Data processing

Your business data, handled like it matters.

A plain-language account of what KOMERRA processes on your behalf, where the boundaries are, and the rights you keep.

What we process, and for whom

When you run your business on KOMERRA, you entrust us with business records: your products, orders, customers and their contact details, payments recorded, documents generated, and usage of your credit wallet. We process this data solely to provide the service to your business — it is your data, processed on your instructions.

Customer data inside your account

Your customers' names, phone numbers and balances exist in KOMERRA because you recorded them. You are responsible for having a lawful basis to record them (a sales relationship typically is one), and we are responsible for protecting them: they are never shown to another business, never sold, and never used to market to your customers.

Tenant isolation

Every business's records are separated by row-level security enforced in the database itself, in addition to application-level checks. Cross-tenant reads are structurally prevented, not just policy-forbidden.

AI processing

Messages you send to the AI assistant are scanned for prompt-injection content and redacted before processing. Extraction events are logged with a redacted excerpt for safety review. The AI never changes records without your explicit confirmation, and money math is always computed by code.

Payment data

KOMERRA does not collect or store card numbers. Credit top-ups are handled by licensed payment providers; we store only the transaction reference and verified outcome needed to credit your wallet and show your history.

Retention and deletion

Your records persist for as long as your account is active so your business history stays intact. Account closure and data deletion requests are honored — contact us and we will action them, subject to legal record-keeping obligations.

Sub-processors

We rely on infrastructure and payment providers to run the service (hosting, email delivery, payment processing). Each processes only what its function requires. A current list is available on request.

Compliance posture

KOMERRA is built Nigeria-first and takes the Nigeria Data Protection Act (NDPA) as its baseline for handling personal data. This starter policy should be reviewed by qualified counsel before commercial launch.