Privacy Policy.

This Privacy Policy describes how Elitesgen Academy ("Elitesgen", "we") collects, uses, shares, and protects personal information when you use Egen Active (the "Service"). It is written to align with the Nigerian Data Protection Regulation (NDPR) and the Nigeria Data Protection Act (NDPA).

If you do not agree with this Policy, do not use the Service.

Information you give us: name, email, phone number, date of birth, profile photo, emergency contact, city, activity interests, and (for organizations) employer details and member roster. When you book a facility, we collect the booking details. When you pay, we collect payment metadata; your full card number is handled by the payment processor, not by us.

Information collected automatically: device type, operating system, app version, IP address, approximate (city-level) location unless you grant precise permission, pages viewed, sessions completed, bookings made, timestamps, and error logs.

Information from partner facilities and organizations: check-in records when you tap in at a facility, session attendance, and, for organization-funded members, eligibility and role within the organization.

We use personal information to:

• provide and operate the Service (accounts, bookings, payments, visits, community features);
• communicate with you (confirmations, reminders, service announcements, support replies);
• personalize recommendations (facilities, groups, events, activities);
• prevent fraud, abuse, and unauthorized access;
• measure and improve the Service (usage analytics, performance monitoring); and
• meet legal, tax, and accounting obligations.

We rely on one or more of the following bases under the NDPR and NDPA:

• Consent, for marketing communications, precise location, and similar optional features;
• Contract, to operate the Service you've signed up for (bookings, payments, visits);
• Legal obligation, to meet tax, accounting, and regulatory requirements; and
• Legitimate interest, for fraud prevention, service improvement, and safety.

We share personal information only with:

• Partner facilities, limited to what is needed for your booking or visit (your name, photo, membership status, check-in time);
• Your organization, if you access the Service through one; your usage data (visits, spend, bookings) is visible to your organization's authorized administrators;
• Service providers, including payment processors, email delivery, analytics, map tile providers, cloud hosting, fraud screening, and customer support tools, each under a data processing agreement that restricts their use of the data to the service they provide to us; and
• Legal and safety recipients, where required by law, court order, or to protect a person from harm.

We do not sell personal information.

You have the right to:

• access the personal information we hold about you;
• correct inaccurate or incomplete information;
• request deletion of your information, subject to legal retention requirements;
• object to specific processing and withdraw consent where processing relies on consent;
• receive a copy of your information in a portable format; and
• lodge a complaint with the Nigeria Data Protection Commission.

We keep personal information for as long as your account is active and for a reasonable period thereafter to meet legal, accounting, and safety obligations. Booking and payment records are retained for the period required under Nigerian tax and accounting rules. When we no longer need information, we delete or anonymize it.

We protect personal information with encryption in transit and at rest, role-based access controls, audit logging, and regular security reviews. No system is perfectly secure; if a breach occurs that meets the NDPR notification threshold, we will notify affected users and the supervisory authority in line with regulatory requirements.

We use first-party cookies and similar technologies to keep you signed in, remember your preferences, and measure usage. Our analytics provider (PostHog) processes de-identified event data to help us understand how the Service is used. We use Vercel Analytics and Speed Insights for performance measurement. You can disable analytics in your device or browser settings; doing so will not affect core Service functionality.

The Service is not intended for people under 18. Organizations or facility partners who wish to enroll participants under 18 must do so through their own onboarding process, with parental or guardian consent obtained and documented by them, and not through a standalone individual account.

Some of our service providers are based outside Nigeria. Where personal information is transferred internationally, we rely on the safeguards permitted under the NDPR, typically standard contractual protections or an adequacy assessment, to ensure an equivalent standard of protection.

We may update this Policy to reflect changes to the Service, our practices, or legal requirements. If we make material changes, we will notify you through the app or by email before they take effect. The "Last revised" date at the top of this page shows the most recent update.