Privacy Policy

• We collect identity, contact, and professional information so members can find and connect with each other.
• By default, only your country is visible to other members. Email, phone, city, state, and other details are hidden until you opt in via your privacy settings.
• We never sell your data. The directory is for members only.
• We use Google for sign-in, Supabase for hosting your data, Vercel for hosting the application, and (when configured) Resend for transactional email and Google Calendar for birthday and anniversary reminders.
• You can update or delete your information at any time through your profile or by contacting an administrator.

Account information. Your name, email address, and profile photo provided by Google when you sign in.

Profile information. Information you choose to add to your profile, including: phone number, WhatsApp number, gender, date of birth (month and day), marital status, wedding anniversary, profession, industry, skills, services you offer, location (country, state, city), LinkedIn URL, website URL, portfolio URL, and a short bio.

Authentication and security. Sign-in events, IP address, and user-agent string of your browser, used to maintain security and produce audit logs of administrative actions. Two-factor authentication (TOTP) credentials when you enroll a factor.

Usage information. Audit log entries when you take actions in the Service (editing your profile, requesting an introduction, administrative actions, etc.), including a timestamp and identifier of the actor.

Imported information. If your information was collected via a UDOSA 2012 form before you signed up (such as the original membership intake form), that information is stored against an unclaimed profile and linked to you when you first sign in with a matching email or claim it manually.

We use your information to:

• operate the member directory and let other members find you;
• facilitate member-to-member introductions when you request them or someone requests one to you;
• recognize birthdays and wedding anniversaries to the extent you have opted in;
• send transactional email (such as introduction approvals) when contact information is required to complete an action you initiated;
• authenticate you, secure your account, and detect or prevent abuse;
• comply with applicable law and respond to lawful requests.

Each profile field is governed by per-member visibility settings. Defaults are:

• Visible to all signed-in members: display name, profession, country, industry, skills, services offered, profile photo (if provided), and a short bio.
• Hidden by default (you can opt in): email, phone, WhatsApp number, state/region, city, LinkedIn URL, website URL, portfolio URL.
• Never visible to other members: exact date of birth, security factors, sign-in history, IP address, user agent.

Administrators can see all fields necessary to operate the Service, including audit log information and unclaimed imported records.

You can change your visibility settings at any time on the “Privacy” section of the profile editor.

We do not sell or rent your personal information. We share your information only:

• with other signed-in members of the Service, in accordance with your visibility settings;
• with a member who requests an introduction to you and whose request you or an administrator approves;
• with the third-party service providers listed in Section 6, who process the information on our behalf;
• when required by law, to protect the rights, safety, or property of UDOSA 2012, members, or the public, or in connection with legal processes.

The Service relies on the following third-party providers, each subject to its own privacy policy:

• Google (Sign-in & Calendar). Authentication via Google OAuth; optional birthday and anniversary calendar sync to a Google Calendar shared with welfare administrators.
• Supabase. Database, authentication, and object storage hosting. Your profile data and uploaded avatars are stored on Supabase infrastructure.
• Vercel. Application hosting and serverless execution. Vercel processes request logs (including IP address) to operate and protect the Service.
• Resend (when configured). Transactional email delivery for introduction approvals and similar communications.
• Whogohost. Domain and DNS provider.

We retain your account and profile information for as long as your account is active. Audit log entries are retained indefinitely as a security and operational record. If you request account deletion, we remove your profile and personal information; some audit log entries may be retained in anonymized form.

Imported but unclaimed records are retained until claimed, deleted by an administrator, or deleted on request.

You have the right to:

• access the personal information we hold about you (you can view and edit your profile yourself at any time);
• correct inaccurate information;
• change visibility settings to limit who sees your data;
• opt out of birthday and anniversary recognition;
• opt out of receiving introduction requests;
• request deletion of your account and personal data, subject to retention obligations described above.

To exercise these rights, edit your profile on the Service or contact an administrator via the official UDOSA 2012 channels.

We use encryption in transit (HTTPS), industry-standard authentication (Google OAuth and TOTP-based two-factor authentication for administrators), row-level security in the database to enforce access rules, and audit logging of privileged actions. No system is perfectly secure, and you should report any suspected vulnerability to an administrator.

We use cookies necessary to keep you signed in and to operate the Service across our subdomains. We do not use cookies for advertising or analytics tracking by third parties.

The Service is not directed to anyone under the age of 18. If you believe a minor has provided us with personal information, contact an administrator and we will take appropriate steps to remove it.

Our service providers may process your information on servers located outside Nigeria. By using the Service you consent to this processing in accordance with this Privacy Policy.

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new effective date. Material changes will be communicated through the Service or by email.

For privacy questions or to exercise your rights, contact an administrator through the official UDOSA 2012 channels.