Privacy notice

Data controller & scope

Qubicbox Technologies Limited ("Qubicbox", "we", "us") is the data controller for personal data processed across Qubicweb, Qlutterbox, Qubictry, and Qverity when those services are offered directly to customers. When we process personal data on behalf of partner marketplaces or organisations we act as a data processor and follow their documented instructions.

This privacy notice explains how we comply with Nigeria’s Data Protection Regulation (NDPR) and the EU General Data Protection Regulation (GDPR).

Personal data we collect

• Identity and contact data (names, addresses, phone numbers, identification documents) provided during verification or dispute intake.
• Business and transactional data (licences, order references, payout information, dispute evidence) needed to provide trust and safety services.
• Technical and usage data (device information, IP address, log information) captured when you visit our websites or use our APIs. We use privacy-preserving analytics tools that do not drop marketing cookies.

Why we process personal data

• To deliver trust services including verification, fraud detection, dispute resolution, and advisory engagements for our customers.
• To meet legal and regulatory obligations, respond to lawful requests from authorities, and maintain accurate records for audits.
• To protect our legitimate interests such as monitoring misuse, securing our systems, and improving the reliability of our products.
• Where required, to share updates or marketing information with your consent. You can withdraw consent at any time.

Legal bases

We rely on one or more of the following legal bases to process personal data:

• Performance of a contract (e.g. issuing Qverity badges, handling a dispute case).
• Compliance with legal obligations under NDPR, NDPA, GDPR, anti-fraud, or financial regulations.
• Legitimate interests (e.g. preventing fraud, ensuring platform security).
• Consent, where we request it explicitly (e.g. optional marketing communications).

Data sharing & international transfers

We only share personal data with trusted processors and partners who need it to provide verification, fraud intelligence, or dispute services. These partners must follow our security requirements and only act on our instructions.

Where data is transferred outside Nigeria or the European Economic Area, we ensure an adequate level of protection using Standard Contractual Clauses or other recognised safeguards. Copies of these safeguards are available on request.

Retention

We keep personal data only for as long as necessary to meet the purposes described above, fulfil legal or contractual obligations, or resolve disputes. When data is no longer needed we securely delete or anonymise it.

Security

• Encryption at rest and in transit within secure data centres located in Africa or the EEA.
• Role-based access controls, multi-factor authentication, and activity monitoring for staff and partners.
• Regular risk assessments, incident response plans, and vendor due diligence.

Your privacy rights

Under NDPR and GDPR you can exercise the following rights:

• Access, correction, deletion, portability, or restriction of your personal data.
• Objection to processing based on legitimate interests, and withdrawal of consent where granted.
• Submission of a complaint to Nigeria’s Data Protection Commission (NDPC) or your local supervisory authority in the EU/EEA.

How to contact us

To exercise your rights or ask questions about this privacy notice, email privacy@qubicbox.com or write to:

Qubicbox Technologies Limited, Trust Operations Team, Lagos, Nigeria.

We respond to privacy requests within one working day. If we process data on behalf of a partner, we will coordinate with them to resolve your request.