Privacy Policy

Laifido Store ("we", "us", or "our") operates the affiliate marketing marketplace at laifidostore.com. As the data controller, we are responsible for the personal information you provide when using our platform.

This Privacy Policy applies to all users including vendors, affiliates, and visitors. By using our platform, you consent to the collection and processing of your personal data as described in this policy.

Under the Nigeria Data Protection Regulation (NDPR), we process your personal data on the following legal bases:

• Contractual Necessity: Processing required to deliver our services (e.g. creating your account, processing payouts, sending delivery emails).
• Legitimate Interest: Fraud prevention, platform security, and improving our services.
• Consent: Marketing emails and promotional tips (you may withdraw consent at any time via Notification Settings).
• Legal Obligation: Compliance with applicable Nigerian law and regulatory requirements.

• To create and maintain your account and verify your identity.
• To process vendor registration payments and verify successful payment.
• To calculate, attribute, and process affiliate commissions and vendor payouts.
• To send transactional emails: purchase receipts, digital product delivery, order confirmations, and payout notifications.
• To send promotional tips and platform updates (with your consent, and with an opt-out available).
• To detect, investigate, and prevent fraud, abuse, and violations of our Terms of Service.
• To improve platform features, performance, and user experience.
• To comply with legal obligations, including responding to lawful regulatory requests.

We use Paystack for all payment processing — including vendor registration fees, product purchases, and payout disbursement verification. When you enter payment details, you are interacting directly with Paystack's secure systems.

We receive a payment reference and confirmation status from Paystack after successful transactions, but never the underlying card or bank credentials. Please review Paystack's Privacy Policy for more information on how they handle your payment data.

All platform data is stored on Supabase, which provides enterprise-grade cloud infrastructure with:

• Encryption at rest (AES-256) and in transit (TLS 1.2+).
• Row-level security (RLS) policies ensuring users can only access their own data.
• Regular automated backups and point-in-time recovery.

Sensitive information such as bank account details is additionally encrypted at the application layer before being stored in the database. We maintain comprehensive audit logs of all administrative actions.

No system is 100% secure. We encourage you to use a strong, unique password and never share your account credentials with anyone.

We integrate with the following trusted third-party providers. Each maintains industry-standard security certifications and has their own privacy policy which we encourage you to review:

We do not sell, trade, or rent your personal information to any third parties for their marketing purposes. All third-party providers are bound by data processing agreements that require them to handle your data in accordance with the NDPR and this Privacy Policy.

We use cookies and similar technologies to maintain your login session, remember your preferences, and ensure the platform functions correctly.

• Essential cookies: Required for authentication and session management. Cannot be disabled.
• Affiliate tracking cookies: Used to attribute sales to affiliate links within a session. These are functional and necessary for commission calculation.
• Analytics: Vercel may collect anonymised usage data for performance monitoring.

You can manage cookie preferences through your browser settings, though disabling essential cookies will prevent you from logging in. We do not use third-party advertising cookies or tracking pixels for behavioural advertising.

We retain your personal data for as long as your account is active, or as needed to provide our services. Specifically:

• Account information is kept for the lifetime of your active account.
• Transaction and commission records are retained for a minimum of 7 years to comply with Nigerian financial record-keeping obligations.
• After account deletion, personal identifiers are anonymised; financial records are retained in anonymised form.
• Audit logs are retained for 2 years for security and fraud investigation purposes.

Under the Nigeria Data Protection Regulation, you have the following rights regarding your personal data:

To exercise any of these rights, contact us at privacy@laifidostore.com. We will respond within 30 days.

Laifido Store is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will promptly delete it. If you believe we have collected data from a minor, please contact us immediately.

Your personal data is primarily stored and processed within Nigeria. However, some of our service providers operate globally. By using our platform, you acknowledge and consent to the transfer of your data to jurisdictions outside Nigeria, including the United States and the European Union, where our cloud infrastructure and email delivery providers are hosted.

All cross-border transfers are protected by appropriate safeguards, including:

• Standard contractual clauses (SCCs) with all data processors.
• SOC 2 Type II and PCI-DSS certifications held by our infrastructure partners.
• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Row-level security (RLS) policies ensuring data access is restricted to authorised users only.

Laifido Store takes data security seriously. In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, where feasible.
• Notify affected users without undue delay where the breach is likely to result in high risk to their rights and freedoms.
• Provide clear information about the nature of the breach, the data affected, and the steps we are taking to mitigate harm.
• Maintain a detailed incident log for regulatory review and continuous improvement of our security posture.

Certain platform functions involve automated processing of your personal data to calculate commissions, determine payout eligibility, and detect fraudulent activity. These decisions are based on objective criteria such as:

• Verified payment status from Paystack.
• Order delivery confirmation (for physical products).
• Click and conversion patterns for fraud detection.
• Account standing and compliance history.

You have the right to contest any automated decision that significantly affects your legal rights or interests. To request a human review of an automated decision, contact us at support@laifidostore.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. We will notify you of material changes via email or a prominent notice on the platform at least 14 days before the changes take effect.

The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

For privacy-related questions, data subject requests, or to reach our Data Protection Officer (DPO), please use the contact details below: