NoxManage Privacy Policy

1. Data Collection

We collect and store:

• Ghana Card/National ID details (encrypted)
• Phone numbers and email addresses
• Home/store addresses (for physical stores)
• Store location coordinates
• Transaction histories
• Bank/MoMo account details (PCI-DSS compliant)
• Customer verification codes
• Device information for security

2. Third-Party Services

These providers only receive necessary data for their specific functions and are contractually obligated to maintain confidentiality.

3. Data Retention

We retain different data types for specific periods:

• Account data: 5 years after last activity
• Transaction records: 7 years (per Ghana Revenue Authority requirements)
• Ghana Card copies: 90 days after verification (only encrypted hash remains)
• Inactive accounts: Purged after 2 years of inactivity
• Customer support chats: 1 year from resolution

4. International Data Transfers

Some service providers process data outside Ghana:

• Firebase data may be stored in US/EU regions
• SendGrid processes emails through global servers
• Paystack may use international payment processors

5. Data Protection

We implement:

• End-to-end encryption for sensitive data
• Regular security audits (quarterly)
• Role-based access controls
• Mandatory employee training
• Bug bounty program

6. Your Rights

Under Ghana's Data Protection Act, you can:

• Access your personal data
• Request correction of inaccurate information
• Delete data when no longer necessary
• Object to certain processing
• Request data portability