# CraftRanked Privacy Policy **Last Updated**: April 28, 2026 **Effective Date**: April 28, 2026 --- ## Table of Contents 1. [Introduction](#1-introduction) 2. [Information We Collect](#2-information-we-collect) 3. [How We Use Your Information](#3-how-we-use-your-information) 4. [Data Sharing & Disclosure](#4-data-sharing--disclosure) 5. [Data Security](#5-data-security) 6. [Your Rights](#6-your-rights) 7. [Cookies & Tracking](#7-cookies--tracking) 8. [Data Retention](#8-data-retention) 9. [Children's Privacy](#9-childrens-privacy) 10. [Nigerian Data Protection Compliance](#10-nigerian-data-protection-compliance) 11. [International Data Transfers](#11-international-data-transfers) 12. [Changes to Privacy Policy](#12-changes-to-privacy-policy) 13. [Contact for Privacy Concerns](#13-contact-for-privacy-concerns) --- ## 1. Introduction Welcome to CraftRanked's Privacy Policy. Your privacy is important to us. **CraftRanked Technologies Limited** ("we," "us," or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains: - What information we collect - How we use that information - Who we share it with - Your rights regarding your data - How we comply with Nigerian Data Protection Regulation (NDPR) **By using CraftRanked, you consent to the data practices described in this policy.** If you have any questions, contact our Data Protection Officer at **dpo@craftranked.com**. --- ## 2. Information We Collect We collect information in several ways: directly from you, automatically through your use of our platform, and from third parties. ### 2.1 Information You Provide Directly **When You Create an Account:** ๐Ÿ‘ค **Personal Information:** - Full name - Email address - Phone number (Nigerian mobile number) - Password (encrypted, we can't see it) - Profile picture (optional) - Date of birth (for age verification) ๐Ÿ“ **Location Information:** - City and state - Delivery/service addresses - GPS coordinates (when booking services) ๐Ÿ’ณ **Payment Information:** - Bank account details (for artisans receiving payments) - Card information (processed by Flutterwave/Paystack, not stored by us) - Transaction history ### 2.2 Additional Information for Artisans **Verification Documents:** - ๐Ÿ†” National Identity Number (NIN) - ๐Ÿ“„ Professional certificates - ๐Ÿ“ธ Portfolio photos - ๐Ÿฆ Bank Verification Number (BVN) - for payment processing - ๐Ÿ“‹ Business registration (if applicable) **Service Information:** - Service categories and descriptions - Pricing information - Availability schedule - Work history and portfolio > **Profile pictures and portfolio images are stored on Cloudinary CDN (cloud storage), not on CraftRanked servers directly.** ### 2.3 Information We Collect Automatically **Usage Data:** - Pages visited on our platform - Features you use - Time spent on pages - Search queries - Booking history **Device Information:** - Device type (phone, tablet, computer) - Operating system (Android, iOS, Windows, etc.) - Browser type and version - IP address - Device identifiers - Push notification token (FCM device token, collected when notification permission is granted) **Location Data:** - Your location when you open the app (with permission) - Location of service requests - GPS coordinates for navigation ### 2.4 Information from Third Parties **Payment Processors:** - Transaction confirmation from Flutterwave/Paystack - Payment verification status **Identity Verification:** - NIN verification from NIMC - BVN verification from Nigerian banks - Phone number verification from telecom providers **Social Media:** - If you sign up using Google/Facebook, we receive your public profile info ### 2.5 Communications **Messages & Interactions:** - Messages between customers and artisans - Customer support conversations - Phone call recordings (for quality assurance) - Reviews and ratings - Comments and feedback --- ## 3. How We Use Your Information We use your information for legitimate business purposes to provide and improve our services. ### 3.1 Service Delivery โœ… **Creating and Managing Your Account** - Set up your profile - Verify your identity - Maintain your account security โœ… **Facilitating Bookings** - Connect customers with artisans - Send booking notifications - Coordinate service delivery - Process payments โœ… **Communication** - Send booking confirmations - Provide updates on service status - Send receipts and invoices - Respond to your inquiries - Send push notifications about bookings, messages, and account activity (via Firebase Cloud Messaging / FCM) **You can disable push notifications at any time in your device settings.** ### 3.2 Payment Processing ๐Ÿ’ฐ **Financial Transactions:** - Process payments securely - Hold funds in escrow - Release payments to artisans - Process refunds - Calculate platform fees - Pay referral commissions ๐Ÿงพ **Financial Records:** - Maintain transaction history - Generate invoices and receipts - Comply with tax regulations - Detect fraud ### 3.3 Verification & Safety ๐Ÿ”’ **Identity Verification (Especially for Artisans):** - Verify NIN with NIMC - Verify BVN with banks - Check professional credentials - Conduct background checks (with consent) ๐Ÿ“ท **Camera Access:** - We request access to your device camera solely for identity verification purposes (NIN liveness detection) - Camera access is only used during the verification process - Facial images captured are processed by QoreID (our identity verification partner) and stored securely on Cloudinary CDN - We do not use your camera for any other purpose ๐Ÿ›ก๏ธ **Safety & Security:** - Prevent fraud and abuse - Detect suspicious activity - Protect against scams - Monitor for policy violations ### 3.4 Platform Improvement ๐Ÿ“Š **Analytics & Insights:** - Understand how users interact with our platform - Identify bugs and technical issues - Improve user experience - Develop new features ๐ŸŽฏ **Personalization:** - Show relevant artisans based on your location - Recommend services you might need - Customize your experience ### 3.5 Marketing & Communication ๐Ÿ“ข **Promotional Communications (with your consent):** - Send special offers and discounts - Share new features and updates - Provide service tips and advice - Referral program invitations - Determine promotional eligibility based on your registration date (e.g. early bird free booking fee waiver) **You can opt-out anytime** via email or account settings. ### 3.6 Legal Compliance โš–๏ธ **Regulatory Requirements:** - Comply with Nigerian laws (NDPR, CAMA, etc.) - Respond to legal requests from law enforcement - Enforce our Terms of Service - Resolve disputes - Protect our rights and property --- ## 4. Data Sharing & Disclosure **We do NOT sell your personal information.** Period. However, we share your information in specific situations: ### 4.1 With Other Users (Limited Sharing) **Customers See (About Artisans):** - Name and profile photo - Service offerings and prices - Portfolio and past work - Reviews and ratings - General location (city, not exact address) **Artisans See (About Customers):** - First name and photo - Service location (after booking accepted) - Phone number (after booking accepted) - Booking details and requirements **We hide full contact details until booking is confirmed** to prevent bypassing the platform. ### 4.2 With Service Providers We share data with third-party service providers who help us operate: **Payment Processors:** - ๐Ÿ’ณ **Flutterwave** and **Paystack**: Process payments securely - ๐Ÿฆ **Banks**: Facilitate fund transfers - They see: Payment amounts, bank details (encrypted) **Identity Verification:** - ๐Ÿ†” **NIMC**: Verify National Identity Numbers - ๐Ÿฆ **BVN Verification Services**: Verify bank details - They see: NIN, BVN, name, date of birth - ๐Ÿ“ท **QoreID**: NIN liveness verification and facial matching (licensed identity verification provider, Nigeria) - They see: Facial image, NIN number (for verification only, not stored by CraftRanked), name **Note:** CraftRanked does not store raw NIN numbers. We retain only your verification status and the name data returned by NIMC via QoreID. **Communication Services:** - ๐Ÿ“ง **Email service** (SendGrid): Send emails - ๐Ÿ“ฑ **SMS service**: Send text notifications - ๐Ÿ’ฌ **Chat service** (Stream): Enable in-app messaging - They see: Contact info, message content **Cloud Hosting:** - โ˜๏ธ **AWS** (Amazon Web Services): Host our platform and data - ๐Ÿ–ผ๏ธ **Cloudinary**: Store and serve profile pictures and portfolio images (CDN) - ๐Ÿ“ฆ **Cloud storage**: Store photos and documents - They see: All data (encrypted) **Analytics:** - ๐Ÿ“Š **Google Analytics**: Understand platform usage - They see: Anonymized usage data **All service providers sign contracts to protect your data.** ### 4.3 With Law Enforcement We may disclose your information if required by law: โš–๏ธ **Legal Obligations:** - Court orders or subpoenas - Search warrants - Government investigations - National security requests ๐Ÿšจ **Safety Situations:** - Prevent imminent harm or danger - Investigate fraud or illegal activity - Protect our rights or property - Enforce our Terms of Service **We will notify you** unless legally prohibited. ### 4.4 Business Transfers If CraftRanked is acquired or merged: - Your information may be transferred to the new entity - You will be notified of any changes - Your privacy rights remain protected ### 4.5 With Your Consent We may share your information with others when you explicitly give us permission, such as: - Sharing your portfolio publicly - Posting testimonials - Featuring you in marketing materials --- ## 5. Data Security We take security seriously and implement multiple measures to protect your information. ### 5.1 Technical Security ๐Ÿ” **Encryption:** - **HTTPS/SSL**: All data transmitted is encrypted - **Database encryption**: Stored data is encrypted at rest - **Password hashing**: Passwords are never stored in plain text ๐Ÿ”’ **Access Controls:** - Strict employee access limits (need-to-know basis) - Two-factor authentication for admin accounts - Regular security audits - Automated threat detection ๐Ÿ›ก๏ธ **Infrastructure Security:** - Secure cloud hosting (AWS) - Regular backups - Firewalls and intrusion detection - DDoS protection ### 5.2 Physical Security **Data Centers:** - Hosted in secure, certified data centers - 24/7 physical security - Biometric access controls - Video surveillance ### 5.3 Operational Security **Policies & Training:** - Employee background checks - Security awareness training - Strict data handling procedures - Incident response plan **Monitoring:** - 24/7 security monitoring - Automated alerts for suspicious activity - Regular vulnerability scanning - Penetration testing ### 5.4 Payment Security ๐Ÿ’ณ **PCI DSS Compliance:** - We use PCI-compliant payment processors - We do NOT store full card details - Tokenization for recurring payments - Secure payment forms ### 5.5 What We Can't Guarantee โš ๏ธ **No System is 100% Secure:** - While we use industry best practices, no online service is completely secure - You are responsible for protecting your password - Be cautious of phishing emails pretending to be from CraftRanked - Report any suspicious activity immediately --- ## 6. Your Rights Under Nigerian Data Protection Regulation (NDPR), you have important rights regarding your personal information. ### 6.1 Right to Access ๐Ÿ“– **You can request:** - A copy of all personal data we hold about you - Information about how we use your data - Who we share your data with **How to request:** Email dpo@craftranked.com with subject "Data Access Request" **Response time:** Within 30 days (free of charge) ### 6.2 Right to Rectification โœ๏ธ **You can update:** - Incorrect or outdated information - Incomplete information - Any errors in your profile **How to update:** Go to "Account Settings" or email support@craftranked.com ### 6.3 Right to Deletion ("Right to be Forgotten") ๐Ÿ—‘๏ธ **You can request deletion of your data when:** - You no longer use our services - You withdraw consent - We no longer need your data - You object to how we use your data **How to delete:** Go to "Account Settings" > "Delete Account" **Note:** We may retain some data for legal/compliance purposes (e.g., tax records for 7 years). ### 6.4 Right to Object ๐Ÿšซ **You can object to:** - Marketing communications (opt-out anytime) - Data processing based on legitimate interests - Automated decision-making **How to object:** Email dpo@craftranked.com or use opt-out links in emails ### 6.5 Right to Data Portability ๐Ÿ“ฆ **You can request:** - Your data in a machine-readable format (JSON, CSV) - Transfer of your data to another service **How to request:** Email dpo@craftranked.com with subject "Data Portability Request" ### 6.6 Right to Withdraw Consent โŒ **You can withdraw consent anytime:** - For marketing communications - For location tracking - For data processing (where consent is the legal basis) **Note:** Withdrawing consent may affect your ability to use certain features. ### 6.7 Right to Complain ๐Ÿ“ข **If you're unhappy with how we handle your data:** **Step 1:** Contact our Data Protection Officer: - Email: dpo@craftranked.com - Phone: +234 (0) 803 456 7891 **Step 2:** If unsatisfied, complain to Nigerian regulator: - **Nigeria Data Protection Bureau (NDPB)** - Website: www.ndpb.gov.ng - Email: info@ndpb.gov.ng --- ## 7. Cookies & Tracking ### 7.1 What Are Cookies? Cookies are small text files stored on your device when you visit our website or use our app. They help us remember your preferences and improve your experience. ### 7.2 Types of Cookies We Use **Essential Cookies (Required):** - ๐Ÿ” Authentication: Keep you logged in - ๐Ÿ›’ Session management: Remember your booking details - ๐Ÿ”’ Security: Prevent fraud and protect your account **Functional Cookies (Enhances experience):** - ๐ŸŒ Language preference - ๐ŸŽจ Display preferences - ๐Ÿ“ Location settings **Analytics Cookies (Helps us improve):** - ๐Ÿ“Š Google Analytics: Understand how you use our platform - ๐Ÿ“ˆ Performance monitoring: Identify technical issues - โšก Speed optimization: Make the platform faster **Marketing Cookies (Personalized ads - with consent):** - ๐ŸŽฏ Facebook Pixel: Show relevant ads - ๐Ÿ” Google Ads: Measure ad effectiveness - ๐Ÿ“ฑ Retargeting: Remind you about CraftRanked ### 7.3 Managing Cookies **You can control cookies through:** ๐ŸŒ **Browser Settings:** - Block all cookies (may affect functionality) - Block third-party cookies only - Delete existing cookies โš™๏ธ **Our Cookie Preferences:** - Go to "Privacy Settings" in your account - Toggle cookie categories on/off - Essential cookies cannot be disabled ๐Ÿšซ **Opt-Out Links:** - Google Analytics: tools.google.com/dlpage/gaoptout - Facebook: www.facebook.com/ads/preferences ### 7.4 Do Not Track (DNT) Some browsers have "Do Not Track" settings. Currently, there's no industry standard for honoring DNT. We respond to DNT signals by not using tracking cookies for analytics or advertising. --- ## 8. Data Retention ### 8.1 How Long We Keep Your Data We retain your information only as long as necessary: **Active Accounts:** - โœ… Data kept indefinitely while you use CraftRanked - ๐Ÿ”„ Updated regularly as you interact with platform **Inactive Accounts:** - ๐Ÿ“… After 2 years of inactivity, we may delete your account - ๐Ÿ“ง We'll warn you 30 days before deletion - ๐Ÿ’พ You can reactivate anytime before deletion **Deleted Accounts:** - ๐Ÿ—‘๏ธ Most data deleted within 30 days - ๐Ÿ“ฆ Backups purged within 90 days - ๐Ÿ“Š Anonymized data may be retained for analytics ### 8.2 Legal & Compliance Retention **Some data must be kept longer for legal reasons:** | Data Type | Retention Period | Reason | |-----------|------------------|--------| | Financial records | 7 years | Nigerian tax law (FIRS) | | Transaction history | 7 years | Anti-money laundering (AML) | | Identity verification | 5 years | Know Your Customer (KYC) | | Dispute records | 5 years | Legal claims limitation | | Audit logs | 3 years | Security and compliance | **After retention periods expire, data is securely deleted or anonymized.** --- ## 9. Children's Privacy ### 9.1 Age Restriction CraftRanked is **NOT for children under 18 years old**. ๐Ÿšซ **We do NOT:** - Allow users under 18 to create accounts - Knowingly collect information from children - Target children with marketing โœ… **If you're under 18:** - You may browse the platform - You need parental consent to create an account - Your parent/guardian must manage your account ### 9.2 If We Discover Underage Users If we learn that a user is under 18 without parental consent: - We will immediately suspend the account - We will delete all personal information - We will notify the email address on file **Parents:** If you believe your child created an account, contact us at support@craftranked.com immediately. --- ## 10. Nigerian Data Protection Compliance ### 10.1 NDPR Compliance CraftRanked fully complies with the **Nigeria Data Protection Regulation (NDPR) 2019**. **Our Compliance Measures:** โœ… **Data Protection Impact Assessment (DPIA)** - Conducted regular DPIAs - Identified and mitigated privacy risks - Documented all data processing activities โœ… **Lawful Basis for Processing** We process your data based on: - ๐Ÿ“œ **Consent**: You agreed to our terms - ๐Ÿ“ **Contract**: Necessary to provide services - โš–๏ธ **Legal obligation**: Required by Nigerian law - ๐Ÿ’ผ **Legitimate interest**: Fraud prevention, analytics โœ… **Data Protection Officer (DPO)** - Appointed a qualified DPO - Oversees compliance and handles complaints - Contact: dpo@craftranked.com โœ… **Data Audit Trail** - Log all data access and modifications - Monitor for unauthorized access - Regular compliance audits ### 10.2 NITDA Registration CraftRanked is registered with: - **National Information Technology Development Agency (NITDA)** - Registration Number: [To be assigned] - Annual compliance reports submitted ### 10.3 Data Breach Notification **If a data breach occurs:** ๐Ÿšจ **We will:** - Notify you within 72 hours - Report to NITDA immediately - Explain what data was affected - Describe steps we're taking to fix it - Advise you on protective measures ๐Ÿ“ง **You will receive:** - Email notification - In-app alert - Details on www.craftranked.com/security ### 10.4 Cross-Border Data Transfers **Your data is primarily stored in Nigeria**, but some data may be transferred internationally to service providers (e.g., AWS, Google). **We ensure adequate protection through:** - ๐Ÿ“„ Standard Contractual Clauses (SCCs) - ๐Ÿ” Encryption during transfer - โœ… NITDA-approved transfer mechanisms --- ## 11. International Data Transfers ### 11.1 Where Your Data May Go While CraftRanked operates in Nigeria, some data may be transferred to: ๐ŸŒ **United States:** - AWS cloud hosting - Google Analytics - Payment processors ๐ŸŒ **Europe:** - Some cloud services - Email infrastructure ๐ŸŒ **Other Countries:** - As needed for service providers ### 11.2 How We Protect Transferred Data **Safeguards in Place:** - โœ… Adequacy assessments (similar data protection laws) - โœ… Standard Contractual Clauses (SCCs) - โœ… Binding Corporate Rules (where applicable) - โœ… Encryption during transfer - โœ… NITDA approval for transfers **You can request details** about specific data transfers by contacting dpo@craftranked.com. --- ## 12. Changes to Privacy Policy ### 12.1 Updates We may update this Privacy Policy to reflect: - Changes in our practices - New features or services - Legal or regulatory requirements - Industry best practices **When we make changes:** - ๐Ÿ“… We update the "Last Updated" date at the top - ๐Ÿ“ง We notify you via email (for material changes) - ๐Ÿ”” We show an in-app notification - ๐ŸŒ We post the new policy on our website ### 12.2 Material Changes **For significant changes that affect your rights:** - 30 days' advance notice - Option to opt-out or close your account - Clear explanation of what changed ### 12.3 Your Acceptance **Continued use of CraftRanked after changes = acceptance of new policy.** If you don't agree: - Stop using the platform - Close your account (within 30 days) - Request data deletion --- ## 13. Contact for Privacy Concerns ### 13.1 Data Protection Officer **For all privacy-related questions and requests:** **Data Protection Officer** CraftRanked Technologies Limited ๐Ÿ“ง **Email**: dpo@craftranked.com ๐Ÿ“ž **Phone**: +234 (0) 803 456 7891 ๐Ÿ“ **Mail**: Data Protection Officer Craftranked Nigeria Limited 3rd Floor, AXA Mansard Place 927/928 Bishop Aboyade Cole Street Victoria Island, Lagos, 106104 Nigeria **Response time:** Within 5 business days ### 13.2 General Support **For non-privacy questions:** ๐Ÿ“ง **Email**: support@craftranked.com ๐Ÿ“ž **Phone**: +234 (0) 803 456 7890 ๐Ÿ’ฌ **Live Chat**: Available on website and app ๐Ÿ• **Hours**: Monday - Friday, 8am - 6pm WAT ### 13.3 Regulatory Authority **Nigeria Data Protection Bureau (NDPB)** ๐ŸŒ **Website**: www.ndpb.gov.ng ๐Ÿ“ง **Email**: info@ndpb.gov.ng ๐Ÿ“ž **Phone**: [Contact info available on website] ๐Ÿ“ **Address**: Abuja, Nigeria --- ## Summary: Your Privacy in Simple Terms **We collect your information to provide our services.** **We protect it like it's our own.** **We never sell it to anyone.** **You control your data - access, update, or delete anytime.** ### Quick Privacy Tips ๐Ÿ” **Use a strong, unique password** ๐Ÿ“ฑ **Enable two-factor authentication** ๐Ÿšซ **Don't share your account** โš ๏ธ **Watch out for phishing emails** ๐Ÿ”’ **Check your privacy settings regularly** ๐Ÿ“ง **Report suspicious activity immediately** --- **Questions or Concerns?** Contact our Data Protection Officer at **dpo@craftranked.com** **Thank you for trusting CraftRanked with your information!** ๐Ÿ™ We're committed to protecting your privacy while connecting you with skilled Nigerian artisans. --- **Last Updated**: April 28, 2026 **Version**: 2.1 **Language**: English **Compliance**: This policy complies with the Nigeria Data Protection Regulation (NDPR) 2019 and all applicable Nigerian laws.