Effective Date: 15 May 2026 · Version 1.0
🇳🇬 This policy is written to comply with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023.
1. Who We Are
NearBuy is a local business discovery platform operated from Nigeria. Our registered contact for data protection matters is: privacy@nearbuy.ng.
2. Data We Collect
Account data: full name, phone number, email address, role (customer/vendor).
Business data (vendors only): business name, address, phone, category, operating hours, CAC number (optional), business images.
Location data: approximate GPS coordinates used to show nearby businesses. We do not store precise GPS history.
Usage data: pages visited, search queries, businesses viewed, clicks (collected via PostHog analytics). IP addresses are anonymised.
Chat data: messages exchanged between customers and vendors on the platform are stored to enable the messaging feature.
Device data: browser type, OS, screen size — used for performance monitoring only.
3. Why We Use Your Data (Legal Bases)
| Purpose | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance |
| Showing nearby businesses | Contract performance / Legitimate interest |
| Sending account emails (verify, reset) | Contract performance |
| Analytics and platform improvement | Legitimate interest (opt-out available) |
| Fraud and abuse prevention | Legitimate interest / Legal obligation |
| Marketing emails (if opted in) | Consent |
4. Data Sharing
We do not sell your personal data. We share data only with:
- Supabase (database and auth) — data stored in EU-West-1 (Ireland).
- Vercel (hosting) — edge functions may process request metadata.
- PostHog (analytics) — anonymised usage events.
- Sentry (error tracking) — stack traces may include minimal user context.
- Google Maps — location search queries to find nearby places.
- Law enforcement agencies, if required by a valid Nigerian court order.
5. Data Retention
- Account data: retained for the life of your account plus 90 days after deletion.
- Chat messages: retained for 2 years, then automatically deleted.
- Usage analytics: aggregated after 12 months; raw events deleted.
- Moderation logs: retained for 3 years for audit purposes.
6. Your Rights (NDPR/NDPA)
As a data subject under Nigerian law, you have the right to:
- Access — request a copy of the data we hold about you.
- Correction — update inaccurate data via your profile settings.
- Deletion — request deletion of your account and associated data.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — for marketing emails, unsubscribe at any time.
To exercise these rights, email privacy@nearbuy.ng. We will respond within 30 days.
7. Cookies
NearBuy uses essential cookies for authentication (Supabase session token) and preference storage (theme). Analytics cookies are only set after you accept our cookie consent banner. You can manage cookies via your browser settings.
8. Security
We implement industry-standard safeguards including: TLS 1.3 encryption in transit, AES-256 encryption at rest (Supabase), Row Level Security (RLS) policies, and rate limiting on all API endpoints. Despite best efforts, no system is 100% secure. Report security issues to security@nearbuy.ng.
9. Children's Privacy
NearBuy is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us immediately.
10. Changes to This Policy
Material changes to this Privacy Policy will be communicated via email 14 days in advance. The current version is always available at nearbuy.ng/privacy.
11. Contact & Complaints
Data Protection Officer: privacy@nearbuy.ng
You may also file a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.