Privacy Policy
1. Introduction
Therfamo Digital Technology Limited (“Therfamo Digital”, “we”, “us”, or “our”) is committed to protecting your
privacy and ensuring that your personal data is processed lawfully, fairly, and transparently.
This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you:
Visit our website (www.therfamo.com)
Use our products and services (Comply Invoice, Comply ERP & CRM, Comply Health, Comply School)
Interact with us in any other way
We process personal data in accordance with applicable data protection laws, including the Nigeria Data Protection Act (NDPA) 2023, NDPR 2019, and internationally recognized data protection principles aligned with the GDPR.
2. Data Controller
Therfamo Digital Technology Limited is the Data Controller responsible for determining how and why your personal data is processed.
Contact Details:
Email: privacy@therfamo.com
Where we process data on behalf of institutional clients (e.g., schools, hospitals, enterprises), we act as a Data Processor under a Data Processing Agreement (DPA).
3. Categories of Personal Data We Collect
3.1 Information You Provide Directly
Identification data (name, job title, organization)
Contact details (email, phone number, business address)
Account credentials (encrypted passwords)
Billing and payment information
Business registration details (TIN, CAC number)
Communications and support inquiries
Identity verification documentation (where legally required)
3.2 Business Data Processed Through Our Services
Depending on the product used, this may include:
Customer and invoice data (Comply Invoice)
Employee and payroll data (Comply ERP)
Patient health data (Comply Health)
Student and guardian data (Comply School)
Financial and inventory records
3.3 Information Collected Automatically
IP address and approximate location
Device and browser information
Usage data and analytics
Log files and diagnostic reports
Cookies and tracking technologies
3.4 Special Category (Sensitive) Data
For Comply Health and Comply School, we may process:
Health and medical records
Minor’s personal data
Academic records
Such data is processed only under appropriate legal basis and enhanced safeguards.
4. Legal Basis for Processing
We process personal data under one or more of the following lawful bases:
Contractual necessity – to provide subscribed services
Legal obligation – compliance with tax, regulatory, and reporting laws
Legitimate interests – fraud prevention, security, service improvement
Consent – marketing communications or optional features
Vital interests – emergency medical scenarios
Public interest – statutory public health or compliance obligations
5. How We Use Personal Data
We use personal data to:
Deliver and manage our services
Process payments and subscriptions
Provide customer support
Ensure regulatory compliance
Improve system functionality and user experience
Detect and prevent fraud or security incidents
Communicate important service updates
We do not sell personal data.
6. Data Sharing and Disclosure
We may share personal data with:
6.1 Service Providers
Cloud hosting providers
Payment processors
Technical infrastructure partners
Analytics providers
All third parties are bound by contractual confidentiality and data protection obligations.
6.2 Regulatory Authorities
Where required by law, including tax, health, or compliance reporting authorities.
6.3 Professional Advisors
Lawyers, auditors, and insurers where necessary for legal compliance.
6.4 Business Transfers
In the event of a merger, acquisition, or restructuring, subject to confidentiality safeguards.
7. International Data Transfers
Where personal data is transferred outside Nigeria, we ensure appropriate safeguards such as:
Standard Contractual Clauses (SCCs)
Data Processing Agreements
Adequacy assessments
Explicit consent (where required)
We ensure that cross-border transfers meet NDPA and internationally recognized protection standards.
8. Data Security
We implement appropriate technical and organizational security measures, including:
256-bit encryption (data at rest)
TLS encryption (data in transit)
Role-based access controls
Multi-factor authentication
Security monitoring and penetration testing
Incident response procedures
In the event of a data breach, affected individuals and relevant authorities will be notified in accordance with applicable law.
9. Data Retention
We retain personal data only as long as necessary for:
Contractual performance
Legal compliance (e.g., tax and regulatory retention requirements)
Legitimate business purposes
Where no longer required, data is securely deleted or anonymized.
10. Your Data Protection Rights
Subject to applicable law, you have the right to:
Access your personal data
Rectify inaccurate data
Request erasure (where applicable)
Restrict processing
Object to processing
Withdraw consent
Request data portability
Not be subject to solely automated decision-making
Requests may be submitted to: privacy@therfamo.com
We respond within statutory timelines (typically 30 days).
You also have the right to lodge a complaint with the relevant Data Protection Authority.
11. Children’s Privacy
Our services are not directed at children except through institutional clients (e.g., schools).
For Comply School:
Schools act as Data Controllers
We act as Data Processors
Parental or guardian consent must be obtained by the institution
Enhanced safeguards apply
12. Cookies and Tracking Technologies
We use cookies for:
Essential website functionality
Performance analytics
User preferences
Marketing (where consent is provided)
Users may manage cookie preferences via browser settings or our cookie banner.
13. Third-Party Links
Our services may contain links to external websites. We are not responsible for third-party privacy practices. Users should review their policies separately.
14. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notification. Continued use of our services constitutes acceptance of the revised policy.
15. Contact Us
Therfamo Digital Technology Limited
Attn: Privacy Team
Lagos, Nigeria
Email: privacy@therfamo.com