Privacy Policy
WTMG Labs is a Lagos-based company building physical AI infrastructure for the places big technology overlooks. Our first product, GatemanAI, brings two-way, presence-aware awareness to an entrance through hardware people can afford and a WhatsApp interface they already use.
This Privacy Policy explains how we collect, use, disclose, and process your personal data when you use GatemanAI, our website, our dashboard, or our other products and services (the “Services”). It also describes your privacy rights and how to exercise them, which are set out in Section 4 (“Rights and Choices”).
For the purposes of the Nigeria Data Protection Act 2023 (NDPA) and comparable laws, the data controller responsible for your personal data is WTMG Labs. If you have any questions, you can reach us at aaademiluyi99@gmail.com.
1. Collection of Personal Data
We collect the following categories of personal data:
Personal data you provide to us directly
- Identity and Contact Data. When you create a GatemanAI account or contact us, we collect identifiers including your name, business name, email address, and the WhatsApp phone number that receives your alerts. We may also generate indirect identifiers (for example an internal tenant ID).
- Entrance Images. GatemanAI captures still photographs at the entrance you choose to monitor, either automatically when motion is detected or on request from the account owner. These images may contain images of people, vehicles, and surroundings at that location.
- Messages and Queries. The messages you send to GatemanAI over WhatsApp or the dashboard, the replies and scene descriptions we generate in response, and any standing rules (“watches”) you configure.
- Communications. If you communicate with us directly, we collect your contact details and the contents of your messages.
Personal data we receive automatically from your use of the Services
When you use the Services, we also receive certain technical data automatically (collectively, “Technical Information”). This includes:
- Device, Connection, and Log Information. When you access the dashboard, our hosting providers automatically record standard server-log information such as your IP address, browser and device type, and the date and time of access. We use this to operate and secure the Services (for example, to rate-limit sign-in attempts) and to diagnose errors. We do not use your IP address to determine your geographic location, and we do not use third-party analytics to track the pages you view.
- Event Metadata. Timestamps, the site or entrance name, AI-generated scene descriptions, the delivery status of alerts, and related technical details for each event.
- Local Storage. Our dashboard stores a sign-in token in your browser’s local storage to keep you signed in. We do not set advertising or tracking cookies.
2. Uses of Personal Data
We use your personal data for the following purposes:
- To provide, maintain, and operate the Services, including detecting activity at your entrance and sending motion alerts;
- To generate plain-language descriptions of what the camera captures, and to answer your questions about recent activity or provide a live view on request;
- To run the standing rules you set (for example, “let me know if anyone arrives after 8 PM”);
- To create and administer your account and communicate with you about the Services;
- To prevent and investigate fraud, abuse, unauthorized access, and violations of our terms, and to protect the rights and safety of users and others;
- To debug, identify, and repair errors, and to keep the Services secure;
- To improve the Services; and
- To meet legal, regulatory, and institutional obligations.
We do not sell your personal data. We do not use entrance images to build facial-recognition profiles or to identify individuals across locations, and we do not use your images or messages to train AI models.
3. Recipients and Third-Party Data Sources
We disclose personal data to a small number of trusted service providers who process it only on our instructions and for the purposes described in this Policy:
- Google (Gemini API). Entrance images and message text are sent to Google’s Gemini models to generate scene descriptions and to power the assistant’s replies.
- Meta Platforms (WhatsApp Business Platform). Used to deliver alerts and to receive and respond to your messages over WhatsApp.
- DigitalOcean. Hosts the cloud service and database that store events and account data.
- Vercel. Hosts the web dashboard.
We may also disclose personal data in the following circumstances:
- As part of a significant corporate event. If WTMG Labs is involved in a merger, acquisition, financing, or transfer of business assets, personal data may be disclosed as part of that transaction.
- For legal, safety, and rights-protection reasons. We may share personal data with authorities or other parties where we have a good-faith belief that doing so is reasonably necessary to comply with applicable law or legal process, to prevent harm, to detect or address fraud or security issues, or to enforce our terms and protect the rights, property, or safety of WTMG Labs, our users, or others.
- With your consent or at your direction. We will otherwise disclose personal data when you give us permission or direct us to do so.
4. Rights and Choices
Depending on where you live and the laws that apply to you, you may have certain rights regarding your personal data. To exercise any of these rights, email us at aaademiluyi99@gmail.com. After we receive your request, we may verify it by asking for information sufficient to confirm your identity, and we will respond within the period required by the law that applies to you. We will not discriminate against you for exercising these rights.
- Right to know and access. The right to know what personal data we process about you and to request a copy of it, subject to certain exceptions.
- Deletion. The right to request that we delete personal data we have collected from you, subject to certain exceptions.
- Correction. The right to request that we correct inaccurate personal data we hold about you.
- Objection and restriction. The right to object to, or ask us to restrict, certain processing of your personal data.
- Withdrawal of consent. Where our processing is based on consent, the right to withdraw that consent at any time, without affecting processing carried out before withdrawal.
- Complaint. The right to lodge a complaint with the Nigeria Data Protection Commission, or with the supervisory authority where you live or work.
A note on people captured at an entrance: GatemanAI is operated by the owner of the monitored location, who is responsible for using it lawfully and for displaying any notices required where they operate. If you believe you have been captured by a GatemanAI deployment and wish to exercise your rights, contact us and we will route your request to the relevant operator.
5. Data Transfers
WTMG Labs operates in Nigeria, but the service providers we rely on (described in Section 3) process data on servers located in the United States, the European Union, and other countries. As a result, your personal data may be transferred to and processed in countries outside your own. Where such transfers occur, we take steps to ensure your personal data benefits from an adequate level of protection, including by relying on the safeguards offered by these providers and on appropriate contractual protections. If you have questions about international transfers, you can contact us.
6. Data Retention, Data Lifecycle, and Security
Account data and events, including captured images, are stored in our cloud database. The on-site device keeps a short local audit log that is automatically deleted after 7 days. We retain personal data for as long as reasonably necessary for the purposes described in this Policy and, during the pilot, for the duration of the pilot. When personal data is no longer required, we and our service providers delete, destroy, or anonymise it as permitted or required under applicable law. An account owner may request deletion of their data at any time.
We implement appropriate technical and organizational measures designed to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These include authentication tokens, transport encryption (HTTPS), access controls, and a private network path for live-view requests between the cloud and the on-site device. No system is perfectly secure, but we take reasonable measures to protect the data we hold.
7. Children
Our Services are intended for business and property owners and are not directed towards children. We do not knowingly collect personal data from children for our own purposes. If you believe a child has provided personal data to us, please email aaademiluyi99@gmail.com and we will investigate and, if appropriate, delete the data.
8. Changes to Our Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date at the top of this page and, where appropriate, notify account owners.
9. Contact Information
If you have any questions about this Privacy Policy, or any questions, complaints, or requests regarding your personal data, you can contact us at aaademiluyi99@gmail.com.
WTMG Labs · Lagos, Nigeria.