Plain-English summary. Muster is a workspace your organization uses to validate bank accounts, run programs, and keep records. Your data belongs to your organization. We process it on their instructions, store it for as short as we sensibly can, and never sell it. If your organization stops using us, the data is deleted.
1. Who we are
Muster is operated by Data Druid Tech Limited ("Data Druid", "we", "us"), a company registered in Nigeria, with offices in Lagos.
This Privacy Policy describes how we handle personal data when you (a) use Muster as part of an organization that has a Muster account, or (b) interact with the public Muster website at muster.worksiapps.com.
2. Roles — controller and processor
Muster is a multi-tenant SaaS. Each customer organization (an NGO, government agency, donor, enterprise, research body, etc.) has its own isolated workspace. The customer organization is the data controller for any personal data they upload, enter, or generate inside Muster — they decide what data to collect, why, and what to do with it.
Data Druid is the data processor. We process personal data on behalf of the customer organization, only as instructed by them and only as needed to operate the service.
When you visit the public Muster website (without signing in), Data Druid is the controller for the very limited personal data we collect about you (see §6).
3. Personal data we process inside the platform (as processor)
The exact data depends on what your organization uses Muster for. Typical fields:
| Category | Examples | Source |
|---|---|---|
| Account holder identifiers | Name, bank account number, bank code, BVN, NIN, phone number, email | Uploaded by the customer org for validation |
| Resolved identity data | Name on the bank account as returned by the bank | Returned by the bank verification channel (NIBSS-aligned API) |
| Participant / beneficiary records | Name, role/category, location, payment rate, gender, date of birth (where collected) | Uploaded or registered by the customer org |
| Workforce records | Org member name, email, role, unit assignment | Invited / created by the customer org admin |
| Audit metadata | Login timestamp, IP address, action performed, resource affected | Generated automatically by Muster |
4. Why we process it
We process personal data only to:
- Provide the validation, payment, event, participant, and reporting features the customer organization has subscribed to
- Generate audit logs and compliance reports the organization needs for governance
- Bill the organization for use of the service
- Detect and prevent abuse, fraud, and security incidents
- Respond to customer support requests
- Meet our legal obligations (tax, regulatory, court orders)
5. Retention — how long we keep it
We keep raw personal data for as short as we can. The defaults:
| Data class | Retention | Why |
|---|---|---|
| Validation row data (account number, beneficiary name, resolved name) | 7 days after the batch is processed, then PII fields are purged | Default retention. Configurable per organization (longer where regulatory requirements demand) |
| Resolved-account cache (account → resolved name) | 30 days | Speeds up re-validation, then purged |
| Validation metadata (counts, batch summaries, exception summaries) | Indefinite while the org account is active | Required for monthly compliance reports |
| Audit log entries (who did what, when) | Indefinite while the org account is active | Required for governance and investigations |
| Account holder identifiers in payment records | As required by the controller's regulatory obligations (typically 7 years for financial records in Nigeria) | Tax / financial-recordkeeping law |
| Org owner / admin contact details | While the org account is active, plus 90 days after closure | Account servicing |
| Backups | Daily encrypted backups retained 30 days; monthly retained 12 months; yearly retained 7 years | Disaster recovery; data subject deletion requests are honoured at next backup rotation |
When an organization closes its Muster account, we permanently delete its data within 30 days (subject to the backup rotation above), unless the organization specifically requests a different timeline or retention is required by law.
6. Personal data we collect on the public website (as controller)
When you visit Muster's public website without signing in, we collect:
- Server access logs (IP address, requested URL, user-agent, timestamp) — kept for 30 days for security monitoring
- If you submit a contact form, the email address and message you provide — kept until your enquiry is resolved plus 12 months
- If you sign up to a waitlist, the email address you provide — until you unsubscribe or 24 months idle
We do not use third-party analytics scripts (no Google Analytics, no Facebook Pixel, no advertising networks). We do not set cookies on the public marketing pages beyond a session cookie required when you sign in.
7. Who we share personal data with
We share personal data only with the following categories of recipient, and only as necessary:
| Recipient | What is shared | Why |
|---|---|---|
| NIBSS-aligned bank verification channel (currently Flutterwave / Paystack) | Account number + bank code | To return the name on the account — the core service |
| Hosting provider (Hetzner Online GmbH, Germany) | All data, encrypted at rest on their infrastructure | They host the servers Muster runs on |
Email delivery (our own SMTP host on mail.datadruidtech.org.ng) | Recipient address + email content (invoices, password reset, notifications) | To deliver transactional email |
| Payment processors (Flutterwave, Paystack) | Billing contact, amount, organization name | To collect subscription fees from customers who pay by card |
| Authorities (where legally compelled) | Only what is specifically demanded | Court orders, lawful regulatory requests. We push back where the request is overbroad and notify the customer org where lawful. |
We do not sell personal data. We do not share it with advertisers, data brokers, or marketing networks. We do not use it to train machine-learning models.
8. Where personal data is stored
Data is stored on servers operated by Hetzner Online GmbH in Germany (EU). Backups are stored encrypted with an object-storage provider (Backblaze / Cloudflare R2) in EU regions. Bank verification calls go through NIBSS-aligned APIs which operate primarily in Nigeria.
Customer organizations operating under specific data-residency requirements (e.g. Nigeria-only hosting) can request a self-hosted deployment of Muster on infrastructure they control.
9. Security
We apply the controls described in our Security Statement. Headlines:
- HTTPS for all traffic; TLS 1.2+ enforced
- Passwords hashed with PBKDF2-SHA256 (Django default), never stored in plaintext or reversible form
- Each customer organization's data is logically isolated; the database role hosting Muster cannot access any other application on the same hardware
- Encrypted backups, daily, off-site
- Audit log of every state-changing action
- Dependency scanning before each deploy
10. Your rights
Where you are an end-user inside a customer organization's workspace, the customer organization is the controller. To exercise rights over your personal data — access, correction, deletion, restriction, objection, portability — contact your organization's administrator first. We will assist them in fulfilling the request.
Where you are interacting with the public Muster website (and Data Druid is the controller), you may directly exercise the following rights under Nigeria's NDPR, the Nigeria Data Protection Act (NDPA), and (where you are in the EU/UK) the GDPR/UK GDPR:
- Access — ask for a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate data
- Deletion — ask us to delete your data, subject to legal retention obligations
- Restriction — ask us to stop processing your data while a complaint is investigated
- Portability — ask for your data in a machine-readable format (JSON or CSV)
- Objection — object to processing based on our legitimate interests
- Lodging a complaint — with the Nigeria Data Protection Commission (
ndpc.gov.ng) or your local supervisory authority
Email rights requests to privacy@datadruidtech.org.ng. We respond within 30 days. We do not charge for routine requests; we may charge a reasonable fee for unfounded or excessive repeat requests, as permitted by law.
11. Children
Muster is not directed at children under 18 and we do not knowingly create accounts for them. Where customer organizations process data about children (e.g. participant registers in education or health programs), they do so as the controller and are responsible for the lawful basis (consent of a parent or guardian, public interest, etc.) under the applicable law.
12. Cookies and similar tracking
Muster uses only the cookies strictly necessary to operate:
sessionid— keeps you signed in. Expires when you sign out or after 30 minutes of inactivitycsrftoken— prevents cross-site request forgery on form submissions
We do not use analytics, advertising, or tracking cookies. There is no cookie consent banner because none is required.
13. Breach notification
If we discover a personal-data breach that is likely to result in risk to data subjects, we will:
- Notify affected customer organizations within 72 hours of becoming aware
- Notify the Nigeria Data Protection Commission within statutory timelines
- Provide details: what happened, what data was affected, what we're doing about it, what affected parties should do
14. Changes to this policy
We may update this policy. The version label at the top of the page is the date of the current version. Material changes (anything that affects your rights or how data is handled) will be notified by email to organization owners at least 30 days before they take effect, and account holders may be asked to re-accept the updated terms on next sign-in.
Older versions are archived and available on request to privacy@datadruidtech.org.ng.
15. Contact
Privacy enquiries: privacy@datadruidtech.org.ng
Data Protection Officer: dpo@datadruidtech.org.ng
Postal: Data Druid Tech Limited, Lagos, Nigeria