Simplifying Mathematics for every student through expert guidance.
This Privacy Policy ("Policy") governs the collection, use, storage, and disclosure of personal information by Math with Razz ("we," "us," or "our") in connection with your use of our website, mobile applications, online courses, video content, and all related educational services (collectively, the "Services"). We are committed to handling your personal data with transparency, integrity, and full compliance with applicable data protection legislation, including the Nigeria Data Protection Act 2023 (NDPA) and internationally recognised frameworks. Please read this Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by its terms.
This Policy applies to all individuals who interact with Math with Razz in any capacity — including registered students, prospective users, visitors to our website, and individuals who communicate with us through any channel. It governs personal information collected through our primary website, any subdomain or microsite we operate, our mobile applications on iOS and Android, our course delivery platforms, and any other service that links to this Policy.
This Policy does not apply to third-party websites, applications, or services that may be linked to from our platform. We encourage you to review the privacy notices of any third-party services you choose to access through our platform, as those services are governed by their own independent privacy practices and we bear no responsibility for their conduct.
Our primary data operations are conducted under Nigerian law. Users located in other jurisdictions — including the European Economic Area (EEA) and the United Kingdom — may have additional rights afforded by local legislation. We endeavour to honour such rights wherever operationally practicable.
We collect personal information in two primary ways: information you provide to us directly, and information collected automatically through your use of our Services.
Full name, email address, phone number, username, profile photograph, and login credentials including hashed passwords created during account registration.
Transaction references, billing address, and payment method type. Full card numbers are handled exclusively by Paystack and are never stored on our servers.
Course enrolment history, video watch time, quiz responses, assessment scores, completion certificates, and any notes or annotations you create within the platform.
IP address, browser type and version, operating system, device identifiers, time zone, referring URL, pages visited, session duration, and clickstream data.
Messages sent to our support team, forum or discussion board posts, feedback submissions, testimonials, and any correspondence you initiate with us by any channel.
General geographic location inferred from your IP address. If you grant permission, more precise location data may be used to enhance localised content delivery via Google Maps Platform APIs.
We do not intentionally collect sensitive personal data such as racial or ethnic origin, political opinions, health data, biometric data, or religious beliefs. Please do not submit information of this nature through any of our platforms or communications channels.
We use the personal information we collect for the following purposes, and only to the extent reasonably necessary for each stated purpose:
We process personal data only when we have a valid lawful basis to do so. The table below outlines the primary purposes and their corresponding legal bases under applicable data protection law:
| Processing Purpose | Legal Basis |
|---|---|
| Account registration & authentication | Performance of contract |
| Course delivery & progress tracking | Performance of contract |
| Payment processing & billing | Performance of contract / Legal obligation |
| Customer support & communications | Legitimate interests / Consent |
| Marketing & newsletters | Consent (opt-in) |
| Analytics & platform improvement | Legitimate interests |
| Fraud detection & security | Legitimate interests / Legal obligation |
| Legal compliance & regulatory reporting | Legal obligation |
Where we rely on consent as our legal basis, you may withdraw that consent at any time without affecting the lawfulness of processing conducted prior to withdrawal. Where we rely on legitimate interests, we have conducted an assessment to ensure those interests are not overridden by your fundamental rights and freedoms.
We do not sell, rent, or trade your personal information to third parties for their own commercial purposes. We may, however, share your data with trusted third parties in the following limited circumstances:
Some of our service providers are located outside Nigeria. Where personal data is transferred internationally, we take appropriate safeguards — including standard contractual clauses or equivalent mechanisms — to ensure your data receives an adequate level of protection consistent with this Policy and applicable law.
We retain personal information for only as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following general retention periods apply:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account & profile data | Duration of account + 2 years | Contractual / Legitimate interests |
| Transaction & payment records | 7 years from transaction date | Tax & financial regulation |
| Learning progress & certificates | Duration of account + 5 years | Legitimate interests |
| Support communications | 3 years from resolution | Legitimate interests |
| Marketing consent records | Until consent withdrawn + 2 years | Legal compliance |
| Server & access logs | 12 months | Security / Fraud prevention |
| Cookie data | Per cookie-specific retention (see §7) | Consent |
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised. Where anonymisation is not technically feasible, data is restricted from further processing pending deletion at the earliest practicable opportunity.
We use cookies and similar tracking technologies (including web beacons and local storage) to enhance platform functionality, remember your preferences, and gather analytical insights. The categories of cookies we use are described below:
You may manage your cookie preferences at any time through the cookie consent banner displayed upon first visit, or through your browser settings. Please note that disabling certain cookies may affect the availability or performance of some platform features.
We implement a layered security framework to protect personal information against unauthorised access, accidental loss, alteration, or disclosure. Our technical and organisational measures include, but are not limited to:
All data transmitted between your device and our servers is encrypted using industry-standard TLS 1.2 or higher.
User passwords are hashed using bcrypt with salting. Plain-text passwords are never stored or transmitted by our systems.
Web application firewalls and DDoS mitigation systems are deployed to protect our infrastructure from external threats.
Strict role-based access controls limit internal access to personal data on a need-to-know basis with full audit logging.
Our servers are hosted in ISO 27001-certified data centres with physical access controls, redundancy, and continuous monitoring.
We conduct periodic vulnerability assessments and engage third-party security professionals for independent audits.
Despite our best efforts, no method of electronic transmission or digital storage is entirely secure. We cannot guarantee absolute security, and by using our Services you acknowledge and accept this inherent risk. In the event of a data breach that is likely to result in a high risk to your rights, we will notify you without undue delay in accordance with applicable law.
Our Services are designed primarily for individuals aged 13 and above. We do not knowingly solicit or collect personal information from children under the age of 13 without verified parental or guardian consent. Where a student is between 13 and 17 years of age, we encourage parents or legal guardians to supervise their child's use of the platform and to review this Policy with them.
If we become aware that we have inadvertently collected personal information from a child under 13 without appropriate consent, we will take immediate steps to delete that information from our systems. If you believe we may have collected data from a minor in contravention of this section, please contact us immediately at the address provided in Section 12.
Subject to applicable law and any limitations therein, you are entitled to the following rights with respect to your personal information. You may exercise any of these rights by contacting us using the details in Section 12. We will respond to verified requests within 30 days of receipt.
You may request a copy of the personal data we hold about you, along with information regarding how it is used, where it is stored, and with whom it is shared.
You may request correction of any inaccurate or incomplete personal data we hold about you. Many details can be updated directly through your account settings.
Also known as the "right to be forgotten," you may request deletion of your personal data where it is no longer necessary for the purpose it was collected, or where you withdraw consent and no other legal basis applies.
You may request that we restrict processing of your data in certain circumstances — for example, where you contest the accuracy of the data or object to our processing on grounds of legitimate interests.
Where processing is based on consent or contract and carried out by automated means, you may request your personal data in a structured, commonly used, machine-readable format for transfer to another provider.
You may object at any time to processing based on our legitimate interests, including direct marketing. We will cease such processing unless we can demonstrate compelling legitimate grounds that override your interests.
If we make decisions about you solely through automated processing that produce legal or similarly significant effects, you have the right to request human review of such decisions.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or any other competent supervisory authority in your jurisdiction.
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or the nature of our Services. When we make material changes, we will notify you through one or more of the following methods: prominently displaying a notice on our website, sending an email notification to your registered address, or displaying an in-app alert upon your next login.
The "Last updated" date at the top of this Policy will always reflect the most recent revision. Continued use of the Services following the effective date of any revised Policy constitutes your acceptance of those changes. We encourage you to review this Policy periodically to stay informed of how we are protecting your information. Prior versions of this Policy are available upon written request.
If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to report a privacy concern, our dedicated privacy team is ready to assist you promptly and confidentially.
Contact Our Privacy Team