contract with the merchant. For merchant customer data, Eremi generally performs this processing on the merchant’s documented instructions.

4.3 Communications

We may contact merchant applicants, merchants and authorised users by email, telephone call or WhatsApp to:

  • respond to enquiries;
  • provide application updates;
  • conduct onboarding;
  • deliver account or security notices;
  • provide operational support;
  • communicate changes to the services; and
  • send relevant product or programme information where permitted by law.

Recipients may opt out of optional promotional communications at any time. This will not prevent Eremi from sending necessary account, security, contractual or service communications.

4.4 Security, compliance and protection

We may process information to:

  • authenticate users;
  • prevent fraud and unauthorised access;
  • investigate misuse;
  • maintain technical and audit logs;
  • protect Eremi, merchants, customers and third parties;
  • establish, exercise or defend legal claims;
  • comply with applicable laws, court orders and regulatory requests; and
  • enforce our agreements.

4.5 Service improvement and analytics

We may use information to understand how the services perform and to improve product functionality. Where reasonably possible, we use aggregated or de-identified information for analytics, research, benchmarking and product development. Eremi will not attempt to re-identify properly anonymised information. Eremi will not use identifiable merchant customer data to train a general-purpose artificial-intelligence model or to market directly to merchant customers unless this has been separately disclosed, appropriately authorised and supported by a lawful basis.

5. Customer Messages and Direct Marketing

Eremi may help merchants generate or deliver customer messages relating to replenishment, restocking, reordering, offers or customer follow-up. Depending on its wording and purpose, a message may constitute direct marketing. The participating merchant is responsible for:

  • establishing and documenting an appropriate lawful basis for the message;
  • giving customers any required privacy or marketing notice;
  • ensuring that the customer reasonably expects the communication;
  • complying with applicable communications and marketing laws;
  • complying with WhatsApp, Meta and other channel rules;
  • ensuring that message content is accurate and lawful; and
  • honouring objections, withdrawals and opt-out requests.

Where Eremi facilitates messaging, we may implement controls including:

  • merchant identification;
  • opt-out instructions;
  • frequency limits;
  • suppression lists;
  • quiet-hour settings; and
  • records of message delivery or status.

A customer who does not wish to receive further promotional or restock messages may follow the opt-out instructions in the message or contact the relevant merchant.

6. Automated Analysis

Eremi may use rules, statistical methods or automated processes to estimate customer replenishment windows, organise customer segments and recommend possible actions. These outputs are estimates based on the data available to Eremi. They do not guarantee a customer’s behaviour, intention to purchase, sales outcome or retention. Eremi does not intend to make solely automated decisions that produce legal or similarly significant effects on merchant customers. Where human review is available, merchants should review recommendations before acting on them.

7. How We Share Personal Data

We may share personal data only where reasonably necessary and lawful.

7.1 Merchants and authorised users

Information may be made available to the merchant that provided it and to the merchant’s authorised account users.

7.2 Service providers and subprocessors

We may use service providers to support hosting, databases, security, email delivery, messaging, monitoring, analytics, customer support and related operations. These providers may include:

  • Vercel — application and website hosting;
  • Neon — database hosting and storage;
  • Cloudflare — website security, network services and performance;
  • Resend — operational email delivery;
  • Meta, WhatsApp or an approved WhatsApp Business service provider — where messaging functionality is enabled; and
  • other providers identified in Eremi’s current subprocessor list.

Service providers may process personal data only for the services they provide to Eremi and are required to protect that information under appropriate contractual and security obligations. Our service-provider and subprocessor arrangements may change as the platform develops. We will update this Privacy Policy or our subprocessor list where appropriate and notify affected merchants of material changes where required.

7.3 Professional advisers

We may share information with lawyers, accountants, auditors, insurers, licensed Data Protection Compliance Organisations and other professional advisers where reasonably necessary.

7.4 Legal and regulatory disclosures

We may disclose information:

  • to comply with applicable law or a lawful request;
  • to cooperate with courts, law-enforcement bodies or regulators;
  • to protect rights, safety and property;
  • to investigate fraud or security incidents; or
  • in connection with legal proceedings.

7.5 Business transfers

If Eremi is involved in a merger, investment, financing, reorganisation, acquisition or sale of assets, personal data may be disclosed subject to appropriate confidentiality and data-protection safeguards. Eremi does not sell merchant customer lists.

8. International Transfers

Some of Eremi’s service providers may process or store personal data outside Nigeria. Where personal data is transferred internationally, Eremi will take reasonable steps to ensure that the transfer is made in accordance with the NDPA and other applicable laws. These steps may include:

  • assessing the level of protection in the destination;
  • entering into appropriate contractual safeguards;
  • limiting the data transferred;
  • applying technical and organisational security controls; and
  • relying on another legally permitted transfer mechanism.

Information about applicable transfer safeguards may be requested by contacting us.

9. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, including contractual, legal, accounting, security and dispute-resolution requirements. Unless a different period is required by law or agreed with a merchant, we generally apply the following periods:

  • Unsuccessful or withdrawn pilot applications: up to 12 months after the application decision or withdrawal.
  • Merchant account and contractual records: for the life of the account and up to six years after termination where reasonably required for legal, accounting or dispute purposes.
  • Merchant customer production data: for the duration of the merchant’s active service and ordinarily deleted or anonymised within 30 days after termination or receipt of a valid deletion instruction.
  • Recoverable backup copies: removed through the ordinary backup-overwrite cycle, ordinarily within 90 days after deletion from active systems.
  • Security and technical logs: retained for a limited period based on security, diagnostic and legal needs.
  • Opt-out or suppression records: limited information may be retained for as long as reasonably necessary to ensure that an opt-out continues to be respected.

We may retain information for longer where:

  • applicable law requires it;
  • the information is needed to establish, exercise or defend legal claims;
  • an investigation, dispute or regulatory process is ongoing; or
  • the information has been properly anonymised.

10. Data Security

Eremi maintains reasonable administrative, technical and organisational measures designed to protect personal data from:

  • unauthorised access or disclosure;
  • accidental or unlawful loss;
  • alteration;
  • destruction;
  • misuse; and
  • other forms of unlawful processing.

Depending on the nature of the service, these safeguards may include:

  • access controls and least-privilege permissions;
  • authentication controls;
  • encryption in transit;
  • encryption at rest where supported and appropriate;
  • logging and monitoring;
  • backup and recovery processes;
  • confidentiality obligations;
  • secure development practices;
  • vendor assessments; and
  • incident-response procedures.

No method of transmission or electronic storage is completely secure. We therefore cannot guarantee absolute security. Merchants are responsible for protecting their account credentials, controlling authorised users and promptly notifying Eremi of suspected unauthorised access.

11. Personal-Data Breaches

Eremi maintains procedures for identifying, assessing, containing and responding to personal-data breaches. Where Eremi acts as a processor, we will notify the affected merchant without undue delay after becoming aware of a relevant personal-data breach and will provide reasonable information and assistance to support the merchant’s legal obligations. Where Eremi acts as controller, we will make any required notifications to affected data subjects and the Nigeria Data Protection Commission in accordance with applicable law.

12. Your Data-Protection Rights

Subject to applicable law and any lawful limitations, a data subject may have the right to:

  • be informed about the processing of personal data;
  • request access to personal data;
  • request correction of inaccurate or incomplete information;
  • request deletion of personal data;
  • request restriction of processing;
  • object to certain processing, including direct marketing;
  • withdraw consent where processing is based on consent;
  • request portability of eligible personal data;
  • object to certain solely automated decisions; and
  • lodge a complaint with the Nigeria Data Protection Commission.

Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

12.1 Requests by pilot applicants and merchant users

Applicants, merchants and authorised users may submit requests directly to Eremi using the contact information below.

12.2 Requests by merchant customers

Where Eremi processes customer data on behalf of a merchant, the customer should ordinarily submit the request to that merchant. If Eremi receives such a request directly, we may:

  • verify the identity of the requester;
  • identify the relevant merchant;
  • forward the request to the merchant; and
  • assist the merchant in responding in accordance with our contractual and legal obligations.

We may need additional information to verify identity and prevent unauthorised disclosure.

13. Cookies and Similar Technologies

Eremi may use cookies or similar technologies that are necessary to:

  • operate the website;
  • maintain security;
  • remember user preferences;
  • manage sessions; and
  • understand website or platform performance.

Where non-essential analytics or advertising cookies are introduced, Eremi will provide appropriate information and consent controls where required. Browser settings may allow you to block or delete cookies. Blocking essential cookies may affect website or platform functionality.

14. Children’s Personal Data

The Eremi platform is intended for businesses and adult business representatives. It is not directed at children. Merchants must not provide children’s personal data to Eremi unless Eremi has expressly agreed in writing that the relevant service supports that processing and all applicable legal requirements have been satisfied. If we learn that children’s personal data has been provided contrary to this Policy, we may delete it and suspend the related processing.

15. Third-Party Links and Platforms

Our website or platform may contain links to third-party websites, messaging services or platforms. Eremi is not responsible for the privacy practices of independent third parties. Their collection and use of personal data are governed by their own privacy notices and terms.

16. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in:

  • the Eremi services;
  • our processing activities;
  • applicable law;
  • regulatory guidance; or
  • our service providers.

The revised Policy will display an updated effective date. Where a change materially affects the processing of personal data, we will provide additional notice where reasonably practicable or legally required.

17. Contact Us

For questions, data-subject requests or privacy concerns, contact: Eremi Analytics Limited Email: privacy@eremi.ng Registered address: 73, Okesuna Street. Lafiaji. Lagos Website: https://www.eremi.ng Please include sufficient details to help us understand and respond to your request.