FoodraFOODRA
Loading market prices…
Legal

Privacy Policy

Your privacy matters to us. This policy explains exactly what data we collect, why we collect it, how we protect it, how long we keep it, and the rights you have under the Nigeria Data Protection Act 2023.

Effective date: June 22, 2026Applies to: foodramarket.comRegulation: NDPA 2023

In plain terms: We collect only what we need to run the platform. We never sell your data. Your card details go directly to Paystack — we never see them. You can request access, correction, or deletion of your data at any time. For questions, email support@foodramarket.com.

Table of Contents

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. Sharing of Your Information
  4. 4. Data Security
  5. 5. Your Rights Under the NDPA 2023
  6. 6. Financial Data & Paystack
  7. 7. Data Retention
  8. 8. Cookies & Tracking
  9. 9. Push Notifications
  10. 10. International Transfers
  11. 11. Children's Privacy
  12. 12. AI Credit Scoring & Automated Processing
  13. 13. Third-Party Links & Services
  14. 14. Changes to This Policy
  15. 15. Contact & Data Controller

1. Information We Collect

1/15
  • Account & Identity Data — When you register, we collect your name, email address, phone number, and profile photo to create and verify your account.
  • Financial & Wallet Data — When using the NGN wallet we collect transaction amounts, recipient Foodra Tags, bank account numbers (for withdrawals), and wallet balance records.
  • Marketplace Data — When you list or purchase products we collect product descriptions, pricing, order details, delivery addresses, and seller/buyer correspondence.
  • Funding Application Data — When you apply for funding we collect farm details, declared income, financial history, business documents, and responses to the AI credit scoring questionnaire.
  • Training Data — We record your training enrollments, attendance, and completion status.
  • Device & Usage Data — We automatically collect your IP address, browser type, device model, operating system, pages visited, search queries, click paths, and session duration to improve the platform.
  • Communications — When you contact our support team or use in-app messaging, we store those communications to handle your request and improve our services.
  • Payment & Transaction Metadata — Paystack provides us with payment status, reference codes, and payment method type (card/bank transfer). We do not store full card numbers — these are handled exclusively by Paystack.
  • Push Notification Tokens — If you enable push notifications, we store your device push token to deliver service alerts.
  • Inferred Data — We may infer preferences, membership tier, and engagement level based on your platform activity.

2. How We Use Your Information

2/15
  • Account Management — To create, verify, and manage your Foodra account and authenticate your identity.
  • Marketplace Operations — To display your listings to buyers, process orders, manage escrow, coordinate delivery, and handle disputes.
  • Wallet Services — To process wallet top-ups, peer transfers, and bank withdrawals via Paystack on your behalf.
  • Funding Assessment — To evaluate your funding application using our AI credit scoring engine and to share relevant data with funding partners with your consent.
  • Training Delivery — To manage enrollments, send session reminders, and track your training progress.
  • Platform Improvement — To analyse usage patterns, diagnose bugs, and develop new features.
  • Communication — To send you order confirmations, transaction receipts, security alerts, account notifications, and optional marketing communications (with your consent).
  • Legal Compliance — To comply with the Nigeria Data Protection Act 2023 (NDPA), Financial Reporting Council requirements, and other applicable regulations.
  • Fraud Prevention & Security — To detect, investigate, and prevent fraudulent transactions, account abuse, and security incidents.
  • AI Credit Scoring — To generate an explainable credit score (0–100) based on your submitted farm and financial data. This score is used solely for funding application support and is never sold.

3. Sharing of Your Information

3/15
  • We never sell, rent, or trade your personal data to any third party for their own marketing purposes.
  • Service Providers — We share data with carefully vetted service providers who help us operate the platform: Supabase (database hosting), Privy (authentication), Paystack (payment processing), Vercel (hosting and analytics). All providers are bound by data processing agreements.
  • Sellers & Buyers — Your delivery address is shared with the relevant seller solely to fulfil your order. Your Foodra Tag and first name are visible to users you transact with.
  • Funding Partners — With your explicit consent at the point of application, we share your credit score, farm details, and supporting documents with the relevant funding partner.
  • Legal & Regulatory Disclosure — We may disclose your information if required by a court order, law enforcement request, regulatory authority, or to comply with applicable Nigerian law.
  • Business Transfers — In the event of a merger, acquisition, or sale of Foodra's assets, your data may be transferred to the acquiring entity. We will notify you before such transfer and give you the opportunity to delete your account.
  • Aggregate & Anonymised Data — We may share non-personally identifiable, aggregated statistics about platform usage with partners, investors, or the public. This data cannot identify you.

4. Data Security

4/15
  • All data transmitted between your device and our servers is encrypted using TLS 1.2+ (HTTPS). We enforce HTTPS across all platform endpoints.
  • Data at rest in our Supabase database is encrypted using AES-256 encryption.
  • Wallet PIN — Your wallet transaction PIN is hashed using bcrypt. We never store or have access to your raw PIN.
  • Authentication — Identity authentication is managed by Privy using industry-standard OAuth 2.0 and passkey methods. We do not store passwords.
  • Access Controls — Access to production data is restricted to authorised Foodra personnel on a strict need-to-know basis, protected by multi-factor authentication.
  • Row-Level Security (RLS) — Our database enforces row-level security policies, ensuring users can only access their own data and cannot query other users' records.
  • Security Monitoring — We log access to sensitive data and monitor for anomalous activity. Suspicious events trigger automated alerts.
  • Vulnerability Management — We conduct regular security reviews and address discovered vulnerabilities promptly.
  • Incident Response — In the event of a data breach, we will notify affected users within 72 hours of becoming aware, as required by the NDPA.
  • No system is 100% secure. While we take strong precautions, we encourage you to use a unique password, enable any available MFA, and never share your wallet PIN.

5. Your Rights Under the NDPA 2023

5/15
  • Right to Access — You may request a copy of all personal data we hold about you at any time.
  • Right to Rectification — You may correct inaccurate or incomplete personal data through your profile settings or by contacting us.
  • Right to Erasure — You may request deletion of your account and personal data. We will process this within 30 days, except where retention is required by law (e.g. financial transaction records).
  • Right to Data Portability — You may request your data in a structured, machine-readable format.
  • Right to Object — You may object to the processing of your data where we rely on legitimate interests as a legal basis.
  • Right to Restrict Processing — You may request that we restrict processing of your data while a dispute about its accuracy or our use of it is resolved.
  • Right to Withdraw Consent — Where processing is based on your consent (e.g. marketing emails), you may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint — You may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng if you believe your rights have been violated.
  • To exercise any of these rights, email us at support@foodramarket.com with subject line 'Data Rights Request'. We will respond within 30 days.

6. Financial Data & Paystack

6/15
  • Payment processing for wallet top-ups and withdrawals is handled by Paystack (paystack.com). Paystack is PCI-DSS compliant and licensed by the Central Bank of Nigeria.
  • We do not store your card number, CVV, or bank account credentials. These are entered directly on Paystack's secure checkout page.
  • We store only payment metadata: amount, reference code, payment status, and payment method type (e.g. 'card' or 'bank transfer').
  • Wallet transaction records (transfers, withdrawals, purchases) are retained for a minimum of 7 years as required by Nigerian financial regulations.
  • If a transaction error occurs, we may access Paystack's records to investigate and reverse incorrect charges.

7. Data Retention

7/15
  • Account data is retained for the lifetime of your account plus 90 days after deletion, to allow for dispute resolution and legal compliance.
  • Financial transaction records (wallet credits, debits, order payments) are retained for a minimum of 7 years in compliance with Nigerian financial and tax regulations.
  • Funding application data is retained for 5 years after the application decision.
  • Support communications are retained for 2 years.
  • Usage and analytics data is retained in anonymised form indefinitely for product improvement.
  • After retention periods expire, data is securely deleted or anonymised.

8. Cookies & Tracking

8/15
  • Essential Cookies — Required to keep you logged in, maintain your session, and protect against CSRF attacks. These cannot be disabled without breaking core functionality.
  • Preference Cookies — Store your language preference and UI settings across visits.
  • Analytics Cookies — We use Vercel Analytics to understand how users navigate the platform. This collects aggregated, non-personally-identifiable page view data. No cross-site tracking is performed.
  • We do not use third-party advertising or retargeting cookies.
  • You can manage or disable non-essential cookies through your browser settings. Note that disabling cookies may affect some platform features.

9. Push Notifications

9/15
  • If you grant permission, we send push notifications for: order status updates, wallet transaction alerts, funding application decisions, and important security notices.
  • You can withdraw notification permission at any time through your device or browser settings, or through your Foodra notification preferences.
  • We store your push token to deliver notifications. Tokens are deleted when you revoke permission or delete your account.

10. International Transfers

10/15
  • Your data is primarily processed and stored on servers located within the European Economic Area (Supabase/Vercel infrastructure). Where data is transferred outside Nigeria, we ensure appropriate safeguards are in place including Standard Contractual Clauses.
  • Privy (authentication) and Paystack (payments) may process data in their respective infrastructure regions. Both operate under robust data protection frameworks.
  • By using Foodra, you consent to the transfer of your data as described in this section.

11. Children's Privacy

11/15
  • Foodra is not directed at, and does not knowingly collect personal data from, individuals under the age of 18.
  • If we become aware that a minor has created an account, we will promptly suspend the account and delete all associated data.
  • If you believe a minor is using Foodra, please notify us immediately at support@foodramarket.com.

12. AI Credit Scoring & Automated Processing

12/15
  • Foodra uses a rule-based AI credit scoring engine to generate a score (0–100) for funding applicants based on declared farm and financial data.
  • The score is explainable — you can view the breakdown of factors contributing to your score from your funding application page.
  • The credit score is a decision-support tool for funding partners. The final funding decision is made by a human reviewer at the funding partner, not automatically by the AI system.
  • You have the right to request a human review of any automated assessment that significantly affects you. Contact support@foodramarket.com to exercise this right.
  • We do not use your data for any other automated decision-making that produces legal or similarly significant effects without human oversight.

14. Changes to This Policy

14/15
  • We may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or platform features.
  • For material changes, we will provide at least 14 days' notice via email and/or an in-app notification before the new policy takes effect.
  • The 'Effective date' at the top of this page will always reflect the date of the most recent revision.
  • Your continued use of Foodra after the effective date of updated Terms constitutes acceptance of the revised policy.
  • If you disagree with a revised policy, you may delete your account before the changes take effect.

15. Contact & Data Controller

15/15
  • Data Controller: Foodra Technologies Ltd, Benue State, Federal Republic of Nigeria.
  • For privacy-related requests, concerns, data rights exercises, or breach notifications, email: support@foodramarket.com with subject line 'Privacy Request'.
  • We aim to respond to all privacy requests within 30 days. For complex requests, we may extend this by a further 30 days and will notify you of the extension.
  • To contact the Nigeria Data Protection Commission: ndpc.gov.ng.

Have a privacy concern?

Our team responds to all privacy requests within 30 days as required by the NDPA.

Contact Support

By using Foodra, you agree to this Privacy Policy. See also our Terms of Service.