Nigerian +234 numbers now available on all plans.See use cases
Magana AI
Sign inStart free

Legal

Privacy Policy

Last updated: 25 June 2026

1. Who we are

Magana AI ("Magana", "we", "us", "our") is a voice AI platform operated from Nigeria. Our registered business address is Lagos, Nigeria. You can reach us at privacy@devit.i.ng.

2. Data we collect

We collect the following categories of personal data:

  • Account data: Name, email address, business name, and billing details provided when you create an account.
  • Call data: Audio recordings, transcripts, metadata (caller ID, duration, timestamps) for calls handled by your Magana agents.
  • Usage data: Platform activity logs, API request logs, and analytics events within our dashboard.
  • Caller data: Information collected from end-callers during calls handled by your agents — this is data you (the operator) are responsible for under NDPR.

3. Legal basis for processing (NDPR)

Under the Nigeria Data Protection Regulation (NDPR) 2019, we process personal data on the following lawful bases:

  • Contract: Processing necessary to provide the Magana platform services you've contracted with us.
  • Legitimate interests: Security monitoring, fraud prevention, and platform improvement analytics.
  • Consent: Marketing communications (you can withdraw at any time).

4. How we use your data

  • To provision and operate your Magana workspace and agents
  • To generate call analytics and post-call AI analysis
  • To process billing and send account communications
  • To investigate security incidents and enforce our Terms of Service
  • To improve our platform (using aggregated, anonymised data)

5. Data residency and transfers

All call audio, transcripts, and workspace data are stored on servers located within Nigeria or within the West African region. We do not transfer personal data to jurisdictions outside Africa without implementing appropriate safeguards as required by NDPR Article 2.11.

Our AI model providers (Anthropic, Deepgram) may process data outside Nigeria under data processing agreements that meet NDPR transfer requirements.

6. Retention

Call transcripts and recordings are retained for 90 days by default. Workspace operators can configure shorter retention periods or delete records at any time from the dashboard. Account data is retained for the duration of your subscription plus 30 days after termination.

7. Your rights

Under NDPR, you have the right to:

  • Access personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of personal data (subject to legal retention obligations)
  • Object to processing for direct marketing
  • Data portability — receive your data in a structured, machine-readable format

To exercise any of these rights, email privacy@devit.i.ng.

8. Security

We implement industry-standard security controls: encryption at rest (AES-256) and in transit (TLS 1.2+), role-based access controls, and regular security reviews. We hold a workspace-isolated secrets vault so your API keys are never stored in plaintext.

9. Third-party sub-processors

  • Anthropic — LLM inference (Claude models)
  • Deepgram — Speech-to-text and text-to-speech
  • LiveKit — WebRTC media infrastructure
  • Twilio — PSTN telephony and phone number provisioning
  • Supabase — Database hosting
  • Clerk — Authentication

10. Changes to this policy

We may update this policy from time to time. We'll notify you of material changes by email and by posting a notice on the platform. Continued use after notification constitutes acceptance of the updated policy.

11. Contact

For privacy enquiries: privacy@devit.i.ng
For general enquiries: hello@devit.i.ng