NDPR and data protection

SendByte is built for the Nigeria Data Protection Act 2023 (NDPA) and the NDPR, not bolted on after the fact. This page summarizes how we handle data and what we give you to meet your own obligations. For the full detail, see our Privacy Notice and Data Processing Agreement.

Where your data lives

Customer data and email logs are stored in Africa, in AWS af-south-1 (Cape Town), encrypted at rest (AES-256) and in transit (TLS 1.2 or higher). Data residency on the continent is a deliberate design choice, for latency and for compliance.

How we split responsibility

For the email you send, you are the data controller and SendByte is your data processor. We process your recipients’ data only to deliver and report on your email, on your instructions, under our Data Processing Agreement.

What we give you to comply

• A Data Processing Agreement you can rely on, with security measures and a sub-processor list.
• Configurable log retention, so personal data is not kept longer than you need.
• Right-to-erasure support: delete data through the dashboard and API.
• Audit logs of account and API actions.
• Suppression handling that respects recipients’ bounces, complaints, and unsubscribes.

Our registration status

SendByte operates under Echospectra Technology Limited, a Nigerian company registered with the Corporate Affairs Commission (CAC). We are completing NITDA registration and NDPR registration with the Nigeria Data Protection Commission (NDPC) through a licensed Data Protection Compliance Organisation (DPCO). We will update this page when registration is complete. We would rather tell you exactly where we are than claim a status we have not yet earned.

Questions

Data protection contact: privacy@sendbyte.africa.