OjaLink
Start for free

Legal

Privacy Policy

Last updated: 1 March 2025

OjaLink Technologies Ltd (“OjaLink”, “we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at afrisell.io (“Platform”). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Platform.

1. Information We Collect

1.1 Information You Provide Directly

  • Account registration: first name, last name, email address, phone number, password, business name, business type, Nigerian state, and city.
  • KYC verification: government-issued identity documents (national ID, passport, driver's licence, CAC certificate), uploaded for compliance purposes.
  • Bank account details: bank name, account number, and account name for record-keeping. OjaLink does not process payments on your behalf.
  • Products and listings: product titles, descriptions, images, prices, and related content you add to the Platform.
  • Communications: messages you send to our support team.

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, timestamps, and actions taken on the Platform.
  • Device and browser data: IP address, browser type, operating system, and device identifiers.
  • Cookies and similar technologies: session tokens required to keep you logged in, and analytics cookies to understand Platform usage.

1.3 Information from Third Parties

  • Marketplace platforms (Etsy, eBay): when you connect your marketplace account via OAuth, we receive your shop name, seller ID, and OAuth tokens. These tokens are encrypted at rest using AES-256 encryption.
  • KYC providers (Smile Identity / Youverify): verification results and confidence scores for identity checks.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your OjaLink seller account.
  • Verify your identity as required under Nigerian law and marketplace compliance requirements.
  • Enable you to connect your Etsy and eBay accounts and manage product listings.
  • Send you transactional emails — OTP codes, order notifications, KYC status updates, and listing error alerts.
  • Monitor Platform performance and security, and detect fraudulent activity.
  • Comply with applicable laws and regulations, including NDPR (Nigeria Data Protection Regulation).
  • Improve our Platform based on aggregated usage analytics.

3. Legal Basis for Processing (NDPR)

Under the Nigeria Data Protection Regulation (NDPR) 2019, we process your personal data on the following bases:

  • Contract performance: processing necessary to provide the OjaLink service you have subscribed to.
  • Legal obligation: KYC verification required under applicable Nigerian regulations.
  • Legitimate interests: fraud prevention, platform security, and service improvement.
  • Consent: marketing communications, where you have opted in.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Marketplace platforms: Etsy and eBay receive product listing data you choose to publish through OjaLink.
  • KYC service providers: Smile Identity or Youverify, for identity verification. They process data under their own privacy policies.
  • Email service (Resend): for sending transactional emails. We share only your email address and first name.
  • Shipping providers (Shippo): order delivery address and shipment details when you purchase a shipping label.
  • Cloud infrastructure: Neon (PostgreSQL), Cloudflare R2 (file storage), Redis — all data is stored securely with encryption in transit and at rest.
  • Law enforcement or regulators: when required by a valid legal request or court order.

5. Data Retention

We retain your personal data for as long as your account is active plus a period of 7 years for financial and KYC records, as required by Nigerian law. After account deletion, we anonymise or delete personal data within 90 days, except where longer retention is legally required.

6. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • AES-256 encryption for OAuth access and refresh tokens stored in our database.
  • Bcrypt hashing (minimum 12 rounds) for all passwords.
  • TLS/HTTPS encryption for all data in transit.
  • JWT-based authentication with short-lived access tokens (15 minutes) and refresh tokens (7 days).
  • Role-based access controls limiting data access to authorised OjaLink personnel only.

7. Your Rights

Under the NDPR, you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate or incomplete data.
  • Deletion: request deletion of your data (subject to legal retention requirements).
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdrawal of consent: withdraw consent for marketing communications at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies to keep you logged in (JWT session token). We do not use third-party advertising cookies. You can disable cookies in your browser settings, but this will prevent you from logging into the Platform.

9. Children's Privacy

OjaLink is not intended for use by persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately.

10. International Data Transfers

Some of our service providers (Resend, Cloudflare, Neon) are based outside Nigeria. When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and data processing agreements with our providers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the Platform. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact our Data Protection Officer at:

OjaLink Technologies Ltd
Lagos, Nigeria
Email: [email protected]
Support: [email protected]