How Resman Technologies Ltd collects, uses, shares, and protects personal data under the Nigeria Data Protection Act 2023.
Version 2026-04-19 · Last updated: April 19, 2026 · NDPA 2023 compliantResman Technologies Ltd ("Resman", "we", "us"), a Nigerian private company limited by shares and a wholly-owned subsidiary of Wonderwise Productions Ltd, operates the Resman platform at app.resman.ng, the marketing site at resman.ng, and the customer storefront network at shop.resman.ng.
For personal data we collect about our own account holders, site visitors, and prospects, Resman is the Data Controller. For personal data uploaded by business customers into their Resman workspaces (e.g., data about their staff, guests, or end customers), those business customers are the Data Controllers and Resman is the Data Processor.
Our Data Protection Officer (DPO) can be reached at [email protected].
This policy covers personal data processed through:
It does not cover the independent privacy practices of third-party services linked from the platform (e.g., Paystack, Google, Resend) — those have their own policies.
Do not upload special-category data (e.g., health, biometric, religious belief, political opinion, trade-union membership, sexual orientation) unless it is strictly necessary for your business (e.g., hotel passport-page scans where local law requires) and you have a lawful basis. If you do, you accept responsibility for that processing and must warn End Customers accordingly.
| Purpose | Data used |
|---|---|
| Create & manage your account | Identity, account |
| Deliver the Service (POS, bookings, reports, storefront) | Business & operational |
| Process subscription payments | Payment & billing |
| Send transactional emails (OTP, receipts, alerts, reset) | Email, account |
| Send product updates & announcements (opt-out) | Email, marketing consent |
| Security: detect fraud, abuse, unauthorised access | IP, audit, usage |
| Improve the Service (analytics, bug fixing, feature work) | Technical & usage (minimised) |
| Respond to support / legal enquiries | Communications |
| Power AI-assisted features (review, menu import) | Strictly minimised business data |
| Comply with legal, tax, and regulatory obligations | As required by law |
We do not sell identifiable personal data. We may, however, (a) use aggregated or anonymised data derived from your use of the Service to improve the Service, train our own machine-learning models, and publish aggregated market insights; and (b) in future, sell aggregated, anonymised market reports. "Aggregated or anonymised" means processed so that the data no longer identifies, and cannot reasonably be used to identify, you, your staff, your End Customers, or your specific business records. We never sell your customer lists or your sales records as such. See Section 11 for the full Resman-model-training position and your opt-out.
We never sell personal data. We share it only as follows:
Vetted vendors that help us run the Service under written data-processing terms and confidentiality obligations. Our current sub-processors include:
| Sub-processor | Purpose | Region |
|---|---|---|
| Hostinger | VPS hosting / infrastructure | EU / US (CDN) |
| Cloudflare | DNS, CDN, email routing, DDoS protection | Global |
| Paystack | Subscription & end-customer payments | Nigeria / US |
| Resend | Transactional email delivery | US / EU |
| OAuth sign-in; Gemini AI features | US | |
| NVIDIA | AI features (menu import / review assistant) | US |
We may update this list. Material changes are notified by email to the Owner at least 14 days in advance, giving you an opportunity to object on reasonable grounds.
We may disclose data where required by Nigerian law, a binding order, or a lawful request from NDPC, FIRS, EFCC, or another competent authority. We will notify affected customers where legally permitted.
If Resman is involved in a merger, acquisition, reorganisation, insolvency, or asset sale, personal data may be transferred to the successor entity under the same protections as this policy, and we will give you 30 days' notice before a different policy governs your data.
Any other sharing only with your prior consent.
Some sub-processors operate servers outside Nigeria. Where we transfer personal data abroad, we rely on an NDPC-recognised lawful mechanism — a relevant adequacy decision, standard contractual clauses, binding corporate rules, explicit consent where appropriate, or derogations permitted by the NDPA. You may request a copy of the transfer safeguard used for your data by emailing [email protected].
We use industry-standard technical and organisational measures including:
No system is perfectly secure. You must help by using strong passwords, protecting PINs and tokens, enabling 2FA where offered, and notifying us immediately of suspected compromise.
See our Cookie Policy for the full list. In short: the marketing site uses only privacy-preserving analytics; the application uses strictly necessary cookies and local storage for authentication and UI preferences. We do not use advertising or cross-site tracking cookies.
Some features use automated processing or AI models, including:
These features do not carry out automated decisions that produce legal effects concerning you or similarly significantly affect you within the meaning of the NDPA.
When you invoke an AI feature, the minimum necessary data is sent to the relevant third-party AI sub-processor (see Section 6.1) solely to generate your response. These providers are contractually prohibited from using your data to train their own models.
We may use aggregated or anonymised data derived from your use of the Service to:
"Aggregated or anonymised" means the data has been processed so it no longer identifies, and cannot reasonably be used to identify, you, your staff, your End Customers, or your specific business records. We do not train our own models on identifiable personal data.
You can disable AI features entirely from your settings. You can additionally opt out of having your anonymised data contribute to Resman's own model training by emailing [email protected]. Opting out of training does not disable the AI features — it only removes your anonymised data from our training set.
We do not sell identifiable Customer Data, your customer lists, your sales records, or any personal data of your staff or End Customers. We may, in future, publish or sell aggregated, anonymised market reports that contain no personal data.
Under the NDPA you have the following rights regarding your personal data:
Many rights can be exercised self-service from the app (export, profile update, marketing preferences, account deletion request). For anything else, email [email protected]. We aim to acknowledge within 48 hours and resolve within 30 days. If you are acting on behalf of an End Customer whose data lives in a business customer's workspace, please contact that business first — they are the Controller.
The Service is intended for business use by adults aged 18+. We do not knowingly collect personal data from children. If you believe a child's data has reached us, email [email protected] and we will delete it promptly.
In the event of a personal-data breach likely to result in a risk to the rights and freedoms of individuals, we will notify the NDPC and affected users without undue delay and in any case within 72 hours of becoming aware, as required by the NDPA. Notifications will describe the nature of the breach, likely consequences, and the measures we have taken or propose to take.
We may update this policy from time to time. When we do we will update the version number and date at the top. For any material change we will give at least 14 days' advance notice to Owners by email or in-app notice. Where a change requires your renewed consent, we will ask for it in-app before continued processing.
Questions about how we handle your information? Our DPO is here to help.
