Record Sales Track Stock Know Your Profit Manage Credits Multi-Staff PDF Reports Auto Cloud Sync Barcode Scanning Daily Reconciliation Smart Alerts Record Sales Track Stock Know Your Profit Manage Credits Multi-Staff PDF Reports Auto Cloud Sync Barcode Scanning Daily Reconciliation Smart Alerts
← Back to Home
🛡️ Your Privacy

Privacy Policy

Your privacy matters to us. This policy explains exactly what data we collect, why we collect it, and how you remain in control of it.

Effective: 1 June 2026  ·  Last updated: May 2026

🛡️

Our commitment to you

We never sell your data. We never use it for advertising. Your business data belongs to you — always. Contact our Data Protection Officer at support@rekod.ng.

Jump to a section

01 Who We Are 02 What We Collect 03 How We Collect It 04 Why We Collect It 05 How We Use It 06 Data Sharing 07 Your Customers' Data 08 Affiliate & Referral Data 09 Storage & Security 10 Data Retention 11 Your Rights 12 Children's Privacy 13 Cookies & Tracking 14 Changes to Policy 15 Governing Law & Contact

REKOD NG LIMITED ("REKOD", "we", "us", "our") is a business management platform built for Nigerian traders and small shop owners. The Service is accessible at rekod.ng and any related applications.

This Privacy Policy complies with the Nigeria Data Protection Regulation (NDPR) 2023 and is issued by REKOD as the Data Controller of personal data processed through the Service.

This Policy applies to Shop Owners and Traders, Staff Members added to a shop account, Visitors to rekod.ng, and Affiliates and Referrers in our programmes.

Data Protection Officer: support@rekod.ng

2.1 Data You Provide Directly

Identity data: Full name, business name.

Contact data: Phone number, email address.

Account credentials: Passcode (hashed, never stored in plain text), OTP verification records.

Business data: Shop name, product list, transaction records, pricing, customer records.

Customer data: Names and phone numbers of your customers that you choose to enter into REKOD.

Financial data: Subscription plan, billing history (we do not store card numbers — these are held by Paystack).

Affiliate and referral data: Bank account details provided for affiliate commission withdrawals only.

Communications: Messages you send to our support team via in-app chat or email.

2.2 Data We Collect Automatically

Device data: Device type, operating system, browser type.

Usage data: Features used, pages visited, session duration, trial activity.

Location data: City-level location inferred from IP address (not precise GPS location).

Log data: IP address, access timestamps, error logs.

Push notification tokens: Device tokens required to deliver web push notifications.

2.3 Data From Third Parties

Google: If you use "Sign in with Google," we receive your name, email address, and profile photo.

Paystack: Payment confirmation status, subscription events, and transaction reference IDs. Paystack holds your card details directly — we never receive or store them.

We collect data in the following ways:

• When you register for an account or begin your 30-day free trial.

• When you use features of the Service — recording sales, adding products, tracking debts, and so on.

• When you contact our support team by email or in-app chat.

• Automatically through cookies and similar technologies when you use our website or app.

• When you choose to sign in using Google OAuth.

• When you apply for or participate in the affiliate or trader referral programme.

Under the Nigeria Data Protection Regulation 2023, we process your data on these lawful bases:

Performance of a contract: Creating and managing your account, delivering the Service, processing payments via Paystack, administering your free trial, sending OTP verification by email, and managing affiliate commissions and referral rewards.

Legitimate interest: Sending product updates and feature announcements (you may opt out at any time), security monitoring and fraud prevention, and improving the Service through aggregated analytics.

Legal obligation: Complying with Nigerian law and regulatory requirements.

Consent: Sending marketing emails where you have opted in. You may withdraw consent at any time.

We use your personal data to:

• Create and manage your REKOD account across all plan types — free, trial, Pro, and Premium.

• Deliver the Service and all its features during your free tier, trial period, and paid subscription.

• Process subscription payments and manage billing cycles through Paystack.

• Send OTP verification codes and authentication emails via our email delivery provider.

• Manage your 30-day Premium free trial and notify you before it ends.

• Send receipts, statements, and reports to you and your customers where you instruct us to do so.

• Calculate and pay affiliate commissions and apply trader referral credits to accounts.

• Send you product updates, feature releases, and service announcements.

• Respond to your support enquiries through in-app chat and email.

• Monitor platform health, detect fraud, and maintain security.

• Generate anonymised, aggregated market insights — this data cannot identify you individually.

• Comply with legal and regulatory obligations in Nigeria.

We do not use your data for advertising and we do not build advertising profiles.

We do not sell your personal data. We share it only where necessary with the following trusted parties:

Paystack (paystack.com): Subscription billing and payment processing. We share your name, email, and subscription plan status.

Email delivery providers (e.g. Resend): Sending transactional emails, receipts, OTPs, and notifications. We share your name and email address.

Cloud hosting providers (Railway): Hosting the backend platform and storing encrypted data. Account and business data is stored encrypted at rest.

Frontend hosting and security (Cloudflare): Serving the web application, CDN delivery, and bot prevention. We share your IP address and device data.

Authentication providers (Google): Optional third-party login. We share your name, email address, and profile photo only when you choose to sign in with Google.

We may share your data with Nigerian regulatory or law enforcement authorities where we are legally required to do so. All third-party processors are contractually required to handle your data in accordance with applicable data protection law.

When you use REKOD to store information about your customers — names, phone numbers, purchase history, outstanding debts — you are the Data Controller for that data. REKOD acts as your Data Processor.

You are responsible for:

• Having a lawful basis to store your customers' personal information.

• Informing your customers that their data is recorded in a digital system, where required by law.

• Complying with the NDPR in your own capacity as a Data Controller for your customers' data.

We process your customers' data solely to deliver the Service to you and will not use it for any other purpose.

If you participate in the REKOD affiliate programme, we collect and store your bank account details solely for the purpose of processing commission withdrawals. This information is never used for any other purpose and is not shared beyond what is necessary to execute your withdrawal.

Referral tracking data — who referred whom, referral status, qualifying payments — is stored to calculate and apply rewards accurately. This data is retained for the duration of your account and for up to 12 months after account closure for audit purposes.

Your data is stored on secure cloud infrastructure — backend hosted on Railway, frontend served via Cloudflare — with the following protections:

• Encryption of all data in transit (HTTPS/TLS).

• Encryption of sensitive data at rest.

• Row-Level Security (RLS) on our database, ensuring your data is logically isolated from all other users.

• Authentication tokens stored in secure HttpOnly cookies, inaccessible to browser scripts.

• Two-factor authentication (TOTP) required for all REKOD admin access.

• Continuous security monitoring and error detection.

No system is completely immune to breach. In the event of a data breach that materially affects your rights and freedoms, we will notify you and NITDA within the timeframes required by Nigerian law.

We retain your personal data for as long as your account is active. If you close or delete your account, we retain your data for 90 days before permanent deletion — giving you time to export any records you need. After 90 days, your data is permanently and irreversibly deleted.

Anonymised and aggregated data — which cannot identify any individual — may be retained indefinitely for product improvement and analytics.

Affiliate commission records and referral tracking data are retained for up to 12 months after account closure for financial audit purposes.

As a data subject under the Nigeria Data Protection Regulation 2023, you have the following rights:

Right of Access: Request a copy of the personal data we hold about you.

Right to Rectification: Request correction of inaccurate or incomplete data.

Right to Erasure: Request deletion of your data, subject to legal retention obligations.

Right to Restriction: Request that we limit processing of your data in certain circumstances.

Right to Data Portability: Receive your data in a structured, machine-readable format.

Right to Object: Object to processing based on legitimate interests, including direct marketing.

Right to Withdraw Consent: Where processing is based on your consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email support@rekod.ng. We will respond within 30 days and may need to verify your identity before acting on your request.

If you are unsatisfied with our response, you may lodge a complaint with NITDA (National Information Technology Development Agency) at nitda.gov.ng.

The REKOD Service is intended for adults (18 years and older) operating business accounts. We do not knowingly collect personal data from anyone under 18.

If you believe we have done so, contact support@rekod.ng and we will delete the data promptly.

Session cookies: Maintain your login state securely during an active session.

HttpOnly authentication cookies: Store session tokens in a way that prevents access by browser scripts.

Cloudflare Turnstile: Invisible bot and fraud protection on login and registration forms.

Plausible Analytics (where active): Privacy-respecting website analytics with no personal data collection and no cross-site tracking.

We do not use third-party advertising cookies or share your browsing behaviour with any advertising network.

We may update this Policy to reflect changes in our practices or applicable laws. Material changes will be communicated by email and/or in-app notification at least 14 days before they take effect.

The "Last Updated" date at the top of this page always reflects the current version. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Regulation (NDPR) 2023.

Some of our service providers (Cloudflare, Railway, Resend) may process data outside Nigeria. Where this occurs, we ensure appropriate safeguards are in place to protect your data in line with the NDPR.

For any questions, concerns, or data requests, contact our Data Protection Officer:

Email: support@rekod.ng

Website: rekod.ng

We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with NITDA at nitda.gov.ng.

Still have questions? Email us at support@rekod.ng. We take every privacy concern seriously and respond within 30 days.
Terms of Service → Refund Policy →