Privacy Policy

This Privacy Policy explains, in a detailed and transparent manner, how Avefind Logistics Technology Limited ("Avefind", "we", "us", or "our") collects, uses, stores, discloses, protects, and otherwise processes Personal Data in connection with our digital marketplace, website, mobile applications, merchant tools, delivery-partner tools, customer support channels, and all related products and services that we make available from time to time. This document is intended to serve as Avefind's primary public-facing privacy notice for publication on our website and in connection with our mobile applications distributed through the Apple App Store and Google Play.

Avefind operates a real-time commerce and delivery platform through which Customers can describe the items they want, Merchants can submit offers to fulfil those requests, Customers can accept an offer and pay securely, and Delivery Agents can pick up and deliver completed orders. Because these activities necessarily involve the handling of identity details, contact information, delivery information, payment references, device data, and operational records, privacy and data protection are integral to the way our Services are designed and managed.

This Policy should be read together with our Terms of Service and any other notice that we may provide in a specific context. Where applicable, Avefind seeks to process Personal Data in accordance with the Nigeria Data Protection Act 2023, the Nigeria Data Protection Regulation and related implementation guidance, as well as other applicable data protection, consumer protection, payments, and platform-distribution requirements. Where a law requires us to obtain your specific consent for a particular use of data, we will do so separately from this Policy.

1. INTRODUCTION AND SCOPE OF THIS POLICY

This Policy applies to all Personal Data processed by Avefind in connection with the provision of our Services. It covers Personal Data collected through our public website, customer-facing web and mobile interfaces, merchant and vendor dashboards, delivery-partner applications or onboarding tools, in-app or off-platform support channels, email correspondence, marketing interactions, and any other business process that refers to or incorporates this Policy.

This Policy is relevant to several categories of individuals. These include Customers who place requests or orders through the platform; Merchants or Vendors who respond to requests, submit offers, fulfil orders, and maintain merchant accounts; Delivery Agents or Riders who onboard to provide pickup and last-mile delivery services; Recipients whose goods are delivered through the platform even where the Recipient is not the account holder; visitors who browse our website or interact with our content; and representatives of corporate customers, suppliers, service providers, or business partners who communicate with us in the course of business.

This Policy applies whether the Personal Data is collected directly from the individual concerned, supplied by another user of the Services, generated through platform activity, inferred from other operational signals, or obtained from third-party providers such as payment processors, verification partners, fraud-prevention tools, or analytics and infrastructure vendors. It also applies to Personal Data that we continue to hold after a user relationship ends, to the extent that continued retention is reasonably necessary and permitted by law.

By creating an account, submitting information through our Services, using our website or mobile applications, onboarding as a Merchant or Delivery Agent, or otherwise interacting with Avefind in a way that involves Personal Data, you acknowledge that you have read this Policy. However, acknowledgment alone does not replace any separate consent that the law may require for specific processing activities such as optional marketing, certain cookie categories, or specific device permissions.

2. DEFINITIONS

2.1 "Personal Data" means any information relating to an identified or identifiable natural person. Depending on the context, this may include names, phone numbers, email addresses, home or delivery addresses, government-issued identification details, bank or payout details, device identifiers, precise or approximate location information, payment references, communication records, and any other information that can reasonably be linked to a person.

2.2 "Services" means Avefind's website, mobile applications, merchant tools, delivery-partner tools, payment and checkout flows, customer support channels, order-management systems, logistics coordination systems, and any related products, features, or digital interfaces offered under the Avefind brand.

2.3 "Customer" means an individual or business user that creates or uses an Avefind account to describe a desired item, receive offers from Merchants, accept an offer, make payment, request delivery, track an order, or otherwise purchase or seek to purchase goods or related services through the platform.

2.4 "Merchant" or "Vendor" means a seller, store, business, or other commercial operator that is onboarded onto the Services to receive customer requests, submit offers, communicate order fulfilment status, supply goods, and participate in Avefind's real-time marketplace.

2.5 "Delivery Agent" means an individual engaged through the Services to accept delivery tasks, pick up orders from Merchants or pickup points, transport and deliver them, update delivery status, and receive operational instructions or payout information through Avefind systems.

2.6 "Recipient" means any person whose name, phone number, or address is provided for the purpose of delivering an order, whether or not that person has created an Avefind account.

2.7 "Processing" means any operation performed on Personal Data, whether by automated means or otherwise, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, restriction, deletion, anonymisation, or destruction.

2.8 "Applicable Data Protection Law" means the Nigeria Data Protection Act 2023, the Nigeria Data Protection Regulation and related implementation guidance, and any other law, regulation, or binding code applicable to the processing of Personal Data by Avefind in a particular jurisdiction.

3. AVEFIND'S ROLE AND DATA PROTECTION RESPONSIBILITIES

As a general rule, Avefind determines the purposes for which, and the means by which, Personal Data is processed across the core platform. For that reason, Avefind will ordinarily act as a data controller in respect of account creation, marketplace operations, matching and ranking of offers, payment coordination, delivery orchestration, customer support, platform security, fraud monitoring, analytics, legal compliance, and the general administration of the business.

There are, however, circumstances in which other parties also have independent privacy responsibilities. For example, when a Customer or Merchant provides delivery details or contact details belonging to a Recipient, the person who provides that information is responsible for ensuring that they are entitled to do so. Similarly, a Merchant may keep its own records in respect of orders placed through Avefind, and a Delivery Agent may retain limited information needed to complete a delivery or comply with a legal obligation. In those circumstances, Avefind's processing of the information for platform purposes does not displace the separate responsibilities of the Customer, Merchant, or Delivery Agent under applicable law.

Avefind uses Paystack to support payment processing. Paystack processes payment-related Personal Data under its own terms, privacy practices, and regulatory obligations. Avefind receives limited payment metadata and transaction confirmations necessary to verify payment status, reconcile orders, manage refunds or disputes, and maintain financial records, but Avefind does not need to collect or store full payment card numbers in order to provide the Services.

In handling Personal Data, Avefind seeks to apply the core principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability. These principles guide the way we design our onboarding processes, select service providers, structure user permissions, investigate complaints, manage retention, and respond to data subject rights requests.

4. THE PERSONAL DATA WE COLLECT

4.1 Customer account, profile, and order-request information

When a Customer creates an account or uses our Services to request an item, we may collect identifying and contact details such as full name, email address, mobile telephone number, password credentials or authentication tokens, and default delivery information. We may also collect the contents of the Customer's request, including descriptions of desired items, preferred brands, models, specifications, photos uploaded by the Customer, price expectations, and any special delivery or order instructions. Where the platform permits saved preferences, wish-list information, ratings, reviews, or order history, those records also form part of the Personal Data we process.

4.2 Merchant or Vendor onboarding and operational information

When a Merchant joins the platform or uses merchant-facing features, we may collect business-identification information and account-administration details such as business name, trading name, registered address, contact person details, phone number, email address, bank or settlement details, tax or registration information, and documents that help us verify the Merchant's legitimacy and suitability for participation on the platform. We may also collect operational information such as merchant category, inventory or offer details, pricing and response history, fulfilment performance, cancellation history, customer ratings, complaint records, and communications relating to onboarding, verification, disputes, and support.

4.3 Delivery Agent onboarding and logistics information

When a Delivery Agent registers or uses our delivery tools, we may collect identity and contact details such as full name, email address, phone number, date of birth where required, photograph, and next-of-kin or emergency contact details where lawfully requested. We may also collect verification and operational information such as government-issued identification, bank or payout details, information regarding the rider's delivery medium, licence or vehicle documentation where applicable, training and onboarding records, availability schedule, delivery acceptance history, route and delivery-status updates, proof-of-pickup or proof-of-delivery records, performance metrics, support records, and incident reports. Because delivery services are operationally location-sensitive, we also process location information relating to Delivery Agents in the manner described in Section 8 of this Policy.

4.4 Information about Recipients and other third parties

In order to complete deliveries, Avefind may process information about persons who are not the registered account holder. This may include the Recipient's name, phone number, address, landmark details, and other instructions needed to deliver the order accurately and safely. In some circumstances, a Customer or Merchant may also provide the name and contact information of another person involved in an order, complaint, refund, or verification process. We process such information solely to provide or support the relevant transaction, to handle disputes, or to comply with law. Where an individual provides someone else's data to us, we expect that person to have an appropriate legal basis or authority to do so.

4.5 Payment, billing, and financial-transaction data

Avefind does not require full card details to be stored in its own systems in order to facilitate payments, because payments are processed through Paystack and other authorised financial partners where applicable. Nevertheless, Avefind may receive and retain limited payment-related information such as transaction reference numbers, payment status, payment timestamps, order amounts, refund records, chargeback or reversal information, settlement information, payout records, and fraud or verification signals connected to a transaction. Where a Merchant or Delivery Agent is entitled to receive settlement or payout through the Services, we may also process the bank-account or payout details reasonably necessary to route such payments.

4.6 Technical, device, website, and usage information

When you visit our website or use our applications, we may automatically collect technical data such as internet protocol address, device identifiers, browser type, operating system, app version, session timestamps, pages viewed, interactions with screens or features, language settings, login history, crash logs, diagnostics, cookie identifiers, network information, and other usage records that help us secure and improve the Services. Some of this information may not identify you directly on its own, but it may still constitute Personal Data when combined with account information, transaction records, or other identifiers.

4.7 Communications, ratings, support, and dispute information

Where you contact Avefind, participate in a support interaction, send us feedback, rate a Merchant or Delivery Agent, respond to a survey, report a problem, or take part in an investigation, we may process the contents of those communications together with associated metadata such as time, channel, issue category, response history, and resolution status. Where in-app chat, masked calling, support-ticketing, or similar tools are provided, Avefind may maintain records of those interactions for service delivery, quality assurance, training, fraud prevention, safety review, and dispute resolution.

4.8 Information obtained from third parties and public or verification sources

Avefind may receive Personal Data from third parties where that is necessary for the operation or safety of the Services. These sources may include payment processors such as Paystack, identity or business-verification providers, fraud-screening tools, analytics providers, communications vendors, cloud and hosting providers, law-enforcement or regulatory bodies, and publicly available sources used to verify merchant legitimacy or investigate abuse. We may combine information received from these sources with information already held in our systems where doing so is necessary to authenticate accounts, complete transactions, prevent fraud, or comply with legal obligations.

4.9 Inferences, operational signals, and derived data

In the course of running a real-time marketplace and same-day delivery service, Avefind may generate derived information from the data already in our possession. This may include estimated delivery timelines, offer-ranking indicators, fraud-risk signals, account-health indicators, service-performance metrics, delivery-completion probabilities, or internal flags relating to unusual behaviour. Where law requires it, we will apply appropriate safeguards in relation to any processing that relies materially on automated tools or profiling.

5. HOW WE COLLECT PERSONAL DATA

We collect Personal Data directly from you when you register an account, describe the item you want, upload images, accept an offer, make a payment, apply to become a Merchant or Delivery Agent, upload onboarding or verification documents, save delivery addresses, communicate with support, or otherwise interact with the platform. In these circumstances, you decide what information to provide, although some fields will be mandatory because we cannot create an account, process a payment, or complete a delivery without them.

We also collect Personal Data automatically when you browse our website, use our mobile applications, interact with platform features, or permit certain device functions. This automatic collection may occur through cookies, software development kits, local storage, log files, device permissions, application diagnostics, and similar technologies. These technologies help us maintain session integrity, improve performance, troubleshoot errors, analyse usage, preserve security, and, where permitted, personalise or measure communications.

Certain data reaches us because another participant in the transaction provides it. For example, a Customer may enter the name and contact details of a Recipient, a Merchant may submit information about an order or its fulfilment status, and a Delivery Agent may update the delivery state or upload proof that an item has been picked up or delivered. In addition, Paystack and other service providers may send us payment confirmations, verification results, fraud alerts, and related operational information.

In some cases, we may also collect or confirm information through manual reviews, compliance checks, public records, or communication with relevant third parties. This is most likely to arise where we need to verify a Merchant or Delivery Agent, investigate suspected fraud, resolve a complaint, enforce our Terms of Service, protect users, or comply with a legal demand.

6. HOW WE USE PERSONAL DATA

6.1 To create and administer accounts and platform access

Avefind uses Personal Data to establish user profiles, authenticate logins, protect accounts against unauthorised access, reset credentials, verify contact details, maintain user preferences, and manage permissions across customer, merchant, and delivery-partner interfaces. Without this processing, we would not be able to provide persistent accounts, secure access to the platform, or role-specific tools.

6.2 To operate the real-time marketplace and manage order lifecycles

A core function of Avefind is enabling Customers to describe what they want and receive competitive offers from available Merchants in real time. To do this, we use item descriptions, uploaded photos, preferred delivery details, customer location or destination details, merchant availability, merchant response history, ratings, pricing signals, and related information to present relevant offers and manage the order from request through acceptance and completion. We also use transaction records to preserve order history, confirm the contents of accepted offers, and validate claims relating to substitutions, wrong items, non-conforming goods, or compensation requests.

6.3 To coordinate pickup, dispatch, tracking, and delivery fulfilment

We use Personal Data to assign or present delivery tasks, coordinate pickup from Merchants, route orders to Delivery Agents, display delivery status, estimate arrival times, notify relevant parties of progress, confirm delivery, and investigate delays or failed deliveries. This includes the use of Recipient information and Delivery Agent location data where necessary to ensure the order reaches the correct person at the correct address and within the operational timeframe expected by the platform. It also includes the use of proof-of-delivery records, timestamps, and communications logs to resolve disputes or investigate incidents.

6.4 To process payments, refunds, settlements, and related financial operations

Avefind uses payment-related Personal Data to verify that an order has been paid for, to reconcile completed transactions, to support refunds, reversals, compensation, or dispute processes, to maintain financial records, and where applicable to facilitate merchant settlements or delivery-partner payouts. Because payment processing is carried out through Paystack and other authorised providers, this use of Personal Data is necessarily linked to the transmission and receipt of payment references and payment-status information between Avefind and those providers.

6.5 To verify users, prevent fraud, protect safety, and enforce platform rules

Avefind processes Personal Data to verify the identity and eligibility of Merchants and Delivery Agents, screen for suspicious behaviour, identify duplicate or fraudulent accounts, monitor payment and order abuse, prevent unauthorised transactions, protect the security of our systems, and investigate safety or trust-related incidents. We may combine account information, device information, payment metadata, location signals, order behaviour, support history, and third-party verification information to detect misuse, protect users, and determine whether restrictions, additional reviews, or account actions are required.

6.6 To provide customer care, handle complaints, and resolve disputes

We use Personal Data to respond to customer questions, investigate reports involving incorrect items, failed or delayed deliveries, misconduct, payment issues, merchant fulfilment concerns, delivery incidents, or platform errors, and to communicate outcomes. Where a dispute arises, Avefind may review order history, support messages, status logs, payment references, location records relevant to the delivery, ratings, proof-of-delivery evidence, and other operational data to determine the appropriate resolution.

6.7 To improve the Services, conduct analytics, and support product development

Avefind may analyse Personal Data and usage information to understand how users engage with the Services, improve app performance, refine merchant matching, improve estimated delivery times, develop new features, conduct internal reporting, train staff, detect and fix bugs, monitor uptime, and evaluate the quality of customer, merchant, and delivery-partner experiences. Where possible and appropriate, we may use aggregated, de-identified, or pseudonymised data for analytics and service-improvement purposes.

6.8 To send operational messages, updates, and, where allowed, marketing communications

We use contact details and notification settings to send essential service communications such as one-time passwords, account alerts, order confirmations, payment confirmations, delivery updates, security notices, policy updates, support responses, and payout or onboarding notices. Subject to applicable law and your choices, Avefind may also send product news, educational content, promotional offers, or other marketing communications. You may opt out of non-essential marketing communications, but we may still send transactional or legally required communications where necessary.

6.9 To meet legal obligations and protect Avefind's legal position

Avefind may use and preserve Personal Data where necessary to comply with legal, regulatory, tax, accounting, anti-fraud, consumer-protection, or law-enforcement requirements. We may also process data to establish, exercise, or defend legal claims; to respond to lawful requests; to comply with court orders or regulatory directions; to support audits; and to maintain records needed for governance, risk management, or corporate transactions.

6.10 To support automated operational tools with appropriate safeguards

Because Avefind operates a real-time marketplace, we may use automated systems to suggest relevant offers, estimate delivery windows, prioritise operational queues, detect suspicious activity, and improve dispatch efficiency. These tools are intended to support operational decision-making and service quality. Where applicable law provides rights relating to profiling or automated decision-making, Avefind will respect those rights and apply human review where required.

7. LAWFUL BASES FOR PROCESSING

Where Applicable Data Protection Law requires a lawful basis for processing, Avefind relies on one or more of the following grounds depending on the context. First, we process Personal Data where it is necessary for the performance of a contract or in order to take steps at your request before entering into a contract. This basis covers the creation and administration of user accounts, the presentation and acceptance of offers, payment verification, dispatch, delivery, customer support, and related transaction management.

Second, we process Personal Data where doing so is necessary for compliance with a legal obligation to which Avefind is subject. This may include retaining commercial records, responding to regulatory demands, complying with lawful instructions from authorities, investigating fraud, maintaining tax and accounting records, or preserving evidence relevant to litigation or complaints.

Third, we process Personal Data where it is necessary for Avefind's legitimate interests or those of a third party, provided those interests are not overridden by your fundamental rights and freedoms. Legitimate interests may include operating and improving the marketplace, preserving security, preventing abuse, verifying users, analysing service performance, protecting our legal rights, and ensuring that the Services remain viable, safe, and efficient.

Fourth, we rely on consent where consent is the appropriate or required legal basis. This may apply to specific categories of cookies or tracking technologies, particular forms of marketing, optional surveys, access to certain device permissions, or other processing that lawfully depends on a user's freely given, specific, informed, and unambiguous agreement. Where processing is based on consent, you may withdraw that consent at any time, although withdrawal will not affect the lawfulness of processing that occurred before the withdrawal took effect.

If you choose not to provide Personal Data that is required for a contractual or legal purpose, Avefind may be unable to create your account, allow you to participate on the platform, process payment, verify your eligibility as a Merchant or Delivery Agent, or complete the requested order or delivery.

8. LOCATION DATA, MOBILE PERMISSIONS, AND DEVICE FEATURES

Avefind's mobile and logistics functions require careful use of certain device permissions. We seek to request only those permissions that are reasonably necessary for the relevant feature and, where appropriate, we provide the ability to manage permissions through your device settings. The exact permissions requested may depend on your role on the platform, the version of the app you use, your device operating system, and the features you choose to enable.

For Customers, Avefind may use address information, map searches, or approximate location information supplied through the device or browser to help populate delivery destinations, estimate service availability, or improve address accuracy. However, based on our current operating model, Avefind does not use continuous real-time location tracking of Customers in the same way that it uses location data for Delivery Agents. Customer location usage is limited to what is reasonably necessary for order placement, address validation, service functionality, analytics, or security.

For Delivery Agents, location data is an essential operational input. Avefind may collect and process real-time or near real-time location information from the delivery-partner application while a Delivery Agent is on an active order, navigating to pickup, en route to delivery, or otherwise using the app in a manner that requires dispatch visibility or order tracking. Depending on how the delivery-partner app is configured, this may include location processing while the app is open and, where enabled and operationally necessary, limited background location processing while an active delivery is ongoing. Avefind uses this information to assign tasks, monitor delivery progress, provide Customers and Merchants with order-status visibility, improve route and ETA accuracy, investigate delivery failures, support safety processes, and prevent fraud or false completion reports.

Avefind may also request permission to access a device camera or photo library where users need to upload images of requested items, identity documents, proof of delivery, profile photographs, merchant materials, or support evidence. Where push-notification permissions are enabled, we may send order alerts, payment confirmations, delivery updates, account notices, support responses, and similar operational messages. If you deny certain permissions, some features may not function correctly or at all.

9. COOKIES, ANALYTICS, AND SIMILAR TECHNOLOGIES

When you use Avefind's website, we may place or read cookies and similar technologies in order to keep sessions secure, remember basic preferences, maintain sign-in state, understand traffic patterns, detect fraud, and improve the performance and usability of our Services. Depending on the product surface, Avefind may also use software development kits, local storage, pixels, or similar tools in our mobile or web products for analytics, diagnostics, attribution, crash reporting, fraud control, or communications measurement.

Some cookies or similar tools are strictly necessary for the operation of the Service and do not require the same level of user choice as non-essential tools. Other cookies or technologies may relate to analytics, functionality enhancement, or marketing. Where applicable law requires user choice for those technologies, Avefind will provide an appropriate notice or consent mechanism and will honour the preferences recorded through that mechanism, subject to technical limitations and legal requirements.

You can often control cookies through browser settings and certain mobile tracking preferences through device settings. Please note that disabling all cookies or comparable tools may affect website functionality, impair security features, or reduce the availability of personalised settings. Avefind may continue to use server-side logs and security-related technologies even where some client-side technologies are restricted, to the extent permitted by law and required to protect the integrity of the Services.

10. PAYMENTS AND PAYSTACK

Avefind uses Paystack to facilitate secure payment processing for transactions initiated through the platform. When a Customer proceeds to payment, certain information necessary to authorise, verify, complete, reconcile, or refund the transaction may be shared with Paystack or received back from Paystack. This may include the payer's name, contact details, transaction amount, order reference, payment status, payment timestamps, fraud signals, chargeback indicators, and other related transaction metadata.

Avefind does not need to collect or retain full payment card numbers in its own systems in order to operate the Services. Payment credentials are handled through the payment processor's infrastructure and are subject to the payment processor's own privacy, security, compliance, and retention practices. Accordingly, information about how Paystack handles Personal Data should also be reviewed in Paystack's own terms and privacy documentation.

Avefind may nonetheless retain limited transaction records for commercial, accounting, audit, fraud-prevention, refund, and dispute-management purposes. We may also use payment-reference information to confirm that a Merchant should commence fulfilment, that a Delivery Agent should receive or continue a task, that a refund or compensation claim should be reviewed, or that suspicious activity should be escalated for additional scrutiny.

11. HOW AND WHEN WE SHARE PERSONAL DATA

Avefind does not sell Personal Data to third parties. We also do not share Personal Data casually or without a lawful and operational reason. However, the Services cannot function unless certain data is disclosed to the parties that need it to complete a transaction. For that reason, Avefind may share Personal Data among Customers, Merchants, and Delivery Agents to the limited extent necessary to create, fulfil, deliver, support, and resolve an order. For example, a Merchant may need to see the details of a Customer's item request and delivery destination in order to make and fulfil an offer, while a Delivery Agent may need access to pickup and drop-off details and limited contact information to complete the delivery.

Avefind may share Personal Data with payment processors such as Paystack, communications vendors, cloud and hosting providers, analytics and infrastructure providers, customer-support platforms, fraud-detection tools, onboarding and verification providers, mapping or geolocation providers, professional advisers, insurers, auditors, or other service providers that support the operation of the Services. Such third parties are expected to process the data only for authorised purposes and under contractual or legal controls appropriate to the sensitivity of the data and the nature of the service.

We may disclose Personal Data where disclosure is required or reasonably necessary for legal or regulatory purposes. This includes responding to court orders, lawful requests from law-enforcement or regulatory authorities, compliance reviews, tax and accounting requirements, anti-fraud investigations, the establishment or defence of legal claims, and the protection of the rights, property, safety, or legitimate interests of Avefind, our users, or the public.

Personal Data may also be disclosed in connection with a business transaction such as a merger, acquisition, financing, asset sale, corporate reorganisation, or similar event, provided that the recipient of the information is bound by appropriate confidentiality and data-protection obligations and uses the information only for a purpose compatible with this Policy or otherwise permitted by law.

Where Avefind publishes ratings, reviews, marketplace trust indicators, or merchant and delivery performance signals, the information displayed will be limited to what is reasonably necessary to support platform trust and user decision-making. We seek to avoid exposing more Personal Data than is needed for that purpose.

12. INTERNATIONAL TRANSFERS OF PERSONAL DATA

Avefind may store or process Personal Data in Nigeria or in other countries where our service providers, infrastructure providers, or business partners operate. For example, cloud-hosting, communications, analytics, security, and payment-processing services may involve storage, support, or remote access from outside Nigeria. Where this occurs, Avefind seeks to ensure that such transfers are carried out in a manner that is lawful and proportionate and that appropriate safeguards are put in place.

Depending on the circumstances, those safeguards may include contractual data-protection clauses, vendor due-diligence reviews, confidentiality obligations, access controls, security assessments, documented transfer mechanisms recognised under Applicable Data Protection Law, and additional technical or organisational controls designed to preserve the confidentiality and integrity of the data. If you would like further information about the basis on which your Personal Data may be transferred internationally, you may contact Avefind using the details in Section 20.

13. DATA RETENTION

Avefind retains Personal Data only for as long as it is reasonably necessary for the purposes for which the data was collected, for compatible follow-on purposes permitted by law, and for any period needed to comply with legal, accounting, tax, audit, anti-fraud, complaint-handling, insurance, contractual, or dispute-resolution requirements. Retention is not determined by a single uniform period because different categories of Personal Data serve different legal and operational functions.

As a general matter, account profile information and core transaction history will usually be retained for the period during which an account remains active and for a reasonable period thereafter so that Avefind can resolve disputes, comply with obligations, preserve security, maintain audit trails, and respond to legal claims or regulatory requests. Commercial and payment-related records may be retained for longer periods where necessary for taxation, accounting, settlement, anti-fraud, or record-keeping purposes. In appropriate cases, this may extend for up to seven years or such longer period as may be required by law or by the need to establish, exercise, or defend legal rights.

Support records, incident reports, verification files, order-status logs, communications history, and proof-of-delivery materials may be retained for the period reasonably necessary to investigate service issues, enforce platform rules, handle complaints or insurance matters, and comply with regulatory or legal obligations. Delivery-Agent location records and related operational telemetry may be retained for shorter periods where operationally appropriate, but may be preserved longer if relevant to fraud investigations, safety reviews, customer complaints, or legal proceedings.

At the end of the relevant retention period, Avefind will take steps to delete, anonymise, pseudonymise, or otherwise render the data non-identifiable, unless continued retention is permitted or required by law. Residual copies may persist for limited periods in backups, archives, or disaster-recovery systems before they are overwritten or securely deleted in the ordinary course.

14. HOW WE PROTECT PERSONAL DATA

Avefind implements technical, administrative, and organisational safeguards designed to protect Personal Data against unauthorised access, alteration, disclosure, loss, destruction, or misuse. These safeguards are proportionate to the nature of our Services and may include encryption in transit and, where appropriate, at rest; secure credential and session-management practices; role-based access controls; multi-factor authentication for relevant internal systems; vendor assessments; secure development and deployment practices; logging and monitoring; incident-response procedures; staff confidentiality obligations; and business-continuity or backup arrangements.

Access to Personal Data is limited to personnel, contractors, and service providers who have a legitimate operational need to know the information and who are subject to appropriate duties of confidentiality and security. We also review our practices from time to time in light of business changes, legal requirements, and evolving security risks.

No platform, website, or electronic storage system can guarantee absolute security. Accordingly, although Avefind takes privacy and security seriously and works to reduce risk, we cannot warrant that a system will never be compromised. Users also play an important role in security by maintaining strong passwords, protecting access to their devices, using up-to-date software, and notifying Avefind promptly if they suspect that an account, credential, or payment instrument has been compromised.

15. PERSONAL DATA BREACHES

Avefind maintains internal processes for identifying, escalating, investigating, containing, documenting, and responding to suspected or confirmed incidents that may affect Personal Data. If Avefind becomes aware of a Personal Data breach, we will assess the nature of the incident, the categories of information involved, the likely consequences for affected individuals, and the measures required to contain and remediate the issue.

Where applicable law requires notification to affected individuals, regulators, or other stakeholders, Avefind will provide such notification within the time required by law and with the level of detail reasonably necessary in the circumstances. Where relevant, that notification may include a description of the incident, the types of data involved, the likely implications, and the steps taken or proposed to reduce harm and prevent recurrence.

If you become aware of any security incident affecting your Avefind account, a delivery in progress, a payment flow, or any Personal Data processed through the platform, you should contact Avefind immediately using the details in Section 20 so that appropriate protective action can be taken.

16. YOUR RIGHTS AS A DATA SUBJECT

Subject to Applicable Data Protection Law and any lawful limitations or exemptions, you may have the right to request access to the Personal Data Avefind holds about you, to request information about how and why that data is used, to request correction of inaccurate or incomplete data, to request deletion of data in certain circumstances, to request restriction of processing, to object to processing based on legitimate interests, to withdraw consent where processing is based on consent, and to request transfer of certain data in a portable format where such a right applies.

Where Avefind uses Personal Data for direct marketing, you may object to that processing at any time by using the unsubscribe functionality included in a message, adjusting your settings where available, or contacting us directly. If you object to non-marketing processing based on legitimate interests, Avefind will assess your objection in light of the grounds for the processing and any overriding legal basis or compelling legitimate interest that may apply.

You may also have rights in relation to profiling or automated decision-making where such rights are recognised by law. Avefind will consider such requests in accordance with Applicable Data Protection Law, while taking into account the operational nature of the Services and any lawful need to continue processing for contractual, fraud-prevention, security, or compliance purposes.

To protect privacy and security, Avefind may request information reasonably necessary to verify your identity before granting access to or acting on a rights request. We may also ask for clarification where a request is broad or ambiguous. Avefind will respond within the period required by law or, where no specific period applies, within a reasonable time.

17. COMPLAINTS, GRIEVANCES, AND REGULATORY ESCALATION

If you believe that Avefind has processed your Personal Data in a way that is inconsistent with this Policy or with Applicable Data Protection Law, we encourage you to raise the matter with us first so that we can review the issue and, where appropriate, resolve it internally. Complaints or rights requests should be sent to the Data Protection Officer using the contact details in Section 20.

When we receive a privacy complaint, we may ask for additional information in order to understand the concern, verify the identity of the complainant, and locate the relevant records. We will review the complaint in light of our legal obligations, our internal records, and the circumstances presented.

Nothing in this Policy prevents you from lodging a complaint with the Nigeria Data Protection Commission or any other competent data-protection authority where you believe your rights have been infringed.

18. THIRD-PARTY SITES, SERVICES, AND CONTENT

Our website and applications may contain links to third-party websites, payment interfaces, maps, social-media pages, help articles, or other external services that are not owned or controlled by Avefind. This Policy does not govern the privacy practices of those external services. Where you choose to interact with a third-party service, including Paystack or any merchant website, you should review that third party's own privacy documentation before submitting Personal Data.

Avefind is not responsible for the content, security, or privacy practices of external websites or applications, except to the extent required by law. The inclusion of a link or integration does not, by itself, mean that Avefind endorses every aspect of the third party's policies or operations.

19. CHANGES TO THIS POLICY

Avefind may update, revise, or replace this Policy from time to time in order to reflect changes to our Services, legal obligations, operating model, data-processing practices, payment or logistics flows, or mobile-application requirements. The most current version of the Policy will be published on our website and, where appropriate, made available through our mobile applications or other relevant user interface.

If a revision materially changes the way in which we use or disclose Personal Data, Avefind will take steps reasonably designed to bring the change to your attention. Depending on the nature of the change and the requirements of law, this may include updating the effective date, posting a prominent notice, sending an email or in-app message, or seeking renewed consent where required.

20. CONTACTING AVEFIND'S DATA PROTECTION OFFICER

Questions, complaints, access requests, correction requests, deletion requests, objections, consent withdrawals, or any other privacy-related enquiries should be directed to Avefind's Data Protection Officer at legal@avefind.com.

When contacting us, please provide enough detail to help us identify your relationship with Avefind and the subject matter of your request. Doing so will help us locate the relevant records, verify identity where necessary, and respond more efficiently.