1. Introduction

Welcome to Eazy Express. We are Nigeria's intelligent commerce infrastructure platform, built to transform how buyers, vendors, logistics providers, and payment systems connect and transact. Through advanced artificial intelligence and multi-channel accessibility, we enable seamless, trustworthy, and efficient trade across Nigeria and beyond.

Eazy Express operates through our website, mobile applications, and WhatsApp integration to serve businesses, SMEs, individual consumers, and social commerce participants. Our platform uses agentic AI to coordinate procurement, verification, escrow management, and logistics, creating a unified trade infrastructure that overcomes traditional barriers of trust, coordination, and delivery reliability.

Your privacy and trust are foundational to everything we do. This Privacy Policy explains how we collect, use, share, protect, and retain your personal data when you interact with our platform as a customer, vendor, logistics partner, or service provider. It applies to all Eazy Express services, platforms, and channels unless otherwise specified.

By using our services, you acknowledge that you have read, understood, and agreed to this Privacy Policy. We are committed to protecting your personal data in full compliance with the Nigeria Data Protection Act (NDPA) 2023, the Nigeria Data Protection Regulation (NDPR), and applicable consumer protection laws administered by the Federal Competition and Consumer Protection Commission (FCCPC). We process your data lawfully, fairly, transparently, and with your rights at the center of our operations.

2. Information We Collect

We collect personal data necessary to deliver our services, ensure platform security, comply with legal obligations, and continuously improve user experience. The specific data we collect depends on how you interact with our platform and the role you play within the Eazy Express ecosystem.

2.1 Data Collected from Customers

When you use Eazy Express as a customer, we collect identity information including your full name, email address, phone number, and in certain cases date of birth or government-issued identification for verification or high-value transactions. We collect transaction data comprising your order history, purchase details, payment information, delivery addresses, order preferences, transaction amounts, and refund records. Communication data includes messages, voice recordings, chat transcripts, feedback, customer service interactions, and dispute resolution communications. We also collect behavioral data such as browsing history, search queries, product views, cart activity, click patterns, time spent on the platform, and engagement metrics.

Location data is collected in the form of delivery addresses, GPS coordinates where you provide consent, and IP address-derived location information. We additionally collect device and technical data including device type, operating system, browser type, IP address, device identifiers, app version, session information, and data from cookies and similar technologies.

2.2 Data Collected from Vendors

For vendors operating on our platform, we collect business information including business name, registration details, tax identification numbers, business address, business type, and ownership structure. Contact information includes the name, email address, and phone number of authorized representatives. Financial information comprises bank account details, payment processing information, transaction history, and settlement records. We collect product and inventory data such as product listings, descriptions, pricing, stock levels, and fulfillment capabilities, as well as performance data including order fulfillment rates, delivery times, customer ratings, dispute records, and compliance history.

2.3 Data Collected from Logistics Partners and Riders

Logistics partners and riders provide identity information including full name, phone number, email address, identification documents, and photographs. Location data is particularly important for this user group and includes real-time GPS tracking during active deliveries, delivery routes, and location history. We collect vehicle information such as vehicle type, registration number, and insurance details, along with performance data including delivery completion rates, customer ratings, timeliness metrics, and route efficiency statistics.

2.4 Data Collected Automatically

Our platform automatically collects certain data through cookies and tracking technologies including session cookies, persistent cookies, web beacons, pixel tags, and analytics identifiers. Usage analytics data comprises feature usage patterns, error logs, crash reports, and performance metrics. Platform interaction data includes login timestamps, session duration, navigation paths, and feature engagement statistics.

2.5 Data from Third-Party Sources

We receive data from payment processors and financial institutions, logistics and delivery service providers, identity verification and fraud prevention services, business intelligence and credit assessment providers, and social media platforms when you connect accounts or share content. We also access publicly available business registries and databases where necessary to verify business credentials and ensure platform integrity.

3. How We Collect Your Data

We collect personal data through multiple channels and methods designed to provide you with seamless access to our platform while maintaining data protection standards.

3.1 Direct Collection

Direct collection occurs when you browse, register, place orders, or communicate through our website. Our mobile applications for iOS and Android collect data when you download, register, and actively use the apps. Our WhatsApp integration collects data when you interact with our WhatsApp business account for orders, inquiries, or customer support. Voice interactions capture data when you provide verbal instructions or engage with voice-enabled features. Forms and communications collect data when you fill out registration forms, participate in surveys, submit vendor or rider applications, or contact customer support. Account registration captures data when you create a customer, vendor, or partner account on any of our platforms.

3.2 Automated Collection

Automated collection happens through cookies and similar technologies that are automatically placed on your device when you access our platform. Analytics tools embedded in our web and mobile platforms track usage and performance. Server logs automatically record technical information when you interact with our digital infrastructure. API integrations collect data through authorized third-party applications and services connected to your account.

3.3 Third-Party Collection

We receive data from business partners including logistics providers, payment processors, and service integrators. Verification providers supply data through identity verification and fraud detection services. Marketing partners provide data from authorized advertising and attribution platforms where you have provided consent. These third-party sources help us verify information, prevent fraud, and deliver integrated services while maintaining data protection standards.

4. How We Use Your Data (Purpose and Legal Basis)

We process your personal data only for specific, legitimate purposes and rely on recognized legal bases under Nigerian data protection law. Our processing activities are designed to deliver value while respecting your rights and maintaining transparency.

4.1 Service Delivery and Fulfillment

We use your data to provide, maintain, and improve Eazy Express services. This includes processing and fulfilling orders, coordinating logistics and delivery, managing payments and settlements, facilitating interactions between buyers, vendors, and riders, enabling AI-powered trade execution, and providing responsive customer support. The legal basis for this processing is contractual necessity, as we cannot deliver our services without processing this data, and our legitimate business interests in operating an efficient commerce platform.

4.2 AI-Powered Platform Operations

Our platform relies on artificial intelligence to deliver intelligent, automated trade coordination. We use your data to power intelligent procurement recommendations, automated vendor selection and matching, logistics route optimization, dynamic pricing and demand forecasting, fraud detection and risk assessment, and continuous platform quality improvement. These AI-driven processes enable us to provide faster, more reliable, and more cost-effective services than traditional commerce models. The legal basis for this processing includes legitimate business interests, contractual necessity, and your consent where required by law for specific AI applications.

4.3 Trust, Safety, and Fraud Prevention

Maintaining platform integrity and user safety is paramount to our mission. We use your data to verify user identity and business credentials, detect and prevent fraud, abuse, and illegal activity, monitor compliance with our Terms of Service, investigate disputes and resolve conflicts fairly, and enforce platform policies consistently. This processing is based on our legal obligations, legitimate business interests in protecting all platform users, and public interest in preventing fraud and criminal activity.

4.4 Legal and Regulatory Compliance

We process data to comply with applicable laws and regulations including responding to regulatory inquiries and audits, maintaining records required by law, complying with tax, financial, and commercial regulations, and cooperating with law enforcement when legally required. The legal basis for this processing is legal obligation and public interest, as failure to process data for these purposes would result in legal violations.

4.5 Communication and Marketing

We use your data to communicate with you about our services through transactional notifications such as order confirmations and delivery updates, customer support responses, promotional offers and product recommendations where you have provided consent, and platform updates and policy changes. The legal basis varies by communication type and includes contractual necessity for transactional communications, consent for marketing, and legitimate business interests for service-related updates.

4.6 Analytics and Platform Improvement

To understand and continuously improve our services, we analyze usage patterns and user behavior, conduct research and development, test new features and improvements, and optimize user experience and interface design. This processing is based on our legitimate business interests and, where required for certain analytics activities, your consent.

5. Artificial Intelligence and Automated Decision-Making

Eazy Express employs advanced artificial intelligence, including agentic AI systems, to deliver efficient, intelligent commerce infrastructure. We recognize that AI processing involves unique considerations around transparency, fairness, and user rights, and we are committed to responsible AI use that enhances rather than diminishes human agency.

5.1 How We Use AI

Our AI systems assist with intelligent procurement by recommending optimal products, vendors, and purchasing options based on your requirements, historical behavior, market conditions, and real-time availability. Vendor matching involves automated evaluation and selection of vendors based on price, reliability, location, historical performance, and capacity to fulfill specific orders. Logistics coordination employs AI-driven route optimization, rider assignment, and delivery scheduling to ensure timely, cost-effective deliveries. Fraud detection uses automated analysis of transaction patterns, user behavior, and contextual signals to identify suspicious activity and protect all platform participants. Dynamic pricing involves AI-assisted pricing recommendations based on demand, supply, market conditions, and competitive dynamics, though final pricing decisions may involve human oversight. Risk assessment includes automated evaluation of transaction risk, vendor trustworthiness, and payment security to protect buyers and maintain platform integrity. Customer service utilizes AI-powered chatbots and response systems for initial customer inquiries, with seamless escalation to human agents when needed.

5.2 Human Oversight and Safeguards

While we use AI extensively, we maintain important safeguards to ensure fairness and accountability. Significant decisions affecting your rights or high-value transactions are subject to human oversight and review. You may request human review of any AI-driven decision that materially affects you, and we will provide this review within a reasonable timeframe. We clearly indicate when you are interacting with AI systems versus human agents, ensuring you always know the nature of your interaction. Our AI systems undergo regular audits for fairness, accuracy, and potential bias, with particular attention to ensuring equitable treatment across different user groups, regions, and transaction types. Model governance procedures ensure that our AI models undergo rigorous testing, validation, and performance monitoring before deployment and throughout their operational lifecycle.

5.3 Your Rights Regarding Automated Decisions

You have the right to be informed when AI materially influences decisions affecting you, including the logic involved and the significance of such processing. You may request human intervention in automated decision-making processes, particularly for decisions that significantly affect your access to services or financial interests. You have the right to contest decisions made solely by automated means and to request explanations of how specific AI-driven decisions were reached, including the data and factors considered. Where alternative methods are available, you may opt out of certain AI-driven features, though this may affect the efficiency or availability of some services.

5.4 AI Data Processing

AI systems process various data types including transaction history, behavioral patterns, communication content, location data, and contextual information such as time of day, device type, and session characteristics. This processing enables personalized, efficient service delivery but is always subject to the data protection principles outlined in this Policy, including data minimization, purpose limitation, and security. We do not use AI to make decisions based on special categories of data such as race, religion, or health status, nor do we use AI in ways that would systematically disadvantage particular groups or individuals.

6. How We Share Your Data

We share personal data only when necessary to deliver our services, comply with legal obligations, or with your explicit consent. We do not sell your personal data to third parties for their independent marketing purposes, and we maintain strict contractual controls over how our partners handle your data.

6.1 Service Delivery Partners

We share data with third parties essential to platform operations. Logistics and delivery partners receive your name, phone number, delivery address, and order details to facilitate fulfillment and coordinate delivery. Payment processors receive payment information and transaction details to process payments securely and comply with financial regulations. Vendors receive buyer contact information, delivery address, and order specifications necessary to fulfill purchases and communicate about order status. Verification services receive identity information for fraud prevention, trust verification, and compliance with know-your-customer requirements. Cloud infrastructure providers host our platform and store data under strict security and confidentiality agreements. Customer support tools process communication history and account data to help us resolve inquiries efficiently and maintain service quality.

6.2 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or similar corporate transaction, your personal data may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy, and we will ensure that any acquiring entity agrees to protect your data in accordance with this Privacy Policy until such notice is provided.

6.3 Legal and Regulatory Disclosure

We may disclose personal data when required by law or when we believe in good faith that disclosure is necessary to comply with legal obligations, court orders, or regulatory requirements, cooperate with law enforcement investigations or national security demands where legally required, protect the rights, property, or safety of Eazy Express, our users, or the public, enforce our Terms of Service or other agreements, or detect, prevent, or address fraud, security issues, or technical problems. We will, where legally permissible, provide notice to affected users before disclosing data in response to legal process.

6.4 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably identify you with business partners for market research and strategic planning, analytics providers for industry insights and benchmarking, academic researchers for studies that advance commerce and technology, and investors and stakeholders for reporting purposes. Such data does not constitute personal data under Nigerian law and is not subject to the restrictions in this Privacy Policy.

6.5 With Your Consent

We may share data with third parties when you explicitly authorize such sharing, such as when connecting social media accounts, participating in promotional campaigns with partners, opting into data-sharing for specialized services like credit assessment or business intelligence, or authorizing specific integrations with third-party applications. You may revoke such consent at any time, though this may limit the functionality of integrated services.

7. Cross-Border Data Transfers

Eazy Express primarily operates in Nigeria, and we store and process the majority of Nigerian user data within Nigeria or the West African region. However, some of our service providers and technology infrastructure operate globally, which may involve the transfer of personal data outside Nigeria.

7.1 Transfer Safeguards

When we transfer personal data internationally, we ensure adequate protection through multiple mechanisms. We transfer data only to countries recognized by the Nigeria Data Protection Commission as providing adequate protection for personal data. Where such adequacy determinations do not exist, we implement standard contractual clauses approved by the NDPC or other appropriate safeguards. We rely on binding corporate rules where applicable, which are internal data protection frameworks that ensure consistent protection across our global operations. For certain transfers, we obtain your explicit consent where required by law. We also rely on contractual necessity when transferring data is essential to fulfilling our contractual obligations to you, such as processing international payments or coordinating cross-border deliveries.

7.2 Service Providers

International service providers we work with may include cloud infrastructure and hosting services that provide scalable, secure infrastructure for our platform, payment processing platforms that enable secure, efficient financial transactions, analytics and business intelligence tools that help us understand and improve our services, customer relationship management systems that help us deliver responsive support, and security and fraud prevention services that protect all platform users. All such providers are contractually required to maintain data protection standards consistent with Nigerian law and international best practices, including specific obligations around security, confidentiality, and limited use of data.

7.3 Your Rights

You have the right to request information about international data transfers affecting your personal data, including the countries involved, the safeguards in place, and the purposes of such transfers. You may object to such transfers under certain circumstances, particularly where adequate safeguards are not in place or where the transfer would violate your fundamental rights. We will respond to such requests and consider objections in accordance with applicable law.

8. Data Retention and Deletion

We retain personal data only as long as necessary for the purposes outlined in this Policy, to comply with legal obligations, and to establish or defend legal claims. Our retention practices balance business needs, legal requirements, and your rights to deletion and data minimization.

8.1 Retention Periods

For customer data, we retain active account data while your account is active and for up to two years after account closure to allow for account reactivation and to resolve any residual disputes or issues. Transaction records are retained for seven years to comply with financial, tax, and commercial record-keeping requirements under Nigerian law. Communication records are retained for three years for customer service quality, training, and dispute resolution. Marketing consent records are retained for two years after consent withdrawal to demonstrate compliance with your preferences and applicable marketing laws.

For vendor data, business verification records are retained for seven years following termination of the business relationship to comply with regulatory requirements and to support any necessary audits or investigations. Product and inventory data are retained for three years after account closure for business intelligence and market analysis. Financial and tax records are retained for seven years per regulatory requirements. Performance and compliance records are retained for five years to support platform integrity and potential disputes.

For logistics partner data, delivery records are retained for three years for quality assurance, dispute resolution, and performance analysis. Performance metrics are retained for two years after partnership termination. Verification documents are retained for five years per regulatory requirements and to support any necessary investigations or audits.

For technical and analytics data, usage logs and analytics are retained for twelve to twenty-four months depending on the specific data type and business purpose. Security logs are retained for twenty-four months to support security monitoring and incident investigation. Cookies and tracking data retention periods vary based on type and purpose as detailed in Section 11.

8.2 Deletion Practices

When retention periods expire or when you exercise your right to deletion, we securely delete or anonymize personal data from active systems using industry-standard data destruction methods. We remove personal data from backup systems within reasonable timeframes, typically ninety to one hundred eighty days, recognizing that immediate deletion from all backups may not be technically feasible. We retain data beyond standard deletion timelines only where legally required or for legitimate legal defense purposes, such as ongoing litigation or regulatory investigations.

8.3 Legal Holds

We may retain data beyond standard retention periods when required to comply with legal holds, ongoing investigations, litigation, regulatory proceedings, or audit requirements. When a legal hold is in place, we will preserve data in a secure manner and limit access to authorized personnel. Once the legal hold is lifted, we will resume normal deletion practices in accordance with our standard retention schedule.

9. Data Security

We implement comprehensive technical, organizational, and administrative safeguards to protect your personal data against unauthorized access, disclosure, alteration, destruction, and other forms of unlawful processing. Our security program is designed to be commensurate with the sensitivity of the data we process and the risks inherent in our operations.

9.1 Technical Security Measures

We encrypt data in transit using TLS/SSL protocols and encrypt data at rest using industry-standard encryption algorithms, ensuring that your data is protected both when being transmitted and when stored in our systems. Access controls implement role-based permissions that limit data access to authorized personnel only, with strict need-to-know principles. Authentication systems employ multi-factor authentication for sensitive systems, administrative access, and high-risk transactions. Network security includes firewalls, intrusion detection systems, intrusion prevention systems, and network segmentation to isolate sensitive data and systems. Our secure infrastructure relies on hosting with reputable cloud providers maintaining SOC 2, ISO 27001, or equivalent certifications. Vulnerability management includes regular security assessments, penetration testing conducted by qualified third parties, and prompt patch management to address identified vulnerabilities.

9.2 Organizational Security Measures

Data protection training is provided regularly to all employees, with specialized training for those handling sensitive data or working on security-critical systems. We conduct background checks and screening for employees with access to sensitive data, proportionate to the level of access and data sensitivity. Confidentiality agreements impose contractual confidentiality obligations on all employees, contractors, and service providers with access to personal data. Our incident response procedures are documented and regularly tested, covering detection, containment, investigation, notification, and remediation of security incidents. Third-party management includes due diligence assessments of vendors before engagement and contractual data protection requirements that bind all service providers. Privacy by design principles are embedded into system design and development, ensuring that data protection is considered from the earliest stages of any new product or feature.

9.3 Administrative Controls

Data minimization practices ensure we collect and retain only data necessary for specified purposes, regularly reviewing data holdings to identify and delete unnecessary data. Regular audits include periodic reviews of data processing activities, security controls, and compliance with this Privacy Policy and applicable laws. Policy updates involve continuous review and enhancement of security policies and procedures in response to evolving threats and best practices. Segregation of duties separates responsibilities to prevent unauthorized access, misuse, or conflicts of interest in data handling.

9.4 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Nigeria Data Protection Commission within seventy-two hours of becoming aware of the breach, providing details of the nature of the breach, the categories and approximate number of affected individuals, the likely consequences, and the measures taken or proposed to address the breach. We will notify affected individuals without undue delay where the breach poses a high risk to your rights and freedoms, providing information about the nature of the breach, potential consequences, and mitigation measures you can take. We document all breaches and remedial actions taken, maintaining records to demonstrate compliance with notification obligations and to inform future security improvements.

Your responsibility in maintaining security includes using strong, unique passwords for your account, keeping your login credentials confidential and not sharing them with others, promptly notifying us of any unauthorized account access or suspicious activity, and keeping your contact information current so we can reach you with important security notifications. We will never ask you to provide your password via email, phone, or any unsolicited communication.

10. Your Data Protection Rights

Under the Nigeria Data Protection Act 2023 and applicable regulations, you have important rights regarding your personal data. We are committed to facilitating the exercise of these rights in a timely, transparent, and user-friendly manner.

10.1 Right of Access

You have the right to request confirmation of whether we process your personal data and to obtain access to that data. When you exercise this right, we will provide you with information about the categories of data we hold about you, the purposes of processing, the recipients or categories of recipients with whom we share your data, the retention periods applicable to your data, and a copy of your personal data in a commonly used format. This allows you to verify the lawfulness of our processing and ensure the accuracy of your data.

10.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. If you identify any errors or omissions in the data we hold about you, we will update our records promptly upon verification of the correct information. You can update much of your account information directly through your account settings, or you may contact customer support for assistance with corrections that require verification or affect multiple systems.

10.3 Right to Deletion (Right to be Forgotten)

You have the right to request deletion of your personal data when the data is no longer necessary for the purposes for which it was collected, you withdraw consent where consent was the legal basis for processing, you object to processing and no overriding legitimate grounds exist for continuing to process the data, the data was unlawfully processed, or deletion is required to comply with legal obligations. We will comply with deletion requests unless we have a lawful basis to retain the data, such as compliance with legal obligations, establishment or defense of legal claims, or fulfillment of contractual obligations to other parties.

10.4 Right to Restrict Processing

You have the right to request restriction of processing when you contest the accuracy of personal data during the period necessary for us to verify accuracy, processing is unlawful but you prefer restriction over deletion, we no longer need the data for our purposes but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing pending verification of whether our legitimate grounds override your interests. When processing is restricted, we will store the data but not otherwise process it without your consent, except for establishment or defense of legal claims or protection of the rights of another person.

10.5 Right to Data Portability

You have the right to receive personal data you provided to us in a structured, commonly used, machine-readable format and to transmit that data to another controller where technically feasible. This right applies to data processed based on consent or contractual necessity and processed by automated means. Data portability supports your ability to switch service providers and promotes competition while giving you greater control over your data.

10.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. When you object to processing for direct marketing, we will cease such processing immediately. When you object to other processing based on legitimate interests, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

10.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal, but we will cease processing based on that consent going forward unless we have another legal basis for processing. You can withdraw consent through your account settings for many processing activities, or by contacting us directly.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Nigeria Data Protection Commission if you believe we have violated your data protection rights or processed your data unlawfully. You may contact the NDPC at their website ndpc.gov.ng or via email at info@ndpc.gov.ng. We encourage you to contact us first so we can address your concerns directly, but you have the unconditional right to approach the regulator at any time.

10.9 Exercising Your Rights

To exercise any of these rights, you may use your account settings for self-service options where available, contact our Data Protection Officer using the contact information in Section 16, or submit a formal Data Subject Request through our designated channels available on our website. We will respond to valid requests within thirty days of receiving sufficient information to verify your identity and process the request. Complex requests may require an extension of up to an additional thirty days, which we will communicate to you along with the reasons for the extension. We may request additional information to verify your identity before processing requests, particularly for deletion or data portability requests, to prevent unauthorized access to your data. We do not charge a fee for most requests, though we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests, or provide information in an alternative format to reduce costs.

11. Cookies, Tracking, and Analytics

We use cookies and similar technologies to enhance user experience, analyze platform performance, deliver personalized services, and improve our offerings. This section explains what technologies we use, how they work, and how you can control them.

11.1 Types of Cookies We Use

Strictly necessary cookies enable core platform functionality and cannot be disabled without impairing your ability to use our services. These cookies maintain security and prevent fraud, remember authentication and session information so you do not have to log in repeatedly, and ensure proper functioning of shopping carts and checkout processes. Because these cookies are essential to service delivery, they do not require your consent under applicable law.

Performance and analytics cookies track usage patterns and performance metrics to help us understand how users interact with our platform. These cookies identify errors and technical issues, optimize user experience based on actual usage data, and generate aggregated statistics that inform our development priorities. We use services including Google Analytics and internal analytics platforms for these purposes. We seek your consent for performance cookies where required by law.

Functional cookies remember your preferences and settings to provide a more personalized experience. These cookies store language and location preferences, enable social media integration and sharing features, remember items you have viewed or added to wishlists, and provide customized content based on your interactions. Functional cookies enhance your experience but are not strictly necessary for basic platform functionality.

Marketing and advertising cookies deliver relevant advertisements, measure campaign effectiveness, track attribution and conversion to understand which marketing efforts are successful, and enable retargeting to show you relevant ads on other websites. We work with providers including Meta Pixel, Google Ads, and third-party advertising platforms. We obtain your consent before placing marketing cookies, and you can withdraw consent at any time.

11.2 Other Tracking Technologies

Web beacons are small graphic images embedded in emails and web pages to track engagement, such as whether you opened an email or viewed specific content. Mobile SDKs are software development kits embedded in our mobile applications for analytics, functionality, and advertising purposes. Local storage uses browser-based storage mechanisms for offline functionality, performance optimization, and storing user preferences. Device fingerprinting involves collecting device characteristics for fraud prevention and security purposes, helping us identify suspicious patterns without relying solely on cookies.

11.3 Third-Party Analytics and Advertising

We partner with third-party providers for analytics and advertising purposes. Google Analytics provides website and app usage analysis, helping us understand user journeys, popular features, and areas for improvement. Facebook and Meta Pixel enable social media advertising, attribution, and measurement of campaign effectiveness. Advertising networks provide programmatic advertising and retargeting capabilities, showing you relevant ads based on your interests and interactions. These providers may collect data across multiple websites and services, combining it to create profiles for advertising purposes. We encourage you to review their privacy policies to understand their data practices, as they are independent data controllers for data they collect directly.

11.4 Managing Cookies and Tracking

Browser settings in most browsers allow you to manage cookie preferences, including blocking all cookies, accepting only first-party cookies, or deleting cookies after each session. Note that disabling cookies may limit platform functionality, particularly for features that require session management or personalization. We provide a cookie consent management tool on our website that allows you to accept or reject different categories of cookies.

Opt-out tools are available for specific services. You can opt out of Google Analytics using the browser add-on available at tools.google.com/dlpage/gaoptout. The Network Advertising Initiative provides an opt-out tool at optout.networkadvertising.org covering multiple advertising networks. The Digital Advertising Alliance offers an opt-out tool at optout.aboutads.info for interest-based advertising.

Mobile settings allow you to control tracking on mobile devices. On iOS, navigate to Settings, then Privacy, then Tracking to manage app tracking permissions. On Android, navigate to Settings, then Google, then Ads, then select Opt out of Ads Personalization. These settings affect how our app and other apps can track you across different services.

WhatsApp tracking and data collection is governed by WhatsApp's privacy policy and platform settings. When you interact with us via WhatsApp, Meta may collect metadata about your communications, though we do not have access to WhatsApp's broader tracking of your activity on that platform.

11.5 Cookie Retention

Session cookies are deleted automatically when you close your browser, ensuring that temporary data used for functionality does not persist beyond your active session. Persistent cookies remain on your device for specified periods ranging from thirty days to two years depending on their purpose. Analytics cookies typically persist for twelve to twenty-four months to track longer-term trends and user behavior patterns. Marketing cookies may persist for up to two years to support retargeting and attribution over reasonable timeframes. You can delete cookies manually through your browser settings at any time.

12. Direct Marketing and Communications

We may communicate with you through various channels about our services, promotions, updates, and relevant information. We respect your communication preferences and provide clear options to control the messages you receive.

12.1 Types of Communications

Transactional communications are non-marketing messages essential to our service delivery. These include order confirmations and updates keeping you informed about order status, delivery notifications alerting you to delivery schedules and completions, payment receipts and invoices documenting your transactions, account security alerts informing you of login attempts or security-relevant changes, service announcements and policy updates communicating important changes to our platform, and customer support responses addressing your inquiries. These communications are fundamental to our service and cannot be opted out of while you maintain an active account, as they contain information necessary for you to use Eazy Express effectively.

Marketing communications include promotional offers and discounts tailored to your interests, new product and feature announcements introducing you to expanded capabilities, personalized recommendations based on your browsing and purchase history, newsletters and market insights providing valuable information about e-commerce trends, surveys and feedback requests seeking your input to improve our services, and event invitations to webinars, product launches, or community gatherings. You have full control over whether you receive marketing communications and can opt out at any time.

12.2 Communication Channels

Email communications include promotional campaigns highlighting special offers, newsletters providing regular updates and insights, and product announcements introducing new features or services. SMS messages deliver order alerts and delivery updates for time-sensitive information, as well as promotional offers where you have consented to receive marketing via SMS. WhatsApp communications include service notifications related to your orders and account, customer support interactions to resolve your questions efficiently, and promotional messages only where you have provided explicit consent through WhatsApp. Push notifications through our mobile app deliver alerts and promotions directly to your device, which you can control through your device and app settings. In-app messages provide platform notifications and announcements while you are actively using our applications.

12.3 Consent and Opt-In

We obtain consent for marketing communications through account registration consent checkboxes that allow you to opt in during sign-up, explicit opt-in during checkout or account setup where you affirmatively agree to receive specific types of communications, responses to promotional offers where your engagement indicates interest, and subscription to newsletters or updates through dedicated sign-up forms. For WhatsApp marketing specifically, we comply with WhatsApp Business policies and obtain separate explicit consent before sending promotional messages via WhatsApp, recognizing the personal nature of that communication channel.

12.4 Opting Out of Marketing

You may opt out of marketing communications at any time through multiple mechanisms. Click unsubscribe links included in all marketing emails, which will remove you from that specific mailing list or all marketing emails depending on your preference. Reply STOP to SMS marketing messages to immediately cease SMS marketing, though you will continue to receive essential transactional SMS. Adjust notification preferences in your account settings, where you can granularly control which types of communications you receive through which channels. Contact customer support with opt-out requests if you prefer personal assistance or have questions about your communication preferences. Manage WhatsApp communication preferences directly through the WhatsApp Business chat by messaging us with your preferences or using opt-out commands we provide.

The effect of opting out is that we will stop sending you marketing communications of the type you opted out of, but you will continue to receive essential transactional notifications necessary for service delivery. Opting out of one channel does not automatically opt you out of others unless you specifically request to be removed from all marketing communications.

12.5 Personalization

We may personalize marketing content based on your purchase history and stated preferences to recommend products you are likely to find valuable, your browsing and product views to highlight items aligned with your interests, demographic information such as location to provide region-relevant offers, and your engagement with previous communications to refine our messaging and improve relevance. Personalization helps us provide value and reduce unwanted communications by focusing on what matters to you. You may request non-personalized communications if you prefer generic marketing messages, or opt out of marketing entirely if you prefer to receive only transactional communications.

13. Children and Vulnerable Users

We are committed to protecting children and vulnerable users in accordance with Nigerian law and international best practices. Our platform has specific safeguards to prevent inappropriate data collection from minors and to protect vulnerable populations.

13.1 Age Restrictions

Eazy Express services are not intended for individuals under the age of eighteen. We do not knowingly collect personal data from minors without verifiable parental or guardian consent. To create an account, users must be at least eighteen years old and capable of entering into binding contracts under Nigerian law. Users under eighteen may use the platform only under direct parental or guardian supervision and using a parent or guardian's account. We verify age during registration where legally required or where the nature of the transaction suggests heightened risk, such as high-value purchases or business account registration.

13.2 Parental Consent and Protection

If we become aware that we have collected personal data from a minor without appropriate parental consent, we will take immediate steps to delete that data from our systems, deactivate the associated account to prevent further data collection, and notify the parent or guardian if contact information is available to explain the situation and our actions. Parents and guardians are responsible for monitoring their children's internet use and should contact us immediately if they believe a child has provided personal data without authorization.

13.3 Reporting Underage Accounts

If you believe a minor has created an account or provided personal data to Eazy Express without proper authorization, please contact us immediately at privacy@eazyexpress.ng. Provide details about the account or individual, and we will investigate promptly. We treat reports of underage users seriously and will take appropriate action to protect minors and comply with our legal obligations.

13.4 Vulnerable Users

We are committed to protecting vulnerable users beyond children, including elderly individuals who may be unfamiliar with digital platforms and require additional support or clear communication, persons with disabilities requiring accessible services and alternative formats for information, individuals at risk of exploitation or fraud due to circumstances or characteristics that may make them targets, and persons in situations of dependency or diminished capacity who may require additional safeguards. We implement additional protections including clear, accessible communication in multiple formats including large print, simple language, and audio where appropriate, enhanced fraud detection for high-risk transactions involving potentially vulnerable users, human support escalation ensuring that vulnerable user interactions can quickly reach trained human agents, accessible customer service channels including phone support, email, and in-person assistance where feasible, and special handling procedures for complaints, disputes, or concerns raised by vulnerable users. If you are assisting a vulnerable user or believe you need additional support, please contact our customer service team, and we will provide appropriate accommodations and assistance.

14. Third-Party Links and Integrations

Our platform connects you with a broader ecosystem of services, websites, and applications. We want you to understand how data flows when you interact with third parties through our platform.

14.1 External Links

Our platform may contain links to third-party websites, applications, or services operated by vendors, partners, advertisers, or other independent parties. When you click these links, you are leaving our platform and entering a space governed by that third party's policies. We are not responsible for the privacy practices of third-party sites, which may have different data collection, use, and sharing practices than Eazy Express. Third-party sites are governed by their own privacy policies and terms of service, which may provide less protection than this Privacy Policy. We encourage you to review privacy policies of any third-party site before sharing personal data or engaging in transactions on those sites.

14.2 Third-Party Integrations

We integrate with third-party services to enhance platform functionality and provide seamless experiences. Social media integrations with platforms like Facebook, Instagram, and Twitter enable you to share content, log in using social media credentials, and connect your social identity with your Eazy Express account. When you use social login or sharing features, you may be sharing data with those platforms subject to their privacy policies. Payment gateways process transactions securely through third-party payment processors who handle sensitive financial information according to payment card industry standards. Mapping services such as Google Maps and location providers enable delivery coordination, address verification, and location-based features. Communication platforms including WhatsApp and SMS gateways facilitate messaging and notifications. Each integration involves data sharing governed by the third party's privacy policy in addition to this Privacy Policy.

When you use third-party integrations, you may be sharing data with those providers subject to their privacy policies, which may differ from ours. We select integration partners carefully and require them to maintain appropriate data protection standards, but we cannot control their broader data practices beyond our specific integration. You can manage integrations through your account settings, where you can connect or disconnect third-party services.

14.3 Vendor Websites and Practices

Vendors operating on our platform may have their own websites, apps, and privacy practices independent of Eazy Express. When you visit a vendor's website from our platform, you are subject to that vendor's privacy policy and data practices. We are not responsible for vendor data practices, which may include collection, use, and sharing of data beyond what Eazy Express collects. Transactions with vendors may be governed by separate terms and conditions in addition to our platform Terms of Service. We encourage you to review vendor privacy policies and terms before making purchases or sharing sensitive information. If you have concerns about a vendor's practices, please contact us, and we will investigate in accordance with our vendor standards and platform policies.

15. Policy Updates and Version Control

We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or industry standards. We are committed to keeping you informed of material changes and maintaining transparency in our data protection practices.

15.1 Changes to This Policy

We may update this Privacy Policy to reflect changes in legal or regulatory requirements, including new laws or guidance from the Nigeria Data Protection Commission, evolution of our services and features as we introduce new technologies, capabilities, or business models, improvements in data protection practices based on emerging best practices, security developments, or lessons learned, or feedback from users, regulators, partners, or other stakeholders. We regularly review this Policy to ensure it remains accurate, comprehensive, and aligned with our actual data practices.

15.2 Notification of Changes

For material changes that significantly affect your rights or how we process data, we will notify you via email to your registered email address at least thirty days before changes take effect, display a prominent notice on our platform homepage and within your account dashboard, request renewed consent where legally required, particularly for changes that expand processing purposes or introduce new categories of data collection, and provide a reasonable period for you to review changes and exercise your rights, including the right to object or delete your account if you disagree with the changes.

For non-material changes such as minor updates, clarifications, formatting improvements, or administrative changes that do not affect your rights or our data processing practices, we will update the “Last Updated” date at the top of this Policy, post the updated Policy on our website and make it accessible through our app, and make previous versions available upon request so you can track the evolution of our privacy practices. We will not change the substance of the policy retroactively without notification, ensuring you always know what practices apply to data we have collected.

15.3 Your Continued Use

By continuing to use Eazy Express services after policy updates take effect, you acknowledge and accept the revised Privacy Policy. If you do not agree with changes, you may discontinue use of our services and request account deletion before the changes take effect. We will process deletion requests promptly and honor your rights under the policy version in effect when you made the request. For users with ongoing contractual relationships, material policy changes may be subject to mutual agreement or may provide you with termination rights as specified in our Terms of Service.

15.4 Version History

We maintain a version history of this Privacy Policy to provide transparency and accountability. You may request previous versions by contacting our Data Protection Officer, and we will provide them in a reasonable timeframe. Version history helps you understand how our practices have evolved and ensures we remain accountable for the commitments we have made. We maintain records of when each version was effective and what material changes were made.

16. Contact Information and Data Protection Officer

We are committed to addressing your questions, concerns, and requests regarding privacy and data protection. You can reach us through multiple channels depending on your needs.

16.1 General Privacy Inquiries

For general questions about this Privacy Policy, our data practices, or privacy-related matters, you may contact us at privacy@eazyexpress.ng. Our privacy team will respond to general inquiries within five business days. You can also reach our customer support team through our website, mobile app, or WhatsApp, and they will direct privacy-specific questions to the appropriate team.

16.2 Data Protection Officer

We have designated a Data Protection Officer responsible for overseeing compliance with the Nigeria Data Protection Act 2023 and this Privacy Policy. Our Data Protection Officer can be reached at dpo@eazyexpress.ng for data subject rights requests, compliance questions, privacy complaints or concerns, regulatory coordination, or questions about our data protection practices. The Data Protection Officer operates independently to ensure objective oversight of our privacy program and serves as your advocate within our organization for data protection matters.

16.3 Exercising Data Subject Rights

To exercise your data subject rights as described in Section 10, including access, rectification, deletion, restriction, portability, or objection, you may submit a Data Subject Request through our online portal available at our website, email dpo@eazyexpress.ng with your request and necessary identifying information, or use your account settings for self-service options where available. We will verify your identity before processing requests to protect your data from unauthorized access and will respond within thirty days as required by law.

16.4 Complaints and Regulatory Contact

If you have a complaint about our privacy practices that you believe we have not adequately addressed, you may lodge a complaint with the Nigeria Data Protection Commission. The NDPC can be reached at their website ndpc.gov.ng, via email at info@ndpc.gov.ng, or by mail at their office address available on their website. We encourage you to contact us first so we can address your concerns directly, but you have the unconditional right to approach the regulator at any time.

16.5 Company Information

Eazy Express is a Nigerian company operating as a technology-enabled commerce infrastructure platform. Our registered address and additional contact information are available on our email address info.eazyexpress@gmail.com .