B
BOMEO

Legal

Privacy Policy

Last updated: May 29, 2026

1. Introduction

BOMEO ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business management platform and related services.

We comply with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation (NDPR), the General Data Protection Regulation (GDPR), and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, business name, and business address when you register.
  • Business Data: Inventory records, sales transactions, customer information, invoices, expenses, and financial data you enter into BOMEO.
  • Communications: Messages you send us through support channels or feedback forms.

2.2 Information Collected Automatically

  • Usage Data: How you interact with our platform, features used, and time spent.
  • Device Information: Browser type, operating system, device identifiers, and IP address.
  • Offline Sync Data: Metadata about offline transactions synced when connectivity is restored.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Process transactions and send related notifications
  • Send you technical notices, updates, and support messages
  • Send promotional communications (with your consent)
  • Generate AI-powered insights and recommendations for your business
  • Detect, prevent, and address technical issues or fraud
  • Comply with legal obligations

4. Email Communications

We may send you emails for the following purposes:

  • Transactional emails: Order confirmations, payment receipts, invoice notifications, and account alerts. These are necessary for service delivery.
  • Service updates: Important changes to our platform, features, or policies.
  • Marketing emails: Product updates, tips, and promotional offers. You can opt out at any time.

To unsubscribe from marketing emails, click the "unsubscribe" link at the bottom of any marketing email or contact us at privacy@bomeo.xyz. We honour all opt-out requests within 10 business days.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service Providers: Third parties that help us operate our platform (hosting, payment processing, analytics, messaging).
  • Legal Requirements: When required by law, regulation, or legal process.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.
  • With Your Consent: When you explicitly agree to share information.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. We retain business data (transactions, inventory records, invoices) for the period required by applicable tax and accounting regulations in your jurisdiction (minimum 6 years for Nigerian businesses under FIRS requirements). You can request deletion of your account and personal data at any time, subject to legal retention requirements.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure data centres with physical security measures
  • Role-based access control within tenant organizations

8. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing for direct marketing purposes
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at privacy@bomeo.xyz. We respond to all requests within 30 days.

9. International Data Transfers

Your data may be processed in countries outside Nigeria or the EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by relevant authorities.

10. Children's Privacy

BOMEO is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Cookies and Tracking

We use essential cookies to maintain your session and ensure the Service functions correctly. We may also use optional analytics cookies with your consent to understand how users interact with the platform. You can manage cookie preferences through your browser settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. Your continued use of BOMEO after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

  • Email: privacy@bomeo.xyz
  • Address: Lagos, Nigeria

For NDPA/NDPR-related inquiries, you may also contact the Nigeria Data Protection Commission (NDPC). For GDPR-related inquiries, you may contact your local data protection authority.