← Back to GioBiz
GioBiz by Henmack

Privacy Policy

Effective date: May 1, 2026  ·  Last updated: July 12, 2026
This policy explains what data GioBiz collects, why we collect it, and how it is protected. We comply with the Nigeria Data Protection Act (NDPA) 2023 and the Nigeria Data Protection Regulation 2019, as administered by the Nigeria Data Protection Commission (NDPC), and respect your rights as a data subject.

1. Who We Are

GioBiz is a business management application for small shops, vendors, and service providers in Nigeria. The service is operated by Henmack Integrated Technologies Ltd, Lagos, Nigeria.

Contact: support@giobiz.com

2. Information We Collect

Account & Identity

  • Phone number (used for account contact and WhatsApp notifications — login uses Google or email+password)
  • Business name, trading name, and business slug (public URL identifier)
  • Email address (used for notifications and account recovery)
  • WhatsApp contact number (optional, used for customer-facing contact)
  • Staff member names and assigned roles

Business Operations Data

  • Products: names, descriptions, prices, stock levels, images
  • Orders: items ordered, quantities, prices, order source, payment status, timestamps
  • Customer names and phone numbers (entered by the business owner for credit or order records)
  • Credit ledger entries and repayment records
  • Staff activity logs (action type, staff ID, timestamp)

Technical & Security Data

  • Device type and browser (for compatibility and security checks)
  • IP address (for rate limiting OTP requests and fraud prevention)
  • OTP codes and their delivery destination — deleted automatically on verification or expiry (max 10 minutes)
  • App error logs (for debugging — no sensitive data included)

Identity Verification Data (paid plans & verified roles)

  • National Identification Number (NIN), Driver's Licence, or business registration (CAC) details — collected only when you verify for a paid feature or a role that requires it (e.g. riders, verified sellers)
  • The verification result and a reference from our verification provider; raw ID images are not retained where avoidable

3. How We Use Your Information

  • To authenticate you securely via Google sign-in or email + password
  • To run the vendor app — manage products, orders, staff, and credit
  • To serve your public storefront to customers via your unique store link
  • To send transactional notifications (subscription status, payment confirmations)
  • To prevent abuse, fraud, and unauthorised access
  • To respond to account recovery and deletion requests
  • To improve reliability and fix bugs

We do not sell your data. We do not use it for advertising profiling. We do not share it with third parties except as described in Section 5.

4. Public Storefront Data

When you publish products on GioBiz, the following information becomes publicly visible to anyone with your store link:

  • Your business/store name
  • Published product names, descriptions, prices, and images
  • Your public contact number (if you choose to display one)

Customer order details (names, phones, amounts) are not publicly visible. Order tracking pages show only order status — not customer personal details.

5. Service Providers

We work with trusted partners to operate GioBiz. Each accesses only the data needed to provide their service, under contract.

Provider Purpose Region
MonnifyPayment processing (subscriptions & credits)Nigeria
SupabaseDatabase hosting & authenticationEU (Ireland)
CloudflareApp hosting, security & media storage (R2)Global
BrevoTransactional email (receipts, notifications)EU
BestBulkSMSSMS delivery (admin notifications)Nigeria
OpenAIAI assistant (Ask Gio)USA
AnthropicAI assistant (premium tier)USA
DojahIdentity verification (paid, opt-in)Nigeria
SentryError monitoringGlobal
Firebase / GoogleAuthentication during migration (being phased out)USA

This list may change as our services evolve; material changes are reflected here.

Each provider is bound by their own data processing agreements and accesses your data only to provide its service. We do not grant them the right to use your data for their own purposes. Some partners process data outside Nigeria under appropriate cross-border safeguards — see §5.2.

5.1 AI ("Ask Gio") processing

When you use the "Ask Gio" AI assistant, your question and the relevant records from your own business are sent to third-party AI providers (OpenAI and/or Anthropic) to generate an answer. These providers process the request to return a response and do not use your data to train their models on your behalf. AI answers are assistive only and are not guaranteed to be complete or accurate — verify anything you rely on. If you do not want your data processed by AI, do not use the AI features.

5.2 International (cross-border) transfers

Some of our providers — including Supabase, Cloudflare, OpenAI, Anthropic, Sentry, and Brevo — may store or process data on servers outside Nigeria. Where personal data is transferred abroad, we rely on the cross-border transfer safeguards permitted under the Nigeria Data Protection Act (NDPA) 2023, such as the recipient being in an adequate jurisdiction or being bound by contractual data-protection terms. Monnify processes payment data primarily within Nigeria.

5.3 Controller and processor roles

GioBiz (operated by Henmack Integrated Technologies Ltd) is the data controller for your account and platform data. For the records a business keeps about its own customers (names, phone numbers, order details), the business is the controller and GioBiz acts as a data processor on that business's behalf, processing those records only to provide the service.

6. Data Retention

  • OTP codes: deleted immediately after verification or expiry (max 10 minutes)
  • Active accounts: retained while your account is active
  • Deleted accounts: on a confirmed deletion request we permanently delete your business profile, products, orders, staff records, and personal data from our active systems — except records we are legally required to keep, chiefly orders/invoices/financial records (up to 7 years, Nigerian tax & accounting law). Residual copies in our short-term disaster-recovery backups age out as those backups are rotated. See our Data Retention Policy for details.

7. Your Rights (NDPA 2023)

Under the Nigeria Data Protection Act (NDPA) 2023, you have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — update inaccurate personal data
  • Deletion — request erasure of your account and business data
  • Portability — receive your data in a structured format
  • Objection — object to processing in certain circumstances

To exercise any of these rights, email support@giobiz.com or use the in-app account deletion flow.

8. Account & Data Deletion

You can request full account deletion directly from the GioBiz app under Settings → Delete Account. This permanently removes your business profile, products, orders, staff records, and personal data from our active systems (except records under a legal-retention obligation). Residual copies in our short-term disaster-recovery backups age out as those backups are rotated.

If you cannot access the app, email support@giobiz.com with your registered phone number and business name.

Records under a legal-retention obligation (financial/tax) are kept for the required period — see the Data Retention Policy.

9. Security

We protect your data using:

  • Google sign-in and email + password authentication (no SMS OTP for customer self-service)
  • HTTPS/TLS encryption on all connections
  • Row-level security (RLS) in the database, isolating each account to its own data (tenant isolation)
  • Rate limiting on all authentication endpoints
  • Staff PINs stored as salted hashes — never in plaintext
  • Admin panel protected by a separate secure token

10. Children's Privacy

GioBiz is a business application intended for adults (18+). We do not knowingly collect data from children under 18. If you believe a minor has created an account, contact us at support@giobiz.com and we will delete it promptly.

11. Cookies & Local Storage

GioBiz uses browser local storage to maintain your login session and app preferences (such as theme). We do not use advertising cookies or third-party tracking cookies. Our authentication provider (Supabase) may set a session cookie for authentication purposes only.

12. Changes to This Policy

We may update this policy as the app grows. When we make significant changes, we will notify users via the in-app notification system and update the "Last updated" date at the top of this page.

13. Contact Us

For privacy questions, data requests, or concerns: