Privacy Policy

1. Who We Are

TrustLink is an escrow payment platform operated in Nigeria, designed to secure transactions between buyers and vendors on social commerce platforms including WhatsApp, Instagram, and TikTok. Our platform is powered by Paystack (a Stripe company) for all payment processing.

2. Data We Collect

We collect the minimum data necessary to operate our escrow service:

• Buyers: Name, phone number, delivery state, and email (optional) — collected at checkout
• Vendors: Business name, bank account details, phone number, email address, and state of operation — collected at registration
• BVN (Vendors only): Used solely for identity verification via Paystack. We do not store your raw BVN — only a verification status flag
• Transaction data: Payment amounts, product descriptions, delivery status, and OTP confirmation events
• Dispute evidence: Photos submitted by buyers when raising a dispute

3. How We Use Your Data

• To process and secure your escrow payment
• To verify delivery via OTP confirmation
• To release funds to vendors upon confirmed delivery
• To investigate and resolve disputes
• To detect fraud and enforce our blacklist policy
• To comply with applicable Nigerian financial regulations

4. Legal Basis for Processing (NDPA 2023)

We process your personal data on the following lawful grounds under the Nigeria Data Protection Act 2023:

• Consent: Obtained explicitly at checkout and vendor onboarding before any data is collected
• Contract performance: Processing is necessary to fulfil the escrow agreement between buyer and vendor
• Legitimate interest: Fraud prevention and platform security

5. Data Sharing

We do not sell your data. We share data only with:

• Paystack: For payment processing and BVN verification (governed by Paystack's own Privacy Policy)
• Supabase: Our database and authentication infrastructure provider (data stored in AWS)
• Law enforcement: When required by Nigerian law or a valid court order

6. Data Retention

Transaction records are retained for 7 years in compliance with Nigerian financial record-keeping requirements. Dispute evidence photos are deleted 90 days after dispute resolution. You may request deletion of your personal profile data (not transaction records) by contacting us.

7. Your Rights Under NDPA 2023

As a data subject, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of data not required by law
• Withdraw consent at any time (this will prevent future transactions but does not affect past records)
• Lodge a complaint with the Nigeria Data Protection Commission (NDPC)

8. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Payment data is handled exclusively by Paystack and is never stored on TrustLink servers. Access to transaction data is restricted to authenticated parties and TrustLink administrators.

9. Contact Us

For privacy-related requests or complaints, contact our Data Protection Officer:

Email: privacy@trustlink.ng