Privacy Policy for Penzest

Last updated: April 15, 2026

1. Introduction

Penzest (“Penzest”, “we”, “our”, or “us”) is a digital publishing and newsletter platform operated by Fortiplace Global Limited, a company registered in Nigeria.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you use:

  • the Penzest website at https://penzest.com;
  • creator publications, subdomains, and hosted pages powered by Penzest;
  • newsletter, subscription, payment, and communication features made available through the platform; and
  • any related products, services, support channels, or communications operated by Penzest.

Penzest is committed to handling personal data in a lawful, fair, and transparent manner in line with the Nigeria Data Protection Act 2023 (NDPA 2023) and other applicable laws.

By using Penzest, you acknowledge that your personal data will be processed as described in this Privacy Policy.

2. Who We Are

Penzest is operated by Fortiplace Global Limited.

For the purposes of applicable data protection laws, including the Nigeria Data Protection Act 2023, Penzest may act as:

  • a data controller, where we determine why and how personal data is processed for platform operations such as account creation, platform administration, billing support, fraud prevention, analytics, security, and legal compliance; and
  • a data processor or service provider, where we process certain subscriber or audience data on behalf of creators using the platform, in accordance with their instructions and subject to applicable law.

3. Scope of This Policy

This Privacy Policy applies to personal data relating to:

  • visitors to our website;
  • account holders and prospective users;
  • creators and publishers using Penzest;
  • subscribers and readers who subscribe to publications powered by Penzest;
  • users who contact us for support or other enquiries; and
  • individuals whose data is processed through platform operations, security logs, payment flows, and email delivery systems.

4. Personal Data We Collect

We may collect the following categories of personal data.

4.1 Information You Provide Directly

When you create an account, complete onboarding, use creator tools, subscribe to a publication, make a payment, or contact support, we may collect:

  • name;
  • email address;
  • username;
  • password and authentication-related information;
  • profile information;
  • creator publication details, branding, and settings;
  • newsletter and content preferences;
  • support messages and correspondence;
  • information you submit when applying for approval or verification on the platform; and
  • any other information you choose to provide while using Penzest.

4.2 Publication and Content Data

If you are a creator or publisher, we may collect and process:

  • posts, newsletters, drafts, media, and other content you upload or publish;
  • publication details such as title, description, subdomain, branding assets, audience settings, and pricing;
  • subscriber list information you upload, import, or manage through the platform; and
  • communications you send through Penzest.

4.3 Subscriber and Reader Data

If you subscribe to a publication powered by Penzest, we may process:

  • your email address;
  • your subscription status;
  • your selected plan or tier;
  • subscription and payment history;
  • opt-in, unsubscribe, and preference information; and
  • engagement and delivery event data associated with newsletters, where applicable.

4.4 Payment and Transaction Data

Payments on Penzest are processed by third-party payment providers such as Paystack. We do not store full card details on our own systems. We may receive and retain limited payment-related information such as:

  • billing name and contact details;
  • transaction identifiers;
  • payment status;
  • subscription plan and renewal status;
  • payout-related records for creators; and
  • records needed for accounting, fraud prevention, dispute handling, and compliance.

4.5 Automatically Collected Data

When you use Penzest, we may automatically collect certain technical and usage information, including:

  • IP address;
  • device information;
  • browser type and version;
  • operating system;
  • pages viewed and actions taken;
  • timestamps and session data;
  • referrer URLs;
  • approximate location inferred from technical data such as IP-based country information;
  • log data relating to performance, errors, abuse prevention, and security monitoring; and
  • cookie and similar technology data.

4.6 Email Delivery and Engagement Data

Where email delivery features are used, Penzest and its email service providers may process information relating to:

  • message delivery;
  • opens and clicks, where enabled;
  • bounces;
  • unsubscribes;
  • spam complaints;
  • suppression status; and
  • email metadata reasonably necessary to operate, secure, and improve delivery services.

5. How We Use Personal Data

We use personal data for the following purposes:

  • to create and manage user accounts;
  • to provide the Penzest platform and related services;
  • to host and distribute creator content;
  • to enable subscriptions, newsletter delivery, and reader communications;
  • to process transactions, subscriptions, payouts, and billing-related operations;
  • to verify accounts, manage onboarding, and review users for approval where applicable;
  • to detect, investigate, and prevent fraud, abuse, spam, unauthorised activity, and security incidents;
  • to maintain suppression lists and respect unsubscribe and complaint signals;
  • to provide customer support and respond to enquiries;
  • to monitor performance, usage, and platform reliability;
  • to generate analytics, reports, and operational insights;
  • to comply with legal, regulatory, tax, accounting, and enforcement obligations; and
  • to communicate important notices, service messages, and product updates.

6. Lawful Bases for Processing

Where the Nigeria Data Protection Act 2023 or another applicable law requires a lawful basis for processing, we may rely on one or more of the following:

  • consent, for example where a user subscribes to a publication or opts in to certain communications;
  • contractual necessity, where processing is required to provide the services requested by a user, subscriber, or creator;
  • legal obligation, where we must process data to comply with applicable laws, lawful requests, accounting obligations, or enforcement requirements; and
  • legitimate interests, where processing is reasonably necessary for platform security, fraud prevention, service improvement, analytics, operational administration, and related business purposes, provided such interests are not overridden by applicable legal protections.

7. Cookies and Similar Technologies

Penzest uses cookies and similar technologies for purposes such as:

  • keeping users signed in and maintaining sessions;
  • remembering preferences and settings;
  • improving security and detecting abuse;
  • measuring usage, performance, and product effectiveness; and
  • supporting basic platform functionality.

You may be able to control cookies through your browser or device settings. However, blocking certain cookies may affect the availability or functionality of parts of the platform.

8. When We Share Personal Data

We do not sell personal data.

We may share personal data only where reasonably necessary, including with:

  • payment processors such as Paystack, for payment handling and related transaction services;
  • email delivery providers such as Mailgun, for sending newsletters, transactional emails, and processing delivery events;
  • hosting, security, CDN, and infrastructure providers such as Cloudflare, Railway, Wasabi, and similar providers, to operate the platform and protect it from abuse;
  • professional advisers, auditors, insurers, and legal advisers where necessary;
  • law enforcement agencies, regulators, courts, or public authorities, where required by law or where reasonably necessary to establish, exercise, or defend legal rights; and
  • successors or acquirers, if Penzest is involved in a merger, restructuring, acquisition, financing, asset sale, or similar corporate transaction.

9. Creators and Subscriber Data

Creators who use Penzest to collect and manage subscriber information are responsible for ensuring that they have an appropriate legal basis and the necessary permissions to contact their subscribers.

Depending on the specific processing activity:

  • the creator may act as a data controller in relation to their subscriber relationships, audience decisions, and communication content; and
  • Penzest may process subscriber data on the creator’s behalf in order to provide hosting, newsletter delivery, analytics, subscription management, suppression handling, and related platform services.

Creators must not upload, import, buy, scrape, harvest, or use email lists in violation of applicable law, consent requirements, or platform policies. Creators must only import subscriber or contact lists made up of individuals who have already opted in and validly consented to receive the relevant communications. Penzest may use automated or manual detection mechanisms to identify high-risk, non-opt-in, abusive, or suspicious lists or sending activity. Where we detect elevated risk, unusual complaint patterns, or signs that a list may not have been collected with proper consent, we may restrict sending, require additional information, suspend campaign delivery, or suspend the relevant account.

10. International Data Transfers

Because Penzest uses service providers and infrastructure that may be located in Nigeria and in other countries, personal data may be transferred to or processed outside Nigeria.

Where this occurs, we take reasonable steps appropriate to the nature of the processing to protect personal data, including contractual, organisational, and technical safeguards where appropriate.

11. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the platform, comply with legal obligations, resolve disputes, enforce our agreements, prevent abuse, and maintain business records.

Retention periods may vary by category of data. For example:

  • account and profile data may be retained while an account remains active and for a reasonable period afterwards for security, compliance, and record-keeping purposes;
  • transaction, billing, and financial records may be retained for as long as required by applicable tax, accounting, and legal obligations;
  • support records and security logs may be retained for operational, fraud prevention, and dispute-resolution purposes for a limited period appropriate to those purposes;
  • subscriber and suppression records may be retained as needed to honour unsubscribe requests, prevent unwanted messaging, and maintain compliance and deliverability safeguards; and
  • published content and creator data may be retained according to platform settings, creator actions, legal obligations, and technical backup cycles.

When personal data is no longer required, we will delete it, anonymise it, or securely restrict it, subject to applicable law and legitimate record-retention needs.

12. Account Deletion and Content Removal

Users may request deletion of their account, subject to any legal, contractual, operational, payment, tax, fraud-prevention, or record-keeping obligations that require certain information to be retained.

Where an account is deleted:

  • access to the platform may be revoked;
  • associated profile information may be removed or anonymised;
  • some content or records may remain where required for legal, operational, security, accounting, or audit purposes; and
  • certain residual copies may remain temporarily in backups or archived systems for a limited period.

If a creator account is deleted, subscriber-facing consequences may depend on the creator’s publication settings, subscription state, legal obligations, and platform processes at the time of deletion.

13. Your Privacy Rights

Subject to applicable law, you may have the right to:

  • request access to personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of personal data in certain circumstances;
  • object to or request restriction of certain processing in certain circumstances;
  • withdraw consent where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal;
  • request a copy of certain data you have provided to us, where applicable; and
  • complain to the relevant data protection authority, including the Nigeria Data Protection Commission (NDPC), where appropriate.

We may request information necessary to verify your identity before acting on a privacy request.

14. Security

We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, disclosure, alteration, loss, misuse, and other unlawful processing. These measures may include access controls, secure infrastructure, logging, monitoring, and service-provider safeguards.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

15. Children’s Privacy

Penzest is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child has provided personal data in violation of this policy, we may take steps to delete the information and restrict the relevant account, subject to applicable law.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Where appropriate, we will post the updated version on this page and update the “Last updated” date. Where required by law or where the changes are material, we may also provide additional notice through the platform or by email.

17. Contact Us

For privacy-related questions, requests, or complaints, please contact:

Penzest / Fortiplace Global Limited
Email: support@penzest.com