Chop Express Privacy Policy

Chop Express ("we", "our", or "us") is committed to protecting your privacy and handling your personal information transparently and securely. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, the safeguards we implement, and the rights available to you under applicable law (including Nigeria’s Data Protection Act 2023).

Effective Date

1 September 2025

---

1. Scope and Definitions

This policy applies to personal information collected through our mobile app, website, customer support channels, and other services we provide (collectively, the "Platform"). "Personal data" or "personal information" means any information that can identify you either directly or indirectly.

2. Information We Collect

(a) Information You Provide

1. Full name, phone number, email address, and delivery address;
2. Payment and billing information (e.g., card details, wallet transaction records, payment confirmations) — payment card data is processed by our payment processors and is not stored by us except where expressly permitted and secured;
3. Account credentials, profile information, and preferences;
4. Feedback, reviews, complaints, and support correspondence;
5. Survey responses and optional demographic information when you choose to provide it.

(b) Information Collected Automatically

1. Device and technical data (IP address, operating system, device identifiers, browser type);
2. Location information (GPS or network-based) to facilitate order pickup and delivery;
3. Usage and analytics data (pages visited, app events, timestamps, crash logs) to improve our services;
4. Cookies and similar tracking technologies (see Section 9).

(c) Information from Third Parties

1. Payment service providers — for transaction verification and fraud prevention;
2. Vendors, restaurants and delivery partners — to coordinate orders and deliveries;
3. Publicly available sources and identity verification providers, where required for compliance checks;
4. Fraud-prevention and analytics providers, where applicable.

3. Legal Basis for Processing

We process your personal data only where we have a lawful basis to do so, including:

1. Performance of a contract (to provide and manage orders, payments and related services);
2. Legal or regulatory obligations (tax, anti-fraud, dispute resolution);
3. Legitimate interests (improving the Platform, preventing abuse and fraud, direct communications, and analytics) balanced against your rights and interests;
4. Your consent (for optional marketing communications and certain tracking technologies, where required).

4. How We Use Your Information

We use your personal data to:

1. Create, maintain and secure your account;
2. Process and deliver orders, confirm deliveries, and manage refunds;
3. Facilitate and secure payments, detect and prevent fraud;
4. Provide customer service, respond to inquiries and resolve disputes;
5. Personalize content, offers and recommendations;
6. Analyze usage to diagnose problems and improve performance;
7. Send you transactional communications (order confirmations, status updates), and marketing communications where you have consented;
8. Comply with applicable laws and regulatory requests.

5. Sharing and Disclosure

We may share personal information with:

1. Vendors and restaurants — to fulfill and manage your orders;
2. Riders and delivery partners — to coordinate pickup and delivery;
3. Payment processors and banks — to complete and verify payments;
4. Service providers and subprocessors — hosting, analytics, customer support tools, and fraud prevention;
5. Regulators, courts and law enforcement — where required by law or to protect our rights;
6. Prospective buyers or advisors — in the event of a merger, acquisition or sale of business assets (with appropriate confidentiality safeguards).

We do not sell personal information to third parties. We require third-party partners to implement appropriate security and confidentiality measures and to process personal data only as instructed.

6. International Transfers

Personal data may be processed or stored in countries outside your own. When we transfer data internationally, we will implement appropriate safeguards (such as contractual protections and, where available, approved data transfer mechanisms) to ensure an adequate level of protection.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, to comply with legal obligations, resolve disputes, enforce agreements, and as otherwise permitted or required by law. Typical retention periods include:

1. Account and transaction data: retained for the duration of the account and as required for tax, accounting and dispute resolution (commonly 3–7 years);
2. Support and correspondence records: retained for as long as necessary to resolve issues and for a limited period thereafter;
3. Analytics and aggregated data: retained in anonymized or pseudonymized form where possible for trend analysis.

You may request deletion of your account and personal data, subject to legal and regulatory obligations and any legitimate retention needs such as fraud prevention or tax requirements.

8. Security Measures

We use administrative, technical, and physical safeguards to protect your personal information, including encryption, access controls, network security and secure hosting. While we strive to protect your data, no system can be guaranteed to be completely secure. If we learn of a security breach affecting your data, we will follow applicable breach-notification laws and take reasonable steps to address the incident.

9. Cookies, Tracking and Analytics

We and our partners use cookies, local storage and similar technologies to provide, protect and improve the Platform, and to deliver relevant advertising where permitted. Types of cookies and purposes include:

1. Strictly necessary cookies — required for the Platform to function;
2. Performance and analytics cookies — to understand how users interact with our services;
3. Functional cookies — to remember preferences and provide enhanced features;
4. Advertising cookies — to deliver and measure the effectiveness of marketing (where you consent).

You can manage cookie preferences through your browser or device settings, and where applicable, through in-app controls. Disabling some cookies may affect functionality.

10. Children’s Privacy

Our services are not intended for persons under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to remove that data promptly.

11. Your Rights and Choices (Under Nigeria’s Data Protection Act 2023)

Subject to applicable law, you have rights regarding your personal data, including:

1. Access — obtain a copy of the personal data we hold about you;
2. Correction — request updates or corrections to inaccurate or incomplete data;
3. Deletion — request deletion of your data (right to be forgotten), subject to legal limitations;
4. Restriction — request restriction of certain processing activities;
5. Data portability — request a machine-readable copy of your data where applicable;
6. Withdraw consent — where processing is based on consent, you may withdraw it at any time;
7. Object — object to processing based on legitimate interests, including profiling for marketing;
8. Opt-out — opt out of receiving marketing communications from us at any time using the unsubscribe link or by contacting our DPO.

To exercise your rights, please contact our Data Protection Officer using the contact details below. We will respond in accordance with applicable legal timelines and may require identity verification before fulfilling certain requests.

12. Complaints and Supervisory Authority

If you are not satisfied with our response to a privacy-related request or complaint, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) or other relevant supervisory authority.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or Platform features. We will indicate the updated Effective Date and, where appropriate, notify users by email or in-app notification.

14. Contact Us — Data Protection Officer