Privacy Policy
Effective Date: December 28, 2025
1. Introduction
Vayva ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your data when using Vayva ("Service").
2. Data We Collect
- Account Data: Name, Email, Phone Number, Password Hash (BCrypt).
- Merchant Data: Business Name, Address, Bank Account Details (for payouts).
- Customer Data: Names and Addresses of your end-customers for order fulfillment.
- Usage Data: Dashboard activity, login timestamps (IP Address, User Agent).
3. Infrastructure & Subprocessors
We use trusted third-party providers to operate our infrastructure. Your data may be processed by:
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Hosting & Edge Compute | USA / Global |
| Neon / Supabase | Database Storage (PostgreSQL) | USA |
| Resend | Transactional Email Delivery | USA |
| Paystack | Payment Processing | Nigeria |
| Upstash (Optional) | Redis / Caching | Global |
4. Data Security
- Encryption: All data in transit is encrypted via TLS 1.3. Sensitive data at rest is encrypted where applicable.
- Access Control: We enforce strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) for internal administrative access.
- Audit Logs: Critical actions are logged to ensure accountability.
5. Your Rights
You have the right to:
- Access your data via the "Account Settings" page.
- Request export of your data (CSV/JSON).
- Request deletion of your account (subject to financial record retention laws).
6. Contact
For privacy concerns, contact: privacy@vayva.ng