Introduction
OjaLocal ("we", "our", "us") operates an online fresh produce and livestock marketplace connecting Nigerian farmers and merchants directly with buyers. We are committed to protecting your personal information and your right to privacy.
This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights under the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023.
By using OjaLocal โ whether as a buyer, merchant, or visitor โ you agree to the practices described in this policy. If you do not agree, please do not use our platform.
Who We Are
OjaLocal is a Nigerian agricultural technology platform. For the purposes of data protection law, OjaLocal is the Data Controller responsible for your personal information.
| Detail | Information |
|---|---|
| Platform name | OjaLocal Fresh Market |
| Country of operation | Federal Republic of Nigeria |
| Regulatory framework | NDPR 2019 / NDPA 2023 |
| Contact email | support@ojalocal.com |
Data We Collect
Information you give us
- Account data: Full name, email address, password (encrypted), account type (buyer or merchant)
- Order data: Delivery address, phone number, items purchased, quantity, total amount paid
- Merchant data: Business name, business location, product listings, pricing, inventory batches, harvest records including weather conditions
- Payment data: Transaction reference numbers only โ we never store full card numbers or bank details
- Dispute data: Order disputes and supporting descriptions you submit
- Communications: Support emails and messages you send us
Information we collect automatically
- Browser type and device type
- IP address and approximate location (city level)
- Pages visited and time spent on the platform
- Session activity for security and fraud prevention
How We Use Your Data
| Purpose | Legal Basis (NDPR) |
|---|---|
| Creating and managing your account | Contract performance |
| Processing orders and payments | Contract performance |
| Sending order confirmation emails | Contract performance |
| Sending low-stock and restock alerts to merchants | Legitimate interest |
| Notifying buyers when a product is back in stock | Consent (you ordered the product) |
| Resolving disputes between buyers and merchants | Legal obligation / legitimate interest |
| Preventing fraud and securing the platform | Legitimate interest / legal obligation |
| Improving the platform through analytics | Legitimate interest |
| Complying with Nigerian law and court orders | Legal obligation |
We will never use your data for purposes incompatible with what is described above without obtaining your explicit consent first.
Payment Data
All payment processing is handled directly by Paystack and Flutterwave โ both regulated Nigerian payment processors licensed by the Central Bank of Nigeria (CBN).
OjaLocal only stores:
- Transaction reference numbers (for order tracking and dispute resolution)
- Payment amounts (for order records)
- Payment method used (Paystack or Flutterwave)
We never store, see, or have access to your card numbers, bank account numbers, or payment PINs. Those remain entirely within the payment processors' secure environments.
Every payment is verified server-side before an order is confirmed, reducing fraud risk for both buyers and merchants.
How Long We Keep Your Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Duration of account + 1 year | Account management |
| Order records | 7 years | Nigerian tax / FIRS compliance |
| Payment transaction refs | 7 years | CBN regulation compliance |
| Dispute records | 3 years after resolution | Legal protection |
| Session / login tokens | 30 days (auto-expire) | Security |
| Deleted account data | 30 days after deletion request | Fraud prevention window |
After the retention periods above, your data is permanently deleted or anonymised so it can no longer identify you.
Your Rights Under NDPR / NDPA
As a Nigerian data subject, you have the following rights:
- Right to access: Request a copy of all personal data we hold about you
- Right to rectification: Ask us to correct inaccurate or incomplete data
- Right to erasure: Request deletion of your account and personal data (subject to legal retention requirements)
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interest
- Right to restrict processing: Request we limit how we use your data while a dispute is resolved
- Right to withdraw consent: Where we rely on consent, withdraw it at any time
To exercise any of these rights, email us at privacy@ojalocal.com. We will respond within 30 days as required by NDPR.
If you are unsatisfied with our response, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpb.gov.ng.
How We Protect Your Data
- All data is encrypted in transit using TLS 1.2 / 1.3
- Passwords are hashed using industry-standard algorithms โ we cannot read your password
- Database access is protected by Row Level Security (RLS) โ users can only access their own data
- Authentication tokens expire after 1 hour and sessions expire after 30 minutes of inactivity
- Payment verification is performed server-side before orders are confirmed
- Secret API keys are stored in secure server-side environment variables, never in the browser
Children's Privacy
OjaLocal is not intended for use by anyone under the age of 18 years. We do not knowingly collect personal data from minors.
If you believe a child has provided us with personal information, please contact us immediately at privacy@ojalocal.com and we will delete the data promptly.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:
- Update the "Last updated" date at the top of this page
- Send registered users an email notification of material changes
- Display a notice on the OjaLocal homepage for 30 days
Your continued use of OjaLocal after changes take effect constitutes acceptance of the updated policy.
Contact Us
For any privacy-related questions, data requests, or concerns, please reach us through any of the following: