Last updated: June 8, 2026
1. Introduction
NaijaMarket Intel ("we", "us", or "our"), operated by Giggababytes Oy (Business ID: 3419597-7) and its Nigerian subsidiary Gigabytes Soft Limited (RC No. 1886806), is committed to protecting the privacy and personal data of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
Giggababytes Oy is incorporated in Finland (EU). This means the EU General Data Protection Regulation (GDPR) applies to all users of this Platform regardless of where you are located — not only EU residents. We also comply with the Nigeria Data Protection Act (NDPA) 2023 and the Finland Data Protection Act.
Your rights under GDPR include: the right to access your data, correct inaccuracies, request deletion ("right to be forgotten"), restrict or object to processing, and data portability. To exercise any right, contact privacy@naijamarketintel.ng.
2. Complete Data We Collect
We are required to declare every category of data the Platform collects. The following is a complete inventory:
2.1 Information You Provide Directly
- Identity data: Phone number, full name, email address (Business+ tiers)
- Price submissions: Commodity names, prices, market selection, submission timestamps
- GPS / location data: Latitude and longitude coordinates captured at the moment of price submission
- Validation data: Approval or rejection votes on price submissions
- Payment & billing data: Phone number for airtime rewards; subscription payment details processed via Paystack (we do not store raw card numbers)
- Subscription preferences: Tier selections, downgrade instructions, billing history, renewal choices
- WhatsApp messages: Conversation content with our WhatsApp bot, opt-in/opt-out status, message flow state
2.2 Automatically Collected Data
- Device information: Device type, model, operating system, browser type and version
- Network data: IP address, approximate geographic location derived from IP
- Usage analytics: Pages visited, features used, price query history, session duration, click events (via Google Analytics GA4)
- Crash logs & error reports: Application error logs, function failure records, HTTP error codes — used exclusively for platform stability and debugging
- Performance data: Page load times, API response times
- WhatsApp interaction metadata: Message delivery timestamps, flow completion rates, opt-in status, session identifiers
2.3 Data We Do NOT Collect
- Raw bank card numbers (Paystack handles PCI-DSS compliance)
- Government-issued ID numbers unless required for future KYC verification (you will be notified in advance)
- Biometric data
- Content of private messages between users (there is no user-to-user messaging)
3. How We Use Your Data
- Verify price submissions through GPS geo-fencing (500 m radius check)
- Run the 3-validator consensus engine to approve or reject submitted prices
- Process airtime rewards (VTPass) and subscription payments (Paystack)
- Deliver WhatsApp price alerts, subscription notifications, and renewal reminders
- Compute the NaijaFood Price Index (NFPI) and market analytics
- Detect and prevent fraudulent submissions (GPS fraud, rapid submission abuse, collusion)
- Improve platform performance using crash logs and usage analytics
- Comply with Nigerian, Finnish, and EU legal obligations
- Respond to customer support requests
3a. Data Retention Periods
We retain your data only for as long as necessary for the purposes stated in this policy. The following table sets out our retention periods:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account identity data | Duration of account + 2 years | Dispute resolution |
| Price submissions | 24 months hot, then archived | Historical price intelligence |
| GPS coordinates | 12 months | Fraud detection audit trail |
| Payment & billing records | 7 years | Legal/tax obligation (Finland) |
| WhatsApp session data | 30 days after last interaction | Session state management |
| Crash logs & error data | 90 days | Debugging only |
| Usage analytics | 26 months (GA4 default) | Platform improvement |
| Deleted account data | 30 days post-deletion | Grace period / recovery |
4. GPS Data
We collect GPS coordinates only when you submit a price as a Trader. GPS data is used exclusively to verify that the submission originates from the stated market location (within 500 m radius). GPS coordinates are stored in our secure Azure SQL database and are not shared with third parties for tracking or advertising purposes.
4a. WhatsApp Messaging Consent
By initiating a conversation with NaijaMarket Intel on WhatsApp, you consent to receive price data, alerts, and service notifications via WhatsApp. This consent is logged in our platform and complies with Meta's WhatsApp Business Policy and the NDPA 2023 consent requirements. You may withdraw consent at any time by sending STOP to our WhatsApp number, after which we will not send proactive messages to your number. You can re-subscribe by messaging us again.
5. International Data Transfers
Your data is stored and processed on Microsoft Azure infrastructure in the Sweden Central region (Stockholm, EU). As an EU-based processor, all data storage is within the European Economic Area and subject to GDPR Article 46 safeguards.
Some data is processed by third-party services outside the EU:
- Meta (WhatsApp): Message routing via Meta's Cloud API infrastructure. Meta is certified under the EU-US Data Privacy Framework.
- Paystack: Nigerian payment processor. Data is subject to NDPA 2023 and Paystack's privacy policy.
- Google Analytics (GA4): Usage analytics routed through Google servers. Google is certified under the EU-US Data Privacy Framework.
- VTPass: Nigerian airtime fulfilment. Phone numbers shared only for reward disbursement.
6. Data Security
We implement the following technical and organisational security measures:
- TLS encryption for all data in transit
- Azure SQL Transparent Data Encryption (TDE) for data at rest
- Azure Firewall IP allowlist controls on database access
- Function-level API key authentication on all endpoints
- Parameterised queries throughout to prevent SQL injection
- GPS fraud detection algorithms to prevent location manipulation
7. Third-Party Data Sharing
We do not sell your personal data. We share data only with:
- Service processors: Microsoft Azure, Meta, Paystack, VTPass — solely to operate the Platform
- Legal authorities: Where required by Nigerian or Finnish law, court order, or to prevent fraud
- B2B API clients: Aggregate, anonymised price data only — never individual user data
8. Children's Privacy
The Platform is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has submitted data, contact us immediately at privacy@naijamarketintel.ng.
9. Cookies & Analytics
Our web application uses cookies and similar technologies for:
- Session management: Keeping you logged in during your visit
- Analytics: Google Analytics GA4 (measurement ID: G-S7SPQG4JNF) to understand platform usage. Analytics data is anonymised.
- Preferences: Storing your theme and display preferences
You can disable non-essential cookies via your browser settings. Disabling session cookies will prevent you from logging in.
10. Your Rights
Under GDPR and NDPA 2023, you have the right to:
- Access: Request a copy of all data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and associated data (subject to legal retention obligations)
- Restriction: Request we limit processing of your data
- Portability: Receive your data in a structured, machine-readable format
- Object: Object to processing based on legitimate interest
- Withdraw consent: Withdraw WhatsApp messaging consent at any time by sending STOP
To exercise any right, email privacy@naijamarketintel.ng. We will respond within 30 days. If you are in the EU and believe we have violated GDPR, you may lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via WhatsApp notification and/or email at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact & Data Controllers
EU / International Data Controller
Giggababytes Oy
Business ID: 3419597-7
Jyrkankatu 1C 24, 15500 Lahti, Finland
Responsible for: platform technology, data infrastructure, GDPR compliance
Nigerian Data Controller
Gigabytes Soft Limited
RC No. 1886806 | TIN: 24121379-0001
Incorporated under CAMA 2020, 27 January 2022
Responsible for: Nigerian market operations, trader/validator relationships, Paystack payments, NDPA 2023 compliance
Privacy enquiries: privacy@naijamarketintel.ng
Platform: www.naijamarketintel.ng