Logo
ChuksForge AI Solutions Ltd
RC No. 9523804 · Nigeria
Back to site
Legal Document

Privacy Policy

Effective Date12 May 2026
Last Updated22 June 2026
Applies ToAll ChuksForge Services incl. BOS
JurisdictionFederal Republic of Nigeria
NDPR 2019 Nigeria DPA 2023 Meta WhatsApp Business Policy NDPC Supervised
Plain-Language Summary

We collect only the data we need to deliver our services. We do not sell your data. We do not share it with third parties except where required to operate our services or comply with the law. This policy covers all ChuksForge products and services, including the BOS (Business Operating System) platform — a WhatsApp-native business management service for Nigerian MSMEs. Data submitted through our contact forms, APIs, WhatsApp services, voice notes, referral flows, and client systems is handled with professional discretion and protected by appropriate technical and organisational measures in accordance with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (DPA) 2023.

Contents
  1. Who We Are
  2. Scope of This Policy
  3. Regulatory Framework and Compliance Status
  4. Data We Collect and Why
  5. BOS Platform — WhatsApp and Messaging Services
  6. Voice Notes and Audio Processing
  7. Referral, Agent, and Commission Data
  8. Payment and Financial Data
  9. APIs and AI-Assisted Processing
  10. Legal Basis for Processing
  11. How We Use Your Data
  12. Sub-Processors and Third Parties
  13. Data Retention
  14. Data Security
  15. Your Rights Under the NDPR and DPA 2023
  16. Cookies and Tracking
  17. International Data Transfers
  18. Children's Privacy
  19. Changes to This Policy
  20. Contact and Data Requests
01

Who We Are

ChuksForge AI Solutions Ltd (hereinafter "ChuksForge", "we", "us", or "our") is a formally registered technology company incorporated under the laws of the Federal Republic of Nigeria (RC No. 9523804). We provide artificial intelligence systems engineering, software development, automation systems, data analytics, and technology consulting services to clients locally and internationally.

Our principal place of business is in Nigeria. We operate the website at https://chuksforge.com and various software products, APIs, and messaging-based services — most notably the BOS (Business Operating System) platform, a WhatsApp-native SaaS product serving Nigerian micro, small, and medium enterprises (MSMEs).

For the purposes of the Nigeria Data Protection Act 2023 and the Nigeria Data Protection Regulation 2019, ChuksForge AI Solutions Ltd is the data controller for personal data processed in connection with its own operations. Where ChuksForge operates software on behalf of a business client, the client is the data controller and ChuksForge acts as a data processor.

02

Scope of This Policy

This Privacy Policy applies to all personal data collected, processed, or stored by ChuksForge across the following surfaces:

  • Our website — chuksforge.com and any subdomains
  • BOS (Business Operating System) — our WhatsApp-native MSME management platform, including all interaction channels: WhatsApp messaging, voice notes, document attachments, onboarding flows, and the BOS web dashboard
  • Client-facing SaaS products — any other products we operate or white-label for clients
  • APIs and integrations — REST APIs, webhook endpoints, background processing services, and third-party integrations we operate or maintain
  • Messaging services — WhatsApp Business API-powered chatbots and automated messaging systems operated on behalf of ourselves or clients
  • Client engagements — data shared with us during consulting, assessment, and project delivery
  • Communications — email, contact forms, and any other direct communication channel

Where ChuksForge acts as a data processor for a business client, that client's privacy policy governs their end-users' data. This policy governs data for which ChuksForge is the data controller.

03

Regulatory Framework and Compliance Status

ChuksForge processes personal data in compliance with the following regulatory instruments:

  • Nigeria Data Protection Act (DPA) 2023 — the primary statute governing data protection in Nigeria, signed into law on 12 June 2023
  • Nigeria Data Protection Regulation (NDPR) 2019 — the foundational regulation issued by NITDA, operative as subsidiary framework alongside the DPA 2023
  • NDPC General Application and Implementation Directive (GAID) 2025 — operational guidance issued by the Nigeria Data Protection Commission
  • Meta WhatsApp Business Policy and Meta Platform Terms — applicable to all BOS messaging channels that use the WhatsApp Business Cloud API
Supervisory Authority

The Nigeria Data Protection Commission (NDPC) — established under the DPA 2023 — is the competent supervisory authority for data protection matters in Nigeria. If you believe your data rights have not been adequately addressed by ChuksForge, you may lodge a complaint with the NDPC at ndpc.gov.ng.

NDPC Registration and DPO Status

ChuksForge continuously monitors its obligations under the Nigeria Data Protection Act 2023 and applicable directives issued by the Nigeria Data Protection Commission (NDPC). Where registration, designation of a Data Protection Officer, or any additional compliance obligations become applicable to our operations, we will maintain such registrations, appointments, and governance measures as required by law.

ChuksForge is committed to maintaining compliance with applicable data protection laws and continuously reviews and updates its practices, policies, and technical safeguards to align with evolving legal and regulatory requirements.

Data subjects may contact us at hello@chuksforge.com regarding privacy concerns or to exercise their rights under applicable data protection laws.

04

Data We Collect and Why

We collect personal data only when there is a lawful basis and a genuine operational need. The categories of data we collect depend on how you interact with us:

Via our website contact form

  • Full name, email address, company or organisation name
  • Nature of your enquiry and project description
  • IP address and browser metadata collected automatically by our hosting infrastructure

Purpose: to respond to your enquiry, assess fit, and initiate an engagement where appropriate.

Via client engagement and onboarding

  • Contact details of individuals at client organisations (name, email, phone, role)
  • Business information, project briefs, and technical specifications shared during scoping
  • Payment and invoicing information processed through third-party payment providers; we do not store full payment card data
  • Signed agreements and correspondence

Purpose: to deliver contracted services, manage the engagement, and comply with legal and financial obligations.

Via BOS platform onboarding

  • WhatsApp phone number, collected at registration
  • Business name, business type or category, and operating location(s)
  • Branch identifiers where a business registers more than one location
  • Referral or agent code used during onboarding, where applicable
  • Preferred language for system responses — English, Yoruba, Hausa, or Igbo
  • Subscription tier and plan selection

Purpose: to create and configure a BOS business account and personalise the service for the user's operational context.

Automatically collected technical data

  • Server access logs including IP addresses, request timestamps, and response codes
  • Error logs and performance telemetry from systems we operate
  • Session and rate-limiting metadata tied to account identifiers — ephemeral, not stored beyond the session

Purpose: system maintenance, security monitoring, and performance optimisation. This data is retained in aggregated or anonymised form and is not used for marketing profiling.

05

BOS Platform — WhatsApp and Messaging Services

The BOS (Business Operating System) platform is a WhatsApp-native business management tool that allows Nigerian MSMEs to record sales, manage inventory, track expenses, generate reports, and manage staff entirely via WhatsApp. This section describes the data practices of the BOS platform.

Data collected through BOS WhatsApp interactions

  • The WhatsApp phone number and display name of the account holder and any authorised staff members
  • Message content submitted to BOS by the user — including text commands, transaction descriptions, item names, quantities, and prices expressed in natural language (including Nigerian Pidgin, Yoruba, Hausa, and Igbo)
  • Document attachments submitted via WhatsApp for bulk data operations
  • Message timestamps and interaction metadata
  • Structured business records derived from message content: sales records, inventory entries, expense logs, staff records, and business summaries
  • Tamper-evident activity log entries recording data modification events for integrity and dispute resolution purposes

Multi-branch and staff data

  • Where a business registers multiple locations, BOS stores branch identifiers and routes each interaction to the correct business context
  • Staff phone numbers registered by the account owner for access delegation
  • Role assignments and permission levels granted by the account owner

Use of BOS message and transaction data

  • Message content is processed solely to fulfil the function the user initiates — recording a transaction, updating stock, generating a report, or responding to a query
  • Structured business records are stored in the BOS database on behalf of the account holder and are accessible to them via the BOS dashboard and WhatsApp
  • Message content is not used for advertising, behavioural profiling, or shared with any party beyond those necessary to deliver the service
  • Raw message text is processed to extract structured data and is not retained in a separate message archive

Meta / WhatsApp platform compliance

BOS uses the WhatsApp Business Cloud API operated by Meta Platforms, Inc. Messages sent through BOS pass through Meta's infrastructure. ChuksForge operates BOS in compliance with the WhatsApp Business Policy and Meta Platform Terms. End users are also subject to WhatsApp's own privacy policy published by Meta Platforms, Inc.

Incoming message security

All incoming messages and notifications received by BOS from external platforms are subject to cryptographic verification before processing. Messages that fail verification are rejected and do not enter the system.

Opt-out

Users may stop receiving automated messages from BOS at any time by sending "STOP" to the BOS WhatsApp number. Account holders may request suspension or full deletion of their account and associated data by contacting us at hello@chuksforge.com.

06

Voice Notes and Audio Processing

BOS accepts voice note messages sent via WhatsApp as an input method for users who prefer speaking over typing. This section describes how audio data is handled.

What happens when you send a voice note

  • The voice note audio file is retrieved from WhatsApp's media servers via a secure, time-limited link
  • The audio is submitted to a third-party speech-to-text transcription service to convert the spoken content into text
  • The resulting transcript is then processed by our AI-assisted parsing layer to extract the relevant business information the user intended to record
  • The original audio file is not permanently stored by ChuksForge; only the transcript and the structured data derived from it are retained

Audio data and third-party processing

Audio submitted for transcription is processed under agreements with our transcription service provider that prohibit use of submitted audio for model training by default. See Section 12 for details of our sub-processor arrangements.

07

Referral, Agent, and Commission Data

BOS operates a referral and agent programme that enables existing users and enrolled agents to introduce new businesses to the platform and earn commissions on successful referrals.

Referral codes and peer sharing

  • Each registered BOS business account is assigned a unique referral code
  • When a new user registers using an existing user's referral code, a referral relationship is recorded in our system
  • The linking of referrer and referee accounts is used solely for commission calculation purposes; no personal data is shared between the two parties

Agent accounts

  • Agents enrolled in the BOS agent programme are assigned a unique agent identifier
  • Agent accounts store: agent name, WhatsApp phone number, bank account details where provided for commission payouts, and a record of businesses onboarded under the agent's code
  • Agent bank account details are treated as sensitive financial data and are protected by appropriate security controls

Commission records

Commission calculation records — including amounts, dates, and associated account identifiers — are retained for 7 years from the date of the relevant transaction, consistent with Nigerian financial record-keeping requirements.

08

Payment and Financial Data

Payment processing

  • All subscription payments are processed by regulated third-party Nigerian payment service providers
  • ChuksForge does not store, transmit, or have access to full payment card numbers, bank account credentials, or BVN data
  • We receive and store only a payment reference, transaction status, amount, and timestamp from the payment provider
  • Subscription status is stored in our database and linked to the relevant business account

Business financial data entered by users

Sales figures, revenue data, stock values, and expense amounts entered into BOS by a business owner are that business's own commercial data. This data is stored on the business owner's behalf and is not accessed by ChuksForge staff except for authorised technical support with the account owner's explicit consent, system maintenance, or as required by law.

09

APIs and AI-Assisted Processing

ChuksForge develops and operates APIs and software systems as standalone products and as components of client-commissioned systems. The BOS platform uses AI-assisted processing to interpret natural-language inputs from users and convert them into structured business records.

AI processing

  • User message text, including voice note transcripts, is submitted to third-party AI language model providers to identify intent and extract structured data
  • AI processing occurs in real time; request and response logs may be retained briefly for debugging purposes before deletion
  • Data submitted to AI model providers is processed under agreements that prohibit use of submitted data for model training without explicit opt-in
  • AI-assisted parsing does not make decisions with legal or significant effects on users; it produces structured records that users can review and correct

Background processing

  • Certain platform functions — including scheduled notifications, report generation, and document processing — are handled by background processing services
  • Data within these services is processed transiently and is not retained beyond what is required to complete the task

Other software products

ChuksForge operates additional software products including data extraction pipelines, observability platforms, and client-commissioned automation systems. Data handling in these products is described in product-specific agreements with the relevant client organisations.

10

Legal Basis for Processing

Under the Nigeria Data Protection Act 2023 and NDPR 2019, we process personal data on one or more of the following lawful grounds:

  • Consent — where you have given free, specific, informed, and unambiguous consent to processing, such as during BOS account registration or for optional communications. Consent may be withdrawn at any time.
  • Contractual necessity — processing is required to perform a contract with you or your organisation, or to take steps at your request before entering into a contract. This is the primary basis for BOS service delivery.
  • Legal obligation — processing is required for compliance with applicable Nigerian law, including financial, tax, and regulatory obligations.
  • Legitimate interests — processing is necessary for our legitimate business interests, such as maintaining system security, detecting fraud, improving our services, and managing client relationships, provided these interests are not overridden by your rights and freedoms.

We do not process special categories of sensitive personal data as defined under the DPA 2023 — such as health data, biometric data, or data revealing ethnic or religious identity — in the course of our standard services. The multilingual capability of BOS (Yoruba, Hausa, Igbo, English) does not constitute processing of ethnicity data; language preference is stored solely as a user interface setting.

11

How We Use Your Data

We use personal data for the following purposes, each tied to a lawful basis described in Section 10:

  • Responding to enquiries and conducting business development activities
  • Delivering contracted services, including BOS platform operation, software development, consulting, and managed services
  • Interpreting user messages to create structured business records on the account holder's behalf
  • Transcribing voice notes and processing the resulting text to extract business information
  • Processing document attachments to perform bulk data imports or exports on behalf of the account holder
  • Sending scheduled and event-driven WhatsApp notifications — such as business summaries, stock alerts, and subscription reminders
  • Calculating and recording referral commissions for agents and peer referrers
  • Processing subscription payments and maintaining subscription status records
  • Generating business reports and analytics accessible to account holders within the platform
  • Operating, maintaining, and improving our software products
  • Sending service-related communications, including project updates, invoices, and support responses
  • Complying with legal, regulatory, and financial obligations under Nigerian law
  • Detecting, preventing, and responding to security threats or misuse of our systems
  • Generating anonymised or aggregated analytics to improve platform performance

We do not use personal data for unsolicited marketing, behavioural advertising, or sale to third parties.

12

Sub-Processors and Third Parties

We engage carefully selected third-party service providers ("sub-processors") where operationally necessary to deliver our services. These providers support messaging infrastructure, cloud hosting, database services, artificial intelligence processing, payment processing, email delivery, security, and related operational functions.

Each sub-processor is engaged under contractual terms designed to ensure appropriate confidentiality, security, and data protection standards consistent with applicable laws. We seek to limit data shared with each provider to the minimum necessary for the performance of its role.

Category Purpose
Messaging providers Message delivery and communication infrastructure
Cloud infrastructure providers Hosting and computing resources
Database providers Storage and management of structured data
AI service providers Natural language processing and AI-assisted functionality
Speech-to-text providers Voice transcription services
Payment service providers Subscription and transaction processing
Email service providers Delivery of transactional communications
Security and network providers DNS, content delivery, and traffic protection
Authentication and session providers Session management and platform security

A current list of major sub-processors and their locations may be made available upon reasonable request by contacting hello@chuksforge.com

Data sharing with client organisations

Where ChuksForge builds and operates systems on behalf of a business client, data generated within that system is made available to the client as the data controller.

Legal disclosures

We may disclose personal data where required by Nigerian law, a valid court order, or a legitimate request from the Nigeria Data Protection Commission (NDPC) or other competent regulatory authority.

Business transfers

In the event of a merger, acquisition, or transfer of business assets, personal data may be transferred as part of that transaction, subject to equivalent privacy protections and notification to affected data subjects where required by the DPA 2023.

We do not sell, rent, or trade personal data. We do not share data with data brokers or advertising platforms.

13

Data Retention

We retain personal data for as long as is necessary for the purpose for which it was collected, subject to legal and contractual obligations:

  • Website contact form enquiries — retained for up to 2 years from last engagement
  • Client engagement records — retained for 7 years from conclusion of the engagement, consistent with Nigerian financial record-keeping requirements
  • BOS business account data — retained for the duration of the active subscription; following account cancellation, data is retained for 90 days to allow reactivation, then deleted or anonymised unless earlier deletion is requested
  • Tamper-evident activity log records — retained for the lifetime of the business account plus 7 years for financial integrity and compliance purposes
  • Commission and payment records — retained for 7 years from the date of the relevant transaction
  • Voice note audio files — are processed only for the purpose of transcription and are deleted or overwritten according to our operational retention schedules unless longer retention is required for security, troubleshooting, or legal obligations.
  • Voice note transcripts — retained only for as long as reasonably necessary for processing, troubleshooting, and service continuity, after which they are deleted, anonymised, or overwritten in accordance with our retention schedules.
  • Raw WhatsApp message text — is processed primarily to fulfil user requests. Where temporary retention occurs for operational integrity, debugging, security, or recovery purposes, such retention is limited and subject to applicable safeguards.
  • Document attachments — are retained only as long as reasonably necessary to perform the requested operation or satisfy operational, security, or legal requirements.
  • Server and API logs — retained for 30–90 days in raw form; aggregated or deleted thereafter
  • Session and ephemeral processing data — expires automatically after the relevant session or task completes
  • Referral and agent linkage records — retained for the lifetime of the relevant accounts plus 7 years for commission audit purposes

You may request deletion of your personal data at any time. Requests will be honoured subject to overriding legal obligations. See Section 15 for how to exercise this right.

14

Data Security

We implement technical and organisational measures appropriate to the sensitivity and volume of the data we process. These measures include:

  • Encryption of data in transit and, where appropriate, at rest.
  • Access controls and role-based permissions.
  • Authentication safeguards and credential management procedures.
  • Logging, monitoring, and security event detection.
  • System availability and resilience measures.
  • Backup and recovery procedures.
  • Measures designed to preserve data integrity and prevent unauthorised access.
  • Ongoing review and improvement of our security practices.

While no method of transmission or storage can guarantee absolute security, we seek to maintain security measures appropriate to the risks involved.

In the event of a personal data breach likely to pose a risk to the rights and freedoms of affected individuals, we will notify the Nigeria Data Protection Commission and affected persons in accordance with applicable law.

14A

Automated Processing and Human Oversight

BOS uses artificial intelligence and automated processing tools to interpret user inputs, generate summaries, and extract structured business information.

These systems are designed to assist users and do not ordinarily make decisions that produce legal or similarly significant effects without human involvement.

Users remain responsible for reviewing outputs before acting on them.

Where automated processing materially affects a user, that user may request human review, express their views, and contest the outcome.

We continuously review our AI-assisted systems and implement safeguards intended to promote fairness, accuracy, and reliability.

15

Your Rights Under the NDPR and DPA 2023

Under the Nigeria Data Protection Regulation 2019 and the Nigeria Data Protection Act 2023, you have the following rights with respect to personal data we hold about you:

  • Right to be informed — you have the right to know how your data is collected, used, and shared. This policy fulfils that obligation.
  • Right of access — you may request a copy of the personal data we hold about you and information about how it is processed.
  • Right to rectification — you may request correction of inaccurate or incomplete personal data without undue delay.
  • Right to erasure — you may request deletion of your personal data where we no longer have a lawful basis to retain it, subject to legal retention obligations.
  • Right to restriction of processing — you may request that we limit processing of your data in certain circumstances, such as while accuracy is contested.
  • Right to data portability — where applicable, you may request your data in a structured, machine-readable format, such as a CSV or JSON export of your BOS transaction records.
  • Right to object — you may object to processing based on legitimate interests where your interests, rights, or freedoms override those interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right not to be subject to solely automated decisions — BOS uses AI to interpret messages and extract structured data. This processing does not make decisions with legal or significant effects on you without human involvement. If you believe any automated output has adversely affected you, you may request human review.
  • Right to human intervention and review — where automated processing materially affects you, you may request human review, express your views, and contest the outcome.
  • Right to lodge a complaint — if you believe your rights have been infringed, you may submit a complaint to the Nigeria Data Protection Commission (NDPC).

To exercise any of these rights, contact us at hello@chuksforge.com with the subject line "Data Rights Request". Please include your name, WhatsApp number or account email, and a description of your request. We will respond within 30 calendar days as required by the DPA 2023. We may need to verify your identity before acting on a request.

If you are not satisfied with our response, you may escalate your complaint to the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

16

Cookies and Tracking

Our main website (chuksforge.com) is a static site that does not currently use cookies, third-party analytics scripts, tracking pixels, or behavioural advertising technologies.

The BOS web dashboard uses session cookies strictly necessary for authentication and to maintain a logged-in state. These are functional cookies and do not track user behaviour for advertising purposes.

Server-side access logs — including IP address, request path, timestamp, and referrer — are retained by our hosting infrastructure for security and performance purposes, each governed by their respective privacy policies.

If we introduce analytics or additional cookies in future, we will update this policy and implement an appropriate consent mechanism consistent with the NDPR and DPA 2023 requirements.

17

International Data Transfers

ChuksForge is based in Nigeria, but certain service providers that support our operations are located in other jurisdictions, including the United States and the European Union.

Where personal data is transferred outside Nigeria, we seek to implement safeguards appropriate under applicable law. Such safeguards may include contractual protections, data processing agreements, recognised security standards, and limiting the scope of data shared to what is reasonably necessary for the relevant service.

By using our services, you acknowledge that some data may be processed in jurisdictions whose privacy laws differ from those of Nigeria. We seek to ensure that such transfers are conducted in a manner consistent with the Nigeria Data Protection Act 2023 and other applicable requirements.

Additional information regarding categories of sub-processors may be requested by contacting hello@chuksforge.com

18

Children's Privacy

Our services are designed primarily for businesses and business professionals. We do not knowingly provide services to children or intentionally collect personal data from children.

If we become aware that personal data relating to a child has been collected inadvertently, we will take reasonable steps to delete or otherwise appropriately handle such information in accordance with applicable law, including the Nigeria Data Protection Act 2023 and the Child Rights Act.

19

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our services, legal requirements, or data practices.

When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Where appropriate, notify active BOS account holders via WhatsApp message or email
  • Obtain fresh consent where the change introduces a new processing purpose that requires it under the DPA 2023

We encourage users to review this Privacy Policy periodically. Where required by law, we will obtain any necessary consent before implementing material changes involving new purposes of processing.

20

Contact and Data Requests

For questions regarding privacy, personal data, or this Privacy Policy, please contact:

ChuksForge AI Solutions Ltd

RC No. 9523804 · Federal Republic of Nigeria

Privacy Contact

Privacy Officer

ChuksForge AI Solutions Ltd

Email: hello@chuksforge.com

Security Incident Reporting

Email: https://chuksforge.com

Individuals seeking to exercise their rights under applicable data protection laws may contact us with the subject line:

"Data Rights Request"

We aim to respond within the timelines prescribed by applicable law. We may request additional information reasonably necessary to verify identity before acting on a request. Where you are dissatisfied with our response, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC).

© 2026 ChuksForge AI Solutions Ltd · RC No. 9523804 · Nigeria
Privacy Policy Terms of Service Home