Privacy Policy

2. Who this policy applies to

This policy applies to users of iHolda, including consumers, creators, merchants, and visitors browsing public content where available. Some features (for example merchant tools, Cartpo-linked selling, or paid events) apply only to certain account types.

3. Information we collect

We collect information you provide, information generated when you use the Services, and information from your device as described below.

4. Account and contact information

When you register or use an account, we may collect your name, username, email address, phone number, profile photo, bio, account ID, role, credentials (stored in protected form), referral or invite information, and merchant or shop settings (such as default delivery address, currency, and country). We use this to create and manage your account, authenticate you, communicate with you, and keep the Services secure.

5. Know Your Customer (KYC) and verification

For trust, safety, and eligibility features, we may collect verification information such as selfies or identity-related submissions, community or basic verification details, and information about meet-ups or references where you choose to participate in verification flows.

6. User-generated content and communications

We collect content you create, upload, share, or send, including posts, photos, videos, audio, captions, comments, live streams, direct messages, in-app chat, meetup and event details, reviews, and bookmarks. Visibility depends on the feature, your settings, and how you share content.

7. Camera, microphone, photos, and calendar

Depending on features you use, the app may request device permissions:

• Camera — QR codes for meetups, posts, photos or videos, and live video where available.
• Microphone — live streams, video posts, and voice messages.
• Photos / library — uploading and saving media you choose.
• Location — meetups, events, local discovery, delivery, and nearby features.
• Calendar — adding meetup or event details via calendar links you open; we do not read your existing calendar events unless a future feature explicitly requests that permission.
• Notifications — alerts for messages, activity, orders, and account events.

You can change many permissions in your device settings. Some features will not work without the relevant permission.

8. Location information

When you use location-based features, we may collect precise location (for example GPS coordinates), approximate location, and physical addresses you provide for delivery, meetups, events, or shop settings. We use this for local discovery, nearby merchants, meetups, events, restaurant and shopping flows, and delivery.

9. Cowries, gifts, commerce, and payments

If you buy, sell, send gifts, or use wallet features, we may process purchase and order history, Cowries balance and activity, gifts sent or received, products viewed or purchased, merchants you interact with, delivery details, and transaction references.

Payment card and bank details are processed by third-party payment providers (such as Stripe, Paystack, or Korapay). We do not receive or store your full payment card number unless clearly stated for a specific flow.

10. Usage, product interaction, and diagnostics

We collect information about how you use the Services, including app launches, screens or features viewed, in-feed activity, products or content you view and how long you engage (including feed telemetry used for analytics and ranking), and search and discovery activity within the app.

We also collect device and diagnostic information such as device type, operating system, app version, crash logs and performance-related diagnostics (for example via Sentry), and push notification tokens (FCM) plus platform (iOS/Android) to deliver notifications.

We do not collect hardware Device IDs (such as advertising identifiers) for our own purposes. Push tokens are used only to deliver notifications to your device.

11. Cartpo and identity-linked accounts

If you link your iHolda account with a Cartpo merchant account (typically when both use the same email), limited account and commerce data may be shared between those services to enable linked selling, shop features, plan capacity, and related flows. You can unlink through in-app identity-link settings where available.

12. How we use your information

• Provide, operate, and improve the Services.
• Personalize feeds, recommendations, and discovery (including For You ranking and shopping suggestions).
• Process orders, payments, Cowries, gifts, and merchant features.
• Enable live streaming, messaging, meetups, and events.
• Verify identity, enforce trust tiers, prevent fraud and abuse, and moderate content.
• Send service communications, security alerts, and push notifications.
• Analyze usage and diagnose crashes to improve stability and performance.
• Comply with law and protect users, our rights, and the safety of the Services.

Where UK or EU data protection law applies, we rely on contract (to provide the Services), legitimate interests (security, analytics, improvement, personalization, and fraud prevention), consent where required, and legal obligation where we must retain or disclose data by law.

13. How we share information

• With other users — when you post, message, go live, join meetups, send gifts, or use social features.
• With merchants — to fulfil orders, discounts, promotions, or linked shop features you use.
• With service providers — including cloud hosting, crash reporting (e.g. Sentry), push notifications (e.g. Firebase Cloud Messaging), payments (e.g. Stripe, Paystack, Korapay), email (e.g. SendGrid), live video (e.g. Agora), customer support, security, storage, and verification.
• With Cartpo — when you use identity-link or integrated commerce features.
• For legal reasons — if required by law or to protect rights, safety, and security.

We do not sell your personal information. We do not use your data for cross-app advertising tracking as defined by Apple’s App Tracking Transparency framework.

14. International transfers

Your information may be processed in the United Kingdom and other countries where we or our service providers operate. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers outside the UK/EEA.

15. Retention

We keep personal information only as long as needed to provide the Services, meet legal and accounting requirements, resolve disputes, enforce our terms, and maintain security.

When you delete your account, we mark your account as deleted and restrict access. Some data may be retained in backup, legal, fraud-prevention, or anonymized form where permitted by law.

16. Your choices and rights

You may update profile and account details in Settings, manage Privacy settings (for example last-seen visibility where available), control device permissions on your phone, and adjust notification preferences in the app.

Where UK or EU law applies, you may have the right to access, correct, delete, restrict, or object to processing, and data portability, and to withdraw consent where processing is consent-based. You may complain to the UK Information Commissioner’s Office (ico.org.uk). Contact us to exercise these rights.

17. How to deactivate or delete your account

Deactivate (temporary):

1. Open your Profile.
2. Tap the Settings (gear) icon.
3. Tap Manage account.
4. Tap Deactivate account.
5. Select Deactivate account and confirm.

Your profile is hidden until you reactivate.

Delete permanently:

1. Open your Profile.
2. Tap Settings (gear).
3. Tap Manage account.
4. Tap Deactivate account.
5. Select Delete account.
6. Confirm, optionally add feedback on the next screen, then tap Delete account.

You may also email us to request deletion. Permanent deletion is irreversible for your profile and preferences. We may retain limited information where the law or legitimate interests require it.

18. Security

We use technical and organizational measures designed to protect your information, including access controls and encryption in transit where appropriate. No system is completely secure; please use a strong PIN or password and keep your device secure.

19. Children

The Services are not directed at anyone under 18. We do not knowingly collect personal information from children under 18. Contact us if you believe a minor has provided data.

20. Automated processing

We use automated systems (for example feed ranking and recommendations) based on your activity, preferences, and telemetry. This affects the order of content you see but does not, by itself, produce legal effects with significant legal impact solely through automation.

21. Third-party links

The Services may link to third-party sites or apps (for example payment pages or Cartpo). Their privacy practices are governed by their own policies.

22. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on our website and, where appropriate, notify you in the app or by email for material changes.