← Back to GioBiz
GioBiz by Henmack

Privacy Policy

Effective date: May 1, 2026  ·  Last updated: May 6, 2026
This policy explains what data GioBiz collects, why we collect it, and how it is protected. We comply with the Nigeria Data Protection Regulation (NDPR) and respect your rights as a data subject.

1. Who We Are

GioBiz is a business management application for small shops, vendors, and service providers in Nigeria. The service is operated by Henmack Technologies Ltd, Lagos, Nigeria.

Contact: support@giobiz.com

2. Information We Collect

Account & Identity

  • Phone number (used for login via OTP — we do not store passwords)
  • Business name, trading name, and business slug (public URL identifier)
  • Email address (used for notifications and account recovery)
  • WhatsApp contact number (optional, used for customer-facing contact)
  • Staff member names and assigned roles

Business Operations Data

  • Products: names, descriptions, prices, stock levels, images
  • Orders: items ordered, quantities, prices, order source, payment status, timestamps
  • Customer names and phone numbers (entered by the business owner for credit or order records)
  • Credit ledger entries and repayment records
  • Staff activity logs (action type, staff ID, timestamp)

Technical & Security Data

  • Device type and browser (for compatibility and security checks)
  • IP address (for rate limiting OTP requests and fraud prevention)
  • OTP attempt logs (anonymised after verification)
  • App error logs (for debugging — no sensitive data included)

3. How We Use Your Information

  • To authenticate you securely via phone OTP
  • To run the vendor app — manage products, orders, staff, and credit
  • To serve your public storefront to customers via your unique store link
  • To send transactional notifications (subscription status, payment confirmations)
  • To prevent abuse, fraud, and unauthorised access
  • To respond to account recovery and deletion requests
  • To improve reliability and fix bugs

We do not sell your data. We do not use it for advertising profiling. We do not share it with third parties except as described in Section 5.

4. Public Storefront Data

When you publish products on GioBiz, the following information becomes publicly visible to anyone with your store link:

  • Your business/store name
  • Published product names, descriptions, prices, and images
  • Your public contact number (if you choose to display one)

Customer order details (names, phones, amounts) are not publicly visible. Order tracking pages show only order status — not customer personal details.

5. Service Providers

We use the following third-party services to operate GioBiz:

  • Firebase (Google) Authentication, database (Firestore), and web hosting
  • Cloudflare Workers Backend API, OTP rate limiting, and edge processing
  • Cloudflare R2 Product image storage
  • Brevo Transactional email delivery (verification codes, notifications)
  • Africa's Talking SMS OTP delivery (Nigeria)

Each provider is bound by their own data processing agreements. We do not grant these providers the right to use your data for their own purposes.

6. Data Retention

  • OTP codes: deleted immediately after verification or expiry (max 10 minutes)
  • Active accounts: retained while your account is active
  • Deleted accounts: business data purged within 30 days of a confirmed deletion request. Some records may be retained where required by law, fraud prevention, or accounting obligations.

7. Your Rights (NDPR)

Under the Nigeria Data Protection Regulation, you have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — update inaccurate personal data
  • Deletion — request erasure of your account and business data
  • Portability — receive your data in a structured format
  • Objection — object to processing in certain circumstances

To exercise any of these rights, email support@giobiz.com or use the in-app account deletion flow.

8. Account & Data Deletion

You can request full account deletion directly from the GioBiz app under Settings → Delete Account. This removes your business profile, products, orders, staff records, and personal data from our systems within 30 days.

If you cannot access the app, email support@giobiz.com with your registered phone number and business name.

9. Security

We protect your data using:

  • Phone OTP authentication — no passwords stored
  • HTTPS/TLS encryption on all connections
  • Firestore security rules restricting access to authorised users only
  • Rate limiting on all authentication endpoints
  • Staff PINs stored as salted hashes — never in plaintext
  • Admin panel protected by a separate secure token

10. Children's Privacy

GioBiz is a business application intended for adults (18+). We do not knowingly collect data from children under 18. If you believe a minor has created an account, contact us at support@giobiz.com and we will delete it promptly.

11. Cookies & Local Storage

GioBiz uses browser local storage to maintain your login session and app preferences (such as theme). We do not use advertising cookies or third-party tracking cookies. Firebase Authentication may set a session cookie for authentication purposes only.

12. Changes to This Policy

We may update this policy as the app grows. When we make significant changes, we will notify users via the in-app notification system and update the "Last updated" date at the top of this page.

13. Contact Us

For privacy questions, data requests, or concerns: