Privacy Policy
Last updated: June 4, 2026
v2.01. Introduction
X Word Wide Limited ("BuyChat", "we", "us", or "our") is a company incorporated under the laws of the Federal Republic of Nigeria. We operate the BuyChat AI-powered marketplace platform accessible at buychat.ng and through our native iOS and Android applications (collectively, the "Platform").
This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use the Platform. It is prepared in compliance with the Nigeria Data Protection Act 2023 ("NDPA") and the Nigeria Data Protection Regulation 2019 ("NDPR"), as administered by the Nigeria Data Protection Commission ("NDPC").
By registering for or using the Platform, you acknowledge that you have read and understood this Privacy Policy and you consent to the collection and processing of your personal data as described herein. Where consent is the legal basis for a specific processing activity, that activity is clearly identified in Section 3 below. You may withdraw consent at any time, subject to the provisions of Section 13.
If you do not agree with any part of this Privacy Policy, you must immediately discontinue your use of the Platform.
2. Information We Collect
We collect personal data across the following categories depending on how you use the Platform:
Account Information
Phone number (mandatory — used for OTP-based authentication), full name, email address (optional), profile photograph, saved delivery addresses, and your selected platform role (buyer, vendor, or dispatcher). You may switch roles at any time, and data for each role is maintained separately.
Transaction Data
Orders placed or received, product and service details, payment amounts and methods, escrow transaction records, wallet balance and movement history, buyer and vendor reviews, dispute records, and delivery confirmation events.
Vendor Information
Business name, trading address, product listings, pricing and inventory data, business registration documents, bank account details for wallet withdrawals and Paystack Transfers payouts, and any platform-import data from connected Shopify, WooCommerce, or Jumia storefronts.
Dispatcher Information
Vehicle make, model, registration number, and photographs; driver's licence; vehicle registration certificate; third-party insurance documents; real-time GPS coordinates during active delivery or ride assignments; delivery history and earnings records; cash-on-delivery ledger entries.
AI & Voice Interaction Data
Text messages exchanged with our AI assistant (Aisha) and specialist agents across buyer, vendor, dispatcher, service, and rental contexts; voice audio captured during voice-shopping sessions (processed via Whisper STT — see Section 6); product search queries; and AI-generated preference profiles used to personalise your experience. Preference profiles are resettable at any time in Settings.
KYC & Verification Data
Bank Verification Number (BVN), National Identification Number (NIN), driver's licence number, and any supporting identity documents submitted for KYC verification. These are transmitted to QoreID (our identity verification partner) over TLS and stored in encrypted form (AES-256-GCM) in our database. We do not store raw BVN/NIN digits in plaintext.
Device & Technical Data
Browser type and version, operating system, device model and unique device identifier, IP address, push notification tokens (Firebase Cloud Messaging or Apple Push Notification Service), app version, and crash/diagnostic logs. This data is collected automatically when you access the Platform.
Location Data
Precise GPS coordinates are collected only during active use of location-dependent features: delivery tracking, ride-hailing, dispatcher navigation, and proximity-based vendor matching. Location access is not maintained in the background when these features are not in active use. You may deny location permission; doing so will disable location-dependent features but will not prevent you from using the rest of the Platform.
Platform-Specific Permissions
Camera: Used to capture product photos (vendor listings) and to scan QR codes for delivery verification. Microphone: Used solely for voice-shopping sessions initiated by you. Notifications: Used to deliver order updates, delivery alerts, and promotional messages (where consented). All permissions are requested at the point of use and are revocable through your device settings.
3. Legal Basis for Processing
The NDPA requires that every processing activity have a defined lawful basis. The following table maps our key processing activities to their legal basis:
Consent (NDPA s. 25(1)(a))
We rely on your consent for: voice audio capture and Whisper STT transcription; AI preference profiling beyond what is necessary for individual transactions; sending push notifications for marketing or promotional content; activating camera or microphone permissions; and processing your data for optional personalisation features. You may withdraw consent at any time via Settings or by contacting us (see Section 18), without affecting the lawfulness of prior processing.
Performance of a Contract (NDPA s. 25(1)(b))
Processing is necessary to provide the services you have requested: creating and maintaining your account; processing orders, payments, escrow holds, and releases; delivering goods and services; matching buyers with vendors and dispatchers; managing wallet transactions; and resolving disputes between transaction parties.
Legitimate Interests (NDPA s. 25(1)(f))
We process data where it is in our legitimate interests and such interests are not overridden by your rights: detecting and preventing fraud, money laundering, and security threats; maintaining platform integrity through rate limiting and anomaly detection; improving our AI models using anonymised and aggregated data; and conducting internal analytics to understand how the Platform is used. We have conducted legitimate interests assessments for each such activity and these are available on request.
Legal Obligation (NDPA s. 25(1)(c))
We process data where required by law: KYC and anti-money-laundering obligations under the Money Laundering (Prevention and Prohibition) Act 2022; retention of financial records for a minimum of seven (7) years under applicable Nigerian tax and financial regulations; and responding to lawful orders from Nigerian courts, law enforcement, or regulatory bodies including the NDPC.
4. How We Use Your Information
We use the personal data we collect to:
- Operate and maintain the Platform across web, iOS, and Android, including user authentication via phone OTP and JWT session management.
- Process payments and escrow transactions via Paystack (PCI-DSS compliant), release funds to vendors upon delivery confirmation, and process wallet withdrawals via Paystack Transfers.
- Match buyers with the most suitable vendors (by proximity, rating, and availability) and dispatchers (by proximity, vehicle type, load, acceptance rate, and rating).
- Personalise product and service recommendations using AI-driven ranking algorithms and your shopping history.
- Verify the identities of vendors, dispatchers, and users requiring elevated trust, via QoreID KYC checks (BVN, NIN, driver's licence).
- Facilitate rides, deliveries, and service bookings using real-time GPS tracking, ETA calculation, and milestone-based notifications.
- Manage and mediate disputes between buyers, vendors, and dispatchers, including escrow holds pending resolution.
- Send transactional notifications (order confirmations, delivery alerts, payment receipts) and, where consented, marketing and promotional communications.
- Detect and prevent fraudulent transactions, GPS spoofing, account takeovers, and other abusive behaviour.
- Improve our AI assistants, ranking models, and platform features using anonymised, aggregated data that cannot identify you.
- Process vendor and dispatcher withdrawal requests and maintain an immutable cash ledger for cash-on-delivery operations.
- Comply with our legal and regulatory obligations, including NDPA data subject requests and NDPC enquiries.
5. AI and Automated Decision Making
BuyChat uses Claude (Anthropic) and other AI models, accessed via our AI gateway, to power several automated features. Where these features may significantly affect you, you have the right to request human review as described below.
Product & Service Recommendations
Our ranking engine scores listings based on trust, recency, sales velocity, price competitiveness, semantic match, and availability. Recommendations are personalised to your preference profile. You may reset your preference profile at any time in Settings → Privacy.
Price Negotiation
Our inDrive-style negotiation system uses AI to facilitate counter-offers between buyers and vendors for services and bespoke orders. The system enforces safety bounds (maximum ±40% from the listed price) and subjects all counters to a 30-second timer with a maximum of three rounds. All negotiated prices are final when accepted by both parties.
Fraud Detection
Our anomaly detection worker monitors transaction patterns, GPS data, and account behaviour to flag potentially fraudulent activity. Flagged accounts are reviewed by human administrators before any action is taken.
Content Moderation
AI reviews product listings and user-submitted content for compliance with our Terms of Service. Removal decisions are subject to human review upon appeal.
Dispute Mediation
Our dispute mediator agent conducts structured evidence analysis and proposes resolution outcomes. All decisions with financial consequences (escrow splits, refunds, payouts) require acceptance by both parties and, in case of deadlock, escalation to a human administrator. The mediator agent is constrained by a kill-switch system that prevents it from acting autonomously when marketplace health signals are degraded.
Dispatcher Matching
Dispatcher assignment is automated using a scoring algorithm (proximity 35%, availability 25%, rating 20%, load 10%, acceptance rate 10%). Offers cascade to the top three candidates before falling back to broadcast. You may request manual assignment by asking Aisha.
To request human review of any automated decision affecting your account, email [email protected] with the subject line "Human Review Request" and the relevant order or account reference.
6. Voice Data
BuyChat offers optional voice-shopping through a real-time voice pipeline. Understanding how your voice data is handled is important:
Speech-to-Text: Your microphone audio is transmitted in real time to our self-hosted Whisper STT service (running on our own infrastructure). The audio stream is processed and converted to text. Raw audio is not stored beyond the duration of the active voice session.
Text-to-Speech: AI responses are converted to speech using our self-hosted Kokoro TTS service (featuring Nigerian-accented voices, including "Aisha" and "Chidi"). Where Kokoro is unavailable, we fall back to ElevenLabs TTS. Audio output is streamed to your device and is not retained.
What is retained: Only the text transcription of the voice conversation is retained (equivalent to a text chat session — see Section 12 for retention periods). The transcribed text may be used to improve AI response quality using anonymised data.
Consent and revocation: Microphone access is only activated when you explicitly initiate a voice session. You may revoke microphone permission at any time through your device or browser settings. Revoking permission disables voice features but does not affect text-based features.
7. Escrow and Payment Data
BuyChat uses an escrow system to protect buyers and vendors in every transaction. Here is how your payment data is handled:
Payment Processing: All card and bank transfer payments are processed by Paystack, a PCI-DSS Level 1 certified payment processor. BuyChat does not store your full card number, CVV, or bank account PIN. Paystack's privacy policy governs data held by them.
Escrow Mechanics: Funds paid by a buyer are held in escrow by BuyChat until the buyer confirms delivery or, where no confirmation is received, for a maximum of seven (7) days following the marked delivery date, after which escrow is automatically released to the vendor. Disputed transactions remain in escrow until the dispute is resolved.
Wallet Integrity: Every wallet transaction (deposit, withdrawal, escrow hold, escrow release, commission deduction) is recorded with an immutable integrity hash. This prevents retroactive tampering with transaction amounts or balances.
Cash on Delivery: Dispatchers handling cash payments are subject to an immutable cash ledger. A ceiling limit (default ₦20,000) applies, and overdue remittances beyond 48 hours trigger automatic account suspension pending reconciliation.
Withdrawals: Vendor and dispatcher withdrawals are processed via Paystack Transfers to your registered bank account. The withdrawal pipeline includes a daily reconciliation job that verifies transfer statuses against Paystack webhook events.
Retention: All financial records, including escrow transactions, wallet movements, and withdrawal records, are retained for a minimum of seven (7) years in compliance with Nigerian financial regulations, even after account deletion.
8. Virtual Currency (Coins)
BuyChat operates a virtual coin economy used within our Live Shopping feature.
Purchase: Coins are purchased with Nigerian Naira (₦) through the Platform. The purchase is a real-money transaction and is subject to Paystack payment processing.
Use: Coins may be gifted to vendors during live shopping sessions as a form of appreciation or to highlight products. Coins have no monetary value outside the Platform and cannot be redeemed for cash or transferred to other users outside of Platform gifting mechanisms.
Non-refundable: Coin purchases are generally non-refundable once used. Unused coins may be refunded in exceptional circumstances at our sole discretion; contact [email protected] within 14 days of purchase.
Expiry: Unused coins do not expire while your account is active. Upon account deletion, unused coins are forfeited without compensation.
9. Data Sharing and Disclosure
We do not sell your personal data to any third party. We share your data only in the following circumstances:
Between Transaction Parties
To fulfil an order, your name and delivery address are shared with the vendor and assigned dispatcher. Vendor business name, product details, and general location are visible to buyers browsing the Platform. Dispatcher name and real-time location are shared with the buyer during active delivery.
Payment Processors
Paystack receives the transaction amount, your name, and bank/card details necessary to process payments and transfers. Paystack is bound by PCI-DSS requirements and its own privacy policy.
Identity Verification
QoreID receives identity data (BVN, NIN, document numbers) solely for the purpose of KYC verification. QoreID is a Nigerian company subject to NDPA obligations.
Cloud & Infrastructure Services
Cloudinary stores and serves product images and profile photographs. Firebase Cloud Messaging (Google) and Apple Push Notification Service (Apple) deliver push notifications to Android and iOS devices respectively.
AI Infrastructure
Conversation data submitted to our AI gateway may be processed by AI model providers (currently Anthropic and Kilo AI). Data submitted to AI services is anonymised to the extent possible and is subject to the data processing agreements we maintain with each provider.
Legal Compliance
We will disclose personal data where required by a valid court order, Nigerian law, lawful request from the NDPC or any law enforcement body, or where necessary to prevent imminent harm to users or the public. We will notify affected users of such disclosures where we are legally permitted to do so.
Business Transfers
In connection with a merger, acquisition, restructuring, or sale of all or substantially all of X Word Wide Limited's assets, user data may be transferred as part of that transaction. We will notify you via the Platform and provide an opportunity to delete your account before any such transfer is completed.
10. International Data Transfers
BuyChat is a Nigerian company and processes most data within Nigeria. However, some processing activities involve data being transferred outside Nigeria:
AI Model Processing: Our AI gateway may route requests to model providers whose infrastructure is located outside Nigeria (including in the United States). We maintain data processing agreements with these providers that include contractual safeguards consistent with NDPA Part VI requirements.
Cloudinary: Product images and user photographs are stored on Cloudinary's globally distributed content delivery network. Cloudinary is incorporated in the United States and processes data across multiple global regions.
Firebase & Google: Push notifications to Android devices are routed through Google's Firebase Cloud Messaging infrastructure, which operates globally.
Nigerian-Domiciled Services: Paystack (payment processing) and QoreID (identity verification) are Nigerian companies and process your data primarily within Nigeria.
Where data is transferred outside Nigeria to countries without an adequate level of data protection as recognised by the NDPC, we ensure appropriate safeguards are in place, including standard contractual clauses or binding corporate rules, as required by the NDPA.
11. Data Security
We implement a layered security architecture to protect your personal data:
- Encryption in transit: All client-server communication is encrypted using TLS (HTTPS). Internal service-to-service communication uses HMAC-SHA256 signed requests.
- Encryption at rest: Sensitive fields, including KYC data, are encrypted using AES-256-GCM before storage in the database.
- Authentication: Password-free authentication via phone OTP (Termii managed OTP, with WhatsApp and SMS channel cascade). JWT access tokens expire after one (1) hour; refresh tokens expire after thirty (30) days.
- Brute-force protection: OTP verification is rate-limited to ten (10) attempts per phone number per 24-hour period. Subsequent attempts are rejected without revealing whether an account exists.
- Escrow integrity: Each escrow transaction record includes a cryptographic integrity hash to detect and prevent retroactive tampering.
- Rate limiting: All API endpoints are rate-limited using sliding-window counters backed by Redis. AI chat is limited to thirty (30) messages per user per sixty (60) seconds.
- Input sanitisation: All user-supplied inputs are validated and sanitised to prevent injection attacks (SQL injection, XSS). Request body size is capped at 10 KB.
- GPS spoof detection: The logistics engine includes algorithmic detection of implausible location updates to prevent dispatcher GPS spoofing.
- Security headers: The API and web application use strict security headers (HSTS with one-year max-age and preload, CSP, strict referrer policy) via Helmet.
Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your data. In the event of a personal data breach that is likely to affect your rights and freedoms, we will notify the NDPC and affected users in accordance with the timelines prescribed by the NDPA.
12. Data Retention
We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data (name, phone, role) | Lifetime of account + 2 years after deletion | Contract / Legitimate Interest |
| Transaction & financial records | 7 years | Legal Obligation |
| AI conversation history | 1 year, then anonymised and aggregated | Legitimate Interest |
| Location data (delivery / rides) | 30 days after session completion | Contract |
| Voice audio | Session only — not persisted | Consent |
| KYC / identity documents | Duration of active account | Legal Obligation |
| Server & access logs | 90 days | Legitimate Interest |
Upon expiry of the applicable retention period, data is securely deleted or irreversibly anonymised. Where deletion is legally required by your erasure request but a legal retention obligation applies, we will retain the minimum data necessary to satisfy that obligation and suppress it from operational use.
13. Your Rights Under NDPA
As a data subject under the Nigeria Data Protection Act 2023, you have the following rights with respect to your personal data:
Right of Access (NDPA s. 34)
You may request a copy of all personal data we hold about you, including the purposes of processing, the categories of data, and any third parties to whom it has been disclosed.
Right to Rectification (NDPA s. 35)
You may request correction of any inaccurate or incomplete personal data. Many details (name, address, profile photo) can be updated directly in your account settings.
Right to Erasure (NDPA s. 36)
You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where processing is unlawful. Note that we may be required to retain certain data (e.g., financial records for 7 years) even after an erasure request.
Right to Restriction of Processing (NDPA s. 37)
You may request that we restrict processing of your data in certain circumstances, for example while contesting the accuracy of your data.
Right to Data Portability (NDPA s. 38)
You may request a machine-readable export of personal data you have provided to us where processing is based on consent or contract. This includes your order history, wallet transactions, and profile data.
Right to Object to Profiling (NDPA s. 39)
You may object to processing of your personal data for AI-based profiling and automated decision-making. Where we cannot accommodate your objection and still provide the service, we will inform you of the consequences.
Right to Withdraw Consent
Where processing is based on consent, you may withdraw it at any time by adjusting permissions in Settings or contacting us. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng if you believe we have violated your data protection rights. We encourage you to contact us first so we may resolve your concern directly.
To exercise any of the above rights, email [email protected] with the subject "Data Subject Request" and include your registered phone number for identity verification. We will respond within thirty (30) days of receipt.
14. Children's Privacy
The BuyChat Platform is not intended for use by individuals under the age of eighteen (18) years. We do not knowingly collect, process, or retain personal data from children under 18.
If you are a parent or guardian and believe that a child under 18 has registered for or is using the Platform without your consent, please contact us immediately at [email protected]. Upon verification, we will promptly delete the child's account and all associated personal data, except where retention is required by law.
We do not knowingly allow minors to purchase coins, enter into escrow transactions, or engage in any financial activity on the Platform.
16. Third-Party Services
The Platform integrates with the following third-party services, each of which operates under its own privacy policy. We encourage you to review those policies:
- Paystack (paystack.com) — Payment processing, bank transfers, and payout services.
- QoreID (qoreid.com) — Identity verification (BVN, NIN, driver's licence, bank account verification).
- Cloudinary (cloudinary.com) — Cloud storage and delivery of product images and user photographs.
- ElevenLabs (elevenlabs.io) — Fallback text-to-speech synthesis for the voice pipeline.
- Firebase / Google Cloud (firebase.google.com) — Push notifications for Android devices and analytics infrastructure.
- Apple Push Notification Service (apple.com) — Push notifications for iOS devices.
- Termii (termii.com) — SMS and WhatsApp OTP delivery for authentication.
BuyChat is not responsible for the data practices of these third-party services. Providing your data to them (for example, by completing a payment through Paystack) is subject to their own terms and privacy policies. We select third-party partners with appropriate data protection standards and maintain data processing agreements where required.
17. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the features of the Platform. All changes will be posted on this page with an updated "Last Updated" date and version number.
For material changes — including new categories of data collected, new purposes for processing, or changes to data sharing practices — we will provide prominent notice through the Platform (such as an in-app notification or a banner on the home screen) at least fourteen (14) days before the change takes effect, where practicable.
Your continued use of the Platform after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. If you do not accept the changes, you must discontinue use of the Platform and may request deletion of your account.
18. Contact and Data Protection Officer
If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us through any of the following channels:
Data Controller
X Word Wide Limited ("BuyChat")
No. 24 Bello Street, Ibeju-Lekki, Lagos, Nigeria
Data Protection Officer (DPO)
Email: [email protected]
Subject line: "Privacy Enquiry" or "Data Subject Request"
General Privacy Enquiries
Email: [email protected]
We aim to respond to all legitimate enquiries within thirty (30) days of receipt. For complex requests, we may extend this period by a further thirty (30) days, in which case we will notify you of the extension and the reason for it.
If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.
X Word Wide Limited
No. 24 Bello Street, Ibeju-Lekki, Lagos, Nigeria
© 2026 X Word Wide Limited. All rights reserved.