Privacy Policy

Privacy Policy

Who are we?

Quidpro (“Quidpro”) “Our”, “Us”, or “We” is a technology platform that facilitates the booking, scheduling, and payment for legal consultations, based in Lagos, Nigeria. Our business involves providing Automated consultation booking and scheduling, Payment processing and authorization holds, Real-time metered billing for consultations, Document review paywalls, Virtual phone number assignment, Video/audio consultation infrastructure, and WhatsApp integration and automated messaging, in Nigeria (Our “Services”). If you have any questions about this Privacy Policy or how and why We process Personal Data, please contact Us at privacy@quidpro.app or Data Protection Officer: dpo@quidpro.app.

Our Privacy Policy has been prepared to meet the requirements of the extant Nigeria Data Protection Act (the “NDPA”). We are committed to protecting the confidentiality and privacy of all personally identifiable information (“Personal Data”) entrusted to Us through this Website (“Website”). Our Privacy Policy, together with Our Terms of Use, explains the type of Personal Data we collect, when, how and why We collect Personal Data, lawful basis for processing the Personal Data, how We use the Personal Data, the conditions under which We may disclose Personal Data to others and the efforts We take to keep Personal Data secure, and your Rights as regards Personal Data collected and processed. By registering for or using Our services, you acknowledge that you have read and agree to Our Privacy Policy and Terms & Conditions, which are incorporated herein by reference.

The terms ‘You’ and ‘Your’ means You as an individual or legal professional accessing this Website and applying for or using Our Services. Where We make decisions on how Personal Data is used in connection with Our Services, We are acting as a Data Controller and will be responsible for the obligations of a Data Controller under the NDPA in connection with the processing of Personal Data. For example, We use this Privacy Policy and other notices to provide You with information about Our use of Personal Data, as required by the NDPA. Where We only use Personal Data requested by other Data Controllers, We would be acting as Data Processors and those other Data Controllers are similarly responsible for the obligations of a Data Controller under the NDPA in connection with the processing of those categories of Personal Data. If You are using Our Services through those other Data Controllers, You should contact them if You have questions or concerns about the processing of Your Personal Data or compliance with the NDPA and other applicable laws.

We may update and modify this Privacy Policy from time to time, so please do return to the Website and review this Privacy Policy regularly. Unless otherwise stated, any updates to this Privacy Policy become effective when We post the updates on the Website. Your continued use of the Website for Our Services following an update to the Privacy Policy means that You are aware of the updated Privacy Policy and have no objections to any such updated Privacy Policy. Please read the following carefully to understand Our views and practices regarding the processing of Your Personal Data.

1. What Personal Data Do We Collect?
We may hold and use various types of Personal Data collected at the start of, and during Your relationship with Us. We will limit the collection and processing of these Personal Data to what is necessary to achieve the purposes identified in this notice. The information You provide to us must be correct, accurate, complete and not misleading.

The Personal Data We collect includes:

1.1. Information You Provide

Lawyer Users:
● Name, email address, and phone number for verification.
● Professional credentials, including Supreme Court enrollment number, bar admission details, law firm name and address, incorporation certificates (if applicable), practice areas, specializations, profile photo, and biography.
● Payment and banking information for disbursements, including bank account details, Bank Verification Number (BVN).
● Consultation rates and availability preferences,
● Communication preference and settings (e.g., WhatsApp integration preferences), and
● Real-time metered billing details. Client Users:
● Name, email address, phone number.
● Payment information, including credit/debit card details and bank account details.
● Legal matter descriptions, consultation booking details,
● Documents uploaded for review.
● Identity verification data (NIN/BVN, where required for payment processing or fraud prevention)
1.2. Automatically Collected Information
● Identifiers assigned to Your computer or devices, including IP address, browser type/version, and device information.
● Location data (country, city, and time zone for scheduling).
● Usage information and browsing history, including pages visited, time spent, features used (e.g., booking tools, WhatsApp messaging), usage metrics, technical errors, diagnostic reports, settings preferences, content/advertising interactions, and
● cookies/similar tracking technologies.
1.3. Consultation and Platform Data

● Real-time consultation details, including chat transcripts, messages (e.g., via WhatsApp integration), consultation duration, and timestamps,
● Documents exchanged during consultations.
● Billing and payment transaction records.
● Login details, including username, password, and details of contacts or communications with us (e.g., support emails, phone calls, feedback surveys).

In some circumstances, We may also collect and process special categories of Personal Data. This is to help ensure that Our Services are accessible and so that we can offer appropriate levels of support where required.

2. How We Use Your Personal Data
We may use Your Personal Data:

● To facilitate booking, scheduling, payment processing, and authorization holds for legal consultations.
● To provide and manage video/audio consultation infrastructure, virtual phone numbers, and WhatsApp integration (including automated messaging and notifications).
● To track consultation duration for real-time billing, generate receipts, and process disbursements to lawyers.
● To verify lawyer credentials, professional standing, and user identities.
● To enable document review paywalls, secure exchanges, and personalized service recommendations.
● To monitor, review, and improve Our platform functionality, user experience, and features through analytics (using aggregated, anonymized data).
● To resolve disputes, investigate fraud, and support customer service.
● To comply with legal obligations, regulatory requirements, and law enforcement requests.
● To send marketing communications (only with Your consent or opt-in).
● To update Our records and maintain Your account with Us.
● To monitor communications for quality control, training, and fraud prevention
● To offer You services that may be of interest to You, where You have consented to be contacted for such purposes.
● For any other specific purpose which We notify You of at the time Your Personal Data is collected.
● To pre-populate fields on Our site to make it easier for You to navigate when You return to Our Website and log in as an existing customer.
● To help Us analyse Our business and develop marketing strategies, develop products, and improve Our advertising materials. We may monitor and record calls, emails, SMS, and other communications to ensure transactions are executed correctly, detecting any vulnerabilities You may have, and for security, quality control, training, and fraud prevention purposes.

3. How We Collect Your Personal Data
We collect Personal Data about You in the following ways:

● Directly from you: When you provide information via Our Website/app forms (e.g., booking consultations, uploading documents, setting preferences), or communicate with Us by email, phone, WhatsApp, or support channels.
● Automatically during use: By observing how You access and use Our Services. For example, how You use Our Website or how You manage Your accounts with Quidpro; (e.g., pages visited, consultation sessions, device logs, cookies for usage analytics, and scheduling).

● From organisations that have Your consent to share Your Personal Data with Us or for a separate legal basis for a specific or defined purpose. This could include direct marketing or assessing Your eligibility for a partner's services, which may be suitable for You. These services may include payment processors, fraud prevention agencies, verification services, or partners integrating with Our platform (e.g., WhatsApp Business API).
● From public sources, for instance, the Corporate Affairs Commission’s (CAC) register or other public registers for lawyer/firm verification, or public professional directories.
4. Lawful Basis for Processing Your Personal Data
We collect and use Your Personal Data where it is necessary for Us to carry out Our lawful business activities. Our grounds for processing Your Personal Data are as follows:

4.1. Contractual necessity

We may process Your Personal Data where it is necessary to enter into a contract with You or to perform Our obligations under that contract. This may include processing to:
● Assess Your eligibility for the Services We provide (e.g., verifying lawyer credentials).
● Set up/manage Your account, and verifying contact details.
● Provide and administer the Services We offer, including: automated booking/scheduling, video/audio consultations, WhatsApp messaging, document paywalls, and metered billing.
● Process payments, authorization holds, disbursements, receipts, and notifications.
● Share data with fraud prevention and investigation agencies.
● Handle enquiries, complaints, or support requests.
● Assess Your eligibility for similar Services. This may include making periodic searches at fraud prevention and investigation agencies.

4.2. Legal obligation

We may process Your Personal Data where it is a legal or statutory obligation on Us. This may include processing to:

● Confirm Your identity.
● Detect, investigate, and report transactions in order to comply with laws relating to money laundering, financial crime, and international sanctions;
● Detect, investigate, and report financial crime, and take measures to prevent this;
● Maintain records of Our business as required by law;
● Comply with laws which require Us to provide information, directly or indirectly to any state or federal agencies, for the purpose of the calculation and collection of tax;
● Respond to enquiries and requests for information by any of Our regulators;
● Create and submit reports required by any of Our regulators;
● Otherwise meet Our obligations under all laws and regulations and codes of practice which apply to Our business activities; and

● Protect vulnerable customers and provide them with support, where We have a duty to do so.

4.3. Legitimate interest

We may process Your information when We have a business or commercial reason to do so. If We do, it must not unfairly go against what is right and best for You. If We rely on Our legitimate interest, We will tell You what that is. This may include processing to:

● Develop new and enhance Our Services and identify which may be of interest to You.
● Contact You to make You aware of such Services, where We have the relevant permission to do so. This may include a reasonable period after Your relationship has ceased with Us.
● Collect information for statistical analysis, analytics, and platform improvements.
● Detect fraud and share Your information with third parties for the purpose of preventing fraud and financial crime (e.g., payment fraud, fake profiles).
● Monitor Our platform performance, consultation demand patterns, security, and network protection.
● Monitor, review, and improve the content, functionality, appearance, and user experience of Our Website, to ensure that content from Our Website is presented in the most effective manner for You.
● Assess how Our customers use Our Website, and Services.
● Conduct research and aggregated analytics (e.g., anonymized trends in consultation demand).
5. Who Do We Share Your Personal Data with
We may share Your Personal Data with third-party companies who provide Services on Our behalf, and/or third-party companies who provide Services to Us. This may require these organisations to access and process Your Personal Data. These may include:
● Between Users: Lawyer profile information with potential clients; Client contact information and legal matter descriptions with booked Lawyer Users;
● Government agencies: for compliance with statutory, tax, anti-money laundering, or law enforcement obligations.
● Identity verification service providers: to confirm Your identity and prevent impersonation or fraudulent activity.
● Payment processors (Paystack, Flutterwave, etc.): to process payments, metered billing, and disbursements necessary for Your use of our Services.
● Auditors: for the purpose of financial and compliance audits.
● Fraud investigation and prevention agencies: to detect, prevent, and investigate fraud or misuse of Our Services.
● Communications service providers offering mail, email, SMS text services, and WhatsApp Business API.
● Customer survey providers in order to receive feedback and improve Our Services.
● IT service providers: to ensure a smooth and seamless user experience on Our Website.

● Video conferencing infrastructure and cloud hosting providers: for consultation delivery.
● Data security providers for debugging and product improvement purposes.
● Legal service providers: to obtain legal advice, enforce Our rights, or defend against legal claims.
● Digital and direct marketing service providers: to communicate relevant updates or promotional information where permitted by law and subject to Your consent.
● Third-party quality assurance providers: to ensure that Our Website is secure, compliant, and reliable.
● If We or Our assets are potentially to be acquired by a third party, or if We consider restructuring, Personal Data held by Us about Our customers will be one of the transferred assets and may be shared during the potential transaction or restructuring process or as part of a mergers & acquisitions transaction.

We may also process Your Personal Data using data analytics and artificial intelligence tools provided by external third parties to manage risks, improve Our Service and produce statistical analysis to be shared internally and with other companies within Our corporate group.

6. International Transfer of Personal Data

To provide the Services, We or Our service providers may transfer Your Personal Data to countries outside Nigeria, including jurisdictions that have been recognized by the NDPA as providing adequate data protection, as well as countries whose data protection laws may offer a lower level of protection than is available in Nigeria. Any such transfers will only be done where necessary for the performance of a contract between You and Quidpro, or to take steps at Your request prior to entering into such a contract. Additionally, in such cases, We will ensure that appropriate safeguards are in place to protect Your Personal Data in accordance with the NDPA. The specific safeguards We implement will depend on the nature of the transfer and the recipient, and may include the use of standard contractual clauses. If You would like further information about these safeguards, please contact Us via Email: privacy@quidpro.app Data Protection Officer: dpo@Quidpro.app

7. Your Data Subject Rights
As a Data Subject, You have a number of rights:

● The right to access the Personal Data We hold about You;
● The right to rectify inaccurate Personal Data or complete it if it is incomplete;
● The right to have Your Personal Data deleted;
● The right to request restriction of Your Personal Data;
● The right to obtain and make use of Your Personal Data for Your own purposes across different Services ("portability");
● The right to object to the processing of Your Personal Data in certain circumstances;

● The right to object to decisions that are based solely on automated decision-making, including profiling;
● The right to withdraw consent at any time; and
● Right to lodge complaints with the NDPC.

Please note that Your data protection rights are subject to certain restrictions and conditions, and We may be required to retain a range of Your Personal Data for legal and regulatory reasons. If You think that any of the Personal Data We hold about You is wrong or incomplete, You have the right to challenge it. If You are located in the European Economic Area, United Kingdom, or other jurisdictions with data protection laws, You may have additional rights under GDPR, UK GDPR, or similar regulations. Contact Us to exercise these rights.

8. Sensitive Personal Data
We will not typically ask You for any 'special categories' of Personal Data. This is also referred to as 'Sensitive Personal Data' and includes information revealing an individual's political opinions, racial or ethnic origin, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning an individual's sex life or sexual orientation. If We process such Sensitive Personal Data, We will do so: (a) with Your explicit consent, (b) to comply with Our legal obligations to support You if You are, or become, a vulnerable customer, and (c) to establish, take, or defend any legal action.

9. How Long We Keep Your Personal Data
We will retain Your Personal Data for as long as We are required to under relevant legislation and regulation, and where no specific rules apply, for no longer than it is necessary for the lawful purposes for which it was originally collected or for related compatible purposes. This will usually be no more than:
● Account information: For the duration of Your account, plus seven (7) years after closure.
● Payment records: Seven (7) years for tax and accounting purposes.
● Communication logs: Two (2) years unless required for dispute resolution.
● Analytics data: Indefinitely in an aggregated, anonymized form,

at which point, Your Personal Data will no longer be retrievable through a Data Subject Access Request (“DSAR”). The retention period of Your Personal Data may need to be extended where We require this to bring or defend legal claims. We may also retain Personal Data for longer periods for statistical purposes, and if so We will anonymise such Personal Data.

10. How Do We Protect Your Personal Data
We are committed to managing Your Personal Data in line with the NDPA and best practices. We employ all reasonable efforts to keep Your Personal Data secure by taking appropriate technical and organisational measures against any unauthorised or unlawful processing of Personal Data and against its accidental loss, destruction or damage. We protect Your Personal Data using physical, technical, and organisational measures to reduce the risks of loss, misuse, unauthorised access,

disclosure, and alteration. We also use industry-recommended security protocols to safeguard Your Personal Data. Other security safeguards include, but are not limited to, data encryption, firewalls, and physical access controls to Our buildings and files. Our privacy assessment indicates that Your use of Our Services is unlikely to compromise data protection.

11. Do We Use Automated Processing?
We may use Your Personal Data in automated processes to make decisions about You. You have the right not to be subject to a decision based solely on automated processing, if this will have a legal or other significant effect on You (certain exceptions apply).

We may use automated decision-making in:
● Fraud and money laundering risk identification: If Our processing reveals Your behaviour to be consistent with money laundering, payment fraud, fake lawyer profiles, suspicious booking patterns, known fraudulent conduct, or is inconsistent with information that You have provided previously, or You appear to have deliberately hidden Your true identity, We may decide that You pose a fraud and money laundering risk using data from payment gateways and verification services.
● Lawyer-client matching: To recommend lawyers based on practice areas, availability, location, and client needs (non-binding suggestions).
● Payment authorization: For automated holds and transaction approvals via payment processors.
● Account security: Risk-based authentication (e.g., unusual login locations).

If You do not agree with any decisions made as a result of the foregoing, You have the right to appeal the outcome of these automated decisions and ask for them to be reconsidered manually. W e may require additional relevant information to be provided by You before human oversight of a specific decision will take place.
12. Attorney-Client Privilege

IMPORTANT: Quidpro respects attorney-client privilege. However, You acknowledge that:

● Communications through Our Platform may not be privileged if not part of a formal attorney-client relationship.
● Technical limitations may affect privilege protections (e.g., temporary system access for troubleshooting).
● We will not intentionally review privileged communications except as necessary for dispute resolution or legal compliance.
● Lawyer Users are responsible for advising clients about privilege limitations.

We implement reasonable safeguards to protect confidential communications, but We cannot guarantee absolute privilege protection due to the nature of technology platforms.
13. Access to Your Personal Data via a Data Subject Access Request
(DSAR)

You have the right to request access to the Personal Data We hold about You. To make a DSAR, please email privacy@quidpro.app with the subject line “DSAR” or to: Data Protection Officer. dpo@quidpro.app

We may need to verify Your identity before processing Your request. We will respond within one (1) month of receipt of Your request and verification of Your identity. Requests are free of charge unless they are manifestly unfounded or excessive, in which case We may charge a reasonable fee or refuse to comply. If You are not satisfied with Our response, You can contact the NDPC.
14. Cookies
We may use cookie technology on Our Website to collect some of the Personal Data detailed in this policy. Cookies are small text files stored on Your device or internet browser when You visit Us. We use cookies mainly to improve the performance of Our Website and Our Services, remember Your preferences and settings, authenticate your account, analyze Platform usage and performance and provide targeted content and features. The Cookie Policy made available on this Website explains in more detail what types of cookies We use, why We use them, and how to identify and disable them.
15. Third-Party Advertising Links or Content

Our Website may contain links to other sites that are not operated by Us. We allow third parties, including advertising networks and other advertising service providers, to collect information about Your online activities through cookies, pixels, local storage, and other technologies. These third parties may use this information to display advertisements on Our Website and elsewhere online tailored to Your interests, preferences, and characteristics. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. Some third parties collect information about users of Our Website to provide interest-based advertising on Our Website and elsewhere, including across browsers and devices. These third parties may use the information they collect on Our Website to make predictions about Your interests in order to provide You with ads (from Us and other companies) across the internet. We strongly advise You to review the Privacy Policy of every site You visit.

16. Children’s Privacy
We do not knowingly collect Personal Data from children under the age of 18. Our Website and Services are not addressed to minors. If You are a parent or guardian and You learn that Your children have provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from a child under the age of 18 without verifiable parental consent, We will take steps to remove that information from Our servers.

17. Complaints

If You have any complaints about Our use of Your Personal Data, please send an email with the details of Your complaint to privacy@quidpro.app or to Our Data Protection Officer at: dpo@quidpro.app, or use the contact details above. We will

investigate and respond to any complaints We receive. You also have the right to lodge a complaint with the NDPC. For further information on Your rights and how to complain to the NDPC, please refer to the NDPC Website at https://ndpc.gov.ng/.