YANGGAH

Privacy Policy

Last updated: March 8, 2026

Introduction

YANGGAH ("we", "us", or "our") operates an online marketplace for African fashion at yanggah.com. This policy explains what personal data we collect, why we collect it, who we share it with, and your rights over it. By using YANGGAH you agree to this policy.

What We Collect

We collect the following categories of personal data:

  • Account data: name, email address, and role (buyer or vendor) when you register.
  • Shipping address: full name, street address, city, state/province, country, and phone number provided at checkout.
  • Payment data: we do not store full card details. Payment is handled by Stripe (international) or Paystack (Nigeria). We store a payment reference and the currency and amount of each transaction.
  • Order data: items purchased, prices, shipping costs, escrow status, and order history.
  • Body measurements (optional): if you choose to save measurements for made-to-order garments, these are stored securely and linked to your account. You can delete them at any time from your account settings.
  • Currency preference: your preferred display currency (e.g. GBP, USD) is stored to personalise pricing across the site.
  • IP address: your IP address is used to suggest a default currency when you first visit. It is not stored or linked to your profile after this detection.
  • Communication data: messages you send to our support team.
  • Vendor data: business name, bank account details (for payouts), store description, and registered state for shipping zone calculation.

Why We Collect It

  • To process and fulfil orders, including calculating accurate shipping costs and releasing escrow payments to vendors.
  • To charge buyers in their preferred currency using a live exchange rate.
  • To send order confirmation, shipping, and dispute emails via Resend.
  • To enable vendors to manage their storefronts, products, and payouts.
  • To detect and prevent fraud and abuse.
  • To comply with applicable laws (NDPR, GDPR where applicable).

Third-Party Services

We use the following third-party services that process your data on our behalf:

  • Supabase — database and authentication. Your account, order, and measurement data are stored on Supabase-managed servers in the EU.
  • Stripe — payment processing for international (non-Nigeria) orders. Card data is handled entirely by Stripe and subject to their privacy policy.
  • Paystack — payment processing for Nigerian orders. Subject to their privacy policy.
  • Resend — transactional email delivery (order confirmations, vendor notifications). Your email address is shared with Resend solely for email delivery.
  • Vercel — our hosting provider. Request logs (including IP) may be retained by Vercel per their standard infrastructure logging.

Data Retention

Order and financial records are retained for at least 7 years to comply with accounting and tax obligations. Account data is retained while your account is active. You may request deletion of your account and associated personal data by emailing privacy@yanggah.com; however, order records required for legal compliance cannot be deleted before the retention period expires.

Your Rights

Under the Nigeria Data Protection Regulation (NDPR) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the right to access, correct, export, or request deletion of your personal data. To exercise any of these rights, contact us at privacy@yanggah.com. We will respond within 30 days.

Security

All data is transmitted over TLS (HTTPS). Payment data is handled entirely by PCI-DSS-certified processors (Stripe and Paystack) and never touches our servers. Row-level security policies on our database ensure each user can only access their own data.

Contact

For privacy-related questions or requests, contact us at privacy@yanggah.com.

We use cookies to improve your experience and analyse site usage. Essential cookies (authentication, cart) are always active. Privacy Policy