Privacy Policy
Last updated: July 2026 · Effective date: 1 January 2025
iBuyNaija (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and the rights you have under the Nigeria Data Protection Act 2023 (NDPA) and its regulations.
By using the iBuyNaija website (ibuynaija.com) or any related service, you acknowledge that you have read and understood this policy.
1. Who We Are
iBuyNaija operates an exclusively Made-in-Nigeria online marketplace connecting buyers with Nigerian product sellers and service providers. We are the data controller for personal data collected through this platform.
For privacy enquiries, contact us at: privacy@ibuynaija.com
2. Data We Collect
2.1 Information you provide directly
- Account registration: email address, password (stored as a one-way hash and never readable), first name, last name, phone number.
- Seller / provider registration: business name, trading state and city, business description, bank account name, bank name, account number (shared only with buyers who place an order — never shown publicly), CAC registration certificate (where provided), WhatsApp number.
- Orders and enquiries: delivery address, order details, messages sent through the platform.
- Ratings and reviews: scores and comments you submit on listings or services.
- Service bookings: preferred date and time, booking notes.
2.2 Information collected automatically
- Authentication tokens: session cookies stored in your browser to keep you logged in. These are first-party cookies and are essential for the service to function.
- Usage data: pages visited, search queries (without linking them to your identity unless you are logged in), browser type, device type, and IP address — used solely for security monitoring and to improve the platform.
2.3 Information from third parties
- Cloudinary: when you upload product or service photos, images are stored and processed by Cloudinary (cloudinary.com). Cloudinary may retain technical metadata about uploaded files per their own privacy policy.
3. How We Use Your Data
We process your personal data on the following lawful bases under the NDPA 2023:
- Performance of a contract: to create and manage your account, process orders and bookings, and facilitate payments between buyers and sellers.
- Legitimate interests: to prevent fraud and abuse, monitor platform security, improve our service, and send transactional notifications (e.g. order updates).
- Consent: to send marketing communications. You may withdraw consent at any time.
- Legal obligation: to comply with applicable Nigerian law, including the NDPA 2023 and financial regulations.
4. How We Share Your Data
We do not sell your personal data. We share data only in these circumstances:
- Between buyers and sellers: when you place an order, the seller receives your delivery address and contact details to fulfil it. The seller’s bank account details are shared with the buyer only on the order confirmation page.
- Service providers: Supabase (database hosting, operated in compliance with their Data Processing Agreement), Cloudinary (image storage), Vercel (hosting), Termii (SMS OTP verification for seller accounts in Nigeria).
- Legal requirements: if required by Nigerian law, a court order, or to prevent serious harm.
5. Cookies
We use only essential first-party cookies to authenticate your session (keep you logged in). We do not use advertising or behavioural tracking cookies. For full details, see our Cookie Policy.
6. Data Retention
- Account data is retained for as long as your account is active and for up to 2 years after account deletion, to comply with financial record-keeping obligations.
- Order and transaction records are retained for 6 years in compliance with Nigerian tax and commercial law.
- Session cookies expire when you close your browser or after 30 days, whichever is sooner.
7. Your Rights
Under the Nigeria Data Protection Act 2023, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your account and associated data (subject to legal retention requirements).
- Object to processing of your data for marketing purposes.
- Data portability: receive a copy of your data in a machine-readable format.
- Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, email privacy@ibuynaija.com. We will respond within 30 days.
8. Data Security
We implement technical and organisational measures to protect your data, including encrypted connections (HTTPS), password hashing using industry-standard bcrypt, row-level security policies on our database, and restricted access controls for administrative functions.
No system is completely secure. If you suspect your account has been compromised, change your password immediately and contact us at privacy@ibuynaija.com.
9. Children’s Privacy
iBuyNaija is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has provided us with their data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users by email of any material changes and post the updated policy on this page with a revised “Last updated” date. Continued use of the platform after the effective date constitutes acceptance of the updated policy.
11. Contact and Complaints
For any privacy-related questions or to file a complaint, contact us at privacy@ibuynaija.com.
You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng if you believe your data rights have been violated.