Privacy Policy

1. Introduction

1.1 Important information and who we are

Welcome to Boredom's Privacy and Data Protection Policy ("Privacy Policy"). At Boredom ("we", "us", or "our"), we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, the Nigeria Data Protection Act 2023 ("NDPA"), the Nigeria Data Protection Regulation 2019 ("NDPR"), and all other mandatory laws and regulations of the United Kingdom and the Federal Republic of Nigeria.

This Privacy Policy explains how we collect, process, and keep your data safe. It also explains your privacy rights, how the law protects you, and the obligations of our employees and partners when processing data.

The individuals from which we may gather and use data include:

• Users of the Boredom mobile app
• Vendors and their representatives
• Business contacts
• Third parties involved in user verification, payments, or venue operations
• Any other people that the platform interacts with or may need to contact

This Privacy Policy applies to all employees, contractors, and staff members, and all Personal Data processed by Boredom at any time.

1.2 Who is Your Data Controller and Data Protection Officer

Boredom is your Data Controller and is responsible for your Personal Data.

Data Protection Officer (DPO):
Full name: Usman Jaji
Email address: hello@boredomhq.com
Postal address: (To be updated)

If you are based in the United Kingdom, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO) at www.ico.org.uk.

If you are based in Nigeria, you may lodge a complaint with the Nigeria Data Protection Bureau (NDPB) at www.ndpb.gov.ng.

We would appreciate the chance to handle your concerns before you approach either authority, so please contact us first at hello@boredomhq.com.

1.3 Processing Data on Behalf of a Controller

As a Data Controller, we may use employees or third-party service providers ("Processors") to process data on our behalf. Boredom and its Processors have responsibilities including:

• Ensuring all Personal Data processing has a lawful basis
• Ensuring confidentiality obligations are in place
• Maintaining appropriate security measures
• Keeping detailed records of processing activities
• Reporting data breaches without undue delay (within 72 hours under the NDPA and UK GDPR)
• Cooperating with supervisory authorities
• Ensuring all individuals handling data act only on our instructions

2. Legal Basis For Data Collection

2.1 Types of Data / Privacy Policy Scope

"Personal Data" refers to any information that identifies an individual. At Boredom, we collect:

• Profile/Identity Data: Name, age, date of birth, gender.
• Contact Data: Phone number, email address, social media login details.
• Location Data: Real-time or approximate device location for meet-ups and venue discovery.
• Activity Data: App interactions, event participation, in-app chats (encrypted), vendor visits, and preferences.
• Marketing and Communications Data: Your preferences for notifications, updates, and promotions.
• Aggregated Data: App usage metrics, venue performance insights, event engagement statistics — non-identifiable unless combined with personal data.
• Sensitive Personal Data (Special Categories): Information on beliefs, orientation, or political opinions only when voluntarily provided (e.g., profile preferences). Enhanced legal basis applies for special categories.

2.2 Legal Basis

We rely on the following legal grounds under the UK GDPR and NDPA 2023:

• Consent
• Contractual Obligations
• Legal Compliance
• Legitimate Interests
• Necessity (for any special category data)

3. How We Use Your Personal Data

We only use your data when permitted by law. Uses include:

• Account creation and identity verification
• Matching users to meet-ups and events
• Recommending venues, activities, and other users
• Location-based features
• Payment processing and bill-splitting
• Vendor insights, safety checks, and compliance
• App improvement, analytics, and fraud prevention

You will receive marketing updates unless you opt out. You may manage notification preferences in your device settings at any time.

4. Your Rights & How We Protect Your Data

Depending on your location, you have the following rights under the UK GDPR and/or the NDPA 2023:

• Delete your account and associated personal data
• Request access to your personal data
• Request corrections to inaccurate data
• Restrict or object to processing
• Withdraw consent at any time
• Data portability — receive your data in a structured format

To exercise any of these rights, contact us at hello@boredomhq.com. We will respond within 30 days.

Data is secured through encryption, access controls, and secure storage via Firebase (Google LLC).

5. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (ICO and/or NDPB) within 72 hours of becoming aware of the breach, as required by the UK GDPR and NDPA 2023. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

6. Your Data and Third Parties

We may share data with:

• Payment processors (CBN-licensed providers)
• Authentication providers (Google, Apple, Facebook)
• Cloud infrastructure providers (Firebase/Google LLC)
• Vendors offering Boredom-hosted experiences
• Analytics partners
• Legal or regulatory authorities
• Parties involved in business mergers/acquisitions

Any international data transfer to providers outside Nigeria or the UK is conducted in compliance with Section 43 of the NDPA 2023 and UK GDPR Chapter V transfer mechanisms.

7. Data Retention

We retain data only as long as necessary for the original purpose. Extended retention applies in cases of disputes, regulatory requirements, or legal obligations under Nigerian or UK law. When you delete your account, your personal data is permanently removed subject to any applicable retention obligations.

8. Age Limit

Users must be 18 or older to use Boredom, in accordance with the Nigeria Data Protection Act 2023 and the Child Rights Act 2003. If we discover you are under 18, we will immediately suspend and permanently delete your account.

9. International Transfer

Data may be stored or processed outside the UK and Nigeria, including in the United States (via Firebase/Google LLC). We ensure adequate safeguards are in place for all such transfers:

• UK transfers: conducted in accordance with UK GDPR Chapter V and ICO transfer mechanisms.
• Nigerian transfers: conducted in accordance with Section 43 of the NDPA 2023.

10. Supervisory Authorities

You have the right to lodge a complaint with the relevant supervisory authority:

• United Kingdom: Information Commissioner's Office (ICO) — www.ico.org.uk
• Nigeria: Nigeria Data Protection Bureau (NDPB) — www.ndpb.gov.ng

11. Policy Updates

Changes will be reflected on this page with an updated revision date. Where changes are material, we will notify you via the app or email at least 7 days before they take effect. Continued use of the app after the effective date indicates acceptance of the revised policy.

12. Contact Us

For any questions, concerns, or to exercise your data rights, contact us at:

• Email: hello@boredomhq.com
• Website: https://boredomhq.com

13. Interpretation

All uses of the term "including" imply "not limited to".