โ† Back to FloodSight ๐ŸŒŠ FloodSight Lagos

Privacy Policy

Effective date: 1 July 2026  ยท  Last updated: 1 July 2026  ยท  Applies to: FloodSight Lagos Flood Early Warning System

This policy explains how FloodSight collects, uses, and protects personal data in accordance with the Nigeria Data Protection Regulation 2019 (NDPR) and the Nigeria Data Protection Act 2023 (NDPA). We collect only what is necessary to deliver flood alert SMS messages and delete it after 12 months of inactivity.

1. Who We Are

Data Controller: Rankine Innovation Lab, operating FloodSight Lagos โ€” a flood early-warning system for Lagos State, Nigeria.

Contact: For all data privacy enquiries, write to ahadegok@asu.edu with the subject line "FloodSight Data Privacy".

2. Data We Collect

When you subscribe to flood alerts, we collect and store the following:

Data item Required? Purpose
Phone number (E.164 format) Yes Deliver flood alert SMS messages to you
Name No (optional) Personalise alert messages
Location (latitude / longitude) Yes Determine your local flood risk level and route alerts correctly
Area name No (optional) Include a human-readable location in your alert messages
Flood risk class Computed, not entered Determine when to send alerts for your specific location
Consent timestamp Recorded automatically Demonstrate NDPR-compliant consent for processing
Subscription date Recorded automatically Enforce 12-month retention policy

We do not collect: identity documents, financial information, device identifiers, IP addresses, or any special category data under the NDPR.

3. Legal Basis for Processing

We process your personal data on the basis of explicit consent (Section 2.2 of the NDPR). You provide this consent by ticking the consent checkbox on the subscription form. You may withdraw consent at any time (see Section 6 โ€” Your Rights).

4. How We Use Your Data

Your data is used exclusively to:

We do not use your data for marketing, profiling, research unrelated to flood alerting, or any automated decision-making that produces legal effects for you.

5. Data Processors (Third Parties)

We share your phone number with the following service providers solely to deliver SMS messages. They act as data processors on our behalf and are contractually required to protect your data:

Processor Role Data shared Location
Africa's Talking SMS delivery Phone number, alert message text Kenya (regional offices in Nigeria)
Supabase Database hosting All subscriber fields listed in Section 2 EU West (Ireland) โ€” encrypted at rest and in transit

No other third parties receive your personal data. We never sell subscriber data.

6. Your Rights Under the NDPR

You have the following rights regarding your personal data:

7. Data Retention

We retain your subscriber record for as long as your subscription is active. If your subscription has been inactive (no alerts sent) for 12 consecutive months, your record is automatically deactivated and marked for deletion. Full deletion occurs within 30 days of deactivation.

Alert log records (which track that a message was sent, without repeating your personal data) are retained for 24 months to support system audit and validation.

8. Security

All subscriber data is stored in an encrypted PostgreSQL database (Supabase, hosted in EU West / Ireland). Access is restricted to the FloodSight API using a service-role key with row-level security enabled. Your phone number and location are never exposed via any public API endpoint.

The only time your phone number leaves our database is when we instruct Africa's Talking to deliver an alert SMS โ€” and only the phone number and message text are transmitted, nothing else.

9. Children

This service is not directed at persons under 13 years of age. If you believe a child's data has been submitted without parental consent, please contact us for immediate deletion.

10. Changes to This Policy

If we change how we collect or use personal data, we will update this page and revise the "Last updated" date above. Existing subscribers will be notified by SMS of any material changes.

11. Contact

For any data protection question, access request, or erasure request, contact:
Rankine Innovation Lab โ€” FloodSight Data Privacy
Email: ahadegok@asu.edu
We aim to respond within 5 business days.