Privacy

Privacy policy.

Last updated: 8 May 2026

This policy explains what personal data Therasafety Limited collects through therasafety.com, why we collect it, and what rights you have over it. It is written to comply with Nigeria’s Data Protection Act 2023 (NDPA).

1. Who we are

Therasafety Limited (“Therasafety”, “we”, “our”) is a company registered in Nigeria. We operate the marketing site at therasafety.com. For matters relating to this policy you can reach us at hello@therasafety.com.

This policy covers only the marketing site. Our individual products (HowBody, WetinDey, Belle, OgaDokita, NoWahala, BodiCheck, NaijaHealth, OriginalNa, Vigil) each maintain their own product-specific privacy notices that govern any health, identity, or transactional data processed within those products.

2. What we collect

We only collect personal data you actively give us, plus a small amount of technical data needed to operate the site safely.

From the contact form

  • Your name and email address (required).
  • Your organisation name, if you choose to provide it.
  • The inquiry type you select and the message you write.
  • A hashed version of your IP address and your browser’s user-agent string, to protect the form against abuse. We do not store your raw IP address.

From the newsletter, if you subscribe

  • Your email address and a confirmation timestamp.

From analytics, if enabled

  • Anonymised page-view data (URL, referrer, device class, country) collected via PostHog. We do not use cross-site tracking cookies for advertising.

3. Why we collect it

Our lawful basis under NDPA s.25 is legitimate interest for the contact form (responding to enquiries you initiated) and consent for the newsletter (you opt in via a confirmation email). Analytics is processed under legitimate interest with anonymisation in place; you can opt out via your browser’s Do-Not-Track signal or by blocking the analytics domain.

4. Who processes the data on our behalf

The following sub-processors handle data so we can run the site:

  • Supabase — database storage for contact submissions and newsletter subscribers.
  • Resend — transactional email delivery (your confirmation, our internal notification).
  • Upstash — rate-limit counters keyed by hashed IP and email.
  • Vercel — hosting and edge network for the site itself.
  • Cloudflare — DNS and DDoS protection.
  • PostHog — product analytics (when enabled), self-hostable EU/US regions.

These vendors process data outside Nigeria. Where they do, we rely on the recipient country’s adequacy decision or on contractual safeguards equivalent to the Standard Contractual Clauses, as permitted by NDPA s.41.

5. How long we keep it

  • Contact form submissions: retained for up to 24 months after the conversation closes, then deleted or archived in a non-personal form.
  • Newsletter subscriptions: retained until you unsubscribe, then deleted within 30 days.
  • Server logs containing hashed IPs: retained for 90 days for security and abuse-detection.

6. Your rights

Under NDPA 2023 you have the right to:

  • Access the personal data we hold about you.
  • Have it corrected if it is inaccurate.
  • Have it deleted (the “right to be forgotten”), subject to legal retention obligations.
  • Withdraw consent at any time, where consent is the lawful basis.
  • Receive your data in a portable, machine-readable format.
  • Object to processing based on legitimate interest.

To exercise any of these rights, email hello@therasafety.com. We respond within 30 days. See also our NDPA Compliance page for the detailed data-subject request procedure and complaint route.

7. Cookies and similar technologies

The marketing site uses no advertising cookies. We use only:

  • A session cookie set by Vercel for serving the page (essential).
  • A preferences cookie, only if you set one (e.g. dismissing a banner).

8. Children

This site is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has submitted data, contact us and we will delete it.

9. Changes to this policy

Material changes will be reflected by updating the “Last updated” date and, where appropriate, notifying newsletter subscribers by email.

10. Contact

Questions, requests, or concerns: hello@therasafety.com.