Privacy Policy

What we collect

Account basics: name, email, phone (when you set up Wallet), password hash, profile photo.

Identity verification: ID images, BVN/NIN where required by law, biometric verification results from Smile ID. We collect what regulators require us to collect, no more.

Usage data: pages you view, features you use, devices you sign in from. We use this to improve the product and detect abuse.

Content you create: profile information, store products, deal history, payouts. This is what you've explicitly added.

Social account data: when you connect Instagram, TikTok, YouTube, or X, we pull follower counts, engagement metrics, and recent posts.

Why we collect it

To run the product: hosting your profile, processing payments, sending notifications.

To comply with regulations: KYC, anti-money-laundering screening, tax reporting.

To prevent fraud: detecting unusual activity, blocking sanctioned individuals.

To improve the product: aggregated analytics on what works and what doesn't.

Who we share it with

Payment processors (Stripe, Paystack, Flutterwave, Wise) to move money on your behalf.

Identity verification (Smile ID) to confirm who you are.

Cloud infrastructure (AWS, Vercel) to host the product. They process data on our behalf and cannot use it for their own purposes.

Regulators when legally required (Suspicious Activity Reports to the NFIU, tax filings to the FIRS or equivalent in your country).

We do not sell your data to advertisers or data brokers. Full stop.

Your rights

Access: download a full copy of your data any time from Settings.

Correction: edit anything that's wrong in your profile or account.

Erasure: delete your account; your data is removed within 30 days except for records we have to keep for tax and compliance (typically 5-7 years).

Portability: export your followers, your past collabs, your sales history, in machine-readable formats.

Objection: opt out of analytics, marketing emails, or AI features any time.

Data storage and security

Customer data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Nigerian customer data is stored within Nigeria per NDPR requirements. Other regional data is stored in the closest compliant region (EU for European users, US for North American users).

We retain audit logs for at least 5 years to satisfy CBN and other regulatory requirements.

If we ever experience a breach that affects you, we'll notify you within 72 hours per the relevant data protection laws.

Cookies

We use a small number of essential cookies (to keep you logged in, to prevent CSRF attacks) and analytics cookies (to understand what's working).

See the cookie policy for the full list and how to opt out.

International transfers

When your data crosses borders (e.g. a US-based brand pays a Nigerian creator), we use standard contractual clauses or equivalent legal mechanisms to keep your data protected.

Contact

Data Protection Officer: [email protected]. For general privacy questions, [email protected] is fine too.

You can also lodge a complaint with your local data protection authority if you think we've handled your data improperly.