Privacy Policy

1. Who We Are

On Air Proof ("OAP", "we", "us", "our") is a radio broadcast monitoring and compliance platform operated by Nu World Entertainment, registered in Nigeria. OAP enables advertising agencies and brands to verify that their commercial materials are broadcast on Nigerian radio stations as scheduled, using audio fingerprinting technology.

Our registered email: nuworldentertainment.nwe@gmail.com

2. Information We Collect

We collect information you provide directly, information generated as you use the platform, and limited data from third-party services.

Account information:

• Full name, company name, email address, phone number
• Business address, state, website URL
• Password (stored as a one-way hash — never readable)
• KYC/identity verification documents: National Identification Number (NIN), CAC registration number (RC/BN), government-issued photo ID (passport, driver's licence), selfie/face photo, CAC certificate and supporting documents
• Referral code (auto-generated)
• Google account data (name, email, avatar) if registering via Google Sign-In

Campaign & advert data:

• Audio files you upload (MP3, WAV, M4A, AAC)
• Campaign titles, descriptions, reference numbers
• Broadcast schedules (station, date, time)

Automatically collected:

• IP address, browser type, operating system
• Pages visited, time spent, referrer URL
• Session identifiers and CSRF tokens
• Payment transaction references (not card numbers)

3. How We Use Your Information

• To create and manage your agency account
• To register your audio material with our fingerprint monitoring system (ACRCloud)
• To monitor Nigerian radio streams and detect when your advert is played
• To generate proof-of-play certificates, broadcast logs, and media purchase documents
• To process subscription payments via Flutterwave or other payment gateways
• To send transactional notifications (broadcast alerts, invoice receipts, subscription reminders)
• To manage campaign records, status transitions, and audit trails
• To facilitate compliance verification between agencies and radio stations
• To manage team member accounts and role-based access for subscription holders
• To comply with ARCON advertising compliance requirements
• To improve the platform through aggregated usage analytics
• To investigate fraud, enforce our Terms, and protect user safety

4. Audio Fingerprinting & Stream Monitoring

When you upload an audio file, OAP submits a digital fingerprint (a mathematical representation, not the raw audio) to ACRCloud for registration and continuous stream monitoring. Key points:

• Fingerprints are mathematical hashes — they cannot be reverse-engineered to reproduce your audio
• Your original audio files are stored encrypted on our servers
• Radio stream data captured during monitoring is used only to match your fingerprint and generate detection records
• Off-air dub recordings (clips of detected broadcasts) are retained for up to 90 days then permanently deleted
• We monitor only publicly broadcast FM/AM radio streams — no private communications

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only with:

• ACRCloud — audio fingerprint registration and stream monitoring (audio fingerprint hashes only, not raw files)
• Flutterwave / Paga — payment processing (name, email, amount — no card data is stored by OAP)
• Cloud hosting providers — encrypted file storage within Nigeria or compliant jurisdictions
• Dojah — identity verification (KYC). Your CAC registration number and NIN are sent to Dojah's API for instant verification against government databases. Dojah returns company or individual details for matching. No raw ID documents or selfie images are shared with Dojah — only the registration/identification numbers. Dojah is contractually bound to protect your data per their privacy policy
• Google Drive — secure cloud storage. Uploaded files (audio, KYC documents, off-air dubs) are stored in encrypted Google Drive folders. OAP retains access credentials; files are deleted within 30 days of account closure
• Google — OAuth authentication only (if you use Google Sign-In); we receive basic profile data, we do not send data to Google
• Legal authorities — if required by Nigerian law or valid court order

All third-party processors are contractually required to protect your data and use it only for the specified purpose.

6. Payments & Financial Data

All payment processing is handled by PCI-DSS-compliant third-party gateways (Flutterwave, Paga). OAP stores only:

• Transaction reference numbers
• Amount, currency, and status
• VAT amounts (7.5% as required by Nigerian law)
• Subscription tier and validity dates

We never store card numbers, CVVs, bank account numbers, or PINs.

7. Data Retention

• Account data: Retained for the lifetime of your account plus 7 years (for financial/legal compliance)
• Audio files: Retained while your account is active; deleted within 30 days of account closure
• Off-air dubs: 90 days from detection date
• Payment records: 7 years (Nigerian tax law requirement)
• KYC documents: Identity documents, selfie photos, and CAC certificates are deleted within 30 days of account closure or upon request (subject to legal holds). Dojah verification results (pass/fail status and returned data) are retained alongside your account record
• Closed accounts: Email address is permanently blocked from re-registration; other personal data is anonymised after 90 days

8. Your Rights

As an OAP user you have the right to:

• Access — request a copy of all personal data we hold about you
• Rectification — correct inaccurate or incomplete information via your Profile page
• Erasure — request deletion of your account and personal data (subject to legal retention obligations)
• Portability — receive your campaign and detection data in a machine-readable format
• Objection — object to processing for marketing purposes
• Withdrawal — withdraw consent at any time (where processing is consent-based)

To exercise any right, email us at nuworldentertainment.nwe@gmail.com. We respond within 30 days.

9. Cookies

OAP uses only strictly necessary cookies:

• oap_session — keeps you logged in during your browser session (expires on close or after 30 minutes of inactivity)
• XSRF-TOKEN — protects against cross-site request forgery attacks

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

10. Children's Privacy

OAP is a B2B platform intended for registered advertising agencies and media professionals. We do not knowingly collect data from persons under 18. If you believe a minor has created an account, please contact us immediately.

11. Security

We implement the following security measures:

• HTTPS/TLS encryption for all data in transit
• Encrypted storage for audio files and sensitive documents
• Password hashing using bcrypt
• Session timeout after 30 minutes of inactivity
• CSRF protection on all forms
• Role-based access control (admin / agency / station separation)
• Google OAuth 2.0 for secure third-party authentication

No system is 100% secure. In the event of a data breach affecting your rights, we will notify affected users within 72 hours of becoming aware.

12. Google Sign-In & OAuth

OAP offers Google Sign-In as an alternative registration and login method. When you choose to sign in with Google:

• We receive your name, email address, and profile picture from Google via the OAuth 2.0 protocol
• We do not receive or store your Google password
• We do not access your Gmail, Google Drive, or other Google services beyond the basic profile scope
• Your Google profile data is used solely to create or authenticate your OAP account
• You can revoke OAP's access at any time from your Google Account permissions

If you registered via Google Sign-In and later wish to use a password instead, you can set one from your Profile page.

13. Camera & Device Access

During KYC verification, OAP may request access to your device camera to:

• Scan identity documents — capture a photo of your government-issued ID or CAC certificate using your device's rear camera
• Take a selfie — capture a face photo using your front-facing camera to match against your ID document

Camera access is:

• Optional — you may upload files from your device instead
• Permission-based — your browser will prompt you to grant camera access; you can deny or revoke this at any time
• Temporary — the camera stream is stopped immediately after capture and is not recorded or transmitted in real-time
• Local processing — captured images are converted to JPEG locally in your browser before upload; no video stream data leaves your device

14. Radio Station Accounts

Radio stations can create free accounts on OAP to participate in the broadcast compliance verification process. Station account data includes:

• Station information: station name, contact person, email, phone number
• KYC verification: identity documents submitted for verification (processed the same as agency KYC — see Section 2)
• Compliance review data: verdicts (confirmed/disputed/missed) on compliance logs sent by agencies, reviewer comments, and timestamps

Station accounts are free and do not require a subscription. Station data is used solely for compliance verification and is not shared with third parties beyond the agency that initiated the compliance log.

15. Campaigns & Compliance System

Campaigns: When you create a campaign, we store the campaign name, client/brand, date range, description, attached audio files, and all status changes (active, paused, halted, ceased, terminated, completed) with timestamps and reasons. Campaign status changes are logged in an audit trail.

Compliance (Back-Check) System: The compliance contest system creates a two-party record between agencies and radio stations:

• Agencies create compliance logs containing spot-by-spot broadcast data
• Stations review and submit verdicts on each spot
• Both parties can see the compliance rate and review history
• Compliance data is retained for audit and regulatory purposes (see Section 7 — Data Retention)

16. Team Management

Senior and Veteran subscription plans allow account owners to add team members (managers, department heads). When a team member is added:

• The owner provides the team member's name, email, phone, and role
• An account is created for the team member with a system-generated password
• Team members can access the owner's campaigns, adverts, and compliance logs based on their role and permissions
• The account owner can deactivate or remove team members at any time
• If a team member is removed, their access is immediately revoked but their account remains (they can request independent deletion)

17. Data Deletion

You have the right to request deletion of your account and all associated data. For full details on what gets deleted, what is retained for legal compliance, and the deletion timeline, please see our Data Deletion Policy.

Key points:

• Account access is disabled immediately upon request
• Personal data, audio files, campaigns, and KYC documents are deleted within 30 days
• Payment records are retained for 7 years (Nigerian tax law)
• An email hash is retained permanently to prevent re-registration of closed accounts

18. Changes to This Policy

We may update this Privacy Policy to reflect new features, legal requirements, or changes in how we operate. When we make material changes, we will notify you by email and update the "Last updated" date above. Continued use of OAP after the effective date constitutes acceptance of the revised policy.

19. Contact Us

For privacy inquiries, data requests, or complaints:

• Email: nuworldentertainment.nwe@gmail.com
• Platform: onairproof.com
• Company: Nu World Entertainment, Nigeria

If you are unsatisfied with our response, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

20. Accessibility Commitment

On Air Proof is committed to ensuring our platform is accessible to all users, including those with disabilities. Our website is designed and tested to meet WCAG 2.1 Level AA accessibility standards.

Accessibility Features:

• Full keyboard navigation support
• Compatible with screen readers (NVDA, JAWS, VoiceOver)
• Proper color contrast ratios for readability
• Properly labeled form controls
• Responsive design for all device sizes
• Semantic HTML structure

Known Limitations: Some third-party integrations (payment gateways, external widgets) may have accessibility limitations beyond our control.

If you encounter accessibility barriers, please contact us at admin@onairproof.com. We respond to accessibility feedback within 5 business days. For our complete accessibility statement, visit our Accessibility page.