1. Introduction & Overview
At Nile, we respect the privacy of our merchants, their clients, and our website visitors. This global Privacy Policy outlines our strict guidelines regarding how we collect, process, secure, and share personal data. Our operations comply with global guidelines, including the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA), the Nigerian Data Protection Act (NDPA), and other international data security benchmarks.
2. Information We Collect
We classify personal data collected into three primary operational buckets:
- Merchant Platform Data: Details provided when creating your store instance, including name, corporate email address, legal business name, physical street coordinates, tax identifiers, banking routing credentials, and regional setup preferences.
- Customer Checkout Data: Information collected when a buyer places an order through your Nile website, including name, shipping address, email address, mobile phone details, items purchased, transaction totals, and localized payment tokens. We do not store raw card numbers; credit card values are processed using industry-certified PCI-DSS Level 1 gateway routers.
- Device and Telemetry Data: Functional logging information including IP addresses, active session cookies, web request latency logs, and operating system identifiers to optimize platform routing speeds and defend against fraudulent activities.
3. Legal Basis for Processing
We process personal data based on the following legal parameters:
- Contractual Obligations: To initialize website instances, clear digital checkout payments, print shipping routing labels, and manage real-time inventory alerts.
- Legitimate Interests: To prevent system failures, block distributed denial-of-service (DDoS) attempts, and audit transaction volumes.
- Consent: To dispatch platform update digests (Nile Dispatch) or activate experimental Nile AI features under merchant command.
4. Subprocessors and Data Sharing
Nile does not sell, rent, or trade merchant or customer data with third-party advertising companies. We share data only with trusted subprocessors necessary to deliver platform infrastructure, contractually obligated to maintain data protection levels:
- Infrastructure Hosting: Amazon Web Services (AWS) for database isolation and system security.
- Payment Processing Gateways: Stripe (US/UK/Europe) and Paystack (Nigeria/Ghana) for transaction routing and compliance clearances.
- Logistics Providers: Carrier dispatch systems (DHL, GIG Logistics, FedEx) to calculate rates and issue tracking labels.
5. Data Retention & Deletions
We retain transaction and merchant metrics for as long as your Nile store instance remains active. Upon request, merchants can close their store and request deletion of personal records. We execute data wipe operations within thirty (30) days, except where financial records must be archived to meet legal auditing and tax obligations.