Privacy Policy

1. Introduction

MarginCOS ("the Platform") is a product of Carthena Advisory ("we", "us", or "our"). We are committed to protecting the privacy and security of your personal information and commercial data. This Privacy Policy explains how we collect, use, store, and protect data when you use MarginCOS, in compliance with the Nigeria Data Protection Regulation (NDPR), the Nigeria Data Protection Act 2023, and applicable principles of the EU General Data Protection Regulation (GDPR).

2. Data We Collect

3. How We Use Your Data

• •To provide, operate, and maintain the MarginCOS platform and your account
• •To process your commercial data and generate margin analysis, pricing intelligence, cost pass-through metrics, channel economics, and trade execution insights
• •To respond to diagnostic booking requests and customer support enquiries
• •To send transactional communications related to your account (e.g. password resets, subscription confirmations)
• •To improve the Platform based on aggregated, anonymised usage patterns
• •To comply with legal obligations under Nigerian law

4. Data Isolation and Security

Your commercial data is fully isolated from other clients' data. MarginCOS enforces row-level security (RLS) policies at the database level, meaning your portfolio data is cryptographically and logically separated from every other account. No other client, and no Carthena Advisory employee outside of authorised support personnel, can view your data.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information or commercial data to any third party. We share data only with the following categories of service providers, strictly under data processing agreements:

• •Infrastructure providers: Supabase (database and authentication), Vercel (hosting)
• •Analytics: Anonymised, aggregated usage data only — never individual client commercial data

All third-party processors are contractually bound to process data only on our instructions and to maintain equivalent or higher security standards.

6. Data Retention

We retain your account information and commercial data for as long as your subscription is active. Upon cancellation or account deletion:

• •Your commercial portfolio data is permanently deleted within 90 days of cancellation
• •Account information (name, email) may be retained for up to 12 months for legal and audit purposes
• •Anonymised, aggregated analytics data (which cannot be linked back to you) may be retained indefinitely

You may request immediate deletion of your data at any time by contacting us at the address below.

7. Your Rights

Under the NDPR, the Nigeria Data Protection Act 2023, and applicable data protection law, you have the following rights:

• •Right of access: Request a copy of the personal data we hold about you
• •Right to rectification: Request correction of inaccurate or incomplete data
• •Right to erasure: Request deletion of your personal data and commercial data
• •Right to data portability: Receive your data in a structured, machine-readable format (CSV export)
• •Right to object: Object to processing of your personal data for specific purposes
• •Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

8. Cookies and Analytics

MarginCOS uses cookies to operate the platform and understand how visitors use our site. Essential cookies: We use session cookies for authentication and login functionality. These are required for the platform to function and cannot be disabled. Analytics cookies: We use Google Analytics (GA4) to understand how visitors interact with our public pages. Analytics cookies are only set after you provide explicit consent via the cookie banner displayed on your first visit. If you decline, no analytics cookies are set and no browsing data is collected. You can change your cookie preference at any time by clearing your browser's local storage for margincos.com, which will cause the consent banner to reappear on your next visit. We do not use marketing cookies, advertising trackers, or retargeting pixels. We do not sell or share browsing data with third parties.

9. International Data Transfers

Your data may be processed on servers located outside Nigeria (including the United States and the European Union) through our infrastructure providers. Where data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and compliance with NDPR cross-border transfer requirements.

10. Children

MarginCOS is a business-to-business platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and posted on this page with an updated effective date. Continued use of the Platform after changes constitutes acceptance of the updated policy.

12. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act 2023 and the Nigeria Data Protection Regulation (NDPR).

13. Contact