Privacy

Privacy Policy

This page explains, in simple terms, how 3io Studio collects, uses, and protects information shared through this website.

Effective: June 2026 · Last updated: June 2026

Important Information

Regulatory Frameworks

This Privacy Policy is written in compliance with the following data protection frameworks:
  • Nigeria Data Protection Regulation (NDPR) — as administered by the National Information Technology Development Agency (NITDA). As a company incorporated and operating in Nigeria, NDPR is our primary compliance framework.
  • General Data Protection Regulation (GDPR) — applicable to users located in the European Economic Area (EEA). Where GDPR applies, we honour all rights and obligations it prescribes.
  • California Consumer Privacy Act (CCPA) — applicable to users who are California residents. We do not sell personal data. California residents have the right to know what data we collect, request deletion, and opt out of any future sale of their data.
The most protective standard applies to each user based on their location. If you are unsure which framework applies to you, email support@3iostudio.com and we will clarify.

What We Collect

We may collect the information you choose to send us, such as your name, email address, phone number, company name, and project details when you contact us through the website.
We may also collect basic technical information such as browser type, device information, and pages visited so we can understand how the site is being used and improve performance.

Meta Platform Integrations

Where our applications use Facebook Login, the Instagram Graph API, or the WhatsApp Business API, we receive certain data from Meta Platforms, Inc. as a result of that integration.
Facebook Login: When you authenticate using Facebook Login, we receive your Facebook name, email address, and profile photo. We use this solely to create or access your account. We do not access your friends list, posts, or any data beyond what is required for authentication.
Instagram Graph API: Where our applications connect to an Instagram account on your behalf (for example, in social commerce tools built for clients), we access the account data you explicitly authorise — typically business profile information, media, and messaging. This data is used only to operate the feature you have enabled.
WhatsApp Business API: We operate WhatsApp Business integrations on behalf of clients. In this context we process phone numbers and message metadata. We do not read, store, or analyse the content of private messages beyond what is necessary to route and deliver them.
We do not use any Meta-sourced data for advertising targeting, profiling, or any purpose beyond the specific feature it was collected for.
You can revoke our access to your Meta data at any time: Facebook: Settings → Apps and Websites → Remove 3io Studio. Instagram: Settings → Apps and Websites → Remove 3io Studio.
Meta's own privacy practices are governed by Meta's Privacy Policy at facebook.com/privacy/policy.

How We Use It

We use the information you provide to respond to enquiries, discuss potential projects, deliver services, and improve the website experience.
We do not sell your personal information. We only use it for legitimate business purposes connected to operating 3io Studio and communicating with you.

Sharing Information

We may share information with trusted service providers who help us operate the website, host our systems, or support communications, but only when reasonably necessary.
We may also disclose information if required by law or where needed to protect our business, users, or legal rights.

How Long We Keep Your Data

We retain personal data only for as long as necessary for the purpose it was collected, or as required by law.
  • Contact form submissions: up to 2 years from the date of submission
  • User account data: retained while your account is active, then deleted within 90 days of a verified deletion request
  • Meta platform tokens and profile data: retained until you revoke access or request deletion, then removed within 72 hours
  • WhatsApp Business records: up to 90 days from last interaction
  • Client project data: per individual client contract, with a minimum 30-day retention period after project completion
  • Analytics data (if enabled): up to 26 months, then automatically purged or anonymised
To request early deletion of any of the above, see our Data Deletion Instructions.

Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data under the following legal bases:
  • Contract: processing your account data and contact form submissions to provide and respond to services you requested
  • Legitimate interest: improving our services, preventing fraud, maintaining security
  • Consent: sending marketing communications (we will always ask first), enabling optional analytics, and processing Meta platform data beyond basic authentication
  • Legal obligation: complying with applicable laws and responding to lawful requests from authorities
You may withdraw consent at any time by emailing support@3iostudio.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Cookies and Analytics

This website may use cookies, analytics tools, or similar technologies to understand traffic and improve performance. These tools help us see what content is useful and where the experience can be improved.
You can usually control cookies through your browser settings if you prefer to limit or block them.

Your Choices

You can contact us at any time if you want to update, correct, or request deletion of personal information you have previously shared with us, subject to any legal or operational obligations we may have.
By continuing to use the website, you acknowledge this Privacy Policy and how we handle your information.

Contact & Complaints

For any privacy-related questions, requests, or concerns:
Email: support@3iostudio.com
Subject line: “Privacy Request — [your name]”
We aim to respond to all privacy requests within 48 hours and resolve them within 30 days, in line with NDPR and GDPR timelines.
If you are unsatisfied with our response, you have the right to lodge a complaint with:
  • Nigeria: National Information Technology Development Agency (NITDA) — nitda.gov.ng
  • European Union: Your local Data Protection Authority (DPA)
  • United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
  • United States (California): California Privacy Protection Agency — cppa.ca.gov

Need help?

If you have questions about this document, reach out to our team.

We will do our best to keep things clear, practical, and easy to understand.