Ark Logo

Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your personal data.

WHO WE ARE

We are Ark Frontier Limited ("Ark Frontier", "Gopher", "we", "us" or "our").

We process your personal data when you access and use our trade fair application ("Platform" or "Gopher"), whether via web or any other interface we provide.

If you have any questions about how we collect, use or share your data, please contact Ark Frontier Limited at info@storeatark.com.

When we collect and process your personal data, we are regulated under the Nigeria Data Protection Act, 2023 ("NDPA") and any other applicable data protection legislation.

WHAT IS THE PURPOSE OF THIS POLICY?

We are committed to protecting the privacy of our customers and users. This Privacy Policy explains, in clear terms:

  • what personal data we collect,
  • how and why we use it,
  • who we share it with,
  • how long we keep it, and
  • the rights you have in relation to your personal data.

This Policy applies when you:

  • act as an Organiser of a trade fair, Exhibitor at a trade fair or a trade fair attendee,
  • use our Platform, or
  • otherwise interact with us (for example, by contacting support).

THE PERSONAL DATA WE COLLECT

We collect information about you in several ways:

  • Directly from you when you sign up, complete onboarding, upload catalogues, or interact with the Gopher app;
  • Automatically through your use of the app and its features; and
  • From Organisers, if they register you for a trade fair or invite you to join;

1. Information You Provide to Us

When you use Gopher, you may provide the following categories of information.

(a) Identification & Profile Information

This includes details you provide when creating an account or completing your profile:

  • name;
  • email address;
  • phone number;
  • password or PIN;
  • role or account type (Organiser, Exhibitor Admin, Exhibitor Staff, Attendee/Buyer);

For Exhibitors and Organisers, profile information may also include:

  • staff member names and emails (up to 4 user accounts per Exhibitor).

(b) Trade Fair Participation Information

Depending on your role, you may share information such as:

  • appointments you book or accept;
  • exhibitor catalogues you upload;
  • products you "favourite";
  • chats you open with exhibitors through QR scans;
  • complaints or issue reports submitted through support forms;
  • feedback or survey responses (where applicable).

(c) Order, Payment & Transaction Information

When you place an order or request an invoice, you may provide:

  • order details and quantities;
  • invoice notes or instructions;
  • proof of payment (bank transfer slip or screenshot);
  • delivery or dispatch contact information;
  • receipts or PDF documents generated during the transaction.

Important: Gopher does not process card payments directly and does not store card numbers. Exhibitors and Buyers exchange payment information between themselves.

(d) Communication & Support Information

If you contact us or interact through support features, we may collect:

  • emails, support tickets and "Need Assistance?" submissions;
  • screenshots or attachments you upload;
  • chat transcripts relating to platform issues.

2. Information We Receive From Trade Fair Organisers

If you are an Exhibitor or Attendee, your Organiser may provide us with information such as:

  • your name and email address;
  • your phone number;
  • your role (e.g. Buyer, Vendor, Staff);
  • booth number or exhibitor assignment;
  • invitation codes or registration status;
  • your ticket or registration group (if applicable).

The Organiser is responsible for ensuring they have the right to share this data with us under applicable privacy laws.

In short: Organisers may pre-register you or share your contact information so you can join the Platform easily.

3. Information We Collect Automatically

When you use the Gopher Platform (web or mobile), we automatically collect certain information to run, secure and improve the service.

(a) Device & Technical Information

This includes:

  • device type (phone, tablet, computer);
  • operating system and version;
  • browser type and version;
  • mobile app version;
  • unique device identifiers.

(b) Usage Information

We collect information about how you interact with the Platform, such as:

  • the screens you view (dashboard, catalogues, appointments, orders);
  • features you use (QR chat, booking, favourites, catalogue browsing);
  • actions you take (uploading products, requesting invoices, confirming payments);
  • time spent on pages;
  • clicks, taps and navigation patterns.

This helps us understand what works well and what needs improvement.

(c) Log & Security Information

To maintain the integrity and security of the Platform, logs may include:

  • IP address;
  • login timestamps;
  • authentication attempts (successful or failed);
  • OTP verification logs;
  • error logs and crash reports.

(d) Location & Network Information

We may collect:

  • country and time zone;
  • network type and connection quality.

We do not collect precise GPS location.

(e) Cookies & Similar Technologies

We use essential cookies and similar technologies to:

  • keep you logged in;
  • remember your preferences;
  • help us understand usage trends.

Non-essential cookies are used only with your consent.

Sensitive Data

Ark Frontier does not seek to collect sensitive personal data (such as health data, religious beliefs, or biometric identifiers) through the Platform.

However, users may occasionally upload documents or photos that incidentally contain such information. In such cases, the users are responsible for ensuring they have a lawful basis to process that data and that it is appropriate to upload it into the Platform.

Children Data

Gopher is not directed at children. We do not knowingly collect personal data relating to children under 18 years of age, and users should not input such data into the Platform. If we become aware that we have unintentionally processed children's personal data, we will take appropriate steps to delete it.

HOW WE USE YOUR PERSONAL DATA

We use personal data for the following purposes:

  1. To run the Gopher Platform
  2. To improve and develop the Platform
  3. To communicate with you
  4. To keep the Platform secure and compliant

Specifically, we use your personal data for the following purposes:

(a) Essential Platform Operations

We use your information so that the Gopher Platform functions properly. This includes:

  • creating and managing your account and organisation profile;
  • onboarding Exhibitors and Attendees;
  • enabling you to browse catalogues, favourite items, and manage appointments;
  • letting you book meetings, join waitlists, unlock chats via QR codes and interact with exhibitors;
  • processing invoice requests, uploading payment proofs and issuing receipts;
  • allowing Exhibitors to upload catalogues and manage booth information;
  • supporting Organisers in running the fair, viewing participant lists, exporting reports and monitoring event activity;
  • maintaining dashboards for Organisers, Exhibitors and Attendees;
  • providing in-app support, responding to issue reports and resolving problems.

In a nutshell: Your information helps us set up your account, let you join the fair, interact with exhibitors or attendees, use event features and get support when you need it.

(b) Platform Enhancement

We also use your information to make Gopher better over time. This includes:

  • improving your user experience;
  • analysing which features are most used (catalogues, favourites, appointments, dashboards);
  • identifying performance issues, crashes or bugs;
  • building new features, for example, better appointment tools or improved exhibitor analytics;
  • testing design improvements and optimising load speeds.

In a nutshell: Your information helps us understand how the Platform is used so that we can fix issues and make Gopher faster, smarter and more helpful.

(c) Communication With You

We use your information to stay in touch with you and keep you informed. This includes:

  • sending essential service messages (OTP codes, verification emails, registration notices, password resets);
  • notifying you about trade fair activity, for example, appointment confirmations, waitlist alerts and chat access;
  • informing you of catalogue updates, invoice generation, payment confirmations and tracking updates;
  • responding to your questions through support channels;
  • sending marketing updates where you have agreed.

In a nutshell: We communicate with you so that you can use the Platform smoothly, stay updated on your event activity, receive help when needed, and hear from us only when you choose to.

(d) Security and Compliance

Lastly, we use your information to protect you, other users and the Platform. This includes:

  • verifying your identity using login credentials, OTP codes or PINs;
  • preventing fraud, abuse, or misuse of invitation codes;
  • monitoring system logs to detect suspicious activity;
  • ensuring waitlists, bookings and QR-chat access function fairly and securely;
  • complying with legal, tax and accounting obligations;
  • resolving disputes or enforcing our Terms.

In a nutshell: We use your information to keep Gopher safe, secure and compliant with the law.

LEGAL BASIS FOR THE PROCESSING OF USERS' DATA

We process personal data on one or more of the following legal bases:

1. Performance of a Contract

We process your personal data where it is necessary to enter into or perform a contract with you or with the organisation you represent (for example, when an Organiser uses Gopher to run a trade fair, or when you register as an Exhibitor or Attendee).

This includes:

  • creating and maintaining your Gopher user account (Organiser, Exhibitor or Attendee);
  • enabling you to access core Platform features such as catalogues, favourites, dashboards, appointments, chats, invoice requests, payment confirmations and order tracking;
  • supporting Organisers in inviting and managing Exhibitors and Attendees;
  • enabling Exhibitors to upload catalogues, manage booth details, process invoice requests, confirm payments and update tracking information;
  • enabling Attendees to request invoices, upload proof of payment, schedule appointments and communicate with Exhibitors;
  • providing customer support and resolving issues raised through in-app or email channels;
  • sending essential service-related communications (e.g., OTP codes, verification emails, booking confirmations, waitlist alerts, payment receipt notifications, password reset links);
  • facilitating any post-fair access configuration selected by the Organiser.

These activities are necessary for us to provide the services you signed up for and to fulfil our obligations under our contract with you or your organisation.

2. Compliance With Legal Obligations

We process certain personal data to meet our legal and regulatory obligations, which may include:

  • maintaining business, tax, accounting and financial records (for example, records relating to subscription fees);
  • complying with applicable anti-fraud, anti-money-laundering or event compliance requirements where relevant;
  • responding to lawful requests from regulators, courts, law enforcement or other authorised bodies;
  • complying with data protection, information security and record-keeping obligations.

3. Legitimate Interests

We process personal data where it is necessary for our legitimate interests or those of a third party (such as an Organiser or Exhibitor), provided those interests are not overridden by your rights and freedoms.

These legitimate interests include:

  • ensuring the security, integrity and availability of the Gopher Platform;
  • monitoring and preventing unauthorised access, misuse, fraud, invitation-link abuse or system manipulation;
  • enabling trade fair participation (e.g., preventing overlapping appointment bookings, ensuring QR validation for chat access, and preventing system abuse);
  • maintaining audit trails, logs and system activity records to support dispute resolution, governance and operational accuracy;
  • understanding how Gopher is used, such as which catalogues, dashboards, appointment tools or chat features are most active, to improve Platform functionality and performance;
  • diagnosing and repairing technical issues reported by users;
  • supporting Organisers, Exhibitors and Attendees with in-app issue reporting and support workflows;
  • managing and developing ongoing business relationships with customers and prospective customers;
  • communicating with users about updates or improvements to existing services.

4. Consent

In limited cases, we rely on your consent. This may include:

  • sending optional marketing communications;
  • using non-essential cookies or similar technologies for analytics or personalisation where consent is required.

Where processing is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing that occurred prior to withdrawal.

WHO WE SHARE YOUR PERSONAL DATA WITH

We treat your data with care and do not sell your personal data. We may share personal data with the following categories of recipients, only as necessary and subject to appropriate safeguards:

(a) With Organisers

When you register for or participate in a trade fair, certain information is shared with the Organiser because they need it to manage the event.

Depending on your role:

If you are an Exhibitor, Organisers may see:

  • your company profile, booth details and catalogue uploads;
  • the number of your team members and their basic profile information;
  • your order fulfilment status (e.g., invoice requests, payment confirmations, tracking updates);
  • your appointment statistics (e.g., bookings, cancellations, waitlist activity);
  • your orders.

If you are an Attendee, Organisers may see:

  • your name, email, and registration status;
  • your interactions with the event (e.g., appointments booked, QR-chat sessions opened);
  • general activity, such as which exhibitors you viewed or liked (in aggregated form where possible).

Organisers never receive:

  • the content of your private chat messages with Exhibitors;
  • your PIN/password;
  • your device-level or technical log data.

In a nutshell: Organisers receive the information they need to run the fair and monitor its performance, but not your private or sensitive communications.

(b) With Exhibitors

Engaging with Exhibitors is part of the Gopher experience. What they see depends on how you interact with them and what you allow us to share with them:

  • Browsing an exhibitor's catalogue: they may see aggregated analytics (e.g., number of visits), not your identity.
  • Liking a product or exhibitor: exhibitors may see your name and basic profile information.
  • Requesting an appointment: your name and profile are shown to the exhibitor so they know who booked the slot.
  • Scanning a booth QR code: your contact details (name and email, and phone if provided) become visible to the Exhibitor, and a chat session opens.
  • Placing an order or requesting an invoice: relevant order details and your profile information are shared so they can process the transaction.
  • Submitting a complaint: your name and issue details appear in the Exhibitor's order management and chat interface.

In a nutshell: Exhibitors only see your information when you engage with them, and only to the extent needed to respond, sell or support you.

(c) With Third-Party Service Providers

To run the Gopher Platform, we use trusted service providers who process data on our behalf (as processors). Examples include:

  • Cloud hosting and infrastructure providers (for storing the Platform and ensuring availability);
  • Email and OTP delivery services (to send verification codes, confirmations and receipts);
  • Analytics and monitoring tools (to diagnose performance issues and keep the Platform stable).

These providers:

  • receive only the data necessary to provide their service;
  • must follow strict confidentiality and security obligations;
  • cannot use your information for their own purposes.

In a nutshell: We share only what is needed to run the Platform securely and reliably.

(d) With Authorities

We may disclose your information where required by law to comply with:

  • a valid court order;
  • law enforcement requests;
  • regulatory obligations.

Where possible, we will notify you unless legally restricted.

In a nutshell: We share your data with authorities only when the law demands it and limit disclosure to what is strictly necessary.

DATA RETENTION

Ark Frontier will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which the data was collected, including the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we will consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which the data is to be processed and whether the purposes can be achieved through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

When we no longer require the personal data we have collected about you, we may either delete it or de-identify, aggregate or anonymise it. If we de-identify, aggregate or anonymise your personal data (so that it can no longer be associated with you), we may use the anonymised data indefinitely without further notice to you.

YOUR RIGHTS

Subject to certain conditions and exceptions under applicable law, you have the following rights in relation to your personal data:

  1. Right of access: You have the right to ask us for copies of your personal data.
  2. Right to rectification: You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  3. Right to erasure: You have the right to ask us to erase your personal data in certain circumstances.
  4. Right to restriction of processing: You have the right to ask us to restrict the processing of your personal data in certain circumstances.
  5. Right to object to processing: You have the right to object to the processing of your personal data in certain circumstances.
  6. Right to data portability: You have the right to ask that we transfer the personal data you provided us to another organisation.
  7. Right to withdraw consent at any time: Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Exercising These Rights

You may submit these requests by email to info@storeatark.com. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal data), if we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time, subject to any legal restrictions.

Your Right to Lodge a Complaint with the Nigeria Data Protection Commission

In addition to your rights outlined above, if you are not satisfied with our response to a request you made, or how we process your personal data, you can make a complaint to the Nigeria Data Protection Commission by mail to info@ndpc.gov.ng or a letter addressed to No.12 Dr. Clement Isong Street, Abuja.

We would, however, appreciate the chance to deal with your concerns first, so we encourage you to contact us in the first instance.

HOW DO WE PROTECT YOUR PERSONAL DATA?

We have adopted appropriate technical and organisational measures to secure your personal data as required by law. Our security systems are designed to prevent the loss, unauthorised destruction, damage, and/or access to your personal data from unauthorised third parties. Some of our security measures include physical access controls to our premises, cybersecurity controls, and information access authorisation controls.

While we are dedicated to securing our systems and services, you are responsible for securing and maintaining the privacy of your password(s) and account/profile registration information and verifying that the personal data we maintain about you is accurate and up to date.

We will duly inform you of any breaches that may threaten the security and confidentiality of your personal data.

UPDATES TO THIS PRIVACY POLICY

We understand that things change, so we will continue to review the effectiveness of this policy and make sure it is achieving its goals. We might update the policy from time to time, and we will post the most recent version on this page. If we make a change to this policy that we consider material, we will notify you.