Xernu← Back to home

Legal

Privacy Policy

Last updated: 28 March 2026

1. Who we are

Xernu (“Xernu”, “we”, “us”, or “our”) is a technology company incorporated in Nigeria (FCT, Abuja). We build and operate software products including Calynote, ADHDmate, and Uno-SAP.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our websites and products, and what rights you have over that data.

If you have questions, contact us at hello@xernu.com.

2. Data we collect

We collect data in the following ways:

Data you give us directly

  • Name and email address when you create an account or fill in a contact form
  • Profile information such as an avatar or display name
  • Content you create within our products (notes, pages, workspace data)
  • Payment and billing information processed via our payment provider (Paystack); we do not store card details ourselves
  • Messages you send us via the contact form on xernu.com

Data collected automatically

  • IP address and general location (country/region)
  • Browser type, operating system, and device type
  • Pages visited, links clicked, and time spent on pages
  • Referral source (how you found us)

Data from third parties

  • If you sign in with Google OAuth, we receive your name, email address, and profile picture from Google

3. How we use your data

We use your data to:

  • Create and manage your account
  • Provide, operate, and improve our products
  • Process payments and manage subscriptions
  • Send transactional emails (account confirmations, workspace invites, receipts)
  • Respond to support requests and contact form submissions
  • Understand how our products are used so we can make them better
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Legal basis for processing

We process your data under the following legal bases:

  • Contract performance — to provide the services you have signed up for
  • Legitimate interests — to operate and improve our business, prevent fraud, and keep our services secure
  • Legal obligation — where we are required to retain or disclose data by law
  • Consent — where you have explicitly opted in, such as marketing communications

5. Data sharing

We share your data only with the following categories of third parties, and only as necessary:

  • Infrastructure providers — cloud hosting and database services used to run our products
  • Email delivery — Resend, used to send transactional emails
  • Payments — Paystack, used to process subscription payments
  • Authentication — Google OAuth 2.0, used for sign-in
  • File storage — S3-compatible object storage for uploaded files

All third-party processors are contractually required to handle your data securely and in accordance with applicable data protection law.

We may disclose your data if required to do so by law or in response to valid legal process (e.g. a court order).

6. Data retention

We retain your personal data for as long as your account is active or as necessary to provide our services. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or accounting purposes.

Contact form submissions are retained for up to 12 months.

7. Cookies

We use cookies and similar technologies for the following purposes:

  • Essential cookies — required for authentication and session management. These cannot be disabled.
  • Analytics cookies — used to understand how visitors use our site. We use privacy-respecting analytics that do not track you across other websites.

You can control non-essential cookies through your browser settings.

8. Your rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate or incomplete data
  • Erasure — ask us to delete your personal data (“right to be forgotten”)
  • Restriction — ask us to restrict processing of your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at hello@xernu.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

9. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include encrypted connections (HTTPS), hashed passwords, and access controls.

No method of transmission over the internet is completely secure. If you believe your data has been compromised, contact us immediately at hello@xernu.com.

10. Children

Our services are not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us so we can delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For significant changes, we will notify you by email or via an in-product notice.

Continued use of our services after changes take effect constitutes your acceptance of the updated policy.

12. Contact

For any privacy-related questions or requests:

Xernu
FCT, Abuja, Nigeria
hello@xernu.com