YANGGAH

Privacy Policy

Last updated: April 20, 2026

Introduction

YANGGAH ("we", "us", or "our") operates an online marketplace for African fashion at yanggah.com and via the YANGGAH mobile apps for iOS and Android. Unless stated otherwise, references to "YANGGAH" or "the platform" in this policy cover both the website and the mobile apps. This policy explains what personal data we collect, why we collect it, who we share it with, and your rights over it. By using YANGGAH you agree to this policy.

What We Collect

We collect the following categories of personal data:

  • Account data: name, email address, and role (buyer or vendor) when you register.
  • Shipping address: full name, street address, city, state/province, country, and phone number provided at checkout.
  • Payment data: we do not store full card details. Payment is handled by Stripe (international) or Paystack (Nigeria). We store a payment reference and the currency and amount of each transaction.
  • Order data: items purchased, prices, shipping costs, escrow status, and order history.
  • Body measurements (optional): if you choose to save measurements for made-to-order garments, these are stored securely and linked to your account. You can delete them at any time from your account settings.
  • Currency preference: your preferred display currency (e.g. GBP, USD) is stored to personalise pricing across the site.
  • IP address: your IP address is used to suggest a default currency when you first visit. It is not stored or linked to your profile after this detection.
  • Usage and analytics data: pages viewed, product and vendor views, wishlist and cart actions, checkout/payment milestones, admin actions, device/browser details, timestamps, and coarse technical identifiers. We do not intentionally send email addresses, phone numbers, names, shipping addresses, message content, tokens, or card data to analytics tools.
  • Communication data: messages exchanged between buyers and vendors through the platform order messaging system, including any flags, warnings, or moderation actions applied to those messages.
  • Vendor data: business name, bank account details (for payouts), store description, and registered state for shipping zone calculation.
  • Device push token: when you enable push notifications on the mobile app, we store the Expo / device push token along with the platform (iOS, Android, or web) so we can deliver notifications. Tokens are tied to your account and removed when you sign out or disable notifications.
  • In-app notifications: we store a record of notifications we send you in the app (type, title, body, read status, timestamp) so you can view and manage them from your notification inbox.
  • Follow relationships: the designers you follow on the platform, used to power your feed and the optional daily digest of updates from followed designers.
  • Promo code redemptions: which vendor-issued promo codes you have redeemed and on which orders. Used to enforce per-code usage limits and to calculate the correct discount.
  • Review replies: when a vendor publicly replies to a review you have left, that reply is stored against your review and displayed alongside it.
  • Dispute evidence: any images or files you attach when raising or responding to a dispute are stored securely in our file storage and visible only to you, the other party to the order, and YANGGAH support.

Why We Collect It

  • To process and fulfil orders, including calculating accurate shipping costs and releasing escrow payments to vendors.
  • To charge buyers in their preferred currency using a live exchange rate.
  • To send order confirmation, shipping, and dispute emails via Resend.
  • To enable vendors to manage their storefronts, products, and payouts.
  • To detect and prevent fraud and abuse.
  • To understand marketplace usage, improve product flows, and measure web and mobile performance using privacy-limited analytics.
  • To comply with applicable laws (NDPR, GDPR where applicable).

Third-Party Services

We use the following third-party services that process your data on our behalf:

  • Supabase — database and authentication. Your account, order, and measurement data are stored on Supabase-managed servers in the EU.
  • Stripe — payment processing for international (non-Nigeria) orders. Card data is handled entirely by Stripe and subject to their privacy policy.
  • Paystack — payment processing for Nigerian orders. Subject to their privacy policy.
  • Resend — transactional email delivery (order confirmations, vendor notifications). Your email address is shared with Resend solely for email delivery.
  • Vercel — our hosting provider. Request logs (including IP) may be retained by Vercel per their standard infrastructure logging.
  • PostHog - product analytics for privacy-limited usage events across web and mobile, configured to avoid sending payment card data, message content, addresses, phone numbers, email addresses, names, passwords, or tokens.

Push Notifications

The YANGGAH mobile app can send push notifications to keep you updated on order activity. Typical triggers include:

  • Order confirmed after successful payment.
  • Your order has shipped.
  • Your order has been delivered.
  • Escrow funds released (for vendors).
  • New order received (for vendors).

Push notifications require your permission. You can decline permission when prompted, or turn notifications off at any time from your device's system settings or from the app's notification preferences. Disabling notifications removes your device token from our records.

Mobile App

The YANGGAH mobile apps are available on iOS (via the App Store) and Android (via Google Play). The apps connect to the same backend as yanggah.com, so the same data-collection, retention, and security practices described in this policy apply. Where Apple or Google require additional privacy disclosures (for example, App Store privacy labels or Play Data Safety forms), those are maintained on our App Store and Play Store listings and reflect the same practices described here.

Communications Preferences

Transactional emails (order confirmation, shipping updates, dispute outcomes, payout notices) are required for the service to operate and cannot be switched off while you hold an active account. Optional communications — such as the daily digest of updates from designers you follow — can be turned off at any time from your account settings. Push notifications can be controlled separately via your device's system settings.

Data Retention

Order and financial records are retained for at least 7 years to comply with accounting and tax obligations. Account data is retained while your account is active. You may request deletion of your account and associated personal data by emailing privacy@yanggah.com; however, order records required for legal compliance cannot be deleted before the retention period expires.

Your Rights

Under the Nigeria Data Protection Regulation (NDPR) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the right to access, correct, export, or request deletion of your personal data. To exercise any of these rights, contact us at privacy@yanggah.com. We will respond within 30 days.

Security

All data is transmitted over TLS (HTTPS). Payment data is handled entirely by PCI-DSS-certified processors (Stripe and Paystack) and never touches our servers. Row-level security policies on our database ensure each user can only access their own data.

Contact

For privacy-related questions or requests, contact us at privacy@yanggah.com.

We use cookies to improve your experience and analyse site usage. Essential cookies (authentication, cart) are always active. Privacy Policy