Privacy Policy
Effective date: 1 July 2025
This policy covers the Crovix Haven resident app, guard terminal app, estate admin portal, partner platform, and this website.
Contents
1. Overview
Crovix Global Technologies Ltd ("Crovix", "we", "us") operates the Crovix Haven platform, which includes:
- Resident & Visitor Mobile App — the iOS and Android application used by estate residents and their visitors to manage gate access, receive announcements, pay service charges, and raise incident reports.
- Guard / Scanner Terminal App — the mobile application used by security personnel to scan visitor QR passes and log gate entries and exits.
- Estate Admin Portal — the web-based dashboard used by estate management committees, facility managers, and their designated staff to configure the estate, manage residents, and monitor operations.
- Partner Platform — the web portal used by Crovix referral and channel partners to track estate referrals and manage commission records.
- This Website — haven.crovix.tech, used to market the platform and accept estate subscription applications.
This Privacy Policy explains what personal data we collect across each of these surfaces, why we collect it, how we use and protect it, and the rights available to you.
By accessing or using any part of the Crovix Haven platform, you agree to the practices described in this policy. If you do not agree, please do not use our services.
2. Who This Policy Covers
- Estate Subscribers / Administrators — individuals or organisations that subscribe to Crovix Haven on behalf of a residential estate.
- Residents — occupants and unit owners in an onboarded estate who use the mobile app.
- Visitors — guests of residents who receive or present a digital gate pass.
- Security Personnel (Guards) — gate security staff who use the scanner terminal app.
- Staff Accounts — estate admin staff added to the admin portal by the estate management.
- Referral Partners — registered agents and organisations on the Crovix Haven Partner Platform.
- Website Visitors — anyone browsing haven.crovix.tech.
3. Data We Collect
3.1 Resident & Visitor Mobile App
- Identity data: full name, profile photo (optional), unit number.
- Contact data: phone number, email address.
- Access data: gate entry and exit timestamps, visitor pass codes, QR scan logs.
- Financial data: service charge payment records and receipts (we do not store payment card details; payments are processed by our payment gateway partners).
- Communications: messages sent via estate announcement channels and incident reports submitted through the app.
- Device data: device model, operating system version, push notification token (to deliver estate alerts and emergency notifications).
- Location data: coarse GPS location may be used when generating or validating a gate-access pass. We do not track your continuous background location.
3.2 Guard / Scanner Terminal App
- Identity data: name, staff ID, role.
- Operational data: QR scans performed, timestamps, gate selected, number plates captured (if applicable).
- Device data: device model and OS version for offline-sync diagnostics.
3.3 Estate Admin Portal
- Account data: name, email address, phone number, role, login timestamps.
- Estate configuration data: estate name, address, zone definitions, gate configuration, onboarding documents submitted during application.
- Resident & unit data: uploaded or entered roster information for residents, including unit assignments.
- Operational data: billing records, incident logs, announcement history, gate activity reports.
- Usage data: actions taken inside the portal for audit-trail purposes.
3.4 Partner Platform
- Identity & business data: name, organisation name, email, phone, bank account details for commission payouts.
- Referral data: estates referred, conversion status, commission records.
- Login & access data: login timestamps and IP addresses for security purposes.
3.5 This Website
- Application data: name, email, phone, and estate details submitted through the subscription application form.
- Usage data: anonymised analytics on pages visited, browser type, and referral source (if analytics tooling is active).
4. How We Use Your Data
- To provision and operate your estate on the Haven platform.
- To authenticate users and control access to the appropriate portal or app.
- To enable gate access control — generating, validating, and logging visitor passes.
- To deliver estate announcements, emergency alerts, and push notifications.
- To process service charge payments and generate financial records.
- To manage referral commissions for partners.
- To support fraud prevention, security monitoring, and platform abuse detection.
- To respond to support requests, complaints, and incident reports.
- To improve the platform based on aggregated, anonymised usage patterns.
- To comply with applicable Nigerian and international data protection laws.
5. Legal Basis for Processing
- Contract performance: processing necessary to deliver the Haven subscription your estate has signed up for.
- Legitimate interests: security monitoring, fraud prevention, and platform improvement — where these do not override your rights.
- Consent: push notifications and optional data uses where we explicitly request your consent.
- Legal obligation: retaining records as required by Nigerian tax and corporate law.
6. Data Sharing
We do not sell personal data. We share data only in the following limited circumstances:
- Within your estate: estate administrators can view resident, visitor, and gate-activity data for their estate only. Residents can view their own data and their visitor pass history.
- Service providers: cloud hosting, payment processing, push notification delivery, and SMS gateways — bound by data processing agreements.
- Partners: referral partners see only the status of estates they referred, not resident or operational data.
- Law enforcement: where required by valid legal process under Nigerian law or other applicable jurisdiction.
- Business transfers: in the event of a merger, acquisition, or asset sale, data may be transferred to the successor entity under equivalent protections.
7. Data Retention
- Active estate accounts: data is retained for the duration of the subscription and for 12 months after termination to allow for disputes and final billing.
- Gate access logs: retained for 24 months by default, configurable by the estate administrator within platform limits.
- Visitor pass records: retained for 12 months.
- Financial records: retained for 7 years in compliance with Nigerian financial regulations.
- Partner commission records: retained for the duration of the partner relationship and 3 years thereafter.
- Website application forms: retained for 6 months if no subscription results, or converted to the estate record upon activation.
8. Data Security
We implement technical and organisational measures appropriate to the sensitivity of the data we process:
- All data in transit is encrypted using TLS 1.2 or higher.
- Data at rest is encrypted using AES-256.
- Each estate's data is logically isolated from all other estates.
- Access to production systems is restricted to authorised Crovix engineers, protected by multi-factor authentication.
- We conduct regular security reviews of our infrastructure and application code.
No system can guarantee absolute security. In the event of a data breach that is likely to result in high risk to individuals, we will notify affected parties and the relevant regulatory authority in accordance with applicable law.
9. Your Rights
Subject to applicable law, you may have the following rights regarding your personal data:
- Access: request a copy of the data we hold about you.
- Rectification: ask us to correct inaccurate data.
- Erasure: request deletion of your data, subject to legal retention obligations.
- Portability: receive your data in a commonly used machine-readable format.
- Objection: object to processing based on legitimate interests.
- Withdrawal of consent: withdraw consent at any time where processing is consent-based, without affecting prior processing.
To exercise any of these rights, contact us at privacy.haven@crovix.tech. We will respond within 30 days. For estate-level data (e.g. resident records), requests must be submitted by or through the estate administrator.
10. Children's Privacy
The Crovix Haven platform is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child's data has been collected, please contact us at privacy.haven@crovix.tech and we will take steps to delete it.
11. Third-Party Links
Our platform may contain links to third-party websites or services (e.g. the Crovix main website, payment gateways). This policy does not apply to those sites. We encourage you to review their privacy policies independently.
12. Changes to This Policy
We may update this policy periodically. When we do, we will revise the effective date at the top of this page and, for material changes, notify estate administrators via email or in-app notice. Your continued use of the platform after changes take effect constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your privacy rights, request access to or deletion of your personal information, or submit a privacy-related complaint, please contact us:
- Privacy Email: privacy.haven@crovix.tech
- Support Email: support.haven@crovix.tech
- Company: Crovix Global Technologies Ltd
- Website: haven.crovix.tech
- Corporate Website: crovix.tech