Effective Date: March 28, 2026
Last Updated: March 28, 2026
Data Controller: NXTEVNT Limited ("NXTEVNT," "we," "us," or "our")
Contact: admin@thenxtevnt.com
This Privacy Policy explains how NXTEVNT Limited collects, uses, stores, shares, and protects your Personal Data when you use the NXTEVNT platform. This policy is designed to comply with the Nigeria Data Protection Act 2023 ("NDPA"), the General Application and Implementation Directive ("GAID") issued by the Nigeria Data Protection Commission ("NDPC"), and other applicable data protection laws.
Please read this Privacy Policy carefully. By using the NXTEVNT platform, you acknowledge that you have read and understood this policy. If you do not agree with our data practices, please do not use the platform.
1. Who We Are
NXTEVNT Limited is a technology company incorporated in Nigeria that provides an event planning and management platform. For the purposes of the NDPA, NXTEVNT acts as:
(a) A Data Controller for Personal Data we collect directly from you for account registration, platform operations, and our own business purposes (such as analytics and communications with you about the service).
(b) A Data Processor when we process Personal Data (such as guest lists, vendor information, and event details) on behalf of Organizers who use our platform to manage their events. In this capacity, the Organizer is the Data Controller and we process data strictly according to their instructions and the terms of our Data Processing Agreement.
2. Personal Data We Collect
2.1 Information You Provide Directly
Account Registration: Name, email address, phone number, password, business name (for Planners and Vendors), and role type.
Event Data: Event names, dates, descriptions, budgets, timelines, venue details, and event-related communications.
Guest Data (provided by Organizers): Guest names, email addresses, phone numbers, mailing addresses, dietary requirements, accessibility needs, RSVP responses, and any other information the Organizer chooses to include.
Vendor Data: Business name, contact person, phone number, email address, service descriptions, portfolio content (images, text), pricing information, and reviews.
Payment Information: Billing address and payment method details. Note: Full payment card numbers are processed and stored by our third-party payment processors, not by NXTEVNT.
Communications: Messages, feedback, support requests, and other communications you send through or about the platform.
AI Feature Inputs: Prompts, images, text, and other materials you submit to AI-assisted features.
2.2 Information Collected Automatically
Device & Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
Usage Data: Pages visited, features used, clickstream data, session duration, referring URLs, and interactions with the platform.
Cookies & Similar Technologies: We use cookies and similar tracking technologies as described in our Cookie & Tracking Policy.
2.3 Information from Third Parties
If you log in through a third-party authentication service (e.g., Google), we may receive your name, email address, and profile picture from that service.
2.4 Sensitive Personal Data
We do not intentionally collect sensitive Personal Data (such as health data, biometric data, genetic data, political opinions, religious beliefs, or sexual orientation) unless it is strictly necessary for the service you have requested and you have provided explicit consent. For example, dietary requirements or accessibility needs provided by an Organizer for event planning purposes may qualify as sensitive data. We process such data only for the specific purpose for which it was provided.
3. How We Use Your Personal Data
We process your Personal Data for the following purposes and on the following lawful bases:
Providing the Platform: To create and manage your account, facilitate event planning, process guest lists, coordinate vendors, and deliver platform features. Lawful Basis: Performance of contract; legitimate interest.
Communications: To send you service-related messages (such as account verification, event notifications, and support responses) and, with your consent, marketing or promotional communications. Lawful Basis: Contract; consent (for marketing).
Event Communications (on behalf of Organizers): To send RSVP invitations, event reminders, and updates to Guests at the Organizer's direction. Lawful Basis: Legitimate interest of Organizer; contract.
Vendor Notifications: To notify Vendors that they have been referenced on the platform and invite them to register. Lawful Basis: Legitimate interest.
Analytics & Improvement: To analyze usage patterns, troubleshoot issues, and improve platform features and user experience. Lawful Basis: Legitimate interest.
Security & Fraud Prevention: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues. Lawful Basis: Legitimate interest; legal obligation.
Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests. Lawful Basis: Legal obligation.
AI Features: To process inputs and generate outputs for AI-assisted features, and to improve AI model performance using anonymized or aggregated data. Lawful Basis: Contract; consent; legitimate interest.
4. How We Share Your Personal Data
We do not sell your Personal Data. We may share your data with the following categories of recipients:
Service Providers: Third-party companies that help us operate the platform, including cloud hosting providers, email delivery services, SMS providers, payment processors, analytics services, and customer support tools. These providers process data on our behalf under Data Processing Agreements that require them to protect your data and use it only as we direct.
Organizers and Their Participants: Event data is shared among authorized participants in an event (Planners, Clients, Staff, and, where applicable, Vendors) as directed by the Organizer.
Vendor Marketplace: If a Vendor creates a public profile, the information they choose to make public will be visible to other platform users.
Legal Requirements: We may disclose Personal Data if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of NXTEVNT, our users, or the public.
Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your Personal Data may be transferred to the acquiring entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
5. International Data Transfers
NXTEVNT may process your Personal Data using infrastructure and service providers located outside Nigeria, including in the United States. The United States has not been recognized by the NDPC as providing an adequate level of data protection.
Where we transfer Personal Data outside Nigeria to a jurisdiction that has not been deemed adequate, we implement appropriate safeguards to protect your data, including:
(a) Standard Contractual Clauses approved by the NDPC or equivalent recognized contractual mechanisms;
(b) Ensuring that the recipient maintains technical and organizational security measures consistent with the NDPA;
(c) Conducting transfer impact assessments where required.
You may request information about the safeguards we have in place for international data transfers by contacting us at admin@thenxtevnt.com.
6. Data Retention
We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. Our specific retention periods are:
Account Data: Retained for as long as your account is active, plus 30 days after account deletion to process the deletion request.
Event Data: Retained for the duration of the Organizer's active account so they can reuse or reference past events. Deleted within 30 days of an Organizer's deletion request.
Backup Copies: Residual copies in encrypted backups are overwritten within 35 days of deletion. Security logs are retained for up to 180 days.
Inactive Accounts: We may archive or delete accounts with no logins or active subscriptions for 24 months, after providing reasonable notice to the registered email.
Legal Holds: We may retain data longer if required by law, regulation, or legal proceedings.
7. Your Rights Under the NDPA
Under the Nigeria Data Protection Act 2023, you have the following rights regarding your Personal Data:
Right of Access: You have the right to request confirmation of whether we process your Personal Data, and to receive a copy of your data.
Right to Rectification: You have the right to request correction of inaccurate or incomplete Personal Data.
Right to Erasure: You have the right to request deletion of your Personal Data, subject to our legal obligations and legitimate retention needs.
Right to Restriction: You have the right to request that we restrict the processing of your Personal Data in certain circumstances.
Right to Object: You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format.
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data protection rights have been violated.
To exercise any of these rights, please contact us at admin@thenxtevnt.com. We will respond to your request within the timeframe required by the NDPA (generally 30 days). We may request reasonable identification verification before processing your request.
8. Children's Privacy
The NXTEVNT platform is not directed at children under 13, and we do not knowingly collect Personal Data from children under 13. Users between 13 and 17 may use the platform only with verified parental or guardian consent, as required by the NDPA and the Child Rights Act.
If we become aware that we have collected Personal Data from a child under 13 without appropriate consent, we will take steps to delete that data as promptly as possible. If you believe a child under 13 has provided us with Personal Data, please contact us at admin@thenxtevnt.com.
9. Data Security
We implement administrative, technical, and organizational security measures appropriate to the nature and sensitivity of the Personal Data we process and the risks involved. These measures include:
(a) Encryption of Personal Data in transit (TLS/SSL) and at rest;
(b) Access controls that limit access to Personal Data to authorized personnel on a need-to-know basis;
(c) Regular security assessments and vulnerability testing;
(d) Incident response and data breach notification procedures (including notification to the NDPC within 72 hours of becoming aware of a breach that is likely to result in high risk to data subjects, and notification to affected individuals without undue delay);
(e) Staff training on data protection and security practices.
No method of electronic transmission or storage is completely secure. While we strive to protect your Personal Data, we cannot guarantee its absolute security.
10. Data Breach Notification
In accordance with the NDPA, if we become aware of a Personal Data breach that is likely to result in high risk to your rights and freedoms, we will:
(a) Notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach;
(b) Notify affected data subjects without undue delay, in clear and plain language, including a description of the nature of the breach, its likely consequences, and the measures we have taken or propose to take to address it;
(c) Maintain a register of all data breaches, including their causes and the remedial actions taken.
11. Automated Decision-Making
NXTEVNT does not currently make decisions based solely on automated processing (including profiling) that produce legal effects or similarly significantly affect you. If we introduce such features in the future, we will update this Privacy Policy and ensure that you have the right to obtain human intervention, express your point of view, and contest the decision.
12. Third-Party Links and Services
The platform may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the platform.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If changes are material, we will provide at least 30 days' notice via email or in-app notification before they take effect. The updated policy will be effective on the date posted. We encourage you to review this policy periodically.
14. Regional & Supplemental Disclosures
14.1 Nigeria (NDPA)
This Privacy Policy is designed to comply with the Nigeria Data Protection Act 2023 and the GAID issued by the NDPC. NXTEVNT Limited is the Data Controller for platform operations data. For event-specific data processed on behalf of Organizers, the Organizer is the Data Controller and NXTEVNT acts as Data Processor. Our Data Protection Officer can be contacted at admin@thenxtevnt.com.
14.2 California (CPRA)
If you are a California resident, you may have additional rights under the California Privacy Rights Act. We do not sell or share your Personal Information as defined by the CPRA. You may exercise your rights to know, delete, correct, and opt out by contacting admin@thenxtevnt.com.
14.3 EU/UK (GDPR)
If you are located in the EU or UK, the GDPR or UK GDPR applies to our processing of your Personal Data. For Organizer data, the Organizer is typically the controller and we act as processor. For account and platform operations data, we are the controller. International transfers rely on Standard Contractual Clauses or equivalent safeguards. Your rights include access, rectification, erasure, restriction, portability, and objection.
14.4 Data Processing Addendum
For Organizers who require a formal data processing agreement, we offer a standard Data Processing Addendum (DPA) compliant with the NDPA and GAID requirements on request. Contact admin@thenxtevnt.com.
15. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint about how we handle your Personal Data, please contact us:
Email: admin@thenxtevnt.com
Data Protection Officer: [To be appointed — contact details will be updated here]
You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at https://ndpc.gov.ng.
© 2026 NXTEVNT Limited. All rights reserved.