Privacy Policy

Brigadely Technologies Limited ("Brigadely", "we", "us", "our") is committed to protecting your privacy and handling your personal data with transparency, integrity, and care. This Privacy Policy explains what data we collect, how we use it, and the rights you have over it when you use our website at www.brigadely.com or our HR and payroll platform (together, the "Services").

This policy was last updated on 28 April 2026. We encourage you to review it periodically. Continued use of our Services after any update constitutes your acceptance of the revised policy.

The data controller responsible for your personal data is:

Our Services are governed by applicable African data protection laws, including the Nigeria Data Protection Act (NDPA 2023), Kenya Data Protection Act 2019, South Africa's POPIA, and Ghana's Data Protection Act 2012, as well as the EU General Data Protection Regulation (GDPR) where applicable.

We collect personal data in the following categories depending on how you interact with us:

We use the data we collect for the following purposes:

• Service delivery: to operate, maintain, and improve our HR and payroll platform
• Contract performance: to process payroll, manage employee records, and fulfil obligations under your subscription
• Compliance & legal: to meet tax filing, statutory payroll, and regulatory reporting obligations in the jurisdictions you operate in
• Security: to detect fraud, unauthorised access, and protect the integrity of the platform
• Communications: to send product updates, billing notices, and support responses
• Marketing (with consent): to share relevant product news, guides, and offers — you may opt out at any time
• Analytics: to understand usage patterns and improve product features using anonymised, aggregated data

We process your personal data on one or more of the following legal bases:

• Contractual necessity: processing required to deliver the Services under your subscription agreement
• Legal obligation: processing required to comply with tax, employment, and data protection laws
• Legitimate interests: fraud prevention, platform security, and service improvement, balanced against your rights
• Consent: for marketing communications and optional analytics cookies, which you may withdraw at any time

We do not sell your personal data. We may share it with:

• Service providers: cloud infrastructure, payment processors, and analytics platforms operating under data processing agreements
• Banking and financial partners: for payroll disbursement, currency conversion, and statutory remittances
• Regulatory authorities: tax agencies, pension administrators, and government bodies where legally required
• Business transfers: in the event of a merger, acquisition, or asset sale, subject to confidentiality obligations
• Law enforcement: where required by court order, subpoena, or applicable law

Any third party with access to your data is contractually bound to process it only for specified purposes and in compliance with applicable data protection law.

As a platform serving teams across Africa and beyond, your data may be transferred to and processed in countries outside your home jurisdiction. Where such transfers occur, we ensure adequate protections are in place through:

• Standard Contractual Clauses (SCCs) approved by relevant data protection authorities
• Data Processing Agreements with all sub-processors
• Transfer impact assessments where required under applicable law

You may request a copy of the relevant safeguards by emailing privacy@brigadely.com.

We take the security of your data seriously. Our platform employs industry-standard safeguards including:

• AES-256 encryption at rest and TLS 1.3 in transit
• Role-based access controls and multi-factor authentication
• Regular penetration testing and vulnerability assessments
• SOC 2 and ISO 27001 aligned security practices
• Audit logs for all access to sensitive payroll and HR data

Despite these measures, no system is completely immune to risk. You are responsible for keeping your account credentials secure and notifying us immediately of any suspected breach at security@brigadely.com.

We keep your personal data only for as long as is reasonably necessary to serve the purposes for which it was originally collected, in line with applicable law. This includes meeting our legal and regulatory obligations, handling disputes, upholding our agreements, and conducting internal research to improve our Services.

When deciding how long to retain any given piece of data, we weigh up several factors: the volume and sensitivity of the data, the specific purposes driving its processing, and whether those purposes could reasonably be achieved with less data or over a shorter period. We will never hold data beyond what those purposes genuinely require.

Once a retention period expires, data is securely deleted or irreversibly anonymised. Where you close your account, we typically apply a minimum 7-year retention window for payroll and financial records to satisfy statutory audit and tax requirements — after which deletion is carried out automatically. You may request early deletion of data not subject to a legal hold by contacting privacy@brigadely.com.

We use cookies and similar tracking technologies to operate and improve our Services. These fall into the following categories:

• Strictly necessary: essential for authentication, security, and core platform function — always active
• Functional: remember your preferences and settings to personalise your experience
• Analytics: help us understand how users navigate the platform so we can improve it (requires consent)
• Marketing: used to measure the effectiveness of campaigns (requires consent)

You can manage your cookie preferences at any time through your browser settings or our cookie consent banner.

Depending on your jurisdiction, you may have the following rights over your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: ask us to correct inaccurate or incomplete data
• Erasure: request deletion of your data where no legal basis exists for its continued processing
• Restriction: ask us to pause processing while a dispute is resolved
• Portability: receive your data in a structured, machine-readable format
• Objection: object to processing based on legitimate interests or for direct marketing
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior lawful processing

To exercise any of these rights, email privacy@brigadely.com. We will respond within 30 days. You also have the right to lodge a complaint with the relevant data protection authority in your country.

Our website and platform may contain links to third-party websites and integrations. These services have their own privacy policies, and we are not responsible for their data practices. We encourage you to review the privacy policies of any third-party services you access through our platform.

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with their data, please contact us immediately so we can delete it.

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or data practices. We will notify you of material changes by email or through a notice on our platform at least 14 days before they take effect. The "last updated" date at the top of this page will always reflect the most recent revision.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to our Data Protection team:

We aim to respond to all privacy-related enquiries within 5 business days.