How we protect your data in the new Dashboard

The new Dashboard includes an AI feature — the Command Center — and we know that raises a natural question: what happens to your business data when you use it? This article explains how your data is handled, what we share and with whom, and the principles that guided how we built this.

The Command Center only has access to your own account's data. It cannot access data from any other Paystack merchant, and no merchant can access yours. Every query you make is scoped entirely to your account.

The AI can access the data your account has permission to see — transactions, customers, refunds, disputes, settlements, and so on — subject to your role and permissions within your Dashboard. If your role doesn't include access to a particular area, the AI won't be able to answer questions about it either.

When you ask a question, project-canvas-api — the service that powers the Command Center — retrieves only the data relevant to your query and passes a trimmed version of it to the AI model. Your full account data is never sent wholesale to the model.

To answer your questions, the AI model needs to process some of your data. Here's how that works:

• Your query and relevant data are sent to the model provider for processing.

• The model provider does not store your data. It is used only to generate a response and is not retained, used for training, or shared with any third party.

• The response is returned to you through Paystack's infrastructure.

At no point is your data used to train any AI model — by Paystack or by our model provider.

Paystack operates across multiple markets in Africa, and we take seriously our obligations under the data protection regulations that apply in each of them — including the Nigeria Data Protection Act (NDPA), the General Data Protection Regulation (GDPR) where applicable, and the data protection laws of the other markets we operate in.

Before launching the Command Center, we conducted a full AI impact assessment and a Data Protection Impact Assessment (DPIA) in partnership with our internal Data Protection and Privacy team. This process included adversarial testing — deliberately probing the AI with edge cases and sensitive queries to surface any gaps — and resulted in guardrails that are built into every interaction.

Every message sent to the Command Center is evaluated against a set of safety and compliance criteria before a response is generated. This evaluation step is designed to catch responses that could expose data inappropriately or fall outside our compliance requirements. If a query doesn't pass, the AI will decline to answer rather than risk a non-compliant response.

We also chose not to show the AI's reasoning process to users. This was a deliberate decision to protect the integrity of our systems and the confidentiality of proprietary data. The answer you see is accurate — the steps the AI took to get there are simply not displayed.

For full details on how Paystack handles personal and business data across all our products, see our Privacy Policy.

If you have a specific concern about your data, contact our support team and we'll make sure it reaches the right person.

• The models we use and how your data is processed

• What the AI can (and can't) do on the new Paystack dashboard