MagnusOPSign in

Privacy Statement

NDPA 2023-aligned notice for traders, shoppers, and visitors.

Last updated: June 2026 · Aligned with the Nigeria Data Protection Act (NDPA) 2023 (which superseded the earlier NDPR framework) and applicable Nigerian privacy law.

This Privacy Statement explains how MagnusOP ("we", "us") collects, uses, stores, shares, and protects personal data when you use MagnusOP.com and related services (the "Platform"). It is written in plain language as required by the NDPA. Use of the Platform is also governed by our Terms of Service.

Data controller & contact

Data controller: MagnusOP (operator of the Platform).

Privacy accountability: MagnusOP Operations Team (privacy lead for NDPA compliance).

Privacy contact: support@magnusop.com

Response time for data subject requests: within 30 days of a verified request, unless law requires a different period or we notify you of an extension.

Who this applies to

  • Traders — merchants with a MagnusOP account (inventory, sales, CRM, online stores).
  • Store shoppers — people who browse or buy from a trader's public store, including optional shopper accounts on premium stores.
  • Visitors — anyone viewing a public storefront or landing page.

The NDPA applies to processing of personal data of natural persons in Nigeria and Nigerian citizens abroad. Business-only data about companies (not individuals) is outside personal-data scope.

Traders and their customers: When you add customer names and phone numbers to MagnusOP, you are typically an independent data controller for that CRM data. MagnusOP acts as a data processor providing the tool. You must treat customer data lawfully (see Traders: customer phone numbers).

We rely on consent where you make a clear choice, including:

  • Creating a trader account and actively agreeing to this Privacy Statement and Terms of Service at registration (unchecked consent checkbox).
  • Optionally creating a store shopper account (email, password, or Google sign-in where enabled).
  • Submitting checkout details on an online store (necessary to fulfill your order).

You may withdraw consent at any time where processing is consent-based — e.g. delete your shopper account, unpublish your store, or request account deletion. Withdrawal does not affect processing that was lawful before withdrawal. Service features that require certain data may no longer work after withdrawal.

Personal data we collect

Trader accounts

  • Identity & contact: name, email, password (hashed), optional profile image
  • Business: business name, type, slug, tagline, bio, WhatsApp number, store settings
  • CRM: customer names, phone numbers, optional emails and notes you enter
  • Transactions: sales, inventory events, store orders, payment references
  • Configuration: Paystack API keys you provide for your storefront
  • AI usage: conversation history tied to your trader account

Store shoppers

  • Name, email, authentication method (email/password or Google)
  • Wishlist items per store
  • Checkout: name, email, phone on orders

Technical data

  • IP address, browser/device type, session identifiers
  • Security and application logs

Purposes & legal basis (NDPA)

PurposeTypical legal basis
Provide the Platform (inventory, sales, reports, stores)Contract / legitimate interest
Authenticate users and prevent fraudLegitimate interest / legal obligation
Process store payments via PaystackContract
Service emails (e.g. password reset)Contract / consent
Reorder reminders you enable for your customersYour consent / customer relationship (trader as controller)
Comply with law and respond to regulatorsLegal obligation

We do not sell personal data. We do not use trader or shopper data for unrelated third-party marketing.

Cookies, sessions & storage

We use technical methods to operate the Platform, including:

  • Session cookies — trader login (Better Auth) keeps you signed in securely.
  • Separate shopper cookies — premium store customer accounts use a different cookie prefix so shopper sessions do not mix with trader sessions.
  • Server-side storage — account, business, and order data in encrypted PostgreSQL databases.
  • Theme preference — local display settings where applicable.

We do not use third-party advertising cookies on the Platform. You can clear cookies in your browser; you will need to sign in again.

Third-party access

  • Paystack — payment initialization and verification for store checkout and platform fees.
  • Google — optional shopper sign-in only, if enabled by the platform operator.
  • Hosting & database providers — e.g. cloud infrastructure to run the app, under data-processing terms.
  • Email delivery — transactional messages (password reset, notifications).
  • Legal & safety — when required by law, court order, or to protect users from fraud or harm.

Traders who export customer numbers to WhatsApp or other apps are responsible for those apps' privacy practices.

NDPA data protection principles

We process personal data in line with NDPA principles, including:

  • Lawfulness, fairness, transparency — this statement and in-product notices
  • Purpose limitation — data used for stated purposes only
  • Data minimisation — collect what is needed to run the service
  • Accuracy — you can update profile and business data in Settings
  • Storage limitation — retention policy below
  • Integrity & confidentiality — security measures below
  • Accountability — documented processes and contact for requests

Your rights under the NDPA

Subject to the NDPA, you have the right to:

  • Access — know what personal data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion in certain circumstances
  • Restrict processing — in limited cases
  • Data portability — receive your data in a usable format where applicable
  • Object — to processing based on legitimate interest, including direct marketing
  • Withdraw consent — where processing is consent-based
  • Lodge a complaint — with us or with the regulator

To exercise rights, email support@magnusop.com with enough detail to verify your identity. See Data deletion process for step-by-step instructions.

How long we keep data

  • Active trader accounts — while you use the Platform and as needed afterward for backup, disputes, or legal duties.
  • Store orders — for fulfillment, trader records, and legal requirements; traders may need order history for tax and customer support.
  • Shopper accounts — until you delete them or they are inactive and removed per our deletion process.
  • Payment references — retained as required for financial and audit purposes.
  • Security logs — typically up to 12 months for fraud investigation, then deleted or anonymised where feasible.
  • Deleted trader accounts — removed within 90 days of a verified deletion request, except records we must keep by law.

Security measures

  • HTTPS encryption in transit
  • Password hashing; optional two-factor authentication for traders
  • Multi-tenant isolation — each trader only accesses their own data
  • Rate limiting on authentication endpoints
  • Access controls for admin and support functions

No online system is 100% secure. Use a strong unique password and enable 2FA in Settings.

Cross-border transfers

Our infrastructure providers may process data outside Nigeria (for example in the EU or US). Where this occurs, we rely on contractual safeguards and provider security standards consistent with NDPA requirements for lawful transfer.

Personal data breaches

If we become aware of a breach likely to affect your rights, we will investigate promptly, take steps to contain harm, notify affected users where required, and report to the Nigeria Data Protection Commission (NDPC) and other authorities as required by law.

How to treat customer phone numbers

When you add customers in MagnusOP, you are handling their personal data under Nigerian law (NDPA 2023). Follow these practices:

  • Collect only what you need — name and phone for orders, delivery, or reorder reminders. Do not ask for extra details without a clear reason.
  • Tell customers why — e.g. "We use your number to confirm orders and send reorder reminders." Get consent before promotional messages.
  • No selling or sharing lists — do not sell, rent, or share customer numbers with other businesses or marketers.
  • WhatsApp & SMS — message only about their purchase or service they agreed to. Let them opt out of marketing. Avoid bulk spam; it violates the NDPA and platform rules.
  • Keep data accurate — update or delete wrong numbers in Settings → Customers.
  • Honor deletion requests — if a customer asks you to stop using their number, remove or anonymise their record promptly.
  • Secure your account — use a strong password and two-factor authentication so only you access your customer list.

Your role: You are the data controller for customer records you create. MagnusOP provides the tool; you decide what to collect and how to contact customers. Questions: support@magnusop.com

Data deletion & access requests

Under the Nigeria Data Protection Act (NDPA) 2023, you can ask for access, correction, portability, restriction, or deletion of personal data we process. We respond within 30 days of a verified request (complex cases may take longer — we will tell you).

For traders (MagnusOP account owners)

  1. Delete your own customer records — go to Settings → Customers and remove individuals you no longer need to contact.
  2. Close your public store — unpublish from the Store page if you want to stop collecting new checkout data.
  3. Delete your MagnusOP account — email support@magnusop.com from your registered account email with subject Trader account deletion. Include your business name and confirm you want permanent deletion.
  4. What we remove — trader profile, products, inventory events, sales, customer CRM entries, store orders, notifications, and shopper wishlist links tied to your store (where technically feasible).
  5. What we may keep — payment references, fraud-prevention logs, and records we must retain by law (e.g. tax or audit), for the minimum period required.

For store shoppers (premium online stores)

  1. Sign out — use the account menu on any premium store to end your session.
  2. Clear wishlist — remove saved items using the heart icon, or delete your shopper account (below).
  3. Delete shopper account — open the account menu on any premium store and choose Delete account, or email support@magnusop.com from the email on your shopper account with subject Shopper account deletion. State the store name if you remember it.
  4. Store orders — checkout name, email, and phone on past orders are also held for the trader's fulfillment. To delete order contact details, email us and name the store and approximate order date; we coordinate with the trader where needed.

Verify your identity: we may ask you to confirm control of your email or account before deleting data, to prevent fraudulent requests.

Export: traders can use Settings → Privacy → Download my data for a full JSON export before deletion. Contact support if you need help.

Children

The Platform is for business use and is not directed at children under 16. We do not knowingly collect children's personal data. Contact us to request removal if you believe we have.

Changes to this statement

We may update this statement for legal, technical, or product changes. Material updates will be posted here with a new "Last updated" date. Continued use after notice may constitute acceptance where permitted by law.

Contact & complaints

Privacy requests: support@magnusop.com

Regulator: If you are not satisfied with our response, you may contact the Nigeria Data Protection Commission (NDPC). You may also seek remedies in a court of competent jurisdiction under Nigerian law.

Terms of Service · Sign in · Trader Settings