Legal
Effective date: 1 June 2025
·Last updated: 1 June 2025
Kuxtoma ("we", "our", or "us") is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and your rights as a user of our multi-vendor commerce platform.
We collect information you provide directly when you register as a vendor, create a customer account, or contact us. This includes your name, email address, phone number, business details, and payment configuration (stored encrypted).
When you use the platform we automatically collect certain technical information including your IP address, browser type, device identifiers, pages visited, and the time and date of your visit.
Vendors who configure payment gateways (Paystack, Stripe) provide API keys which are stored encrypted and used solely to process transactions on their behalf.
To create and manage your account and verify your identity.
To facilitate transactions between vendors and customers, including processing payments and sending order confirmations.
To notify vendors of new orders, payment confirmations, and account status changes.
To provide customer support and respond to your enquiries.
To improve the platform by analysing usage patterns and performance metrics. All analytics data is aggregated and anonymised.
To comply with legal obligations and prevent fraud or abuse.
We do not sell your personal data to third parties.
We share necessary order and shipping information between customers and the specific vendors they transact with. Vendor data is never shared with other vendors.
We engage trusted third-party service providers (Firebase/Google Cloud for infrastructure, Paystack/Stripe for payment processing) who are contractually bound to handle data securely.
We may disclose information to law enforcement or regulatory authorities when required by law.
We retain your account information for as long as your account is active.
Order and transaction records are retained for a minimum of 7 years to comply with financial and tax regulations.
You may request deletion of your account at any time. Upon deletion, personal identifiable information is removed; aggregated transaction records may be retained for legal compliance.
We use industry-standard security measures including TLS encryption for data in transit, AES-256 encryption for sensitive stored data, and Firebase Security Rules to enforce strict data access controls.
Payment API keys are encrypted at rest and never exposed in API responses or logs.
Despite these measures, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and report any suspected security issues immediately.
We use essential cookies to maintain your session and keep you logged in. See our Cookie Policy for full details.
You have the right to access, correct, or delete your personal data.
You have the right to data portability — to receive a copy of your data in a structured, machine-readable format.
You may opt out of non-essential communications at any time via your account settings.
To exercise any of these rights, contact us at privacy@kuxtoma.com.
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a prominent notice in the platform. Continued use of the platform after changes constitutes acceptance.