Privacy Policy

Information We Collect

We collect information that you provide directly to us, including:

• Account Information: First name, last name, email address, phone number, date of birth, and gender when you create an account or update your profile. You may also sign in using Google, which provides your name, email, and profile picture. Account registration is required to make purchases.
• Order Information: Shipping address, order details, and delivery preferences when you place an order.
• Payment Receipts: Screenshots or photos of bank transfer receipts that you upload during checkout to confirm payment. These are stored securely in cloud storage. We do not collect or store credit card or debit card details.
• Communication Data: Messages you send via our contact form or WhatsApp, including your name, email, and message content.
• Newsletter: Your email address if you subscribe to our newsletter.
• Reviews: Your name, rating, and comments if you submit a product review.

We also automatically collect:

• IP address and approximate location (country, region, and city) — stored in our database for analytics
• Pages visited, time spent, and referring website
• Screen resolution and viewport size
• Device type, browser, operating system, device brand, and model

This data is collected using a third-party geolocation service (ipapi.co) and stored in our own database alongside Google Analytics and Meta Pixel.

How We Use Your Information

We use the information we collect to:

• Process and fulfil your orders, including verifying payment receipts and arranging delivery
• Create and manage your account
• Communicate with you about orders, delivery updates, and customer support
• Respond to your inquiries and messages
• Send order confirmation and shipping notification emails
• Improve our website, products, and services through analytics
• Personalise your shopping experience (e.g., wishlist, recently viewed)
• Detect and prevent fraudulent activity

Information Sharing

We may share your information with:

• Hosting & Database Provider: Our website data, including account and order information, is stored securely on Supabase, a cloud-based platform.
• Logistics Partners: Your name, phone number, and delivery address are shared with our shipping partners to fulfil your order.
• Analytics Providers: We use Google Analytics and Meta (Facebook) Pixel to understand how visitors use our site. These services collect anonymised browsing data. We also use ipapi.co to determine visitor location from IP addresses.
• Email Services: We use third-party email services (including Resend and Cloudflare Workers) to send order confirmations and notifications.
• Google Services: We use Google Fonts for typography (which may transmit your IP to Google), Google Maps Places API for address autocomplete, and Google reCAPTCHA for security.
• Legal Requirements: When required by Nigerian law, court order, or government regulation.

Cookies & Tracking

We use the following technologies to enhance your experience:

• Local Storage: We store your theme preference (light/dark mode), shopping cart contents, wishlist items, saved addresses, dashboard preferences, form drafts, and authentication session locally in your browser. If you are logged in, some of this data (cart, wishlist, addresses, and preferences) is also synced to our servers for cross-device access.
• Session Storage: We use temporary session storage for analytics flags, order confirmation data, and page state. This data is automatically cleared when you close your browser tab.
• Google Analytics: We use Google Analytics to collect anonymised data about site traffic, page views, and user behaviour. This helps us understand which products and pages are most popular.
• Meta (Facebook) Pixel: We use the Meta Pixel to measure the effectiveness of our social media advertising and understand how visitors interact with our site after seeing an ad.
• Google reCAPTCHA: We use reCAPTCHA on login and registration forms to prevent automated abuse.

You can control cookies and local storage through your browser settings. Disabling these may affect some features of the website, such as your saved cart or theme preference.

Data Security

We take the security of your information seriously and implement appropriate measures to protect it:

• SSL Encryption: All data transmitted between your browser and our website is encrypted using SSL/TLS.
• Secure Hosting: Your data is stored on Supabase with row-level security policies that restrict access to authorised users only.
• No Card Data: We do not collect, process, or store any credit or debit card information. Payment is made directly via bank transfer to our Moniepoint MFB account (Account Name: Oyindamola Adelugba (LingeriesbySisioyin)).
• Password Security: Account passwords are hashed and never stored in plain text.
• Access Control: Only authorised team members can access customer order and account data.

While we strive to protect your information, no method of transmission over the internet is 100% secure. We encourage you to keep your account password confidential.

Your Rights

Under the Nigeria Data Protection Regulation (NDPR), you have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Update or correct inaccurate information in your account settings or by contacting us.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Data Portability: Request your data in a portable format.
• Objection: Object to the processing of your data for specific purposes.

To exercise any of these rights, please contact us or send a message via WhatsApp at +234 903 334 4860. We will respond within 30 days.

Data Retention

We retain your personal information for as long as necessary to fulfil the purposes described in this policy:

• Account data: Retained while your account is active. You can request deletion at any time.
• Order records: Retained for up to 7 years for tax, legal, and dispute resolution purposes.
• Payment receipts: Retained for the duration of order processing and verification, then archived.
• Messages & inquiries: Retained for up to 2 years for customer service quality purposes.
• Analytics data: Site visit records (IP, location, device info) stored in our database are retained indefinitely in anonymised form. Analytics data held by Google and Meta is retained according to their respective policies.

Data Deletion Instructions

You have the right to request deletion of your personal data at any time. We make this process simple and transparent.

How to Request Data Deletion

To request deletion of your personal data, you can:

1. Account Dashboard (Recommended): Log in to your Account Settings and click "Delete Account" in the Danger Zone section. This is the fastest way to delete your account and data.
2. Contact Form: Visit our Contact Page and submit a data deletion request with the subject "Data Deletion Request".
3. WhatsApp: Send a message to +234 903 334 4860 requesting data deletion.
4. Email: Send an email to support@lingeriebysisioyin.store with the subject "Data Deletion Request".

What Data Will Be Deleted

Upon receiving your request, we will delete the following data associated with your account:

• Account profile information (name, email, phone number, date of birth, gender)
• Saved addresses and delivery preferences
• Wishlist items and shopping cart contents
• Browsing history and search history
• Communication history (messages, inquiries)
• Notification, privacy, and marketing preferences
• WhatsApp notification preferences

Data We May Retain

Certain data may be retained for legal and regulatory compliance:

• Order records: Transaction history is retained for up to 7 years for tax and legal purposes.
• Payment records: Required for financial auditing and dispute resolution.

Processing Time

Self-service deletion (via Dashboard): Your account is locked immediately. Your data is permanently deleted after a 30-day grace period, during which you may contact support to recover your account. Manual requests (via email, WhatsApp, or contact form): We will process your deletion request within 30 days of receipt. You will receive confirmation once your data has been deleted.

Third-Party Data

If you have interacted with our services through third-party platforms (e.g., Meta/Facebook, Google), you may also need to manage your data directly with those services:

• Facebook Data Deletion
• Google Account Data

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please reach out:

• Contact Form: Contact Page
• WhatsApp: +234 903 334 4860
• Instagram: @lingeries_bysisioyin