RIOS

Privacy Policy

RIOS (Risk Intelligence Operating System)

Last updated: June 2026

This Privacy Policy governs the collection, processing, storage, and disclosure of personal and organizational data submitted to the RIOS platform. By accessing or using RIOS, you confirm that your organization has read, understood, and agreed to the terms of this policy.

1. Who We Are

RIOS Technologies Ltd. ("RIOS", "we", "us", or "our") operates the RIOS Risk Intelligence Operating System, a unified platform designed to help extractive, energy, and industrial companies centralize ESG data, monitor media sentiment in real time, detect operational risks, and generate audit-ready reports mapped to GRI, IFRS S1/S2, and TCFD frameworks. We are registered and operating under the laws of the Federal Republic of Nigeria, with a service mandate across African and emerging markets.

Data Controller: Project RIOS
Contact: info@proallyworld.com
Website: www.proallyworld.com

2. Scope of This Policy

This Privacy Policy applies to:

  • All users of the RIOS web platform, whether during trial, pilot, or paid subscription.
  • All organizational administrators who manage RIOS accounts on behalf of their companies.
  • All data submitted to RIOS, including ESG metrics, operational records, compliance data, and user profile information.

This policy does not apply to third-party services, tools, or integrations that RIOS may connect to, each of which has its own privacy terms.

3. Data We Collect

3.1 Account & Identity Data

When an organization registers on RIOS, we collect:

  • Full names and job titles of registered users
  • Work email addresses and contact numbers
  • Company name, registration details, and sector classification
  • Login credentials (passwords are hashed; we never store them in plain text)

3.2 ESG & Operational Data

Users upload and submit ESG operational data, which may include:

  • Emissions data (Scope 1, 2, and 3 greenhouse gas figures)
  • Water usage and waste generation records
  • Health, Safety & Environment (HSE) incident logs
  • Community investment figures and social performance indicators
  • Governance disclosures and management structures
  • Monitored asset locations (e.g., oil fields, mining sites, facilities)
  • Stakeholder pressure levels and regulatory body priorities

This data is submitted voluntarily and is used exclusively to power the platform's reporting, mapping, risk scoring, and compliance analysis functions.

3.3 Media Intelligence Data

RIOS automatically collects and analyzes publicly available media data, including:

  • News articles from NewsAPI.org and Google News RSS feeds
  • Article headlines, URLs, publication dates, and source names
  • Sentiment scores, risk levels, and ESG category classifications generated by AI analysis
  • Incident detection flags and stakeholder pressure indicators

This data is collected from public sources and processed to provide real-time risk intelligence. RIOS does not collect private or confidential media content.

3.4 Platform Usage Data

We automatically collect:

  • IP addresses and device/browser information
  • Session activity logs, page visits, and feature interactions
  • Error reports and diagnostic data to maintain platform stability

3.5 Communications Data

If you contact our support team or respond to our communications, we retain those messages for service and improvement purposes.

4. How We Use Your Data

RIOS processes your data based on legitimate interest, contractual necessity, and your explicit consent. Specifically, we use your data to:

  1. Deliver the RIOS platform services, including ESG mapping, media intelligence monitoring, sentiment analysis, risk scoring, incident detection, and compliance dashboards.
  2. Monitor and analyze news articles, social media, and regulatory updates to provide real-time risk intelligence.
  3. Classify media content by sentiment, risk level, and ESG category using AI-powered analysis.
  4. Detect incidents, track stakeholder pressure trends, and generate risk alerts.
  5. Map your operational ESG metrics to applicable disclosure frameworks (GRI, IFRS S1/S2, SASB, TCFD).
  6. Generate audit-ready ESG reports and sustainability disclosures on your behalf.
  7. Compute risk scores by aggregating media sentiment, incident frequency, and stakeholder pressure data.
  8. Improve platform performance, features, and user experience.
  9. Communicate product updates, critical notices, or service changes.
  10. Meet our legal, regulatory, or contractual obligations.

We do NOT use your ESG or operational data for advertising, profiling unrelated to your service, or sale to third parties.

5. Legal Basis for Processing

We process your data under the following lawful bases as recognized under Nigeria's Nigeria Data Protection Act (NDPA) 2023 and internationally equivalent frameworks:

  • Contract Performance: Processing necessary to provide platform services under your subscription agreement.
  • Legitimate Interests: Platform security, fraud prevention, and aggregate analytics to improve the product.
  • Consent: For optional features such as newsletters, product feedback programs, or beta access.
  • Legal Obligation: Retaining records as required by Nigerian law, financial regulations, or court orders.

6. Data Storage & Security

6.1 Storage Location

All RIOS platform data is stored on enterprise-grade cloud infrastructure with encryption at rest (AES-256) and in transit (TLS 1.2+). We maintain primary data residency in compliance with applicable Nigerian data sovereignty guidelines.

6.2 Security Measures

Our technical and organizational security measures include:

  • Role-based access controls limiting internal data access on a need-to-know basis
  • Multi-factor authentication (MFA) available to all organizational accounts
  • Continuous security monitoring and intrusion detection systems
  • Regular penetration testing and vulnerability assessments
  • Encrypted backups with defined recovery point objectives

6.3 Breach Response

In the event of a data breach affecting your information, RIOS will notify affected organizations within 72 hours of confirmed discovery, consistent with the NDPA 2023 requirements, and will cooperate fully with the Nigeria Data Protection Commission (NDPC).

7. Data Sharing & Disclosure

RIOS does not sell, rent, or trade your personal or organizational data. We share data only under these limited conditions:

7.1 Service Providers

We engage vetted third-party processors (cloud infrastructure, email delivery, security monitoring) under strict data processing agreements that prohibit independent use of your data.

7.2 Regulatory Compliance

We may disclose data if required by Nigerian law, court order, regulatory investigation (including the NDPC, NUPRC, or NESREA), or to enforce our legal rights.

7.3 Business Transfers

In the event of a merger, acquisition, or business restructuring, your data may be transferred to a successor entity. You will be notified at least 30 days prior, with the right to request deletion before the transfer is finalized.

7.4 With Your Authorization

We may share reports or data outputs that you explicitly instruct RIOS to deliver to third parties (e.g., investors, regulators, auditors) as part of the platform's disclosure workflow.

8. Data Retention

We retain your data for the following periods:

  • Account & identity data: For the duration of your active subscription + 2 years after termination.
  • ESG & operational data: For the duration of your subscription + 5 years (to support audit and regulatory review periods).
  • Usage & diagnostic logs: 12 months on a rolling basis.
  • Communications: 3 years from date of last interaction.

You may request deletion of your data at any time. Where we have legal obligations requiring retention, we will inform you of the minimum retention period before complying.

9. Your Rights as a Data Subject

Under the NDPA 2023 and equivalent international frameworks, you (and the organizations you represent) hold the following rights:

  • Right of Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data where no overriding legal basis exists.
  • Right to Restriction: Ask us to limit processing while a dispute is resolved.
  • Right to Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interest.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without penalty.

To exercise any of these rights, submit a written request to privacy@rios-platform.com. We will respond within 30 days. If you are dissatisfied with our response, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

10. Cookies & Tracking Technologies

RIOS uses strictly necessary cookies to maintain authenticated sessions and platform performance. We do not use third-party advertising or tracking cookies. You may configure your browser to block cookies, though this may impair core platform functionality.

11. International Users

RIOS is designed for deployment across African and emerging markets. When data is transferred across borders (e.g., to cloud infrastructure providers), we ensure that appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms consistent with NDPA 2023 requirements.

12. Children's Data

RIOS is an enterprise B2B platform. We do not knowingly collect or process personal data of individuals under the age of 18. If such data is inadvertently submitted, it will be deleted upon discovery.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via email and in-platform notification at least 14 days before taking effect. Continued use of the platform after that date constitutes acceptance of the revised policy.

14. Contact Us

For any privacy-related queries, data subject requests, or concerns:

Privacy Officer, Project RIOS
Email: info@proallyworld.com
Website: www.proallyworld.com