Privacy Policy

1. The short version

We collect the minimum we need to run the marketplace - your contact details, business documents for KYC, transaction records, and basic usage analytics. We don't sell your data, ever. We retain records only for as long as we have to.

2. Who we are

Jaratrade Ltd (“we”, “us”) is the data controller for your data when you use jaratrade.com. We're registered with the UK ICO and comply with both UK GDPR and the Nigerian Data Protection Regulation (NDPR).

3. What we collect

3.1 Account data

• Name, email, phone number
• For exporters: business name, CAC number, director ID, bank account details, business address
• For importers: shipping addresses, billing details

3.2 Transaction data

• Orders, listings, payments (processed by Flutterwave - we hold transaction metadata, not full card numbers)
• Communications between buyers, sellers, and Jaratrade support
• Dispute records and admin notes

3.3 Usage data

• Pages you visit, products you search and view (cookies - see our cookie policy)
• Device, browser, IP address (truncated for analytics)
• How you navigated to the site (referrer)

4. Why we collect it

• To run your account and process orders (contractual necessity)
• To verify exporter identity and prevent fraud (legitimate interest + legal obligation)
• To send transactional emails (order confirmations, dispute updates) - these aren't marketing and you can't unsubscribe
• To improve the product (legitimate interest, aggregated analytics only)
• To send marketing emails when you've opted in (you can unsubscribe at any time)

5. Who we share it with

We share specific data with specific third parties - only as needed to run the service:

• Flutterwave - payment processing, escrow, refunds
• Cloudinary - product image hosting
• Resend - transactional email delivery
• Logistics partners - when you choose a partner at checkout, we share the shipping address and contact details
• Authorities - when required by law (court order, sanctions screening)

We don't sell, rent, or trade your data to advertisers.

6. Where we store it

Data is stored in EU/UK data centres operated by our cloud providers. Backups are encrypted at rest. We use TLS 1.3 in transit for all traffic between you and our servers.

7. How long we keep it

• Active accounts: as long as the account exists
• Closed accounts: 7 years (for tax and audit purposes), then deleted
• Dispute records: 7 years from resolution
• Analytics: aggregated only; raw events deleted after 90 days

8. Your rights

Under UK GDPR and NDPR you have the right to:

• Access your data (download a copy)
• Correct inaccurate data
• Delete your data (subject to the retention requirements above)
• Object to processing (opt-out of marketing, restrict certain processing)
• Port your data to another service

To exercise any of these, email admin@jaratrade.com. We'll respond within 30 days.

9. Children

Jaratrade isn't for under-18s. We don't knowingly collect data from anyone under 18. If you believe we have, please email us and we'll delete it.

10. Changes

We'll let you know about material changes via email and a banner in your dashboard at least 14 days before they take effect.

11. Contact

Questions or concerns? Email our Data Protection lead at admin@jaratrade.com. You also have the right to complain to the UK ICO (ico.org.uk) or the Nigeria NDPB (ndpb.gov.ng).