Privacy Policy

1. Who We Are

TRIBUS GLOBAL LTD (RC 9204949) operates LeadsBox, a customer relationship management (CRM) platform that helps Nigerian businesses manage customer communications via Instagram.

Registered Address:

Road 21, Block 19, Plot 2X
Federal Housing Estate, Woji
Port Harcourt, Rivers State, Nigeria

Contact:

Email: support@leadsboxapp.com
Phone: +234 813 818 5331

2. What Data We Collect

When businesses use LeadsBox, we collect:

Customer Messages:

Instagram Direct Messages sent to business accounts
Message timestamps and read status

Business Information:

Company name and contact details
User account information (email, password hash)
Instagram account details

Usage Data:

Login timestamps and IP addresses
Feature usage analytics
Device and browser information

3. How We Use Your Data

We use your data to:

Display customer messages in your CRM inbox
Enable you to reply to customers from LeadsBox
Generate AI-powered insights and invoice suggestions
Process payments via Paystack
Provide analytics and usage reports
Improve our service and fix bugs
Send important service notifications

4. Data Sharing

WE DO NOT SELL YOUR DATA.

We share data only with these trusted third parties:

OpenAI (USA)

Purpose: AI analysis of messages to detect sales opportunities

Data Shared: Message content (anonymized, no phone numbers or names)

Protection: Encrypted API calls, no data storage by OpenAI

Paystack (Nigeria)

Purpose: Process customer payments

Data Shared: Payment amounts, customer email addresses

Protection: PCI-DSS compliant, encrypted transactions

Meta/Facebook (USA)

Purpose: Instagram messaging functionality

Data Shared: Messages to/from connected business accounts only

Protection: Official Instagram API, OAuth 2.0

Cloud Infrastructure (Render.com, AWS)

Purpose: Application hosting and data storage

Data Shared: All application data

Protection: Encryption at rest and in transit, ISO 27001 certified

All third-party providers are bound by strict data protection agreements.

5. Data Security

We protect your data with:

Encryption in transit: All data sent over HTTPS/TLS 1.3
Encryption at rest: Database encryption using AES-256
Access controls: Secure authentication with JWT tokens
Regular security audits: Quarterly vulnerability scans
Secure infrastructure: SOC 2 certified hosting providers
Backup protection: Encrypted backups, 30-day retention

6. Your Rights (GDPR & NDPR Compliance)

Under Nigerian Data Protection Regulation (NDPR) and GDPR, you have the right to:

Access

Export all your data in CSV/JSON format (available in Settings)

Delete

Request account deletion (all data deleted within 30 days)

Update

Modify your information at any time

Withdraw Consent

Disconnect channels or delete account

Data Portability

Download your data to use with other services

Object

Opt-out of marketing communications

To exercise these rights, contact: support@leadsboxapp.com

7. Data Retention

Active Accounts: Data retained while your account is active
Deleted Accounts: All data permanently deleted within 30 days
Backups: Retained for 90 days for disaster recovery only
Logs: System logs retained for 30 days for security purposes

8. Instagram Data

Important:

We only access messages sent to or from Instagram accounts that you explicitly connect to LeadsBox via OAuth authorization. You remain in full control — you can disconnect your account at any time from the Settings page.

Permissions We Request & Why

instagram_business_basic — Read your Instagram Business account profile (username, account ID) so LeadsBox can identify which account is connected and display it in your dashboard.
instagram_business_manage_messages — Read and send Direct Messages on your connected Instagram Business account. This is the core permission that lets LeadsBox automatically read incoming DMs, detect sales conversations, and track revenue.
pages_show_list — List the Facebook Pages linked to your Instagram Business account. Required to let you choose which specific Instagram account to connect when you have more than one page.
pages_read_engagement — Read basic engagement data on your connected Facebook Page. Used to verify the page connection is active and healthy.

What Data We Access

Direct Messages (DMs) sent to your connected Instagram Business account
Sender profile identifiers (Instagram user ID, username when available)
Message timestamps and read receipts
Your connected Instagram account username and page name

What We Do NOT Access

Messages not sent to your connected Instagram account
Instagram accounts you haven't explicitly connected
Your followers, following, or post content
Private account information beyond what is needed for messaging
Any data without your explicit OAuth consent

Data Retention

Instagram message data is stored for as long as your account is active. When you disconnect your Instagram account or delete your LeadsBox account, all associated Instagram data (messages, contacts, conversation history) is permanently deleted within 30 days.

Data Deletion

You can disconnect your Instagram account at any time via Settings → Integrations → Instagram → Disconnect. This immediately revokes LeadsBox's access to your account.

To request permanent deletion of all your Instagram data, email us at support@leadsboxapp.com with the subject line "Instagram Data Deletion Request". We will process your request and confirm deletion within 30 days.

Automated deletion: LeadsBox operates a Meta-verified data deletion callback at POST /api/webhooks/facebook-deletion. When Meta receives a user data deletion request through Facebook or Instagram settings, it automatically notifies LeadsBox and we delete all associated data immediately.

9. AI Data Processing

Infrastructure Disclosure

Leadsbox processes data using Google Cloud Infrastructure and utilises GPT-4 / Gemini APIs for AI inference, intent extraction, and automated invoice generation.

How AI Processes Your Data:

Semantic Intent Extraction: Incoming messages are embedded into high-dimensional vectors using OpenAI / Google embedding models hosted on Google Cloud. These embeddings are used solely to detect sales intent and are not stored permanently beyond the active session.
Invoice Generation: Message content is passed to a large language model (GPT-4 or Gemini) to generate itemised invoices. Only the text content of relevant messages is processed; no personally identifiable information (PII) such as phone numbers or names is included in the AI prompt without explicit anonymisation.
Multilingual Processing: Our LLM layer processes messages in Nigerian English, Pidgin, and other local languages to ensure accurate lead qualification.

Training Data Commitment:

YOUR DATA IS NOT USED TO TRAIN BASE MODELS.

Customer conversation data processed via GPT-4 or Gemini APIs is subject to the respective providers' enterprise API terms, which explicitly prohibit using API inputs/outputs for training or improving base foundation models without your consent. Leadsbox will never grant such consent on your behalf.

Google Cloud Infrastructure:

All AI inference runs on Google Cloud's SOC 2 / ISO 27001 certified infrastructure
Data processing occurs within compliant regions with encryption at rest (AES-256) and in transit (TLS 1.3)
Redis-backed real-time processing uses isolated tenant namespaces to prevent data leakage between accounts

10. Children's Privacy

LeadsBox is a business tool not intended for individuals under 18 years of age. We do not knowingly collect data from children.

11. International Data Transfers

Your data may be transferred to and processed in countries outside Nigeria (USA for OpenAI, Google Cloud infrastructure). We ensure adequate protection through:

Standard Contractual Clauses (SCCs)
Privacy Shield frameworks
Encryption and security measures

11. Cookies

We use essential cookies for:

Authentication (keeping you logged in)
Security (CSRF protection)
Preferences (language, theme)

You can disable cookies in your browser, but this may affect functionality.

12. Changes to This Policy

We may update this privacy policy. Material changes will be notified via:

Email to your registered address
In-app notification
Notice on this page

Current Version: February 2, 2026

13. Complaints

If you have privacy concerns, contact us first: support@leadsboxapp.com

If unresolved, you may file a complaint with:

Nigeria Data Protection Commission (NDPC)

Email: info@ndpb.gov.ng

Website: https://ndpb.gov.ng

14. Contact Us

TRIBUS GLOBAL LTD

Road 21, Block 19, Plot 2X
Federal Housing Estate, Woji
Port Harcourt, Rivers State, Nigeria

Privacy Inquiries: support@leadsboxapp.com
General Support: support@leadsboxapp.com
Phone: +234 813 818 5331

← Back to Register Back to Home →

1. Who We Are

TRIBUS GLOBAL LTD (RC 9204949) operates LeadsBox, a customer relationship management (CRM) platform that helps Nigerian businesses manage customer communications via Instagram.

Registered Address:

Road 21, Block 19, Plot 2X
Federal Housing Estate, Woji
Port Harcourt, Rivers State, Nigeria

Contact:

Email: support@leadsboxapp.com
Phone: +234 813 818 5331

2. What Data We Collect

When businesses use LeadsBox, we collect:

Customer Messages:

Instagram Direct Messages sent to business accounts
Message timestamps and read status

Business Information:

Company name and contact details
User account information (email, password hash)
Instagram account details

Usage Data:

Login timestamps and IP addresses
Feature usage analytics
Device and browser information

3. How We Use Your Data

We use your data to:

Display customer messages in your CRM inbox
Enable you to reply to customers from LeadsBox
Generate AI-powered insights and invoice suggestions
Process payments via Paystack
Provide analytics and usage reports
Improve our service and fix bugs
Send important service notifications

4. Data Sharing

WE DO NOT SELL YOUR DATA.

We share data only with these trusted third parties:

OpenAI (USA)

Purpose: AI analysis of messages to detect sales opportunities

Data Shared: Message content (anonymized, no phone numbers or names)

Protection: Encrypted API calls, no data storage by OpenAI

Paystack (Nigeria)

Purpose: Process customer payments

Data Shared: Payment amounts, customer email addresses

Protection: PCI-DSS compliant, encrypted transactions

Meta/Facebook (USA)

Purpose: Instagram messaging functionality

Data Shared: Messages to/from connected business accounts only

Protection: Official Instagram API, OAuth 2.0

Cloud Infrastructure (Render.com, AWS)

Purpose: Application hosting and data storage

Data Shared: All application data

Protection: Encryption at rest and in transit, ISO 27001 certified

All third-party providers are bound by strict data protection agreements.

5. Data Security

We protect your data with:

Encryption in transit: All data sent over HTTPS/TLS 1.3
Encryption at rest: Database encryption using AES-256
Access controls: Secure authentication with JWT tokens
Regular security audits: Quarterly vulnerability scans
Secure infrastructure: SOC 2 certified hosting providers
Backup protection: Encrypted backups, 30-day retention

6. Your Rights (GDPR & NDPR Compliance)

Under Nigerian Data Protection Regulation (NDPR) and GDPR, you have the right to:

Access

Export all your data in CSV/JSON format (available in Settings)

Delete

Request account deletion (all data deleted within 30 days)

Update

Modify your information at any time

Withdraw Consent

Disconnect channels or delete account

Data Portability

Download your data to use with other services

Object

Opt-out of marketing communications

To exercise these rights, contact: support@leadsboxapp.com

7. Data Retention

Active Accounts: Data retained while your account is active
Deleted Accounts: All data permanently deleted within 30 days
Backups: Retained for 90 days for disaster recovery only
Logs: System logs retained for 30 days for security purposes

8. Instagram Data

Important:

Permissions We Request & Why

instagram_business_basic — Read your Instagram Business account profile (username, account ID) so LeadsBox can identify which account is connected and display it in your dashboard.
instagram_business_manage_messages — Read and send Direct Messages on your connected Instagram Business account. This is the core permission that lets LeadsBox automatically read incoming DMs, detect sales conversations, and track revenue.
pages_show_list — List the Facebook Pages linked to your Instagram Business account. Required to let you choose which specific Instagram account to connect when you have more than one page.
pages_read_engagement — Read basic engagement data on your connected Facebook Page. Used to verify the page connection is active and healthy.

What Data We Access

Direct Messages (DMs) sent to your connected Instagram Business account
Sender profile identifiers (Instagram user ID, username when available)
Message timestamps and read receipts
Your connected Instagram account username and page name

What We Do NOT Access

Messages not sent to your connected Instagram account
Instagram accounts you haven't explicitly connected
Your followers, following, or post content
Private account information beyond what is needed for messaging
Any data without your explicit OAuth consent

Data Retention

Data Deletion

You can disconnect your Instagram account at any time via Settings → Integrations → Instagram → Disconnect. This immediately revokes LeadsBox's access to your account.

9. AI Data Processing

Infrastructure Disclosure

Leadsbox processes data using Google Cloud Infrastructure and utilises GPT-4 / Gemini APIs for AI inference, intent extraction, and automated invoice generation.

How AI Processes Your Data:

Semantic Intent Extraction: Incoming messages are embedded into high-dimensional vectors using OpenAI / Google embedding models hosted on Google Cloud. These embeddings are used solely to detect sales intent and are not stored permanently beyond the active session.
Invoice Generation: Message content is passed to a large language model (GPT-4 or Gemini) to generate itemised invoices. Only the text content of relevant messages is processed; no personally identifiable information (PII) such as phone numbers or names is included in the AI prompt without explicit anonymisation.
Multilingual Processing: Our LLM layer processes messages in Nigerian English, Pidgin, and other local languages to ensure accurate lead qualification.

Training Data Commitment:

YOUR DATA IS NOT USED TO TRAIN BASE MODELS.

Google Cloud Infrastructure:

All AI inference runs on Google Cloud's SOC 2 / ISO 27001 certified infrastructure
Data processing occurs within compliant regions with encryption at rest (AES-256) and in transit (TLS 1.3)
Redis-backed real-time processing uses isolated tenant namespaces to prevent data leakage between accounts

10. Children's Privacy

LeadsBox is a business tool not intended for individuals under 18 years of age. We do not knowingly collect data from children.

11. International Data Transfers

Your data may be transferred to and processed in countries outside Nigeria (USA for OpenAI, Google Cloud infrastructure). We ensure adequate protection through:

Standard Contractual Clauses (SCCs)
Privacy Shield frameworks
Encryption and security measures

11. Cookies

We use essential cookies for:

Authentication (keeping you logged in)
Security (CSRF protection)
Preferences (language, theme)

You can disable cookies in your browser, but this may affect functionality.

12. Changes to This Policy

We may update this privacy policy. Material changes will be notified via:

Email to your registered address
In-app notification
Notice on this page

Current Version: February 2, 2026

13. Complaints

If you have privacy concerns, contact us first: support@leadsboxapp.com

If unresolved, you may file a complaint with:

Nigeria Data Protection Commission (NDPC)

Email: info@ndpb.gov.ng

Website: https://ndpb.gov.ng

14. Contact Us

TRIBUS GLOBAL LTD

Road 21, Block 19, Plot 2X
Federal Housing Estate, Woji
Port Harcourt, Rivers State, Nigeria

Privacy Inquiries: support@leadsboxapp.com
General Support: support@leadsboxapp.com
Phone: +234 813 818 5331

← Back to Register Back to Home →