Back to Home

Privacy Policy

Effective: March 4, 2026 · Version 1.0 · NDPA 2023 · NDPR 2019 · PIPEDA

Your privacy is fundamental to how we build and operate SlasProp. This Policy explains what personal data we collect, why we collect it, how we use it, and your rights over it.

1. Who We Are

This Privacy Policy applies to all personal data processed by Slas Technologies Limited (“SlasTech”) in connection with SlasProp, including slasprop.com, the web application, administrative interface, mobile applications, and APIs. We are registered with the Nigeria Data Protection Commission (NDPC). Our Data Protection Officer can be reached at dpo@slastech.com.

Nigeria (Primary Controller): Slas Technologies Limited, Lagos, Nigeria
Canada (Branch): Slas Technologies Inc., Ontario, Canada

2. Information We Collect

Information you provide directly:

  • Registration data: name, email, phone, date of birth, address, nationality
  • KYC documents: government-issued ID (NIN, passport, driver's licence), BVN, proof of address, and facial biometric data for identity verification
  • Professional credentials: licence numbers, bar association membership, certifications
  • Property data: addresses, parcel IDs, survey coordinates, ownership history, valuations
  • Transaction data: offer amounts, escrow terms, contract conditions
  • Uploaded documents: title deeds, survey plans, C-of-O copies, proof of funds
  • Communications: support requests, in-platform messages, email correspondence

Information collected automatically:

  • Device and network data: IP address, browser type, operating system, device identifiers
  • Usage data: pages visited, features used, session duration, API requests
  • GIS coordinates when you use map features (with your consent)
  • Cookies and similar tracking technologies (see Section 9)

Information from third parties:

  • KYC verification results from identity verification providers
  • Land registry data from state land bureaus (with appropriate authorisation)
  • Payment confirmations from Paystack, Stripe, and the Stellar Network
  • Credit data from credit bureaus (only with your explicit consent for mortgage applications)

3. How We Use Your Information

  • Account creation and management (contract performance)
  • KYC/AML identity verification and compliance (legal obligation)
  • Property transaction facilitation and escrow management (contract performance)
  • SLTR and land registry workflow for government partners (legal obligation / public task)
  • Payment processing via SlasPay (contract performance)
  • Fraud detection and platform security (legitimate interests)
  • Customer support (contract performance)
  • Anonymised platform analytics and improvement (legitimate interests)
  • Legal compliance and regulatory reporting (legal obligation)
  • AI-powered analytics via SlasIntel using anonymised property data (legitimate interests)
  • Marketing communications (consent — opt-in only, withdrawable at any time)

4. Legal Basis for Processing

We process your data on the following legal bases under the NDPA 2023, NDPR 2019, and PIPEDA: contract performance (account management, transactions); legal obligation (KYC/AML under the Money Laundering Act, FINTRAC, land registry law); legitimate interests (fraud prevention, security, anonymised analytics); consent (marketing, optional tracking — withdrawable at any time); and public task (SLTR operations by government officers).

5. Data Sharing

We do not sell your personal data. We share your data only with:

  • Transaction counterparties as necessary to complete transactions you initiate
  • SlasPay and SlasIntel (also operated by SlasTech) for payment and analytics services
  • KYC providers (Smile Identity, Onfido, or similar) under binding data processing agreements
  • Government authorities and regulators (NDPC, CBN, FINTRAC) as required by law
  • Paystack and Stripe for payment processing under their own privacy policies
  • Amazon Web Services as our cloud provider under a Data Processing Agreement; all data stored in AWS Canada (ca-central-1)
  • Professional advisers (lawyers, auditors) under strict confidentiality obligations
  • Acquirers in a business transfer, with equivalent privacy protections applied

6. International Data Transfers

Your data is stored in AWS Canada (ca-central-1). Where international transfers are necessary (e.g. to KYC providers), we ensure protection through Standard Contractual Clauses, binding data processing agreements, and adequacy assessments. We comply with PIPEDA's accountability principle for cross-border transfers.

7. Data Retention

  • Account data: duration of account plus 7 years (FIRS tax obligations)
  • KYC documents: 7 years from last transaction (CBN / AML regulations)
  • Property transaction records: 10 years (Land Use Act / limitation periods)
  • SLTR and land registry records: permanent (land registry law)
  • Payment records: 7 years (Financial Regulations Act)
  • Support communications: 3 years (limitation period for claims)
  • Marketing preferences: until opt-out plus 1 year

After the applicable retention period, data is securely deleted or anonymised. Some data may be retained longer where required by law or court order.

8. Your Rights

Under the NDPA 2023, NDPR 2019, and PIPEDA, you have the right to: access your personal data; correct inaccurate data; request erasure (subject to legal retention obligations); restrict processing; data portability; object to processing based on legitimate interests; withdraw consent at any time without affecting prior processing; and lodge a complaint with the NDPC (Nigeria) at ndpc.gov.ng or the OPC (Canada) at priv.gc.ca.

Submit rights requests to privacy@slastech.com. We respond within 30 days. Identity verification may be required.

9. Cookies & Tracking

We use strictly necessary cookies for authentication, session management, and CSRF protection (always active); functional cookies for preferences and saved searches (optional); and first-party anonymised analytics (optional). We do not use advertising cookies or share data with advertising networks. Manage preferences in your browser settings.

10. Security Measures

We implement: TLS 1.3 encryption in transit; AES-256 encryption at rest; JWT authentication with secure refresh tokens; bcrypt password hashing; a dedicated encrypted S3 bucket for KYC documents with strict IAM access controls; AWS Shield DDoS protection; API rate limiting; comprehensive audit logging; role-based access control across 41 distinct roles; regular dependency security audits; and a 72-hour breach notification procedure to the NDPC.

11. Children's Privacy

SlasProp is not intended for use by anyone under the age of 18. If you believe a child has provided us with personal data, contact privacy@slastech.com immediately and we will promptly delete such data.

12. Third-Party Services

The platform integrates with third-party services including Paystack (payment processing), Stripe (international payments), Stellar Network (blockchain settlement), KYC verification providers, Mapbox (mapping and GIS), and Amazon Web Services (infrastructure). We encourage you to review their privacy policies before interacting with those services.

13. Changes to this Policy

We may update this Policy from time to time. Material changes are notified via email and in-platform notice at least 30 days before taking effect. The effective date at the top of this Policy is updated with each revision. All versions are archived and available on request from privacy@slastech.com.

14. Contact & Complaints

Data Protection Officer: dpo@slastech.com
Privacy enquiries: privacy@slastech.com
Nigeria DPA regulator: NDPC — ndpc.gov.ng
Canada privacy regulator: OPC — priv.gc.ca

Version 1.0 — Effective March 4, 2026. Also see our Terms and Conditions.