Privacy Policy
Effective date: 16 April 2026
1. Who we are
Tari1 ("we", "us", "our") is an invoicing and financial management platform for small businesses and freelancers. We are subject to the Nigeria Data Protection Act 2023 (NDPA) and take our obligations under it seriously. Our data controller contact is privacy@tarione.com.
2. Data we collect
We collect the following categories of personal and business data:
- Account data: your name, email address, organisation name, and password (stored securely).
- Business data: invoices, clients, expenses, vendors, and any other content you create inside Tari1.
- Payment data: subscription billing is processed by Paystack. We store only a tokenised authorisation reference.
- Usage data: pages visited, features used, errors encountered, and session metadata, collected via PostHog to help us improve the product.
- Technical data: IP address, browser type, device type, and timestamps associated with your requests.
- Communications: any messages you send us via email or support channels.
We do not collect sensitive personal data and do not sell your data to third parties.
3. How we use your data
We use your data only for the following purposes:
- Providing, maintaining, and improving the Tari1 service.
- Processing your subscription payments and managing your account.
- Sending transactional emails (invoice notifications, payment receipts, account alerts).
- Generating tax filing reports and financial summaries you request.
- Responding to support requests and resolving disputes.
- Analysing aggregate, anonymised usage to improve features.
- Complying with applicable laws, including tax and financial regulations.
We will not use your data for unsolicited marketing without your explicit consent. You may object to processing based on legitimate interests at any time.
4. Third-party processors
We share data with the following sub-processors, each bound by data processing agreements:
| Processor | Purpose | Location |
|---|---|---|
| Paystack | Payment processing and subscription billing | Nigeria / Ireland |
| Google (OAuth) | Single sign-on authentication | USA |
| PostHog | Product analytics and error tracking | EU / USA |
| Cloud hosting provider | Infrastructure and database hosting | EU |
Where processors are located outside Nigeria, we ensure appropriate safeguards are in place as required by the NDPA.
5. Data retention
We retain your account and business data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it for legal or regulatory purposes.
6. Your rights
Under the NDPA and applicable law, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data (subject to legal retention obligations).
- Portability — receive your data in a structured, machine-readable format.
- Object to processing based on legitimate interests.
- Withdraw consent at any time where processing is consent-based.
- Lodge a complaint with the Nigeria Data Protection Commission (NDPC).
To exercise any of these rights, email us at privacy@tarione.com.
7. Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, hashed passwords, and role-based access controls.