TrustLinkTrustLink

Privacy Policy

Last updated: May 2026 · Compliant with the Nigeria Data Protection Act 2023 (NDPA)

1. Who We Are

TrustLink is a secure payment protection platform operated in Nigeria, designed to secure transactions between buyers and vendors on social commerce platforms including WhatsApp, Instagram, and TikTok. TrustLink is built and operated by Oduaverse Tech. Our platform is powered by Paystack (a Stripe company) for all payment processing.

2. Data We Collect

We collect the minimum data necessary to operate our payment protection service:

  • Buyers: Name, phone number, delivery state, and email (optional) — collected at checkout
  • Vendors: Business name, bank account details, phone number, email address, and state of operation — collected at registration
  • BVN (Vendors only): Used solely for identity verification via Monnify (NIBSS). We store your BVN securely for fraud prevention — it is never shared with buyers or third parties beyond the verification process
  • Transaction data: Payment amounts, product descriptions, delivery status, and OTP confirmation events
  • Dispute evidence: Photos submitted by buyers when raising a dispute

3. How We Use Your Data

  • To process and secure your payment
  • To verify delivery via OTP confirmation
  • To release funds to vendors upon confirmed delivery
  • To investigate and resolve disputes
  • To detect fraud and enforce our blacklist policy
  • To comply with applicable Nigerian financial regulations

4. Legal Basis for Processing (NDPA 2023)

We process your personal data on the following lawful grounds under the Nigeria Data Protection Act 2023:

  • Consent: Obtained explicitly at checkout and vendor onboarding before any data is collected
  • Contract performance: Processing is necessary to fulfil the payment protection agreement between buyer and vendor
  • Legitimate interest: Fraud prevention and platform security

5. Data Sharing

We do not sell your data. We share data only with:

  • Paystack: For payment processing (governed by Paystack's own Privacy Policy)
  • Monnify: For BVN identity verification via NIBSS (governed by Monnify's Privacy Policy)
  • Law enforcement: When required by Nigerian law or a valid court order

6. Data Retention

Transaction records are retained for 7 years in compliance with Nigerian financial record-keeping requirements. Dispute evidence photos are deleted 90 days after dispute resolution. You may request deletion of your personal profile data (not transaction records) by contacting us.

7. Your Rights Under NDPA 2023

As a data subject, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of data not required by law
  • Withdraw consent at any time (this will prevent future transactions but does not affect past records)
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC)

8. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Payment data is handled exclusively by Paystack and is never stored on TrustLink servers. Access to transaction data is restricted to authenticated parties and TrustLink administrators. While we implement industry-standard security measures, no system is completely secure. TrustLink cannot guarantee that unauthorised access, data breaches, or data loss will never occur. In the event of a breach materially affecting your personal data, we will notify you as required by the Nigeria Data Protection Act 2023 within 72 hours of discovery.

9. Third-Party Services

Our platform integrates with the following third-party services that may process your data independently:

  • Paystack — payment processing. Governed by Paystack's Privacy Policy.
  • Monnify — BVN identity verification via NIBSS. Governed by Monnify's Privacy Policy.
  • Supabase — database and authentication infrastructure. Data is stored on servers in the European Union (AWS eu-west-1).
  • Expo — push notification delivery for the vendor mobile app.

TrustLink is not responsible for the privacy practices of these third-party services. We encourage you to review their policies.

10. Limitation of Liability for Data Matters

To the maximum extent permitted by applicable law, TrustLink's liability for any data-related claim (including breach, loss, or unauthorised access) is limited to the amount of platform fees collected from your transactions in the 12 months preceding the claim. TrustLink is not liable for indirect, consequential, or punitive damages arising from any data incident.

11. Contact Us

For privacy-related requests or complaints, contact our Data Protection Officer:

Email: support@oduaverse.com

Terms of Service← Back to TrustLink