Privacy policy
Controller: Instant Reach Limited. Effective: 19 May 2026. Terms of service · Cookie notice · Legal hub & URLs
1. Who we are
Instant Reach Limited (“we”, “us”) is the data controller for personal data processed through the InstantReach websites and services. We are established in Lagos, Nigeria. For privacy and data-protection requests: info@migherworld.com.
Under the Nigeria Data Protection Act (NDPA), you may lodge a complaint with the Nigeria Data Protection Commission (NDPC). If GDPR or UK GDPR applies to you, you may also contact the relevant supervisory authority in your country or region.
2. Scope
This policy covers visitors to our marketing site, registered users, workspace members, and personal data processed when you use messaging features (including metadata and message logs your organization generates). It does not override your own privacy notices to your end customers—the relationship between you and your message recipients remains yours.
3. Categories of personal data
Depending on how you use InstantReach, we may process:
- Account & identity: name, email address, user identifier, profile and workspace membership.
- Workspace & product data: configuration for WhatsApp-connected numbers, campaigns, segments, templates, inbox activity, and message content or delivery status your workspace stores.
- Billing: plan, subscription status, payment references (payment card data is typically handled by our payment processor).
- Support & communications: tickets, email correspondence, optional call notes.
- Technical & security: IP address, device/browser type, approximate location from IP, logs, diagnostics, abuse-prevention signals.
4. Purposes and lawful bases (Nigeria NDPA; EU/UK GDPR where applicable)
For users and processing in Nigeria, we process personal data in line with the NDPA and NDPC guidance: for example performance of a contract with you, compliance with legal obligations, consent where required, and legitimate interests that are not overridden by your rights (such as securing the service and preventing abuse).
Where EU or UK law applies to processing, we rely on appropriate lawful bases such as: performance of a contract; legitimate interests (securing the platform, improving reliability, limited analytics compatible with expectations); consent for optional non-essential cookies or marketing email where required; and legal obligations.
| Processing | Typical lawful basis |
|---|---|
| Operating accounts & workspaces | Contract; legitimate interests |
| Delivering & logging messaging features | Contract; legitimate interests (service integrity) |
| Security, fraud prevention, abuse detection | Legitimate interests; legal obligation |
| Support & product communication | Contract; legitimate interests |
| Optional marketing | Consent (where required) |
5. Recipients and subprocessors
We use service providers to host and operate InstantReach. Categories include: cloud application hosting (e.g. Vercel), database and authentication (e.g. Supabase), messaging infrastructure (e.g. WhatsApp Business / Meta, or providers such as Infobip or Twilio, depending on your configuration), email delivery, analytics, and customer support tools. A current list is available on request for customers who need it for their own records.
6. International transfers
Your data may be processed in countries outside Nigeria, including the United States, the European Economic Area, and other regions where our processors operate. Where a transfer requires safeguards, we use appropriate measures permitted under the NDPA and, where applicable, Standard Contractual Clauses or equivalent tools under EU/UK law.
7. Retention
We retain personal data only as long as necessary for the purposes above, including statutory, accounting, or dispute needs. Logs and backups are kept for operational and security periods consistent with this policy. Aggregated or de-identified information may be retained longer where permitted.
8. Your rights
Nigeria (NDPA): You may have rights to access, rectification, erasure, restriction of processing, data portability, and to object to certain processing, as well as the right to withdraw consent where processing is based on consent. You may exercise these rights by contacting info@migherworld.com. You may also lodge a complaint with the NDPC.
EEA / UK (where applicable): You may have similar rights under GDPR / UK GDPR, including to lodge a complaint with a supervisory authority in your country.
We may need to verify your identity before fulfilling requests. If you are an end customer of an organization using InstantReach, that organization may be the controller for your data—we will direct you appropriately when we identify that situation.
9. Security
We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and separation between customer workspaces. No method of transmission or storage is completely secure—use strong passwords and protect workspace access.
10. Children
The service is not directed at children under the minimum age required in Nigeria or your jurisdiction. Do not register on their behalf.
11. Automated decisions
We do not use fully automated decision-making that produces legal or similarly significant effects on individuals in the sense of the NDPA or GDPR, unless we notify you otherwise for a specific feature.
12. Changes
We may update this policy from time to time. Material changes will be communicated as appropriate (for example by email or in-product notice). Continued use after the effective date may constitute acceptance where permitted by law.
13. Governing framework
The laws of the Federal Republic of Nigeria. Subject to mandatory provisions elsewhere, disputes shall be heard by the courts of Nigeria.