Privacy Policy

QadraHR ("QadraHR", "Kloudlot Hub", "we," "us," "our," or "Company") is a product and service line of Kloudlot Hub Ltd., which operates the QadraHR website and provides HR management software and services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

Nigeria Data Protection Focus: This Privacy Policy is designed to comply with the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act. We prioritize the privacy rights of all users, especially those in Nigeria, and implement stringent data protection measures in accordance with Nigerian and international standards.

For the purposes of NDPR and other applicable data-protection laws, Kloudlot Hub Ltd. is the data controller responsible for determining how and why your personal information is processed when you use QadraHR.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our services. If you have questions or concerns about our privacy practices, please contact us at privacy@qadrahr.com.

2.1 Information You Provide Directly

We collect information you voluntarily provide when you interact with our services, including:

• Account registration information (name, email, company name, phone number)
• Payment information (billing address, payment method)
• Employee data uploaded to our platform
• Communication preferences and support requests
• Information you provide through forms, surveys, or customer support

2.2 Automatically Collected Information

We automatically collect certain information about your device and how you interact with our services:

• Device information (type, operating system, browser type)
• IP address and location data
• Usage data (pages visited, features used, time spent)
• Cookies and similar tracking technologies
• Analytics data about your interactions with our services

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Payment processors and financial institutions
• Integration partners and service providers
• Analytics providers
• Social media platforms (if you connect your account)

We use the information we collect for various purposes, including:

• Providing, maintaining, and improving our services
• Processing transactions and sending related information
• Sending promotional communications (with your consent)
• Responding to your inquiries and providing customer support
• Conducting analytics and understanding usage patterns
• Detecting and preventing fraud or security issues
• Complying with legal obligations and enforcing our terms
• Personalizing your experience with our services
• Conducting research, surveys, or performance monitoring

4.1 Service Providers

We share information with third-party service providers who assist us in operating our website, conducting our business, and servicing you, provided they are contractually obligated to use this information only as necessary to provide services to us.

4.2 Business Transfers

If Qadra is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your information may be transferred as part of that transaction.

4.3 Legal Requirements

We may disclose your information when required by law or when we have a good-faith belief that such disclosure is necessary to:

• Comply with applicable laws, regulations, or legal processes
• Enforce our Terms of Service and other agreements
• Protect the security or integrity of our services
• Protect the rights, privacy, safety, or property of Qadra, users, or the public

4.4 Your Consent

We may disclose your information when you explicitly consent to such disclosure for specific purposes.

We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Secure authentication mechanisms and access controls
• Regular security audits and penetration testing
• Restricted access to personal information on a need-to-know basis
• Employee training and confidentiality agreements
• Incident response and breach notification procedures

While we implement strong security measures, no transmission over the Internet or storage system is 100% secure. We cannot guarantee the absolute security of your information.

6.1 Access & Portability

You have the right to access the personal information we maintain about you and, in some cases, to receive a portable copy of that information.

6.2 Correction & Deletion

You may request that we correct inaccurate information or delete your personal information, subject to certain legal exceptions.

6.3 Communication Preferences

You can control marketing communications by updating your preferences in your account settings or by following the unsubscribe instructions in our emails.

6.4 Cookies & Tracking

You can control cookies through your browser settings. Note that disabling cookies may limit your ability to use certain features of our services.

6.5 GDPR, CCPA, and Similar Rights

If you are located in the EU, California, or other jurisdictions with privacy laws, you may have additional rights including the right to object to processing, restrict processing, or withdraw consent.

We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The retention period may vary depending on the context of the processing and our legal obligations. When information is no longer needed, we delete or anonymize it securely.

8.1 Nigeria Data Protection Regulation (NDPR)

Qadra is committed to full compliance with the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act. As an organization, we prioritize the protection of personal data of Nigerian users and organizations.

8.2 Consent & Legal Basis

In accordance with NDPR requirements:

• We obtain explicit informed consent before processing personal data
• Consent is freely given, specific, informed, and unambiguous
• Users can withdraw consent at any time without penalty
• Processing has a lawful basis under NDPR requirements
• Legitimate interests are clearly communicated and balanced against user rights

8.3 Data Subject Rights (NDPR)

In accordance with NDPR, users have the following rights:

• Right to Access: You may request access to your personal data at any time
• Right to Rectification: You can request correction of inaccurate data
• Right to Erasure: You can request deletion of your data (right to be forgotten)
• Right to Restrict Processing: You can request limitation of data processing
• Right to Data Portability: You can receive your data in a structured, portable format
• Right to Object: You can object to processing for marketing or other purposes
• Right to Appeal: You have the right to lodge complaints with the Nigeria Data Protection Bureau (NDPB)

8.4 Data Localization

Qadra maintains secure data centers within Nigeria and the African region to ensure compliance with NDPR data residency requirements. Personal data of Nigerian users is primarily stored within Nigeria or other ECOWAS member states, with appropriate safeguards in place.

8.5 Data Processing Agreement (DPA)

For organizations processing employee data, Qadra provides a comprehensive Data Processing Agreement that complies with NDPR requirements. Our DPA outlines:

• Processing instructions and purposes
• Data security and protection measures
• Sub-processor engagement procedures
• Assistance with data subject rights requests
• Data breach notification procedures
• Return or deletion of data upon contract termination

8.6 Data Breach Notification

In the event of a data breach involving Nigerian personal data, Qadra will:

• Notify the Nigeria Data Protection Bureau (NDPB) without undue delay
• Notify affected data subjects within 72 hours of discovering the breach
• Provide details of the breach, impact, and remediation measures
• Maintain breach records for regulatory purposes

8.7 Data Protection Officer (DPO)

Qadra has appointed a Data Protection Officer (DPO) to oversee NDPR compliance and serve as the point of contact for data protection matters. Users and organizations can contact our DPO at dpo@qadrahr.com for any NDPR-related inquiries.

Your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States. These countries may not have the same data protection laws as your home country. When we transfer information internationally, we implement appropriate safeguards, including standard contractual clauses, adequacy decisions, or your consent.

Our services are not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete such information and terminate the child's account. If you believe we have collected information from a child under 13, please contact us at privacy@qadrahr.com.

Our services may contain links to third-party websites and services that are not operated by Qadra. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services before providing your information.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated Privacy Policy on our website and updating the "Last Updated" date. Your continued use of our services after such notification constitutes your acceptance of the updated Privacy Policy.

We identify a lawful basis for every processing activity we perform. The table below summarizes the most common scenarios:

Qadra does not make fully automated decisions that have legal or similarly significant effects on individuals.

• Automated workflows (e.g., reminders, approvals) always route to a human decision maker.
• AI-assisted insights are advisory and never directly alter employee records without confirmation.
• Users may contest any automated recommendation by emailing privacy@qadrahr.com for manual review.

If we introduce automated decisioning in the future, we will update this Privacy Policy, provide clear opt-out controls, and document the logic, significance, and consequences per NDPR requirements.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact Kloudlot Hub Ltd. (QadraHR) at: