We take your privacy seriously. Here is exactly what data we collect, why we collect it, and how you can control it.
Last updated: March 9, 2026 · NDPR Compliant
Nigeria Data Protection Regulation (NDPR). This policy is designed to comply with the NDPR issued by the National Information Technology Development Agency (NITDA). As a data controller, Wonderwise Productions Ltd is registered with NITDA and conducts an annual data audit.
1 Who We Are
Wonderwise Productions Ltd ("we", "us", "our") operates the Resman platform at app.resman.ng and this marketing website at resman.ng. We are the Data Controller for personal data processed through these services.
Our designated Data Protection Officer (DPO) can be reached at [email protected].
2 Data We Collect
2.1 Account & Identity Data
Full name, email address, phone number (at registration)
Business name, business type, and address
Profile photo (optional)
Google account information if you use Google OAuth (name, email, Google ID)
Email verification tokens and password reset tokens (hashed)
2.2 Business & Operational Data
Sales records, orders, and transaction history
Product/menu items, prices, stock levels, and categories
Expense records and categories
Staff names, roles, email addresses, and assigned permissions
Branch/location names and configurations
Customer names and contact details you enter for delivery orders
2.3 Payment Data
Subscription plan and billing history (plan, amount, date, status)
Paystack transaction references and payment status
We do not store card numbers, CVVs, or full card data. Payment card processing is handled entirely by Paystack in compliance with PCI-DSS.
2.4 Technical & Usage Data
IP addresses (logged per activity audit entry)
Browser type, operating system, device type
Pages visited, features used, and timestamps
Error logs and crash reports
API request logs (endpoint, method, response code)
2.5 Communications
Emails you send to us (support, legal, billing queries)
Content of support tickets or chat messages
2.6 Referral Data
Your unique referral code (auto-generated)
The referral code you used to sign up, if any
Referral relationships (who referred whom) for reward tracking
All service providers are bound by data processing agreements and are not permitted to use your data for their own purposes.
5.2 Legal Requirements
We may disclose data where required by a court order, government request, or to comply with Nigerian law — for example, a NITDA directive or EFCC investigation. We will notify you of such requests where legally permitted.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of all or part of our business, your data may transfer to the new entity. We will give you 30 days' notice before your data is governed by a different privacy policy.
5.4 With Your Consent
We will share data with third parties in any other circumstances only with your explicit, informed consent.
6 International Data Transfers
Your data is primarily stored on servers within Nigeria or in jurisdictions recognised by NITDA as offering adequate data protection. Where data is transferred outside Nigeria (e.g., for email delivery), we ensure appropriate safeguards are in place through contractual clauses that meet NDPR standards.
7 Data Retention
Active accounts: Data retained for the duration of the account.
Closed accounts: Business & operational data retained for 90 days for reactivation or export, then permanently deleted.
Financial records: Billing history retained for 7 years to comply with Nigerian tax law (FIRS regulations).
Security & audit logs: Retained for 12 months, then deleted.
Anonymised analytics: May be retained indefinitely as they contain no personal data.
8 Security
We implement industry-standard technical and organisational measures to protect your data, including:
Passwords hashed with bcrypt (cost factor ≥ 12); never stored in plaintext
All data transmitted over HTTPS/TLS
JWT tokens for session management with short expiry and rotation
Database access restricted to application layer only (no public DB access)
Role-based access control (RBAC) enforced at every API endpoint
Multi-tenant data isolation at the query layer (every query scoped to company ID)
Activity audit logs tracking every significant action with IP address and timestamp
Soft-delete architecture: data is flagged deleted before permanent removal, preventing accidental data loss
No system is 100% secure. In the event of a data breach that affects your personal data, we will notify you and the relevant Nigerian authorities (NITDA) within 72 hours of discovery, as required by the NDPR.
9 Cookies & Tracking
9.1 Marketing Website (resman.ng)
This marketing website uses no tracking cookies. We do not use Google Analytics, Facebook Pixel, or any third-party behavioural tracking tools. The site operates entirely with first-party JavaScript and no persistent cookies.
9.2 Application (app.resman.ng)
The Resman application uses:
JWT tokens — Stored in browser localStorage for authentication. These are not cookies but serve the same session purpose.
Functional localStorage values — UI preferences (e.g., sidebar state, selected branch) stored locally in your browser.
We do not use advertising cookies, cross-site tracking pixels, or third-party analytics cookies.
10 Your Rights
Under the NDPR, you have the following rights regarding your personal data:
Right to access — Request a copy of the personal data we hold about you.
Right to rectification — Ask us to correct inaccurate or incomplete data.
Right to erasure — Ask us to delete your data (subject to legal retention requirements).
Right to restriction — Ask us to limit how we use your data while a dispute is resolved.
Right to data portability — Receive your data in a machine-readable format (CSV/JSON).
Right to object — Object to processing based on legitimate interests, including direct marketing.
Right to withdraw consent — Where processing is consent-based, withdraw at any time without affecting prior processing.
To exercise any of these rights, email our DPO at [email protected]. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with NITDA at nitda.gov.ng.
Many rights can be exercised directly from within your Resman account settings — including data export, profile updates, and email preferences.
11 Children's Privacy
The Resman platform is intended for business use by adults aged 18 and over. We do not knowingly collect personal data from children under 18. If we become aware that we have inadvertently collected such data, we will delete it promptly. If you believe a child's data has been submitted to us, please contact [email protected] immediately.
12 Third-Party Links
Our platform and website may contain links to third-party websites (e.g., Paystack, Google, social media platforms). Once you leave our platform, this Privacy Policy no longer applies. We encourage you to review the privacy policies of any third-party sites you visit.
13 Policy Changes
We may update this Privacy Policy to reflect changes in our practices, legal requirements, or platform features. When we do, we will update the "Last updated" date at the top of this page. For material changes affecting how we process personal data, we will send an email notice to registered account owners at least 14 days before the change takes effect.
14 Contact & Data Protection Officer
For any privacy-related questions, requests, or concerns:
