Privacy Policy

1. Who We Are

TRIBUS GLOBAL LTD (RC 9204949) operates LeadsBox, a customer relationship management (CRM) platform that helps Nigerian businesses manage customer communications across WhatsApp, Instagram, and Telegram.

Registered Address:

Road 21, Block 19, Plot 2X
Federal Housing Estate, Woji
Port Harcourt, Rivers State, Nigeria

Contact:

Email: privacy@leadsboxapp.com
Phone: +234 813 818 5331

2. What Data We Collect

When businesses use LeadsBox, we collect:

Customer Messages:

WhatsApp conversations sent to business phone numbers
Instagram Direct Messages sent to business accounts
Telegram messages
Message timestamps and read status

Business Information:

Company name and contact details
User account information (email, password hash)
WhatsApp Business Account details
Instagram account details

Usage Data:

Login timestamps and IP addresses
Feature usage analytics
Device and browser information

3. How We Use Your Data

We use your data to:

Display customer messages in your CRM inbox
Enable you to reply to customers from LeadsBox
Generate AI-powered insights and invoice suggestions
Process payments via Paystack
Provide analytics and usage reports
Improve our service and fix bugs
Send important service notifications

4. Data Sharing

WE DO NOT SELL YOUR DATA.

We share data only with these trusted third parties:

OpenAI (USA)

Purpose: AI analysis of messages to detect sales opportunities

Data Shared: Message content (anonymized, no phone numbers or names)

Protection: Encrypted API calls, no data storage by OpenAI

Paystack (Nigeria)

Purpose: Process customer payments

Data Shared: Payment amounts, customer email addresses

Protection: PCI-DSS compliant, encrypted transactions

Meta/Facebook (USA)

Purpose: WhatsApp and Instagram messaging functionality

Data Shared: Messages to/from connected business accounts only

Protection: Official WhatsApp Business API, OAuth 2.0

Cloud Infrastructure (Render.com, AWS)

Purpose: Application hosting and data storage

Data Shared: All application data

Protection: Encryption at rest and in transit, ISO 27001 certified

All third-party providers are bound by strict data protection agreements.

5. Data Security

We protect your data with:

Encryption in transit: All data sent over HTTPS/TLS 1.3
Encryption at rest: Database encryption using AES-256
Access controls: Secure authentication with JWT tokens
Regular security audits: Quarterly vulnerability scans
Secure infrastructure: SOC 2 certified hosting providers
Backup protection: Encrypted backups, 30-day retention

6. Your Rights (GDPR & NDPR Compliance)

Under Nigerian Data Protection Regulation (NDPR) and GDPR, you have the right to:

Access

Export all your data in CSV/JSON format (available in Settings)

Delete

Request account deletion (all data deleted within 30 days)

Update

Modify your information at any time

Withdraw Consent

Disconnect channels or delete account

Data Portability

Download your data to use with other services

Object

Opt-out of marketing communications

To exercise these rights, contact: privacy@leadsboxapp.com

7. Data Retention

Active Accounts: Data retained while your account is active
Deleted Accounts: All data permanently deleted within 30 days
Backups: Retained for 90 days for disaster recovery only
Logs: System logs retained for 30 days for security purposes

8. WhatsApp & Instagram Data

Important:

We only access messages sent TO or FROM WhatsApp Business numbers and Instagram accounts that you explicitly connect to LeadsBox via OAuth authorization.

We do NOT access:

Personal WhatsApp conversations
Messages not sent to your business numbers
Instagram accounts you haven't connected
Any data without your explicit consent

9. AI Data Processing

Infrastructure Disclosure

Leadsbox processes data using Google Cloud Infrastructure and utilises GPT-4 / Gemini APIs for AI inference, intent extraction, and automated invoice generation.

How AI Processes Your Data:

Semantic Intent Extraction: Incoming messages are embedded into high-dimensional vectors using OpenAI / Google embedding models hosted on Google Cloud. These embeddings are used solely to detect sales intent and are not stored permanently beyond the active session.
Invoice Generation: Message content is passed to a large language model (GPT-4 or Gemini) to generate itemised invoices. Only the text content of relevant messages is processed; no personally identifiable information (PII) such as phone numbers or names is included in the AI prompt without explicit anonymisation.
Multilingual Processing: Our LLM layer processes messages in Nigerian English, Pidgin, and other local languages to ensure accurate lead qualification.

Training Data Commitment:

YOUR DATA IS NOT USED TO TRAIN BASE MODELS.

Customer conversation data processed via GPT-4 or Gemini APIs is subject to the respective providers' enterprise API terms, which explicitly prohibit using API inputs/outputs for training or improving base foundation models without your consent. Leadsbox will never grant such consent on your behalf.

Google Cloud Infrastructure:

All AI inference runs on Google Cloud's SOC 2 / ISO 27001 certified infrastructure
Data processing occurs within compliant regions with encryption at rest (AES-256) and in transit (TLS 1.3)
Redis-backed real-time processing uses isolated tenant namespaces to prevent data leakage between accounts

10. Children's Privacy

LeadsBox is a business tool not intended for individuals under 18 years of age. We do not knowingly collect data from children.

11. International Data Transfers

Your data may be transferred to and processed in countries outside Nigeria (USA for OpenAI, Google Cloud infrastructure). We ensure adequate protection through:

Standard Contractual Clauses (SCCs)
Privacy Shield frameworks
Encryption and security measures

11. Cookies

We use essential cookies for:

Authentication (keeping you logged in)
Security (CSRF protection)
Preferences (language, theme)

You can disable cookies in your browser, but this may affect functionality.

12. Changes to This Policy

We may update this privacy policy. Material changes will be notified via:

Email to your registered address
In-app notification
Notice on this page

Current Version: February 2, 2026

13. Complaints

If you have privacy concerns, contact us first: privacy@leadsboxapp.com

If unresolved, you may file a complaint with:

Nigeria Data Protection Commission (NDPC)

Email: info@ndpb.gov.ng

Website: https://ndpb.gov.ng

14. Contact Us

TRIBUS GLOBAL LTD

Road 21, Block 19, Plot 2X
Federal Housing Estate, Woji
Port Harcourt, Rivers State, Nigeria

Privacy Inquiries: privacy@leadsboxapp.com
General Support: support@leadsboxapp.com
Phone: +234 813 818 5331

← Back to Register Back to Home →

1. Who We Are

Registered Address:

Road 21, Block 19, Plot 2X
Federal Housing Estate, Woji
Port Harcourt, Rivers State, Nigeria

Contact:

Email: privacy@leadsboxapp.com
Phone: +234 813 818 5331

2. What Data We Collect

When businesses use LeadsBox, we collect:

Customer Messages:

WhatsApp conversations sent to business phone numbers
Instagram Direct Messages sent to business accounts
Telegram messages
Message timestamps and read status

Business Information:

Company name and contact details
User account information (email, password hash)
WhatsApp Business Account details
Instagram account details

Usage Data:

Login timestamps and IP addresses
Feature usage analytics
Device and browser information

3. How We Use Your Data

We use your data to:

Display customer messages in your CRM inbox
Enable you to reply to customers from LeadsBox
Generate AI-powered insights and invoice suggestions
Process payments via Paystack
Provide analytics and usage reports
Improve our service and fix bugs
Send important service notifications

4. Data Sharing

WE DO NOT SELL YOUR DATA.

We share data only with these trusted third parties:

OpenAI (USA)

Purpose: AI analysis of messages to detect sales opportunities

Data Shared: Message content (anonymized, no phone numbers or names)

Protection: Encrypted API calls, no data storage by OpenAI

Paystack (Nigeria)

Purpose: Process customer payments

Data Shared: Payment amounts, customer email addresses

Protection: PCI-DSS compliant, encrypted transactions

Meta/Facebook (USA)

Purpose: WhatsApp and Instagram messaging functionality

Data Shared: Messages to/from connected business accounts only

Protection: Official WhatsApp Business API, OAuth 2.0

Cloud Infrastructure (Render.com, AWS)

Purpose: Application hosting and data storage

Data Shared: All application data

Protection: Encryption at rest and in transit, ISO 27001 certified

All third-party providers are bound by strict data protection agreements.

5. Data Security

We protect your data with:

Encryption in transit: All data sent over HTTPS/TLS 1.3
Encryption at rest: Database encryption using AES-256
Access controls: Secure authentication with JWT tokens
Regular security audits: Quarterly vulnerability scans
Secure infrastructure: SOC 2 certified hosting providers
Backup protection: Encrypted backups, 30-day retention

6. Your Rights (GDPR & NDPR Compliance)

Under Nigerian Data Protection Regulation (NDPR) and GDPR, you have the right to:

Access

Export all your data in CSV/JSON format (available in Settings)

Delete

Request account deletion (all data deleted within 30 days)

Update

Modify your information at any time

Withdraw Consent

Disconnect channels or delete account

Data Portability

Download your data to use with other services

Object

Opt-out of marketing communications

To exercise these rights, contact: privacy@leadsboxapp.com

7. Data Retention

Active Accounts: Data retained while your account is active
Deleted Accounts: All data permanently deleted within 30 days
Backups: Retained for 90 days for disaster recovery only
Logs: System logs retained for 30 days for security purposes

8. WhatsApp & Instagram Data

Important:

We only access messages sent TO or FROM WhatsApp Business numbers and Instagram accounts that you explicitly connect to LeadsBox via OAuth authorization.

We do NOT access:

Personal WhatsApp conversations
Messages not sent to your business numbers
Instagram accounts you haven't connected
Any data without your explicit consent

9. AI Data Processing

Infrastructure Disclosure

Leadsbox processes data using Google Cloud Infrastructure and utilises GPT-4 / Gemini APIs for AI inference, intent extraction, and automated invoice generation.

How AI Processes Your Data:

Semantic Intent Extraction: Incoming messages are embedded into high-dimensional vectors using OpenAI / Google embedding models hosted on Google Cloud. These embeddings are used solely to detect sales intent and are not stored permanently beyond the active session.
Invoice Generation: Message content is passed to a large language model (GPT-4 or Gemini) to generate itemised invoices. Only the text content of relevant messages is processed; no personally identifiable information (PII) such as phone numbers or names is included in the AI prompt without explicit anonymisation.
Multilingual Processing: Our LLM layer processes messages in Nigerian English, Pidgin, and other local languages to ensure accurate lead qualification.

Training Data Commitment:

YOUR DATA IS NOT USED TO TRAIN BASE MODELS.

Google Cloud Infrastructure:

All AI inference runs on Google Cloud's SOC 2 / ISO 27001 certified infrastructure
Data processing occurs within compliant regions with encryption at rest (AES-256) and in transit (TLS 1.3)
Redis-backed real-time processing uses isolated tenant namespaces to prevent data leakage between accounts

10. Children's Privacy

LeadsBox is a business tool not intended for individuals under 18 years of age. We do not knowingly collect data from children.

11. International Data Transfers

Your data may be transferred to and processed in countries outside Nigeria (USA for OpenAI, Google Cloud infrastructure). We ensure adequate protection through:

Standard Contractual Clauses (SCCs)
Privacy Shield frameworks
Encryption and security measures

11. Cookies

We use essential cookies for:

Authentication (keeping you logged in)
Security (CSRF protection)
Preferences (language, theme)

You can disable cookies in your browser, but this may affect functionality.

12. Changes to This Policy

We may update this privacy policy. Material changes will be notified via:

Email to your registered address
In-app notification
Notice on this page

Current Version: February 2, 2026

13. Complaints

If you have privacy concerns, contact us first: privacy@leadsboxapp.com

If unresolved, you may file a complaint with:

Nigeria Data Protection Commission (NDPC)

Email: info@ndpb.gov.ng

Website: https://ndpb.gov.ng

14. Contact Us

TRIBUS GLOBAL LTD

Road 21, Block 19, Plot 2X
Federal Housing Estate, Woji
Port Harcourt, Rivers State, Nigeria

Privacy Inquiries: privacy@leadsboxapp.com
General Support: support@leadsboxapp.com
Phone: +234 813 818 5331

← Back to Register Back to Home →