Legal
Privacy Policy
Effective Date: June 2026
1. Introduction
Welcome to SuyaBranch. We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and safeguard your personal data when you use our platform. Our data protection practices comply with the Nigeria Data Protection Regulation (NDPR) and other applicable Nigerian privacy laws.
2. Information We Collect
We may collect and process the following categories of personal data:
- Account & Profile Data: Name, email address, phone number, delivery addresses, and account credentials.
- Geolocation Data: Location data used to facilitate food delivery, provide estimated delivery times, and match you with nearby branches.
- Transaction & Payment Information: Details of orders placed, payment methods, and transaction history. Note that actual payment card details are securely processed by our authorized payment gateways and are not stored on our servers.
- Usage & Device Analytics: Information about how you interact with our platform, IP addresses, browser types, and device identifiers.
3. How We Use Your Information
We process your personal data for the following lawful purposes:
- To provide, maintain, and improve our food ordering and delivery services.
- To process payments and fulfill your orders efficiently.
- To communicate with you regarding your orders, support requests, and service updates.
- To personalize your user experience and recommend relevant products.
- To detect, prevent, and address fraud, security breaches, or technical issues.
- To comply with legal and regulatory obligations under Nigerian law.
4. Data Sharing and Third-Party Processing
We do not sell your personal data. We may share your information only with:
- Delivery Partners: Third-party logistics and delivery personnel to fulfill your orders.
- Payment Processors: Secure gateways (e.g., Paystack, Flutterwave) to facilitate secure transactions.
- Service Providers: Cloud hosting, analytics, and customer support platforms that assist in operating SuyaBranch.
- Legal Authorities: When mandated by law enforcement or regulatory bodies under Nigerian jurisdiction.
5. Data Storage, Security, and Breach Protocol
We implement robust technical and organizational security measures to protect your data against unauthorized access, alteration, disclosure, or destruction. In the unlikely event of a data breach that compromises your personal data, we will notify you and the National Information Technology Development Agency (NITDA) or the relevant regulatory authority within 72 hours of becoming aware of the breach, in accordance with the NDPR.
6. Your Data Rights under NDPR
As a data subject, you possess the following rights:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure (Right to be Forgotten): Request deletion of your personal data, subject to our legal retention obligations. You can initiate this at any time via the "Delete Account" button in your profile or by visiting our Account Deletion page.
- Right to Data Portability: Request the transfer of your data to another service provider in a structured, commonly used format.
- Right to Object/Withdraw Consent: Object to specific processing activities or withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact our Data Protection Officer at bytebranch@gmail.com.
7. Cookie Policy
SuyaBranch uses cookies, web beacons, and similar tracking technologies to enhance user experience, analyze site traffic, and personalize content. Upon your first visit, you will be prompted to consent to our use of non-essential cookies. You can manage your cookie preferences through your browser settings, though disabling certain cookies may affect platform functionality.
8. Data Retention & Account Deletion
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, comply with accounting and tax laws, resolve disputes, and enforce our agreements.
When you choose to delete your account, your personal identifying information (name, phone number, email, passwords) is permanently deleted or securely anonymized. However, transactional records (such as your past orders) are retained in an anonymized format to comply with Nigerian tax, accounting, and anti-fraud laws. These retained records cannot be traced back to your identity.
9. Children’s Privacy
Basic account creation requires users to be at least 13 years old. For users between the ages of 13 and 17, parental or legal guardian consent is strictly required. We do not knowingly collect data from children under 13 without verifiable parental consent. If we become aware of unauthorized data collection from a minor, it will be promptly deleted.
10. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy periodically to reflect changes in our practices or regulatory requirements. We will notify you of material changes via email or an in-app prominent notice before the changes take effect.