Privacy Policy
Last Updated: April 23, 2026
At UPFRONT, a subsidiary of Ruach and Zoe LTD, we take your privacy as seriously as we take your agreements. This policy explains how we collect, use, and protect your personal information.
1. Introduction & Data Controller
UPFRONT is a digital escrow and agreement-binding registry operated by Ruach and Zoe LTD ("we", "us", or "our"), having its registered office in Nigeria. We are committed to safeguarding the privacy and digital identity of our users ("you", "Employers", or "Contractors"). For the purposes of the Nigeria Data Protection Act (NDPA), Ruach and Zoe LTD acts as the primary Data Controller of your personal information collected through this platform.
2. The Personal Data We Collect
To provide a highly secure, immutable, and legally binding contract registry, we collect the following categories of personal data:
A. Identity & Contact Details
Your full legal name, active email address, official phone number, and any government-issued identification metadata provided during verification.
B. Sensitive Biometric Data
A live, high-resolution facial photo captured through your device webcam at the time of agreement signing to create an immutable biometric signature.
C. Geolocation & Device Metadata
Your exact GPS coordinates, IP address, device platform, operating system version, browser details, and time-zone parameters logged during the co-signing event.
D. Contractual & Financial Data
Stipulated project values, delivery timelines, complete binding terms, bank account details, and transaction reference codes generated via Paystack.
3. Legal Bases for Data Processing
Under Section 25 of the NDPA, we only process your personal data under the following legitimate legal bases:
- verified Contractual Necessity: Processing is required to perform the binding contract initiated between the Employer and the Contractor.
- verified Explicit Consent: You give direct, affirmative consent when authorizing device camera and location permissions to capture your biometric signature.
- verified Legal Obligation: To comply with statutory registry rules under the Nigeria Evidence Act regarding digital signature enforceability.
- verified Legitimate Interests: To detect, investigate, and prevent fraudulent contracts, identity theft, or platform exploitation.
4. Detailed Use of Collected Information
We strictly utilize the processed data for the following essential purposes:
Cryptographic Signature Verification
We cross-verify and lock captured facial biometric data to eliminate "ghost contracting" or identity fraud, certifying that the signature is legally sound and binding.
Breach Verification & Enforcement
In the event of a reported contractual breach, the log of your IP, metadata, exact GPS location, and biometric signature is packaged as certified court-admissible evidence.
Default Tracking & Blacklisting
If a breach is legally validated and not resolved through mediation, associated identity parameters are migrated to the UPFRONT Public Registry (Blacklist) to preserve trust across the market.
5. Data Retention & Deletion Protocol
We maintain strict data minimization and retention limits. Your data is stored only as long as necessary for the fulfillment of the underlying contract, compliance with legal obligations, or the resolution of active dispute cases:
Active Contracts: Personal data and files remain fully encrypted and archived in our registry for the duration of the agreement plus a statutory 6-year limitation period to support possible civil litigation under the Nigerian Statute of Limitations.
Immediate Illegal Activity Deletion: In line with our Terms of Service, if an agreement is identified to involve any prohibited or illegal activities (e.g. money laundering, fraud, drug trafficking), the agreement, all biometric records, and contractual files are automatically and permanently deleted from our production databases immediately.
6. Biometric Data Consent & Protection
Biometric data (facial captures) is classified as Sensitive Personal Data under the NDPA. By using our camera features to sign a contract, you explicitly consent to the cryptographic processing of your facial template. We represent and warrant that:
- Your biometric templates are securely encrypted using AES-256 standard protocols at rest.
- We do not sell, share, trade, or distribute your biometric details to any AI model training datasets, marketing, or advertising companies.
- Biometric captures are only viewable by our authenticated administrators and legal counsel in direct relation to dispute mediation.
7. Secure Data Sharing & Disclosures
We strictly limit the sharing of your data. We do not sell your personal data. Disclosures are only made to:
The Contracting Party
The Employer or Contractor on the opposite side of your legal agreement to ensure bilateral contract visibility.
Legal Advisors & Counsel
Barr. Raymond Arinze Ruach & Partners to coordinate case mediation, litigation prep, or contract audits.
Payment Systems & Law
Paystack for encrypted processing of stamp duties, and Nigerian Law Enforcement agencies upon formal legal subpoenas.
8. International Data Transfers
To ensure 24/7 platform availability, our databases may be hosted on secure, cloud-based data centers located in regions that have received an Adequacy Decision from the Nigeria Data Protection Commission (NDPC). Any international data transfers strictly employ Standard Contractual Clauses (SCCs) to guarantee equivalent data protection.
9. Technical Security Measures
We implement cutting-edge technical and organizational security protocols to defend your registry profile against unauthorized access, loss, or alteration:
- All web data transmissions are protected via industry-standard SSL/TLS 1.3 encryption.
- Strict database firewall configurations with real-time intrusion monitoring systems.
- Access to system management panels is guarded by Multi-Factor Authentication (MFA) and limited strictly to vetted security personnel.
10. Your Legal Rights Under NDPA
As a data subject under the NDPA, you possess the following actionable rights regarding your personal information:
Right of Access & Rectification
Request copies of your registered data and rectify any incorrect or outdated contact/profile details instantly.
Right to Erasure (Right to Be Forgotten)
Request deletion of personal details, provided there are no active binding contracts or pending recovery litigation tied to your account.
Right to Restriction & Objection
Restrict or object to how we process specific contractual metadata, subject to essential compliance overrides.
Right to Data Portability
Download and export all your verified registry agreements in a machine-readable JSON/PDF format for portability.
11. Data Protection Officer (DPO) & Contact
If you wish to exercise any of your data rights, report a security issue, or seek clarifications regarding our privacy architecture, feel free to contact our dedicated Data Protection Officer (DPO):
DPO Email Inquiry
privacy@upfrontng.com
Ruach and Zoe LTD Security Group
Official Legal Counsel Office
Barr. Raymond Arinze Ruach & Partners
Lagos, Nigeria