Operated by Eduture Technologies Limited
Eduture Technologies Limited (“we”, “us”, “our”, or “Eduture”), a company registered in Nigeria (company number RC1100422), operates the Eduture Go mobile application and related services (together, the “Service”). Eduture Go connects students in Nigeria, the diaspora, and worldwide with scholarships, internships, conferences, and graduate jobs.
This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, who we share it with, how long we keep it, and the rights you have over it. It applies to everyone who uses the Eduture Go app.
We are the data controller responsible for your personal information under the Nigeria Data Protection Act 2023 (the “NDPA”) and the regulations and guidance issued by the Nigeria Data Protection Commission (the “NDPC”). By creating an account or using the Service, you acknowledge that you have read and understood this Policy.
Contact for privacy matters. For any question about this Policy or your personal information, or to exercise your rights, please contact our Privacy Team at privacy@eduture.com.
This summary is for convenience only and does not replace the full Policy below.
What we collect: your account details (name, email), the profile information you give us (such as your country, state, year of birth, education, and interests), your saved opportunities, support messages you send us, and limited technical data (such as your device push token and, in server logs, your IP address).
Why: to create and secure your account, match you with relevant opportunities, send you the notifications you choose, provide support, keep the Service safe and working, and understand in aggregate how the Service is used.
Sharing: we use trusted service providers for things like sign-in, notifications, sending emails, and hosting. We do not sell your personal information.
Your choices: you can view and edit your profile, control your notifications, and delete your account at any time from within the app.
Children: Eduture Go serves students, including secondary-school students under 18. Younger students can use scholarships and general features; graduate jobs are restricted to users aged 18+ (with a narrow exception where the law permits 17-year-olds to work). If you are under 18, parental or guardian consent is required. See section 11.
We collect the categories of information set out below. We only collect what we need to provide and improve the Service.
When you create an account we collect your email address, your name, and a password. For security, your password is handled and stored only by our authentication provider in hashed form; we never store your raw password on our own systems. We also generate and store a record of your verification status and a unique account identifier.
To verify your email and to let you reset your password, we send you a one-time code (OTP). We store this code only in a protected (hashed) form and only for as long as needed to complete verification or reset (see section 8).
To match you with relevant opportunities, you may provide profile information during onboarding and at any time afterwards. This includes:
| Information | Examples | Why we collect it |
|---|---|---|
| Name and email | Your full name; your email address | Identify your account; communicate with you |
| Year of birth | e.g. 1999 | Confirm you meet age requirements and tailor age-appropriate opportunities (we collect your year of birth, not your full date of birth) |
| Gender (optional) | Male / female | Personalise opportunity matching where relevant |
| Location | Country of residence; state/region; nationality/citizenship(s) | Show opportunities open to your location and nationality |
| State of origin (optional) | Your indigene/origin state | Show opportunities restricted to people of a particular state of origin. This is optional and you do not have to provide it. See the note on sensitive information below. |
| Education | Education level; field of study; school/institution names; whether you have graduated; postgraduate status; education history details | Match you with opportunities suited to your education level and field |
| Preferences | Target study destinations; interests; preferred language; whether you are open to any country | Personalise the opportunities and content we show you |
| Notification settings | Your push-notification on/off choices | Respect your choices about what notifications you receive |
Providing profile information is optional. You can use core parts of the Service without completing your profile, although a fuller profile lets us match you with more relevant opportunities.
When you save or bookmark an opportunity, we record which opportunities you saved, any application checklist items you create for them, and whether you have set a reminder. This information is stored on our servers so that it is available to you across your devices, and a copy is also kept locally on your device.
If you contact us through in-app support, we collect the content of your messages and our replies, so we can help you and keep a record of the conversation. Please do not include information you do not want us to hold in support messages.
To deliver notifications and keep the Service secure and working, we collect:
Push notification token — a device identifier provided by the push-notification service we use, used to send you the notifications you have enabled.
Device time zone — a coarse, region-level signal (for example, “Africa/Lagos”) used to schedule notifications at sensible times. This is not precise location.
Server-log data — when your app communicates with our servers, our systems automatically record technical details of the request, including your IP address, device/browser type, and the request made. These logs are kept for a short period (see section 8). We do not record the contents of sensitive requests such as your password or one-time codes in these logs.
Marketplace click data — if you tap an affiliate/referral link in the Service, we record the click (including the IP address and device/browser type at that moment) for attribution and analytics. When your account is deleted, this data is de-identified (see section 8).
We use third-party analytics and crash-reporting tools to understand how the Service is used and to detect and fix crashes. These tools automatically collect device and app information (such as device model, operating system, app screens viewed, and approximate location derived from IP address) and, for crash reporting, crash diagnostics. This information is collected in a manner that is not, by itself, used by us to identify you by name.
The Service may display advertising through our advertising provider to help keep Eduture Go free to use. Where ads are shown on Apple iOS devices, we will ask for your permission through Apple’s App Tracking Transparency prompt before any advertising identifier is used to personalise ads. If you do not allow tracking, you will still see ads, but they will be non-personalised. Where advertising relies on a tracking identifier, we do so on the basis of your consent.
When ads are shown, we and our advertising provider record limited information about how they perform — for example, when an ad is shown to you (an impression) and when you tap one (a click), along with which ad it was and where it appeared. We use this to display ads, to limit how often you see the same one, and to measure performance. This ad-interaction data is tied to a device-generated identifier rather than to your account, so it is not linked to your name or profile.
We use your personal information for the following purposes:
To provide the Service: create and manage your account, verify your email, sign you in, and let you save and track opportunities.
To match and personalise: show you scholarships, internships, conferences, and jobs relevant to your profile, location, education, and interests.
To communicate with you: send you account and security messages (such as verification and password-reset emails) and the notifications you have chosen to receive.
To provide support: respond to your questions and resolve issues.
To keep the Service safe and reliable: detect, prevent, and address fraud, abuse, security incidents, and technical problems.
To understand and improve the Service: analyse, in aggregate, how the Service is used (see section 5).
To comply with the law: meet our legal and regulatory obligations and respond to lawful requests.
Under the NDPA, we rely on one or more of the following legal bases when we process your personal information:
Performance of a contract / steps at your request — to provide the Service you have signed up for (for example, creating your account and matching opportunities).
Your consent — for optional information you choose to provide (such as your state of origin) and for optional features (such as certain notifications or personalised advertising). You can withdraw consent at any time.
Our legitimate interests — to keep the Service secure, prevent abuse, and improve the Service through aggregate analytics, in a way that does not override your rights.
Legal obligation — where we must process information to comply with applicable law.
In practice, these bases map to our activities as follows. We rely on performance of a contract to create and secure your account, verify your email, sign you in, and let you save, track, and be matched with opportunities; on your consent for the optional details you choose to add (and explicit consent for your state of origin), the notifications you switch on, and any personalised advertising; on our legitimate interests to keep the Service secure, prevent fraud and abuse, and produce aggregate analytics; and on legal obligation where we must act to comply with the law or to respond to a lawful request.
To understand which opportunities and content are useful, we keep aggregate counts of how often opportunities and news items are viewed, saved, and shared. As part of this, we group these counts into broad demographic categories — specifically by country and by age band (for example, “18–24”) — which are derived from the country and year of birth in user profiles.
Important points about this analytics:
It is aggregate only. We see totals and breakdowns (for example, “how many people in a country saved an opportunity”), never a list of who did what. The output does not identify you.
Small groups are hidden. To protect privacy, any group smaller than a minimum threshold (currently about 25 people) is suppressed and not shown, so individuals cannot be singled out.
Why we disclose it. Even though the results are aggregate and not identifying, these categories are derived from your profile information, so we disclose this use to you transparently in line with the NDPA.
Because this analytics is aggregate and not linked back to you, deleting your account does not retrospectively remove your past contribution to these totals; your individual record, however, is deleted as described in section 8.
We do not sell your personal information. We share it only with the trusted service providers that help us run the Service, and only as needed for them to perform their services for us. These providers are required to protect your information and use it only for the purposes we specify.
| Provider | What they handle for us | Information involved |
|---|---|---|
| Authentication, notifications & app infrastructure | Sign-in and authentication, push-notification delivery, hosting of admin images, app analytics, and crash reporting | Email, name, password (stored only in hashed form), device push token, app/usage and crash telemetry, IP-derived approximate location |
| Email delivery provider | Sending transactional emails (verification codes, password-reset codes, and support-related notifications) | Your email address, the one-time code, and, for support notifications, the sender name and a message snippet |
| Cloud hosting provider | Hosting our servers, database, and encrypted backups | All information stored by the Service (hosted on our behalf) |
| Advertising provider | Showing advertising (if enabled) | Where you permit it, a device advertising identifier, IP address, and device information |
We may also disclose your information where required to do so by law, to comply with a lawful request from a regulator or law-enforcement authority, to enforce our Terms of Service, or to protect the rights, safety, and property of Eduture, our users, or others. If our business is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to this Policy.
No payment data. The Service does not currently process payments and does not collect payment-card or bank information. If this changes, we will update this Policy and disclose the relevant payment processor before any such data is collected.
Some of our service providers store or process information outside Nigeria. In particular, our cloud hosting provider is located in the United Kingdom (London region), our email delivery provider processes information in its United States data centre, and our app infrastructure provider may process information in data-centre locations outside Nigeria. This means your information may be transferred to and processed in other countries whose data-protection laws may differ from Nigeria’s.
Where we transfer personal information outside Nigeria, we take steps to ensure it remains protected in accordance with the NDPA, including relying on adequacy decisions, appropriate contractual safeguards with our providers, or your consent, as applicable. For these providers we rely principally on data-processing agreements that contractually require them to protect your information to a standard consistent with the NDPA, and on the fact that the transfer is necessary to deliver the Service you have asked us to provide. We record the basis for each transfer, as the NDPA requires.
We keep your personal information only for as long as we need it for the purposes described in this Policy, and then delete or de-identify it. In particular:
Account and profile information — kept while your account is active, and deleted when you delete your account (see section 9).
One-time codes (OTPs) — kept only briefly: a code is removed once it has been used, and unused codes are cleared shortly after they are issued.
Server logs (including IP addresses) — retained for approximately 7 days, then automatically deleted.
Marketplace click data — kept while associated with your account; the identifying parts (IP address and device/browser type) are removed when your account is deleted.
Encrypted backups — we keep encrypted backups of our database for approximately 14 days, plus a small number of off-site encrypted copies. Because a backup is a snapshot taken at a point in time, information you delete is removed from live systems immediately but may persist in backups until those backups expire (within about 14 days). Backups are encrypted at rest and only ever decrypted if a restore is genuinely needed.
Aggregate analytics — because it does not identify you, aggregate view/save/share counts may be retained on an ongoing basis (see section 5).
Analytics and crash-reporting data is retained according to our providers’ settings: analytics event-level data is retained for the period configured in our analytics provider’s settings (currently the standard default of 2 months, which may be set up to a maximum of 14 months), and crash data is retained for our crash-reporting provider’s standard retention period.
You can delete your account at any time from within the app (in the account settings). When you request deletion:
Your account is scheduled for deletion and enters a 7-day grace period. We send you an email confirming this. During the grace period your data is retained so that you can change your mind — simply log back in within the 7 days to cancel the deletion.
If you do not cancel, after the grace period your account is permanently erased. This removes your sign-in record, your profile, your saved opportunities and checklists, your registered devices, your support messages, and your notification records.
Marketplace click records are de-identified (the identifying details are stripped) rather than deleted, so they survive only as anonymous statistics.
As explained in section 8, deletion is immediate on our live systems but may take up to about 14 days to propagate out of encrypted backups, and aggregate analytics that never identified you are not affected.
Some on-device data may remain stored locally on your phone after deletion; you can remove it by uninstalling the app.
Under the NDPA, and subject to its conditions and exceptions, you have the right to:
Access — ask what personal information we hold about you.
Correct — update or correct inaccurate information (you can edit most profile information directly in the app).
Delete — delete your account and personal information (see section 9).
Withdraw consent — withdraw any consent you gave, without affecting processing done before withdrawal.
Object or restrict — object to or ask us to restrict certain processing.
Portability — request a copy of certain information you provided, in a usable format, where applicable.
Lodge a complaint — complain to the Nigeria Data Protection Commission (NDPC) if you believe we have not handled your information properly.
To exercise any of these rights, contact us at privacy@eduture.com. We will respond within the timeframe required by the NDPA. We may need to verify your identity before acting on a request.
Eduture Go is designed for students, including secondary-school students who may be under the age of 18. Scholarships, conferences, and general features are available to younger students, while graduate jobs are restricted to users who are 18 years of age or older, except where applicable law permits a person aged 17 to take up specific employment. We use your year of birth to apply these age requirements.
Users under 18 (parental/guardian consent). If you are under 18, you should use Eduture Go only with the involvement and consent of a parent or legal guardian. Where we process the personal information of a user under 18, we require the consent of a parent or legal guardian in accordance with the NDPA, and we limit the information we collect from younger users to what is necessary to provide the Service. A parent or guardian may contact us at privacy@eduture.com to review, correct, or request deletion of their child’s information.
Under the NDPA, a child is anyone under the age of 18, and we require the consent of a parent or legal guardian before we process the personal data of a user we know to be under 18. We ask for your year of birth when you sign up, and we apply it before we collect other profile information, so that age rules take effect from the start. Where a user indicates they are under 18, we ask them to confirm that a parent or legal guardian has reviewed this Policy and agreed before they continue, and we take reasonable steps to prevent these age settings from being misused. We do not ask you to upload identity documents; this approach is proportionate to the low-risk, educational nature of the Service and to the technology available to us, as the NDPA allows.
We take reasonable and appropriate technical and organisational measures to protect your personal information, including: encrypted connections, hashing of passwords and one-time codes, access controls, encrypted database backups, and short retention of technical logs. No system can be guaranteed to be completely secure, but we work to protect your information and to address security risks promptly. You also have an important role in keeping your account safe: please choose a strong, unique password and keep your login details confidential.
You are responsible for the information and confirmations you give us. In particular, you agree that: (a) the information you provide is accurate, current, and complete, and you will keep it up to date; (b) you will provide only personal information that you are entitled to share, and will not submit another person’s personal information without their permission or the authority to do so; (c) you will keep your account credentials confidential and are responsible for activity that takes place under your account; and (d) where you indicate that a parent or legal guardian has reviewed this Policy and agreed, that confirmation is true and you are authorised to give it. We are entitled to rely on the information and confirmations you give us, and to the maximum extent permitted by law we are not responsible for any consequence arising from information that is inaccurate, incomplete, out of date, or provided without the necessary right, consent, or authority.
The Service works with, and may link to, services operated by others — for example, sign-in, hosting, email, and analytics providers, advertising networks, and the websites of the scholarship, internship, conference, and job opportunities we show you. Those third parties are responsible for their own handling of personal information, and their use of your information is governed by their own privacy policies, not this one. We do not control, and are not responsible for, the content, security, or privacy practices of any third-party service, and we encourage you to review their policies before providing information to them.
We take the protection of your information seriously and comply with our obligations under the NDPA. However, no electronic service, transmission, or storage can be guaranteed to be completely secure, and we do not warrant that the Service will be uninterrupted, error-free, or free from unauthorised access. To the maximum extent permitted by applicable law: (a) the Service and its security are provided on a reasonable-efforts basis as described in this Policy; (b) we are not liable for any indirect, incidental, special, or consequential loss, or for any loss arising from events beyond our reasonable control or from your own act or omission; and (c) nothing in this Policy excludes or limits any liability that cannot be excluded or limited under applicable law, including any rights you have under the NDPA. This section is to be read together with any limitation of liability in our Terms of Service.
This Policy forms part of, and should be read together with, our Terms of Service. It is governed by and construed in accordance with the laws of the Federal Republic of Nigeria, and you agree that the courts of Nigeria have jurisdiction over any matter arising from it. If any provision of this Policy is found to be invalid or unenforceable, that provision will be limited or removed to the minimum extent necessary and the remaining provisions will continue in full force and effect. Our failure to enforce any provision of this Policy is not a waiver of that or any other provision. This Policy does not create any rights beyond those provided under applicable data-protection law.
We may update this Policy from time to time to reflect changes to the Service or the law. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you within the app or by email. Your continued use of the Service after an update means you accept the updated Policy, except where your consent is required by law.
If you have any questions, concerns, or requests about this Policy or your personal information, please contact:
Eduture Technologies Limited
Company number: RC1100422
Email: privacy@eduture.com