Privacy Policy

1. Introduction

Gravote Technologies ("Gravote", "we", "us", or "our") operates the Gravote platform, including our website at gravote.com and the Gravote merchant dashboard (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

By using Gravote, you agree to the collection and use of information in accordance with this policy. This policy applies to all users of the Service, including merchants, their customers whose data is processed through the Service, and visitors to our website.

2. Information We Collect

2.1 Information you provide directly

• Account registration information: name, email address, phone number, business name
• Business information: product listings, prices, inventory data, customer records
• Payment information: billing details processed securely via our payment providers (Stripe/Paystack); we do not store full card numbers
• Communications: messages you send to our support team

2.2 Information collected automatically

• Usage data: pages visited, features used, session duration, clicks
• Device information: IP address, browser type, operating system
• Log data: server logs, error reports, timestamps
• Cookies and similar tracking technologies (see Section 6)

2.3 WhatsApp message data

When you connect a WhatsApp number to Gravote, we process messages sent to and from that number to power the automated order management. This includes customer names, phone numbers, product enquiries, and order information. This data is processed under your instruction as a data processor on your behalf.

3. How We Use Your Information

• To provide, maintain, and improve the Service
• To process transactions and send related information (receipts, confirmations)
• To respond to your comments, questions, and support requests
• To send you technical notices, updates, security alerts, and administrative messages
• To monitor and analyse usage and trends to improve the user experience
• To detect, investigate, and prevent fraudulent transactions or abuse
• To comply with legal obligations

We do not sell your personal data to third parties. We do not use your customer data for our own marketing.

4. Legal Basis for Processing (NDPR & GDPR)

We process your personal data on the following legal bases:

• Contract performance: to provide the Service you signed up for
• Legitimate interests: to prevent fraud, improve our Service, and communicate with you about your account
• Legal compliance: to meet obligations under Nigerian law (NDPR 2019) and applicable data protection laws
• Consent: for marketing communications, which you may withdraw at any time

5. Data Sharing

We share your information only with:

• Service providers: hosting (Supabase/AWS), payment processing (Stripe, Paystack), email (Resend), WhatsApp Cloud API (Meta), all bound by data processing agreements
• Legal authorities: when required by Nigerian law, court order, or to protect Gravote's legal rights
• Business transfers: in connection with a merger or acquisition, where the acquirer will be bound by this policy

6. Cookies

We use cookies and similar technologies to operate the Service, remember your preferences, and analyse usage. Essential cookies are required for the Service to function. Analytics and preference cookies can be declined via our cookie settings. For full details, see our Cookie Policy.

7. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. After account closure, we retain data for up to 90 days before deletion, except where legal obligations require longer retention. WhatsApp message logs are retained for 12 months.

8. Your Rights

Under the Nigeria Data Protection Regulation (NDPR) and applicable laws, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to erasure")
• Object to or restrict processing of your data
• Request a portable copy of your data
• Withdraw consent at any time (where processing is consent-based)
• Lodge a complaint with the Nigeria Data Protection Bureau (NDPB)

To exercise these rights, contact us at privacy@gravote.com. We will respond within 30 days.

9. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but we work hard to protect your data. See our Security page for details.

10. Children's Privacy

The Service is not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, contact us immediately at privacy@gravote.com.

11. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or a prominent notice on our website at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or to exercise your rights: