Legal
Privacy Policy
This policy explains what personal data we collect, how we use it, who we share it with, how long we keep it, and the rights you have. It applies to everyone who interacts with the website at shinasalako.com, takes the Founder Diagnostic, buys the book, registers for the workshop, applies for coaching, or otherwise engages with our Services.
1. Who is the data controller
Shina Salako (and any associated business entity), based in Lagos, Nigeria, is the data controller for personal data collected through the Services. You can reach the controller at hello@shinasalako.com.
2. What we collect, and when
When you take the diagnostic: your name, email address, and a one-line description of your business. We also store your answers to the 15 diagnostic questions and the calculated scores for each of the five Operating Systems.
When you register for the workshop: your name, email address, business name (optional), and payment information (handled by our payment processor — we do not store card details on our systems).
When you apply for coaching: your name, email address, business name, the programme you are interested in, and the free-text answer to "what are you trying to build?"
When you visit the website: standard server logs (IP address, browser type, pages visited, timestamps). If we have configured analytics (Google Analytics 4 or Plausible), we also collect aggregated usage data — but we do not use cross-site tracking cookies.
When you email us: the content of your email, your name, and your email address. We retain emails as part of our normal business record-keeping.
3. Why we collect it
- To deliver the Services you have requested (e.g., to send your diagnostic result, confirm your workshop seat, respond to your coaching application).
- To send you educational content you have consented to (the 5-day post-diagnostic email sequence, occasional newsletter editions).
- To run our business — invoicing, accounting, complying with Nigerian tax law.
- To improve our Services — for example, by understanding which Operating System is most often the weakest, so we can write more useful content.
- To respond to your questions and provide customer support.
4. The legal basis for processing
We process your personal data on one of the following legal bases (NDPR / GDPR equivalents):
- Consent — for example, when you submit the diagnostic form and consent to the follow-up emails. You can withdraw consent at any time.
- Contractual necessity — for example, when you have paid for the workshop or signed a coaching agreement and we need to process your data to deliver what you have paid for.
- Legitimate interest — for example, basic website analytics so we can understand how the site is being used and improve it. You can object to this processing at any time.
- Legal obligation — for example, retaining invoices and tax records for the period required by Nigerian tax law.
5. Who we share it with
We share personal data only with third parties who help us deliver the Services. These include:
- Payment processors (Paystack, Flutterwave, Stripe) — to process workshop fees and other payments.
- Email service providers (MailerLite, ConvertKit, or equivalent) — to deliver the diagnostic result, follow-up emails, and newsletter.
- Form submission processors (Netlify Forms, Tally) — to receive and route form submissions from the website.
- Hosting providers (Netlify, Vercel, or equivalent) — to host the website itself.
- Accountants and legal advisors — where required for business compliance.
We do not sell your personal data to anyone. We do not share it with advertisers. We do not send your data to data brokers.
6. International data transfers
Some of our service providers (e.g., email tools, hosting providers) are based outside Nigeria. When we transfer data internationally, we ensure they have adequate data protection in place, including under the NDPR and (where applicable) the GDPR.
7. How long we keep it
We keep personal data only as long as we need it for the purposes described above, or as required by Nigerian law:
- Diagnostic responses and email list: retained until you unsubscribe or request deletion.
- Workshop registrations: retained for 7 years from the workshop date, to satisfy Nigerian tax and accounting requirements.
- Coaching client records: retained for the duration of the engagement plus 7 years.
- General correspondence: retained for up to 3 years unless of specific business relevance.
8. Your rights
Under the NDPR (and the GDPR where applicable), you have the following rights:
- Right of access — to know what data we hold about you.
- Right of rectification — to correct inaccurate data.
- Right to erasure — to ask us to delete your data (subject to legal retention requirements).
- Right to restrict processing — to limit how we use your data.
- Right to object — particularly to direct marketing or processing based on legitimate interest.
- Right to data portability — to receive your data in a portable format.
- Right to withdraw consent — for processing based on consent.
To exercise any of these rights, email hello@shinasalako.com with "PRIVACY REQUEST" in the subject line. We respond to all such requests within 30 days.
9. Cookies
The website uses minimal cookies. Specifically:
- Essential cookies for things like form submission and remembering whether you have dismissed banners.
- Analytics cookies if we have configured Google Analytics or Plausible. These are aggregated and do not identify you personally.
We do not use advertising or tracking cookies. We do not allow third-party advertising networks to track you across the web from our website.
10. Security
We take reasonable measures to protect your personal data — including using reputable service providers, HTTPS-encrypted connections, and limiting internal access to data on a need-to-know basis. No system is perfectly secure, however, and you should keep your own credentials safe.
11. Children
The Services are not intended for anyone under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. Material changes will be notified by email to anyone on our list and by a notice on the website. The "Last updated" date at the top of this page will always reflect the current version.
13. Contact and complaints
For all privacy questions, email hello@shinasalako.com. If you believe we are not handling your personal data correctly, you can also complain to the Nigeria Data Protection Bureau (NDPB) at ndpb.gov.ng.