Legal

Privacy Policy

How AwaOwn collects, uses and protects your personal data, written in plain language.

Effective date: June 4, 2026. This policy applies to all users of the AwaOwn platform, shoppers, merchants and affiliates.

1. Who we are

AwaOwn operates an online marketplace at awaown.com that connects shoppers, merchants and affiliates across Nigeria. For the purposes of applicable data protection law, in particular the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation (NDPR), AwaOwn is the Data Controller for the personal information you provide when using our platform.

Our registered office is in Nigeria. Any questions about how we handle your data should be directed to our Data Protection Officer (DPO) at privacy@awaown.com.

2. Information we collect

We only collect information that is necessary to operate the marketplace, verify identities, process transactions, and improve your experience. Below is a breakdown of the categories we collect and why:

Account & identity data

  • Full name, email address, phone number, and password (hashed, we never see your plain-text password).
  • For merchants and affiliates: government-issued ID document and, where applicable, a selfie photograph for identity verification.
  • Business name, store URL slug, and product category for merchants.

Transaction & order data

  • Items purchased, quantities, prices, and the total amount paid.
  • Delivery address, preferred delivery window, and tracking updates.
  • Payment method reference (e.g. last four digits of a card, bank name, or transaction reference, never your full card number or PIN).
  • Order status history, returns, and dispute records.

Financial payout data (merchants & affiliates)

  • Bank name, account number, and account holder name for payout processing.
  • Commission earnings, withdrawal requests, and payout history.

Device & usage data

  • IP address, browser type, operating system, and device identifiers.
  • Pages visited, time spent, search queries, and clicks, collected in aggregate to improve the platform.
  • Referral source (how you arrived at AwaOwn) for affiliate attribution.

Communications

  • Support tickets, chat messages, and emails you send us.
  • Reviews, ratings, and public store content you publish.

Under the NDPA 2023, every processing activity must have a valid legal basis. Here are the bases we rely on:

  • Contract performance, processing your order, paying out commissions, and running your store all require handling your data.
  • Legitimate interests, fraud prevention, security monitoring, and improving our platform.
  • Legal obligation, tax records, anti-money laundering checks, and compliance with regulatory requests from Nigerian authorities.
  • Consent, marketing emails and optional analytics cookies. You can withdraw consent at any time.

4. How we use your data

  • Order processing: confirming, fulfilling, and tracking purchases from checkout to delivery.
  • Identity verification: reviewing submitted ID documents to approve merchant and affiliate accounts and prevent fraud.
  • Payments & payouts: processing payments from buyers and issuing weekly payouts to merchants and affiliates.
  • Transactional communications: order confirmations, shipping updates, payout notifications, and account alerts.
  • Customer support: resolving disputes, returns, and enquiries.
  • Platform improvement: analysing aggregate usage patterns (not individual behaviour) to make AwaOwn faster and easier to use.
  • Legal & regulatory compliance: meeting our obligations under Nigerian tax law, the NDPA, and any lawful requests from authorities.
  • Marketing (with your consent): sending promotional emails about new features, categories, or offers. You may opt out at any time via the unsubscribe link in any email.

5. Sharing your data

We do not sell your personal data. We share it only in the following circumstances:

With merchants

When you place an order, the fulfilling merchant receives only what is needed to ship to you: your name, delivery address, phone number, and the items ordered. Merchants do not receive your payment details, email address, or browsing history.

With affiliates

Affiliates never receive your personal details. They see only anonymised conversion data: that a sale occurred through their link, the order value, and their earned commission.

With service providers

We share data with trusted third parties who process it on our behalf under strict data-processing agreements:

  • Payment processors, Paystack. They handle card and bank transfer transactions and are PCI-DSS compliant.
  • Logistics partners, delivery couriers who receive your delivery name and address to complete shipments.
  • Cloud infrastructure, our hosting provider for storing your data securely.
  • Email services, for sending transactional and marketing emails.

For legal reasons

We may disclose your data if required by a court order, regulation, or valid request from a Nigerian law enforcement or regulatory authority (e.g. the Nigeria Data Protection Commission, FIRS, or EFCC).

6. Payment & financial data

All card payments and bank transfers are processed directly by our PCI-DSS-certified payment partners. AwaOwn does not store full card numbers, CVV codes, or banking PINs on our servers at any time. Payment references (e.g. a Paystack transaction ID) are stored for reconciliation, dispute resolution, and tax purposes.

Merchant and affiliate bank account details submitted for payouts are encrypted at rest and accessed only by our finance system and authorised personnel. We do not share payout account details with any third party except the bank processing the transfer.

7. Cookies & tracking

We use the following categories of cookies:

  • Strictly necessary cookies: keep you logged in, remember your cart, and protect against cross-site request forgery. These cannot be disabled without breaking core functionality.
  • Affiliate attribution cookies: track referral links so affiliates are correctly credited for sales they drove. These persist for 30 days from the click.
  • Analytics cookies (optional): help us understand how pages are used in aggregate. We use privacy-respecting analytics that do not track individuals across other sites.
  • Marketing cookies (optional, with consent): enable relevant product recommendations within AwaOwn.

You can manage your cookie preferences at any time via the cookie banner. Declining optional cookies does not affect your ability to shop, sell, or earn on AwaOwn.

8. Data retention

We keep your data only for as long as necessary:

  • Order records: 7 years, to comply with Nigerian tax law (FIRS requirements) and anti-fraud obligations.
  • Identity verification documents: retained for the lifetime of your account and deleted within 90 days of account closure, unless a legal hold applies.
  • Active account data: held while your account is open.
  • Closed account data: anonymised or deleted within 2 years of closure, except where legal retention obligations require otherwise.
  • Support communications: 2 years from the date of resolution.

9. Your rights under the NDPA 2023

As a data subject under Nigerian law, you have the following rights. To exercise any of them, email privacy@awaown.com from your registered email address. We will respond within 30 days.

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: ask us to correct inaccurate or incomplete data.
  • Right to erasure: request deletion of your data where we have no legal obligation to keep it.
  • Right to restrict processing: ask us to pause processing while a dispute is resolved.
  • Right to data portability: receive your account data in a machine-readable format.
  • Right to object: opt out of processing for direct marketing at any time, with no justification required.
  • Right to lodge a complaint: if you believe we have mishandled your data, you may complain to the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

10. How we protect your data

We take security seriously. Our measures include:

  • Encryption in transit: all data between your browser and our servers is protected by TLS 1.2 or higher (HTTPS).
  • Encryption at rest: sensitive fields (bank details, ID document paths) are encrypted using AES-256.
  • Access controls: staff access to personal data is role-based and limited to what each role genuinely needs. Production system access requires two-factor authentication (2FA).
  • Audit logging: all access to sensitive records is logged with a timestamp and user ID.
  • Vendor due diligence: all third-party processors who handle personal data sign a Data Processing Agreement and are reviewed for security compliance.

No system is completely immune to attack. If a breach occurs that is likely to harm you, we will notify you and the NDPC as required by the NDPA 2023.

11. Children's privacy

AwaOwn is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has registered on our platform, contact us at privacy@awaown.com and we will delete the account promptly.

12. Changes to this policy

We may update this policy to reflect changes in our practices or in applicable law. When we make material changes, we will notify you by email and update the effective date at the top of this page. Your continued use of AwaOwn after the change takes effect constitutes acceptance of the updated policy.

13. Contact our DPO

Our Data Protection Officer handles all privacy-related requests and questions:

  • Email: privacy@awaown.com
  • Subject line: include "NDPA Request" or "Privacy Query" for faster routing.
  • Response time: we respond to all requests within 30 days. Complex requests may take up to 60 days, in which case we will notify you of the extension.

Shopping Cart0

No products in the cart.