Ahavaplan Limited (RC No. 7080935) and Ahavaplan Inc. ("Ahavaplan," "we," "our," or "us") respect your privacy and are committed to protecting the personal information of planners, businesses, clients, visitors, and users who access or use our platform and related services.

This Privacy Policy explains how we collect, use, disclose, process, and protect personal information when you access or use Ahavaplan's websites, applications, integrations, software, communication tools, and related services (collectively, the "Services"). By accessing or using the Services, you agree to the practices described in this Privacy Policy.

1. About Ahavaplan

Ahavaplan is an event planning and business management platform designed for planners, event professionals, event businesses, and enterprise event teams. The platform is operated by:

• Ahavaplan Limited, a company registered in Nigeria (RC No. 7080935); and
• Ahavaplan Inc., a Delaware corporation headquartered in Dallas, Texas, United States.

Together, these entities operate the Ahavaplan platform and related services across Nigeria, other African markets, and internationally. Ahavaplan provides tools including:

• Event management
• CRM and client intake
• Timeline and checklist management
• Budget tracking
• Payment milestone tracking
• Client collaboration portals
• AI-assisted planning tools (AhavaAssist)
• WhatsApp and email communication features
• Reporting and analytics
• File and document storage

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when creating an account, using the platform, contacting support, subscribing to services, or interacting with our Services.

Account & Business Information may include full name, business name, email address, phone number, password, profile photo, business profile details, social media handles, and event specialization information.

Event & Client Information — users may upload or manage information relating to events and clients, including event names and dates, guest counts, budgets, timelines, checklists, notes, client contact information, payment milestones, and uploaded files and documents.

Communications & Support — we may collect information when you contact customer support, submit feature requests, send feedback, connect WhatsApp Business, or send emails through the platform.

2.2 Automatically Collected Information

When you use the Services, we may automatically collect certain technical and usage-related information, including IP address, browser type, device type, operating system, session activity, login timestamps, feature usage data, crash reports, and diagnostic and performance information.

This information helps us maintain platform performance, improve functionality, enhance security, and understand user behavior.

2.3 Information From Third Parties

We may receive information from third-party providers and partners, including Stripe, Paystack, WhatsApp Business providers, OpenAI or other AI infrastructure providers, analytics providers, cloud hosting providers, and authentication and security vendors. Third-party services may process information according to their own privacy policies and terms.

3. How We Use Information

We may use collected information to:

• Provide and operate the Services
• Create and manage user accounts
• Enable planner-client collaboration
• Deliver notifications and reminders
• Process subscriptions and billing
• Provide customer support
• Improve platform functionality and features
• Monitor system performance and security
• Prevent fraud, abuse, or unauthorized activity
• Comply with legal obligations
• Develop new products and services
• Conduct analytics and research
• Communicate updates, service notices, and announcements

We may also use aggregated or anonymized data for analytics, reporting, and operational purposes.

4. Legal Basis for Processing

Ahavaplan processes personal information in compliance with applicable data protection laws, including Nigeria's Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA), and where applicable, international data protection frameworks. We rely on the following legal bases:

• Contract performance: Processing necessary to provide the Services you have signed up for, including account management, subscription billing, and platform functionality.
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving the platform, preventing fraud, maintaining security, and conducting analytics, where these interests are not overridden by your rights.
• Consent: Where you have given explicit consent for specific processing activities, such as receiving marketing communications. You may withdraw consent at any time.
• Legal obligation: Processing required to comply with applicable laws, regulations, or lawful requests from public authorities.

5. AI Features

Ahavaplan may provide AI-assisted tools and functionality through AhavaAssist, including event checklist generation, timeline generation, budget suggestions, planning recommendations, event summaries, and template generation.

AI-generated outputs are automatically produced and may not always be accurate, complete, or appropriate for every situation. Users are responsible for reviewing all AI-generated content before relying on or implementing it.

Certain AI-related requests may be processed through third-party providers such as OpenAI or Anthropic. Ahavaplan does not use private customer event data to train public AI models.

6. Client Data Processed by Planners

Planners and businesses using Ahavaplan may upload or manage personal information relating to their clients. In these situations:

• The planner or business acts as the data controller responsible for the information they upload or manage
• Ahavaplan acts as a service provider or data processor supporting the platform functionality

Users are responsible for ensuring they have appropriate rights, permissions, and legal bases to process client information through the platform, including compliance with the NDPR, NDPA, and any other applicable data protection laws.

7. WhatsApp, Email & Communication Features

Users may connect third-party communication services including WhatsApp Business and email services. Through these integrations, Ahavaplan may send reminders, deliver notifications, share portal links, send event updates, deliver payment reminders, and maintain communication logs.

Replies to WhatsApp messages may occur outside the Ahavaplan platform through the planner's own WhatsApp account. Ahavaplan is not responsible for data handled outside the platform through third-party applications or accounts. Users are responsible for ensuring compliance with applicable communication, marketing, and messaging laws. Message delivery may depend on third-party providers and network availability.

8. Payment & Billing Information

Ahavaplan does not directly process payment card information. Subscription billing and payment processing are handled through third-party providers including Stripe and Paystack. We may receive limited billing-related information such as payment status, subscription plan, invoice history, and transaction identifiers.

Sensitive payment information is processed directly by the payment providers and is subject to their own security standards and privacy policies. Ahavaplan's internal payment milestone tools (AhavaPay) are for tracking purposes only and do not process or store customer payment card data.

9. Files, Documents & Storage

Users may upload and store files within the platform, including PDFs, images, contracts, spreadsheets, event documents, receipts, and planning materials. Uploaded content may be stored using secure third-party cloud infrastructure providers.

Users are solely responsible for the legality of uploaded content, maintaining rights to uploaded materials, and ensuring content does not violate laws or third-party rights.

10. Cookies, Analytics & Tracking Technologies

We may use cookies and similar technologies including session cookies, analytics tools, performance monitoring tools, and other tracking technologies to understand user behavior, improve platform functionality, maintain security, personalize user experiences, and analyze trends.

Where required by applicable law, including the NDPR, we will obtain your consent before placing non-essential cookies. Users may manage cookie preferences through browser settings or any consent mechanism we provide. Disabling certain cookies may affect platform functionality.

11. Data Sharing & Disclosures

We may share information:

• With vendors and service providers who support our operations
• To comply with legal obligations or respond to lawful requests
• To protect platform security or investigate fraud or abuse
• During mergers, acquisitions, restructurings, or asset sales
• With professional advisors and auditors where necessary

We do not sell personal information to third parties.

12. Data Retention

We retain personal information only for as long as necessary to provide the Services, fulfill contractual obligations, comply with legal requirements, resolve disputes, and enforce our agreements. As a general guide:

• Active account data is retained for the duration of your account and a reasonable period after closure (typically up to 2 years) to allow for dispute resolution and reactivation
• Billing and transaction records may be retained for up to 7 years to comply with applicable tax and financial laws
• Support communications may be retained for up to 3 years
• Aggregated and anonymized data may be retained indefinitely for analytics and reporting purposes

Deleted or deactivated accounts may retain limited archived or backup data for compliance, legal, or security purposes.

13. Security

We implement administrative, technical, and organizational safeguards designed to protect personal information, including encrypted communications, access controls, authentication protections, secure cloud infrastructure, and monitoring and logging systems.

However, no electronic transmission or storage system can be guaranteed to be completely secure. Users are responsible for maintaining the confidentiality of their login credentials and account access.

14. International Data Transfers

Ahavaplan operates internationally. Information may be processed or stored by Ahavaplan Limited (Nigeria), Ahavaplan Inc. (United States), and authorized service providers in other jurisdictions.

Where personal information is transferred outside Nigeria, we take steps to ensure such transfers comply with the NDPR and NDPA, including by relying on appropriate safeguards or legal mechanisms permitted under applicable law. By using the Services, users acknowledge and consent to international data transfers where legally permitted.

15. Your Privacy Rights

Depending on your location and applicable law, you may have rights to:

• Access personal information we hold about you
• Correct inaccurate or incomplete information
• Request deletion of your personal information
• Object to certain processing activities
• Request data portability
• Withdraw consent where processing is based on consent

Users in Nigeria have specific rights under the Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA), including the right to be informed, the right of access, the right to rectification, the right to erasure, and the right to object to processing.

Requests relating to your personal information may be submitted to our Data Privacy Contact: privacy@ahavaplan.com. We may request verification of identity before processing certain requests and will respond within the timeframes required by applicable law.

16. Data Protection Officer

In compliance with the Nigeria Data Protection Act (NDPA) and NDPR, Ahavaplan Limited has designated a Data Protection Officer (DPO) responsible for overseeing data protection practices and ensuring compliance with applicable data protection laws.

You may contact our DPO at privacy@ahavaplan.com (Website: ahavaplan.com).

17. Children's Privacy

The Services are not intended for children. We do not knowingly collect personal information from individuals under the age of 16 (or under the minimum age required by applicable law in your jurisdiction).

If we become aware that personal information has been collected from a child without appropriate authorization, we will take reasonable steps to delete such information promptly.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updated versions will be posted on this page with a revised "Last Updated" date.

For material changes, we will make reasonable efforts to notify users via email or in-app notification before the changes take effect. Continued use of the Services after updates become effective constitutes acceptance of the revised Privacy Policy.

19. Contact Us

For general inquiries or privacy-related requests:

Ahavaplan Limited — Nigeria · Email: support@ahavaplan.com · Website: ahavaplan.com

Ahavaplan Inc. — Dallas, Texas, United States · Email: support@ahavaplan.com · Website: ahavaplan.com