Legal

Privacy Policy

How we collect, process and keep your data safe — and the rights you have over it.

Last updated: April 12, 2026

Welcome to Boredom's Privacy and Data Protection Policy ("Privacy Policy"). At Boredom ("we", "us", or "our"), we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, the Nigeria Data Protection Act 2023 ("NDPA"), the Nigeria Data Protection Regulation 2019 ("NDPR"), and all other mandatory laws and regulations of the United Kingdom and the Federal Republic of Nigeria.

1. Introduction

1.1 Important information and who we are

This Privacy Policy explains how we collect, process, and keep your data safe. It also explains your privacy rights, how the law protects you, and the obligations of our employees and partners when processing data.

The individuals from which we may gather and use data include:

This Privacy Policy applies to all employees, contractors, and staff members, and all Personal Data processed by Boredom at any time.

1.2 Who is Your Data Controller and Data Protection Officer

Boredom is your Data Controller and is responsible for your Personal Data.

Data Protection Officer (DPO):
Full name: Usman Jaji
Email address: hello@boredomhq.com
Postal address: (To be updated)

If you are based in the United Kingdom, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO) at www.ico.org.uk.

If you are based in Nigeria, you may lodge a complaint with the Nigeria Data Protection Bureau (NDPB) at www.ndpb.gov.ng.

We would appreciate the chance to handle your concerns before you approach either authority, so please contact us first at hello@boredomhq.com.

1.3 Processing Data on Behalf of a Controller

As a Data Controller, we may use employees or third-party service providers ("Processors") to process data on our behalf. Boredom and its Processors have responsibilities including:

2. Legal Basis For Data Collection

2.1 Types of Data / Privacy Policy Scope

"Personal Data" refers to any information that identifies an individual. At Boredom, we collect:

2.2 Legal Basis

We rely on the following legal grounds under the UK GDPR and NDPA 2023:

3. How We Use Your Personal Data

We only use your data when permitted by law. Uses include:

You will receive marketing updates unless you opt out. You may manage notification preferences in your device settings at any time.

4. Your Rights & How We Protect Your Data

Depending on your location, you have the following rights under the UK GDPR and/or the NDPA 2023:

To exercise any of these rights, contact us at hello@boredomhq.com. We will respond within 30 days.

Data is secured through encryption, access controls, and secure storage via Firebase (Google LLC).

5. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (ICO and/or NDPB) within 72 hours of becoming aware of the breach, as required by the UK GDPR and NDPA 2023. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

6. Your Data and Third Parties

We may share data with:

Any international data transfer to providers outside Nigeria or the UK is conducted in compliance with Section 43 of the NDPA 2023 and UK GDPR Chapter V transfer mechanisms.

7. Data Retention

We retain data only as long as necessary for the original purpose. Extended retention applies in cases of disputes, regulatory requirements, or legal obligations under Nigerian or UK law. When you delete your account, your personal data is permanently removed subject to any applicable retention obligations.

8. Age Limit

Users must be 18 or older to use Boredom, in accordance with the Nigeria Data Protection Act 2023 and the Child Rights Act 2003. If we discover you are under 18, we will immediately suspend and permanently delete your account.

9. International Transfer

Data may be stored or processed outside the UK and Nigeria, including in the United States (via Firebase/Google LLC). We ensure adequate safeguards are in place for all such transfers:

10. Supervisory Authorities

You have the right to lodge a complaint with the relevant supervisory authority:

11. Policy Updates

Changes will be reflected on this page with an updated revision date. Where changes are material, we will notify you via the app or email at least 7 days before they take effect. Continued use of the app after the effective date indicates acceptance of the revised policy.

12. Contact Us

For any questions, concerns, or to exercise your data rights, contact us at:

13. Interpretation

All uses of the term "including" imply "not limited to".