Get started
Log in

Privacy Policy

Last Updated: 6th October, 2025

 

  1. Introduction

 

Welcome to VarsityScape Ltd. (“VarsityScape,” “we,” “us,” or “our”).

 

Our mission is to provide experts, institutions, and learners with tools to create and deliver learning programs that empower the next generation of skilled professionals through impactful cohort-based learning experiences. We are a private limited liability company with a registered office at 22 Glover Rd, Ikoyi, Lagos 106104, Lagos, Nigeria.

 

This Privacy Policy explains in detail:

 

  • What types of Personal Data we collect from you when you use our website, mobile applications, and related platforms and services (collectively, the “Services”).
  • How and why we collect, use, and process your Personal Data in accordance with applicable laws, including the Nigerian Data Protection Act, 2023 (NDPA) and other relevant regulations.
  • The legal bases on which we rely to process your Personal Data.
  • With whom and under what circumstances we share your Personal Data, including service providers, Academy Creators, Students,  partners regulators, or where legally required.
  • How we store, secure, and retain your Personal Data to protect its confidentiality, integrity, and availability.
  • Your rights and choices with respect to your Personal Data, including rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent.
  • How you may contact us or the relevant data protection authority if you have questions, complaints, or wish to exercise your rights.

 

By accessing or using our Services, you confirm that you have read, understood, and consented to the collection, storage, use, and disclosure of your Personal Data as described in this Privacy Policy. Where consent is required by law, we will obtain it before processing your Personal Data, including by requiring you to actively indicate your acceptance (for example, by clicking “Accept”, checking a consent box, or taking another affirmative action) before you can proceed to use certain features of our Services.

 

If you do not agree with the terms of this Privacy Policy, or do not provide the required consent where applicable, you should not use or should discontinue use of our Services.





  1. Definitions

 

For purposes of this Privacy Policy, the following terms shall have the meanings set out below. Where applicable, these definitions are consistent with the Nigerian Data Protection Act, 2023 (NDPA) and international best practices:

 

“Academy” means a customized online learning environment, workspace, or digital hub created and managed on the VarsityScape platform. It is designed to host and deliver educational content, training programs, or courses to learners and may include features such as live classes, recorded lessons, assessments, discussion forums, and integrations with third-party tools. Each Academy operates independently within VarsityScape and is accessible only to authorized participants (e.g., students, instructors, or administrators) as determined by the Academic Creator.

 

“Academy Creator” means the individual, institution, organization, or entity that establishes, administers, and manages an Academy on VarsityScape. The Academy Creator determines the purpose, content, structure, and policies governing their Academy, including enrollment rules, data retention practices, and access controls. For data protection purposes, the Academy Creator is typically considered the Data Controller with respect to the Personal Data of students, instructors, or other participants within their Academy, while VarsityScape acts as the Data Processor, processing such data on the Academy Creator’s documented instructions.

 

“Consent” means any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which they, by a statement or clear affirmative action, signify agreement to the processing of their Personal Data. Consent may be withdrawn at any time without affecting the lawfulness of processing before withdrawal.

 

“Data Subject” means any natural person whose Personal Data is collected, held, or processed by VarsityScape, and includes Users of our Services.

 

“Data Controller” means a natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of Processing Personal Data. For certain activities such as account creation, billing, marketing, platform security, and product improvement, VarsityScape acts as the Data Controller.

 

“Data Processor” means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of a Data Controller. VarsityScape may act as a Data Processor when processing learner or instructor data on behalf of our institutional customers (such as universities, corporate training providers, or bootcamps).

 

“Data Protection Officer (DPO)” means the person designated by VarsityScape to ensure compliance with the NDPA and other applicable data protection laws. The DPO also serves as the point of contact for Data Subjects and regulators such as the Nigeria Data Protection Commission (NDPC).

 

“Expert” means an individual or entity with specialized knowledge, skills, or professional experience who registers on VarsityScape’s Talent Marketplace to offer services that support the creation, delivery, or management of Academies. Experts may include, for example, instructional designers, subject-matter specialists, teaching assistants, graphic designers, video editors, curriculum developers, marketing professionals, or technical support providers. 

 

“Instructors”/”Facilitators” means individuals who deliver educational content, assessments, or training through an Academy.

 

“International Data Transfer” means the movement of Personal Data from Nigeria to a foreign country or an international organization. Such transfers shall only occur subject to adequate safeguards, such as approval by the NDPC, standard contractual clauses, or other mechanisms recognized under applicable law.

 

“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”), whether directly or indirectly. This includes, but is not limited to, names, addresses, phone numbers, email addresses, identification numbers, online identifiers, location data, academic records, financial details, or factors specific to a person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

 

“Processing” means any operation or set of operations performed on Personal Data, whether by automated means. This includes collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission or dissemination, alignment, combination, restriction, erasure, or destruction.

 

“Services” means VarsityScape’s website, online learning platform, mobile applications, tools, content, and all related offerings that support cohort-based learning programs, institutional integrations, and community engagement.

 

“Sensitive Personal Data” means Personal Data that requires higher protection due to its nature. This includes data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health information, sexual orientation, or criminal convictions and offences, as defined under the NDPA.

 

“Students’/”Learners” means individuals who enroll in or participate in learning programs hosted on an Academy.

 

“Talent Marketplace” means a feature within VarsityScape’s Services that connects Users, such as Academy Creators, Students, and external experts, with professionals who can provide specialized support, collaboration, or services to help design, manage, and run Academies more efficiently.

 

“Third Party” means any natural or legal person, public authority, agency, or other body other than the Data Subject, the Data Controller, the Data Processor, or persons who are authorized by VarsityScape or by the Academy Creator to process Personal Data under their direct authority. Third Parties may include, for example, external service providers (e.g., payment processors, cloud hosting providers, analytics vendors), academic partners, or regulatory authorities with whom data is lawfully shared.

 

“User”/ “You” means any individual or entity that accesses, registers for, or uses the Services provided by VarsityScape. This includes but is not limited to Academy Creators, Students/Learners, Instructors/Facilitators, or Visitors. For this Privacy Policy, “You” applies to all categories of Users, unless otherwise specified.

 

“Visitors”  means individuals who browse or interact with VarsityScape’s website, platform, or related Services without necessarily creating an account.

 

  1. What Data We Collect

 

We collect Personal Data to provide, maintain, and improve our Services; to personalize User interactions; effectively deliver our Services to you; to fulfill contractual and legal obligations; to carry out your instructions; and to support our operational, security, and compliance needs. The types of Personal Data collected depend on how you interact with our Services, whether as an Academy Creator, Student, service provider, partner, or visitor.

 

We only collect Personal Data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed, in line with the Nigerian Data Protection Act, 2023 (NDPA) and other applicable data protection regulations.

 

3.1. Information You Provide Directly

 

3.1.1 Account Registration Data

  • For Academy Creators: To create and manage an Academy, we collect your name, email address, password, phone number, organization details (if applicable), areas of expertise, and payment information (e.g., bank account details, PayPal email) for receiving payouts from your Academy offerings. Passwords are always stored in an encrypted format.

 

  • For Students: To enroll in an Academy, we collect your name, email address, and password. In certain cases, we may also collect your physical address, as well as the names, phone numbers, email addresses, and physical addresses of your parents or next of kin, where this information is required for enrollment, parental/guardian consent, or emergency contact purposes. You may also choose to provide additional profile information on an optional basis.



3.1.2 Profile Data: You may provide additional profile information, including a profile picture, biography, social media links, professional credentials, educational background, and areas of interest. In certain cases, particularly where you are enrolling in formal institutions or regulated programs, some of this information may be mandatory. Where such data is required, VarsityScape will clearly prompt you at the collection point, explain the reason for its use, and request your consent in line with applicable data protection laws. Academy Creators may also upload branding information for their Academy (e.g., logos, colour schemes, and custom domain information).

 

3.1.3 Academy Content Data (for Academy Creators): When creating an Academy, you provide educational content; including course syllabi, videos, documents, presentations, quizzes, assignments, grading rubrics, pricing information, and branding assets.

 

3.1.4 Student-Generated Content: Students may generate content within an Academy, including assignment submissions, project work, quiz answers, forum posts, comments, private messages, peer feedback, reviews, and other forms of engagement.

 

3.1.5 Communication Data: We collect information when you interact with us, such as customer support inquiries, survey responses, feedback, promotional participation, newsletter subscriptions, and communications exchanged through platform features (e.g., cohort discussion forums or direct messages).

 

3.1.6 Payment Data

  • For Students: When you purchase Academy access or other paid Services, we (or our third-party processors) collect payment details such as credit/debit card information or mobile money credentials. VarsityScape does not store full payment card details; these are processed securely by our PCI-DSS compliant payment partners.

 

  • For Academy Creators: We collect financial information necessary to process payouts, including bank account details, payment service credentials, and tax-related information required by law.

 

3.1.7 Talent Marketplace Data: If you participate in our Talent Marketplace, you will be required to create an account. In doing so, we collect basic account information such as your name, email address, and password. Depending on your role and activities, we may also collect additional information, including your skills, professional background, portfolio, service offerings, rates, availability, bank account details for payments, and tax-related information required by law. We may further process feedback, reviews, or ratings provided by other Users about your services.

 

3.1.8 Event and Webinar Data: When you register for VarsityScape events, webinars, or conferences, we collect registration details (e.g., name, email address, organization, and role), participation information (such as attendance records, session engagement, and submitted questions), and audiovisual content, including videos, images/likeness, and voices. For example, if you attend a VarsityScape-hosted webinar on “Building Effective Online Academies”, we may record the session, capture your participation in Q&A discussions, and retain your registration information for follow-up communications and resource sharing.

  • Sensitive Personal Data (where applicable): In limited cases and only with your explicit consent or where legally required, we may collect sensitive information (e.g., accessibility needs for events, health-related accommodations, or biometric verification for identity/authentication).

 

3.2 Information We Collect Automatically

When you use our Services, we automatically collect certain technical and usage information:

 

3.2.1 Usage Data: This includes your interactions with our Services (e.g., features used, content viewed, courses enrolled in or created, search queries, time spent on specific features, engagement in forums, and clicks).

 

3.2.2 Device and Technical Data: Information collected from your device may include IP address, browser type/version, operating system, device identifiers (e.g., IDFA, Android ID), language settings, screen resolution, network provider, and approximate geolocation (city/country level), where required.

 

3.2.3 Cookie and Tracking Data: We use cookies, pixels, beacons, scripts, tags, and similar technologies to recognize your device, store preferences, manage login sessions, measure campaign performance, and personalize your experience. (See here our Cookie Policy for more details.)

 

3.2.4 Cohort Interaction Data: Data related to your participation in cohort-based learning, such as group discussions, shared projects, peer interactions, and team assignments.

 

3.2.5 Learning Progress Data: For Students, we collect information about your progress, including completion rates, quiz results, assignment submissions, time spent on materials, and certificates of completion earned.

 

3.2.6 Academy Performance Data (for Academy Creators): We collect analytics on your Academy’s performance, such as enrollment numbers, engagement and retention rates, completion rates, revenue reports, and student satisfaction metrics.

 

3.2.7 Log Data and Security Monitoring: We automatically collect log files and system data to monitor for errors, prevent fraud, detect misuse, and ensure platform security.

 

3.3. Information from Third Parties

We may also receive information about you from trusted third-party sources, such as:

 

3.3.1 Linked Accounts (e.g., social media or Single Sign-On Services): If you connect your VarsityScape account to third-party services (e.g., Google, Facebook, LinkedIn), we may receive data such as your name, email address, profile picture, and public profile information, subject to your privacy settings with that service.

 

3.3.2 Payment Processors: Our payment partners may share transaction confirmation details (e.g., successful/failed payments), but never full financial credentials.

 

3.3.3 Analytics Providers: Services like Google Analytics may provide aggregated usage statistics (e.g., session duration, device type, demographics), governed by their own privacy policies.

 

3.3.4 Academy Creators (regarding Students): Academy Creators may provide us with limited data about their Students (e.g., invitations, enrollment lists) to facilitate access to their Academies.

 

3.3.5 Advertising and Marketing Partners: We may receive information from advertising platforms regarding your interactions with our ads, campaigns, or sponsored content, which helps us measure effectiveness and optimize marketing strategies.

 

3.3.6 Identity Verification and Compliance Partners: Where required (e.g., for payment compliance, fraud prevention, or age verification), we may obtain information from third-party identity verification or KYC (Know Your Customer) providers.

 

  1. How We Use Your Data

 

We use your Personal Data for specific, legitimate, and lawful purposes. Each processing activity is carried out in accordance with the Nigerian Data Protection Act, 2023 (NDPA) and other applicable data protection regulations. Depending on the context, we rely on one or more legal bases for processing, including: consent, performance of a contract, compliance with a legal obligation, protection of vital interests, or VarsityScape’s legitimate interests.

 

4.1. To Provide and Manage Our Services

We process your Personal Data to:

  • Create, maintain, verify, and secure User accounts.
  • Enable Academy Creators to design, build, customize, market, and deliver Academies and educational content.
  • Facilitate Student enrollment, onboarding, participation, and course completion.
  • Process payments for course purchases and facilitate payouts to Academy Creators (via secure third-party payment processors).
  • Deliver course content, track learning progress, generate performance reports, and issue certificates of completion.
  • Enable communication features between Users, including direct messaging, announcements, discussion forums, and peer-to-peer collaboration within cohorts.
  • Operate and facilitate professional connections through the Talent Marketplace.
  • Provide customer support, resolve technical issues, and respond to User inquiries.

 

4.2 To Improve and Personalize Our Services

We use Personal Data to:

  • Understand how Users interact with our Services, to tailor and customize their experience, as well as to improve the design, functionality, and overall performance of the platform.
  • Personalize your experience by suggesting relevant Academies, learning content, instructors, or platform features tailored to your profile and usage patterns.
  • Develop and test new features, products, and learning technologies.
  • Provide Academy Creators with data-driven insights (such as aggregated reports on Student engagement, completion rates, and feedback) to improve their offerings, while ensuring Student privacy is safeguarded through data aggregation or anonymization where appropriate.

 

4.3. To Communicate with You

We use your contact and communication data to:

  • Send important service-related announcements, updates, confirmations, and security alerts.
  • Respond to your feedback, questions, or complaints.
  • Send you newsletters, promotional materials, and marketing communications (only with your prior consent where required by law, and always with an opt-out option).
  • Notify you of changes to our Terms of Service, Privacy Policy, or other contractual or policy updates.

 

4.4. For Security, Legal Compliance, and Safety

We process Personal Data where necessary to:

  • Prevent, detect, investigate, and mitigate fraud, abuse, spam, malware, or security incidents.
  • Authenticate user identities and enforce account security (e.g., via two-factor authentication).
  • Enforce our Terms of Service, community standards, and acceptable use policies.
  • Comply with applicable laws, regulations, tax obligations, financial reporting requirements, lawful investigations, subpoenas, and requests from regulatory or government authorities.
  • Protect the rights, property, or safety of VarsityScape, our Users, institutional partners, or the public.
  • Manage disputes, enforce contracts, and defend against legal claims.

 

4.5. For Analytics, Research, and Development

We may use Personal Data (in identifiable, aggregated, or de-identified form) to:

  • Analyze trends, demographics, and User behaviour for continuous improvement.
  • Measure the effectiveness of learning methodologies, instructional design, and cohort-based models.
  • Conduct internal research, quality assurance, and product innovation.
  • Generate reports and statistics for business planning, investor relations, and strategic decision-making.

 

4.6. Other Purposes

4.6.1 Mergers, Acquisitions, or Business Transfers: If VarsityScape undergoes a corporate transaction (e.g., merger, acquisition, restructuring, or sale of assets), your Personal Data may be transferred as part of that transaction, subject to confidentiality and data protection obligations.

 

4.6.2 Legitimate Interests: Where appropriate, we may process Personal Data for our legitimate business interests, provided such interests are not overridden by your fundamental rights and freedoms. Examples include service improvement, fraud prevention, and network security.

 

  1. Legal Bases for Processing

 

VarsityScape processes your Personal Data only when we have a lawful basis to do so, in compliance with the Nigerian Data Protection Act 2023 (NDPA) and other applicable data protection laws and regulations. The main legal bases on which we rely are:

 

5.1. Consent

  • We may process your Personal Data where you have given us clear, informed, and specific consent for a defined purpose (e.g., subscribing to our newsletters, receiving marketing communications, or enabling optional features on our platform).
  • You have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

 

5.2. Contractual Necessity

  • We process your Personal Data where it is necessary to perform a contract with you or to take steps at your request before entering into a contract.
  • This includes creating and managing your account, processing course purchases or payments, delivering educational content, issuing certificates, and providing customer support.

 

5.3. Legal Obligation

  • We may process your Personal Data to comply with applicable laws and regulatory requirements (such as tax, anti-money laundering and counter-financing of terrorism (AML/CFT) laws, financial reporting obligations, or requirements  imposed by regulators such as  the Nigeria Data Protection Commission (NDPC), as well as to comply with lawful orders, directives, or requested from regulatory, administrative, or judicial authorities
  • This may involve retaining transaction records or disclosing data when legally required.

 

5.4. Legitimate Interests

  • We process Personal Data where it is necessary for our legitimate interests or those of a third party, provided such interests are not overridden by your fundamental rights and freedoms. Examples include ensuring platform security, preventing fraud, improving user experience, conducting product research and analytics, and communicating service-related updates.
  • Where required, we will carry out a Legitimate Interest Assessment (LIA) to balance our interests against your rights.

 

5.5. Vital Interests: In rare circumstances, we may process your Personal Data to protect your vital interests or those of another individual. For example, if we need to share information to protect someone’s life, health, or safety.

 

5.6. Public Interest / Official Authority: Where applicable, we may process data for tasks carried out in the public interest or in the exercise of official authority vested in VarsityScape (though this is expected to be rare in the context of our services).

 

Please note that where we rely on consent, contractual necessity, or legitimate interests, we will clearly inform you at the point of collection. Where processing is based on legal obligation or vital/public interest, you may not always have the right to object, but we will ensure transparency and necessity in such cases.

 

  1. Who We Share Your Data With

 

VarsityScape does not sell your Personal Data to third parties. However, to provide, maintain, and improve our Services, we may share your Personal Data with trusted parties under specific circumstances. Such sharing is always carried out in compliance with the Nigerian Data Protection Act (NDPA) 2023 and, where applicable, other international data protection frameworks.

 

We may share your Personal Data with the following categories of recipients:

 

6.1. Academy Creators

 

6.1.1 If you are a Student, your Personal Data (such as name, email address, profile information, learning progress, submissions, quiz results, certificates, and communications) will be shared with the Academy Creator(s) and authorized instructors of the Academies in which you are enrolled. Academy Creators require this information to administer their Academies, monitor Student progress, assess performance, issue certificates, and provide personalized support.

 

6.1.2. If you are an expert or talent on the Talent Marketplace, your profile data (such as name, email addresses, and profile pictures), along with information regarding your skills, professional background, portfolio, service offerings, rates, availability, and feedback or ratings provided by other Users will be shared with Academy Creators and Students. This enables them to make informed decisions, communicate with you, and receive or provide personalized support.

 

6.1.3 Independent Controller Role: Academy Creators act as independent Data Controllers in respect of Student data within their Academies and are responsible for complying with applicable data protection laws. VarsityScape provides access to such data as a service provider but does not control how Academy Creators subsequently process that data.

 

6.2. Students

 

6.2.1 If you are an Academy Creator or instructor, your profile information ( such as your name, biography, profile picture, professional expertise, and Academy details) will be visible to Students who are enrolled in, or consider enrollment in, your Academy, as well as to experts on Talent Marketplace whom you contacted.

 

6.2.2 In cohort-based or collaborative learning settings, certain Student information (such as name, profile picture, forum posts, group project contributions, or peer reviews) may be visible to other Students enrolled in the same Academy, subject to platform configurations and Creator settings.



6.3. Experts/Talents on Talent Marketplace

6.3. If you are an Academy Creator or Student, we may share your name and email address with Experts or Talents on the Marketplace with whom you choose to connect. This is necessary to facilitate communication, collaboration, and to enable the Experts or Talents to provide the services you request. 

 

6.4. The Public

 

6.3.1 Limited public-facing information may be displayed on VarsityScape’s public platform or indexed by search engines, depending on the Academy Creator’s preferences and platform settings. Such information may include:

  • For Academy Creators: name, profile biography, professional expertise, Academy descriptions (including pricing and available courses), and, where applicable, ratings, reviews, comments, and testimonials created by them or by Students in respect of them.
  • For Talents on the Talent Marketplace: name, profile biography, skills, portfolio, ratings, and reviews.
  • For Students: name, profile picture, and any testimonials, reviews, comments, or ratings they submit in relation to an Academy, an Academy Creator, or a Talent on the Talent Marketplace.

 

6.3.2 Content that you choose to post in public areas of the Services (e.g., open forums, blog comments, reviews, testimonials) will be visible to anyone, including individuals not registered on the platform. You should exercise caution before posting Personal Data in publicly accessible areas.

 

6.4. Service Providers (Third-Party Vendors)

 

6.4.1 We engage carefully selected third-party service providers to perform business functions on our behalf. These include:

  • Payment processors (e.g., Stripe, PayPal, Flutterwave) to process financial transactions.
  • Cloud hosting and storage providers (e.g., AWS, Google Cloud, Microsoft Azure) to securely host our platform.
  • Analytics providers (e.g., Google Analytics, Metabase) to help us understand usage patterns.
  • Customer support platforms (e.g., Zendesk, Intercom) to assist with inquiries.
  • Marketing, email, and communication providers (e.g., Mailchimp, SendGrid) to deliver service and marketing communications.
  • Security service providers for fraud prevention, data protection, and compliance monitoring.

 

6.4.2 These vendors act as Data Processors under contract and are bound by strict obligations to:

  • Only process your data on our documented instructions.
  • Implement appropriate technical and organizational security measures.
  • Not use your Personal Data for their own purposes.

 

6.5. Talent Marketplace Participants: If you participate in our Talent Marketplace, certain profile information (such as name, skills, services offered, portfolio, or rates if you are a professional; or project requirements if you are an Academy Creator seeking expertise) may be shared with other registered participants to facilitate connections, collaborations, and project engagements.

 

6.6. Business Transfers

  • In the event of a merger, acquisition, investment due diligence, restructuring, reorganization, bankruptcy, receivership, or sale of all or part of our assets, your Personal Data may be transferred to the acquiring or successor entity.
  • If such a transfer occurs, VarsityScape will ensure that the new entity continues to honour this Privacy Policy or will notify you of material changes, providing you with any rights available under law (including the right to opt out where applicable).

 

6.7. Legal Requirements and Safety

We may disclose your Personal Data where we believe in good faith that disclosure is necessary to:

  • Comply with a legal or regulatory obligation, court order, subpoena, or lawful request from regulators, enforcement agencies, or government authorities.
  • Enforce our Terms of Service and other agreements.
  • Investigate, prevent, or take action against fraud, abuse, illegal activities, or security threats.
  • Protect the rights, property, and safety of VarsityScape, our Users, or the public.

 

6.8. With Your Explicit Consent: We may share your Personal Data with third parties not listed above only where you have given your explicit, informed consent. For example, if an Academy Creator integrates an external third-party app that requires Student data (such as an assessment tool, job board, or collaboration software), we will only share the required Personal Data once you or the Creator has authorized such integration.




  1. 7. Cookies and Similar Technologies

 

We use cookies, pixels, web beacons, local storage, SDKs, and other similar tracking technologies (collectively, “Cookies”) to enhance your experience on our Services. These technologies help us remember your preferences, secure your account, analyze usage, deliver personalized content, and measure the effectiveness of our communications and advertisements.

 

Cookies and similar technologies serve multiple purposes, and their use may vary depending on your interaction with our platform.

 

7.1 Why We Use Cookies and Similar Technologies

We use these technologies for the following purposes:

 

  • Authentication & Security: To log you into your account securely, prevent unauthorized access, and protect against fraud.
  • Preferences & Personalization: To remember your preferences, customize your dashboard, and suggest relevant Academies or learning content.
  • Analytics & Performance: To understand how Users interact with our Services, identify popular features, and improve platform efficiency.
  • Marketing & Advertising: To provide tailored recommendations, measure ad performance, and deliver relevant promotional messages.
  • Communication Tracking: To understand whether you opened an email, clicked a link, or engaged with specific marketing campaigns.

 

7.2. Your Choices and Control Over Cookies

  • Consent Requirement: Except for strictly necessary cookies that are essential for the basic operation of our Services, we will only place cookies on your device with your consent, as required under the NDPA 2023 and other applicable laws.
  • Cookie Banner/Settings: When you first visit our platform, you will see a cookie banner allowing you to accept, reject, or customize your cookie preferences. You may update your preferences at any time through our Cookie Settings page.
  • Browser Settings: You can also manage or disable cookies via your browser settings. However, please note that disabling certain cookies may affect the availability and functionality of our Services.
  • Opt-Out of Targeted Ads: Some advertising cookies can be managed via industry opt-out tools (e.g., Your Online Choices, Network Advertising Initiative, or Digital Advertising Alliance).




7.3 Third-Party Cookies and Tracking

  • We may allow third-party partners (such as advertisers, analytics providers, and social media platforms) to place cookies or similar technologies on your device.
  • These third parties may collect information about your online activities across websites and services to provide interest-based advertising or analytics. Their use of cookies is governed by their own privacy policies.

 

7.4 More Information: For detailed information about the specific cookies, we use, their purposes, duration, and how you can manage or withdraw your consent, please refer to our separate Cookie Policy.

 

  1. Your Rights and Choices Over Your Data

 

VarsityScape respects your privacy and is committed to upholding your rights under the Nigerian Data Protection Act, 2023 (NDPA), as well as other applicable data protection laws such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States (where applicable).

 

Depending on your location, you may have some or all of the following rights:

 

8.1. Right to Access 

  • You can request confirmation as to whether we process your Personal Data, and if so, receive a copy of such data together with details of how we use it, who we share it with, and how long we retain it.
  • Much of your information can also be accessed directly by logging into your VarsityScape account.

 

8.2. Right to Rectification

  • You have the right to request correction or completion of inaccurate or incomplete Personal Data.
  • Most corrections can be made directly in your account settings, but you can also contact us for assistance.

 

8.3. Right to Erasure (“Right to be Forgotten”)

8.3.1 You may request that we delete your Personal Data where:

  • It is no longer necessary for the purposes for which it was collected,
  • You withdraw consent (where consent is the legal basis),
  • You successfully object to the processing, or
  • Processing is unlawful.

 

8.3.2 We may refuse erasure requests where retention is required by law (e.g., financial, regulatory, or tax compliance), to resolve disputes, or to protect the rights of others.

 

8.4. Right to Restrict Processing

8.4.1 You may request restriction of processing where:

  • You contest the accuracy of your data,
  • Processing is unlawful, but you oppose deletion,
  • We no longer need the data, but you require it for legal claims, or
  • You have objected to processing, and we are verifying legitimate grounds.

 

8.5. Right to Data Portability

  • Where technically feasible, you may request a copy of your Personal Data in a structured, commonly used, and machine-readable format, and transmit it to another Data Controller.
  • This applies primarily where processing is based on your consent or a contract and carried out by automated means.

 

8.6. Right to Object

8.6.1 You may object to our processing of your Personal Data at any time where:

  • Processing is based on legitimate interests (unless we demonstrate compelling grounds that override your rights and freedoms).
  • Processing is for direct marketing purposes (including profiling for such purposes). In this case, we will honour your request immediately.

 

8.7. Right to Withdraw Consent

  • Where our processing is based on your consent (e.g., newsletters, optional platform features), you can withdraw it at any time.
  • Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.

 

8.8. Right Not to be Subject to Automated Decision-Making

8.8.1 Under the NDPA and GDPR, you have the right not to be subject to decisions based solely on automated processing (including profiling) that significantly affect you, unless such processing:

  • is necessary for entering into or performing a contract with you,
  • is authorized by law, or
  • is based on your explicit consent.

 

8.9. Managing Communication Preferences

  • You can opt out of promotional or marketing emails by using the “unsubscribe” link in those emails or adjusting your account settings.
  • You may not opt out of essential service communications (e.g., account security alerts, policy updates).

 

8.10. Exercising Your Rights

  • You may exercise these rights by contacting us at contact@varsityscape.com or through your account settings, where available.
  • We will respond to your request within the timeframe required by applicable law (e.g., 30 days under the NDPA/GDPR).
  • We may request additional information to verify your identity before acting on your request.

 

8.11. Information for Students of Academies

  • If you are a Student and your request relates to data processed by an Academy Creator (e.g., course progress, assignments, or feedback), you should first direct your request to the Academy Creator, who is the independent Data Controller for such data.
  • VarsityScape will provide reasonable assistance to Academy Creators in responding to Student data requests, but we may be limited in directly fulfilling such requests without the Academy Creator’s involvement.

 

  1. Data Security

 

9.1 VarsityScape takes the security and confidentiality of your Personal Data very seriously and is committed to implementing appropriate technical, administrative, and organizational safeguards in line with the Nigerian Data Protection Act (NDPA) 2023, relevant regulations issued by the Nigeria Data Protection Commission (NDPC), and applicable international standards. These measures are designed to protect the data we collect and process from unauthorized access, unlawful use, accidental disclosure, alteration, or destruction.

 

9.2 Our security framework includes, but is not limited to, the following measures:

 

9.2.1 Encryption: Use of strong encryption protocols (e.g., TLS/SSL) to secure data in transit and industry-standard encryption (e.g., AES) for data at rest, where applicable.

 

9.2.2 Password Security: Storing passwords using secure hashing algorithms and salting techniques.

 

9.2.3 Access Controls: Restricting access to Personal Data to only authorized employees, contractors, or third parties who require such access to perform their job functions, with role-based access controls.

 

9.2.4 Network and Application Security: Use of firewalls, intrusion detection systems, secure coding practices, and periodic penetration testing to identify and mitigate vulnerabilities.

 

9.2.5 Data Minimization and Retention: Ensuring that only necessary data is collected and that it is retained only for as long as required under applicable laws or legitimate business purposes, after which it is securely deleted or anonymized.

 

9.2.6 Regular Security Assessments: Conducting vulnerability scans, risk assessments, and audits to evaluate the effectiveness of our controls and identify areas for improvement.

 

9.2.7 Business Continuity and Disaster Recovery: Implementing backup solutions and disaster recovery protocols to ensure data availability and resilience in case of system failures or security incidents.

 

9.2.8 Third-Party Risk Management: Ensuring that service providers, contractors, and partners who process data on our behalf maintain adequate security measures, including Data Processing Agreements (DPAs) where required by law.

 

9.2.9 Staff Training and Awareness: Providing regular training to employees and contractors on information security, phishing prevention, and privacy obligations.

 

9.2.10 Incident Response: Maintaining procedures to detect, investigate, mitigate, and notify supervisory authorities and affected individuals of data breaches where required under the NDPA 2023 or other applicable laws.

 

9.3 While we take reasonable and industry-accepted measures to protect your Personal Data, no system is completely secure. Risks such as unauthorized access, cyber-attacks, system vulnerabilities, hardware or software failures, and other unforeseen factors may compromise security. VarsityScape cannot guarantee absolute protection against such risks but commits to acting promptly and responsibly in the event of any incident.

 

9.3.1 Your Responsibility

Protecting your Personal Data also requires your cooperation. As a user, you are responsible for:

  • Choosing a strong, unique password and updating it regularly.
  • Keeping your login credentials confidential and not sharing them with anyone.
  • Monitoring your account activity and promptly notifying us at contact@varsityscape.com if you suspect unauthorized use of your account.
  • Logging out after accessing your account on shared devices.

 

9.3.2 Academy Creators are additionally responsible for maintaining the security of the content and Student data within their Academies, including setting appropriate access controls, permissions, and ensuring compliance with applicable privacy obligations when handling learner information.

 

  1. 10. Data Retention

 

10.1 VarsityScape retains your Personal Data only for as long as is reasonably necessary to fulfill the specific purposes for which it was collected, consistent with the principles of data minimization and storage limitation under the Nigerian Data Protection Act (NDPA) 2023 and other applicable laws (e.g., GDPR, CCPA, or tax regulations). Retention periods vary depending on the type of data, the nature of our relationship with you, and the legal or contractual obligations that apply.

 

10.2 Our retention practices are as follows:

    • Account Data: We retain your account details (e.g., profile information, contact details, account settings) for as long as your account remains active. If you close or delete your account, we will retain such data for a reasonable grace period in case you wish to reactivate your account, or as necessary for fraud prevention, dispute resolution, record-keeping, or to comply with legal and regulatory obligations.
    • Academy Content (for Academy Creators): We store Academy content, such as course materials and assessments, while the Academy Creator’s account is active or as directed by the Academy Creator. Once an account is terminated or deleted, such content will be deleted or anonymized in line with our internal retention schedules, unless otherwise required by law or ongoing legitimate business purposes.
    • Student Data within Academies: Data about Students’ enrollment, progress, performance, and interactions within Academies is retained while the Student remains enrolled and the Academy is active. Academy Creators are primarily responsible for determining retention periods for Student data, subject to applicable laws and our platform’s capabilities. VarsityScape may assist with secure deletion or anonymization upon instruction from the Academy Creator.
    • Data on Experts/Talents on Talent Marketplace: We store and retain data about any Expert or Talent registered on Talent Marketplace for as long as their account remains active. If you close or delete your account, we will retain such data for a reasonable grace period in case you wish to reactivate your account. Certain information may also be retained as necessary for fraud prevention, dispute resolution, record-keeping, or to comply with legal, regulatory, and tax obligations.
    • Usage and Log Data: Technical logs, usage data, and diagnostic information are retained for security, fraud detection, troubleshooting, analytics, and service improvement. While some logs may be stored for shorter periods, aggregated or anonymized data may be kept indefinitely for statistical or research purposes, as such data no longer identifies individual users.
    • Payment Information: Payment transaction records (excluding full payment card details, which we do not store) are retained only for as long as required by applicable tax, accounting, anti-money laundering (AML), and financial reporting obligations.
    • Legal and Regulatory Compliance: Certain categories of data may be retained beyond account closure where required by law (e.g., NDPA 2023, tax regulations, financial reporting obligations, dispute resolution, or law enforcement requests).
    • Backups and Archives: Even after deletion requests, some data may remain in secure backups or archives for a limited period due to technical reasons or business continuity practices. Such data is segregated and securely protected, and it will not be used for any active processing except for restoration or compliance purposes.
  • Anonymized or Aggregated Data: We may retain anonymized or aggregated data indefinitely for research, statistical analysis, or to improve our Services, provided such data cannot reasonably be re-identified.

 

10.3 Your Right to Request Deletion

As explained in the “Your Rights and Choices Over Your Data” section, you may request the deletion of your Personal Data. Upon receiving such a request, we will delete or anonymize your Personal Data unless retention is required for:

  • Compliance with a legal or regulatory obligation
  • Establishment, exercise, or defense of legal claims
  • Completion of a pending transaction or service; or
  • Security, fraud prevention, or system integrity.

 

  1. International Data Transfers

 

11.1 VarsityScape is headquartered in Lagos, Nigeria, but our Services are accessible globally. This means that your Personal Data may be transferred to, stored, or processed in jurisdictions outside of your country of residence, including Nigeria and other countries where our servers, affiliates, or trusted third-party service providers are located. These jurisdictions may have data protection laws that differ from or provide less protection than those in your home country.

 

11.2 Examples of such transfers include:

  • Hosting and cloud storage on servers operated by providers located in the European Union, the United States, or other jurisdictions.
  • Processing payments through global payment gateways such as Stripe or PayPal, which may involve cross-border data flows.
  • Customer support, analytics, and marketing tools that rely on international data transfers to function effectively.

 

11.3 Safeguards for International Transfers: 

When we transfer your Personal Data across borders, VarsityScape implements appropriate safeguards to ensure that such transfers comply with applicable laws, including the Nigerian Data Protection Act (NDPA) 2023, the Nigeria Data Protection Regulation (NDPR), and international standards such as the General Data Protection Regulation (GDPR). These safeguards include:

 

11.3.1 Adequacy Decisions: Where your Personal Data is transferred to a country that has been recognized by the relevant regulatory authority (e.g., the Nigerian Data Protection Commission (NDPC) or the European Commission) as providing an adequate level of data protection, we may rely on that adequacy decision.

 

11.3.2 Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, we may enter into legally binding agreements using SCCs or other approved contractual instruments that require the recipient to protect your Personal Data in line with applicable data protection standards.

 

11.3.3 Binding Corporate Rules (BCRs): Where data is shared within the VarsityScape group of companies (if applicable in the future), we may rely on BCRs that ensure consistent protection of Personal Data across all jurisdictions.

 

11.3.4 Technical and Organizational Measures: These include encryption, pseudonymization, and strict access controls to reduce risks associated with cross-border transfers.

 

11.3.5 Consent: In limited circumstances, and where legally required, we may transfer your Personal Data internationally with your explicit consent, after informing you of any potential risks.

 

11.4 Your Rights in Relation to International Transfers

You may request further information about the legal basis for international data transfers, the safeguards we apply, and copies of relevant agreements (e.g., SCCs), subject to confidentiality obligations. You also retain all the rights outlined in the “Your Rights and Choices Over Your Data” section, regardless of where your Personal Data is transferred.

 

  1. Children’s Privacy

 

12.1 VarsityScape is committed to protecting the privacy of children. Our Services are not directed to individuals under the age of 13, or under a higher minimum age threshold as required by applicable laws (for example, 16 years in the European Economic Area (EEA) unless a lower age is permitted by national law, or as may be prescribed by the Nigerian Data Protection Act (NDPA 2023)).

 

12.2 We do not knowingly collect, use, or disclose Personal Data from children under these age limits without obtaining verifiable parental or guardian consent.

 

12.3 Collection and Use of Children’s Data

  • If a child under the applicable age limit attempts to register for our Services, we may require verification of age and/or consent from a parent or legal guardian before activating the account.
  • Where parental consent is provided, we may collect limited information necessary to provide access to the Services, such as the child’s name, email, and learning activity data, but only to the extent permitted by law and strictly for educational purposes.
  • Parents or guardians who have provided consent may review their child’s data, request its deletion, or revoke consent at any time.

 

12.4 Steps We Take if Data Is Collected Without Consent

If we become aware that we have inadvertently collected Personal Data from a child below the applicable age limit without proper consent, we will:

12.4.1 Delete such information promptly from our systems.

12.4.2 Where feasible, notify the parent or guardian.

12.4.3 Take steps to prevent further unauthorized collection from the child.

 

12.5 Responsibilities of Academy Creators

If you are an Academy Creator, you are independently responsible for ensuring compliance with all applicable children’s privacy and data protection laws when designing, marketing, or operating Academies that may be accessed by children. This includes but is not limited to:

  • Complying with the Children’s Online Privacy Protection Act (COPPA) in the United States, the UK GDPR, the EU GDPR, the NDPA 2023, and similar regulations worldwide.
  • Implementing age verification measures where required.
  • Obtaining and managing verifiable parental or guardian consent before collecting, using, or disclosing a child’s Personal Data.
  • Providing clear privacy notices to parents/guardians explaining what data is collected, why it is needed, and how it will be used.
  • Ensuring that children’s data is collected and processed only for educational purposes and not for marketing, profiling, or other commercial exploitation.

 

12.6 Parental Rights

If you are a parent or guardian and believe that your child has provided us with Personal Data without your consent, you have the right to:

  • Contact us immediately at contact@varsityscape.com.
  • Request access to, correction, or deletion of your child’s Personal Data.
  • Withdraw consent where previously granted.

 

VarsityScape will honor such requests in compliance with applicable laws and take appropriate action to protect children’s privacy.




  1. Automated Decision-Making and Profiling

 

13.1 VarsityScape may use your Personal Data in systems that involve automated decision-making and profiling, but we do so only in compliance with applicable data protection laws and with appropriate safeguards in place.

 

13.2 Automated Decision-Making

Automated decision-making refers to decisions made solely by technological means (without significant human involvement) that have a legal effect on you or significantly affect you in a similar way.

  • At present, VarsityScape does not make decisions with significant legal or similar effects solely based on automated processing of your Personal Data (such as automated decisions affecting employment opportunities, creditworthiness, or legal rights).
  • Where automated decision-making is used (for example, in fraud detection systems or payment security checks), such processing is limited to protecting the integrity of our Services and preventing abuse.

 

13.3 Profiling

Profiling means the automated processing of your Personal Data to analyze or predict aspects relating to your preferences, behaviour, or interests. VarsityScape may use profiling for the following purposes:

  • Personalized Recommendations: Suggesting Academies, learning content, or features that may be relevant to you, based on your browsing history, enrollment activity, or learning progress.
  • Learning Analytics: Providing Academy Creators with insights into Student engagement, course performance, or predicted learning outcomes (often using aggregated or de-identified data where possible to minimize privacy risks).
  • Marketing and Communication Personalization: Delivering tailored communications, promotions, or offers based on your use of the Services and expressed interests, but only where legally permitted and subject to your right to opt out.
  • Fraud Detection and Security: Using automated monitoring tools to detect unusual patterns of behaviour or potentially fraudulent activity to protect Users and the platform.

 

13.4 Safeguards

VarsityScape implements appropriate technical, organizational, and legal safeguards to protect Users where automated decision-making and profiling occur, including:

  • Transparency in notifying Users when profiling is used.
  • Limiting profiling to legitimate business purposes such as service improvement, personalization, or security.
  • Ensuring that profiling does not result in unlawful discrimination, unfair treatment, or violation of your fundamental rights and freedoms.

 

  1. Third-Party Links and Services

 

14.1 Our Services may include or provide access to third-party websites, platforms, tools, and applications that are not owned, controlled, or operated by VarsityScape. Examples include:

 

  • Links to external educational resources provided within an Academy.
  • Integrations with third-party learning management tools, cloud storage services, or video conferencing platforms (e.g., Zoom, Google Drive, Microsoft Teams).
  • Payment gateways and processors (e.g., PayPal, Stripe).
  • Social media plugins or login integrations (e.g., Google, Facebook, LinkedIn).

 

Because VarsityScape does not control these third parties, this Privacy Policy does not apply to the data collection, use, storage, or sharing practices of those third parties. Each third-party provider may process your Personal Data in accordance with its own privacy policy and terms of service.

 

14.2 Your Responsibility

  • We strongly encourage you to carefully review the privacy policies, terms, and data-handling practices of any third-party services that you choose to use in connection with our Services.
  • Your interactions with third-party sites, tools, or services are governed by the respective third party’s policies and not by this Privacy Policy.

 

14.3 Data Sharing with Third-Party Services

  • Where you enable or use a third-party integration (e.g., syncing your account with Google Drive or connecting through a social media login), you authorize VarsityScape to share certain necessary data with that provider (e.g., authentication tokens, profile details) to facilitate the integration.
  • Conversely, those third-party providers may share certain data back with us (e.g., confirmation of your login or files you choose to import), subject to their own policies.
  • VarsityScape is not responsible for any Personal Data you choose to provide directly to a third-party service.

 

14.4 Security and Liability Disclaimer

  • Although we may facilitate access to or display third-party content within our Services, this does not imply endorsement, monitoring, or approval by VarsityScape.
  • We are not responsible, or liable for the accuracy, availability, legality, or safety of third-party services, or for how they handle your data.

 

14.5 Academy Creators’ Responsibility: If you are an Academy Creator and you choose to incorporate third-party links, plugins, or tools into your Academy, you are responsible for ensuring that such integrations comply with applicable data protection laws (such as the NDPA, GDPR, or COPPA, where relevant) and for clearly disclosing any such third-party involvement to your Students.

 

  1. Updates to This Privacy Policy

 

15.1 We may update or amend this Privacy Policy from time to time to reflect:

  • Changes in our data collection and processing practices.
  • Updates to our Services, features, or technologies.
  • Changes in applicable laws, regulations, or regulatory guidance (e.g., the Nigerian Data Protection Act 2023, GDPR, or other relevant global laws); or
  • Adjustments required due to operational, business, or security needs.

 

15.2 Notification of Changes

 

15.2.1 Material Changes: When we make material updates (e.g., changes that affect your rights, introduce new data uses, or alter how your Personal Data is shared), we will provide you with clear notice before such changes take effect. This may include:

  • Posting a prominent notice on our website or platform;
  • Sending an email notification to the email address associated with your account; and/or
  • Delivering an in-app or platform notification.




15.3 Effective Date

Unless otherwise specified in the notice, the revised Privacy Policy will take effect immediately upon posting.

 

15.4 Your Responsibility

  • We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting and processing your Personal Data.
  • Your continued use of our Services after the effective date of any updates will be deemed to constitute your acknowledgement and agreement to the updated terms.
  • If you do not agree with the updated Privacy Policy, you should stop using our Services and may request account deletion in accordance with the section “Your Rights and Choices Over Your Data.”

 

15.5 Version Control

For transparency, VarsityScape may maintain an archive of previous versions of this Privacy Policy upon request, so Users can understand historical practices.

 

  1. 16. How to Contact Us

 

16.1 If you have any questions, concerns, or complaints about this Privacy Policy, our data protection practices, or how your Personal Data is being handled, you may contact us using the details below:

 

Data Protection Officer (DPO):

VarsityScape Limited

Attention: Data Protection Officer

22 Glover Rd, Ikoyi, Lagos 106104, Lagos, Nigeria.

Email: privacy@varsityscape.com

Telephone: +234 904 271 4199

 

16.2 Our Data Protection Officer (DPO) is responsible for monitoring compliance with this Privacy Policy, applicable data protection laws (including the Nigeria Data Protection Act 2023), and serving as your primary contact point for data-related concerns.

 

16.3 Grievance Redress Procedure

 

16.3.1 Step 1: Internal Resolution: If you believe your Personal Data has been mishandled, please first contact our DPO. We will acknowledge receipt of your complaint within a reasonable period (usually 7 working days) and aim to resolve your concerns promptly, fairly, and in line with applicable laws.

 

16.3.2 Step 2: Independent Review: If you are not satisfied with our response or resolution, you may request that the matter be escalated internally to VarsityScape’s senior management or compliance team for further review.

 

16.3.3 Step 3 – External Escalation: If you remain dissatisfied, or if we fail to respond within statutory timelines, you have the right to escalate your complaint to the relevant data protection authority in your jurisdiction.

 

16.4 Regulatory Contact

16.4.1 For Nigeria, you may escalate complaints to:

 

Nigeria Data Protection Commission (NDPC)

Website: https://ndpc.gov.ng

Email: info@ndpc.gov.ng

 

16.4.2 If you are located outside Nigeria, you may also have the right to lodge a complaint with the supervisory authority in your country of residence (for example, the Information Commissioner’s Office (ICO) in the UK or a Data Protection Authority (DPA) in the European Economic Area).

 

16.3 We are committed to working with you and the relevant supervisory authorities to resolve any issues fairly, transparently, and in accordance with applicable law.