Skip to main content

Privacy Policy

Last updated: June 4, 2026

v2.0

1. Introduction

X Word Wide Limited ("BuyChat", "we", "us", or "our") is a company incorporated under the laws of the Federal Republic of Nigeria. We operate the BuyChat AI-powered marketplace platform accessible at buychat.ng and through our native iOS and Android applications (collectively, the "Platform").

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use the Platform. It is prepared in compliance with the Nigeria Data Protection Act 2023 ("NDPA") and the Nigeria Data Protection Regulation 2019 ("NDPR"), as administered by the Nigeria Data Protection Commission ("NDPC").

By registering for or using the Platform, you acknowledge that you have read and understood this Privacy Policy and you consent to the collection and processing of your personal data as described herein. Where consent is the legal basis for a specific processing activity, that activity is clearly identified in Section 3 below. You may withdraw consent at any time, subject to the provisions of Section 13.

If you do not agree with any part of this Privacy Policy, you must immediately discontinue your use of the Platform.

2. Information We Collect

We collect personal data across the following categories depending on how you use the Platform:

Account Information

Phone number (mandatory — used for OTP-based authentication), full name, email address (optional), profile photograph, saved delivery addresses, and your selected platform role (buyer, vendor, or dispatcher). You may switch roles at any time, and data for each role is maintained separately.

Transaction Data

Orders placed or received, product and service details, payment amounts and methods, escrow transaction records, wallet balance and movement history, buyer and vendor reviews, dispute records, and delivery confirmation events.

Vendor Information

Business name, trading address, product listings, pricing and inventory data, business registration documents, bank account details for wallet withdrawals and Paystack Transfers payouts, and any platform-import data from connected Shopify, WooCommerce, or Jumia storefronts.

Dispatcher Information

Vehicle make, model, registration number, and photographs; driver's licence; vehicle registration certificate; third-party insurance documents; real-time GPS coordinates during active delivery or ride assignments; delivery history and earnings records; cash-on-delivery ledger entries.

AI & Voice Interaction Data

Text messages exchanged with our AI assistant (Aisha) and specialist agents across buyer, vendor, dispatcher, service, and rental contexts; voice audio captured during voice-shopping sessions (processed via Whisper STT — see Section 6); product search queries; and AI-generated preference profiles used to personalise your experience. Preference profiles are resettable at any time in Settings.

KYC & Verification Data

Bank Verification Number (BVN), National Identification Number (NIN), driver's licence number, and any supporting identity documents submitted for KYC verification. These are transmitted to QoreID (our identity verification partner) over TLS and stored in encrypted form (AES-256-GCM) in our database. We do not store raw BVN/NIN digits in plaintext.

Device & Technical Data

Browser type and version, operating system, device model and unique device identifier, IP address, push notification tokens (Firebase Cloud Messaging or Apple Push Notification Service), app version, and crash/diagnostic logs. This data is collected automatically when you access the Platform.

Location Data

Precise GPS coordinates are collected only during active use of location-dependent features: delivery tracking, ride-hailing, dispatcher navigation, and proximity-based vendor matching. Location access is not maintained in the background when these features are not in active use. You may deny location permission; doing so will disable location-dependent features but will not prevent you from using the rest of the Platform.

Platform-Specific Permissions

Camera: Used to capture product photos (vendor listings) and to scan QR codes for delivery verification. Microphone: Used solely for voice-shopping sessions initiated by you. Notifications: Used to deliver order updates, delivery alerts, and promotional messages (where consented). All permissions are requested at the point of use and are revocable through your device settings.

4. How We Use Your Information

We use the personal data we collect to:

  • Operate and maintain the Platform across web, iOS, and Android, including user authentication via phone OTP and JWT session management.
  • Process payments and escrow transactions via Paystack (PCI-DSS compliant), release funds to vendors upon delivery confirmation, and process wallet withdrawals via Paystack Transfers.
  • Match buyers with the most suitable vendors (by proximity, rating, and availability) and dispatchers (by proximity, vehicle type, load, acceptance rate, and rating).
  • Personalise product and service recommendations using AI-driven ranking algorithms and your shopping history.
  • Verify the identities of vendors, dispatchers, and users requiring elevated trust, via QoreID KYC checks (BVN, NIN, driver's licence).
  • Facilitate rides, deliveries, and service bookings using real-time GPS tracking, ETA calculation, and milestone-based notifications.
  • Manage and mediate disputes between buyers, vendors, and dispatchers, including escrow holds pending resolution.
  • Send transactional notifications (order confirmations, delivery alerts, payment receipts) and, where consented, marketing and promotional communications.
  • Detect and prevent fraudulent transactions, GPS spoofing, account takeovers, and other abusive behaviour.
  • Improve our AI assistants, ranking models, and platform features using anonymised, aggregated data that cannot identify you.
  • Process vendor and dispatcher withdrawal requests and maintain an immutable cash ledger for cash-on-delivery operations.
  • Comply with our legal and regulatory obligations, including NDPA data subject requests and NDPC enquiries.

5. AI and Automated Decision Making

BuyChat uses Claude (Anthropic) and other AI models, accessed via our AI gateway, to power several automated features. Where these features may significantly affect you, you have the right to request human review as described below.

Product & Service Recommendations

Our ranking engine scores listings based on trust, recency, sales velocity, price competitiveness, semantic match, and availability. Recommendations are personalised to your preference profile. You may reset your preference profile at any time in Settings → Privacy.

Price Negotiation

Our inDrive-style negotiation system uses AI to facilitate counter-offers between buyers and vendors for services and bespoke orders. The system enforces safety bounds (maximum ±40% from the listed price) and subjects all counters to a 30-second timer with a maximum of three rounds. All negotiated prices are final when accepted by both parties.

Fraud Detection

Our anomaly detection worker monitors transaction patterns, GPS data, and account behaviour to flag potentially fraudulent activity. Flagged accounts are reviewed by human administrators before any action is taken.

Content Moderation

AI reviews product listings and user-submitted content for compliance with our Terms of Service. Removal decisions are subject to human review upon appeal.

Dispute Mediation

Our dispute mediator agent conducts structured evidence analysis and proposes resolution outcomes. All decisions with financial consequences (escrow splits, refunds, payouts) require acceptance by both parties and, in case of deadlock, escalation to a human administrator. The mediator agent is constrained by a kill-switch system that prevents it from acting autonomously when marketplace health signals are degraded.

Dispatcher Matching

Dispatcher assignment is automated using a scoring algorithm (proximity 35%, availability 25%, rating 20%, load 10%, acceptance rate 10%). Offers cascade to the top three candidates before falling back to broadcast. You may request manual assignment by asking Aisha.

To request human review of any automated decision affecting your account, email [email protected] with the subject line "Human Review Request" and the relevant order or account reference.

6. Voice Data

BuyChat offers optional voice-shopping through a real-time voice pipeline. Understanding how your voice data is handled is important:

Speech-to-Text: Your microphone audio is transmitted in real time to our self-hosted Whisper STT service (running on our own infrastructure). The audio stream is processed and converted to text. Raw audio is not stored beyond the duration of the active voice session.

Text-to-Speech: AI responses are converted to speech using our self-hosted Kokoro TTS service (featuring Nigerian-accented voices, including "Aisha" and "Chidi"). Where Kokoro is unavailable, we fall back to ElevenLabs TTS. Audio output is streamed to your device and is not retained.

What is retained: Only the text transcription of the voice conversation is retained (equivalent to a text chat session — see Section 12 for retention periods). The transcribed text may be used to improve AI response quality using anonymised data.

Consent and revocation: Microphone access is only activated when you explicitly initiate a voice session. You may revoke microphone permission at any time through your device or browser settings. Revoking permission disables voice features but does not affect text-based features.

7. Escrow and Payment Data

BuyChat uses an escrow system to protect buyers and vendors in every transaction. Here is how your payment data is handled:

Payment Processing: All card and bank transfer payments are processed by Paystack, a PCI-DSS Level 1 certified payment processor. BuyChat does not store your full card number, CVV, or bank account PIN. Paystack's privacy policy governs data held by them.

Escrow Mechanics: Funds paid by a buyer are held in escrow by BuyChat until the buyer confirms delivery or, where no confirmation is received, for a maximum of seven (7) days following the marked delivery date, after which escrow is automatically released to the vendor. Disputed transactions remain in escrow until the dispute is resolved.

Wallet Integrity: Every wallet transaction (deposit, withdrawal, escrow hold, escrow release, commission deduction) is recorded with an immutable integrity hash. This prevents retroactive tampering with transaction amounts or balances.

Cash on Delivery: Dispatchers handling cash payments are subject to an immutable cash ledger. A ceiling limit (default ₦20,000) applies, and overdue remittances beyond 48 hours trigger automatic account suspension pending reconciliation.

Withdrawals: Vendor and dispatcher withdrawals are processed via Paystack Transfers to your registered bank account. The withdrawal pipeline includes a daily reconciliation job that verifies transfer statuses against Paystack webhook events.

Retention: All financial records, including escrow transactions, wallet movements, and withdrawal records, are retained for a minimum of seven (7) years in compliance with Nigerian financial regulations, even after account deletion.

8. Virtual Currency (Coins)

BuyChat operates a virtual coin economy used within our Live Shopping feature.

Purchase: Coins are purchased with Nigerian Naira (₦) through the Platform. The purchase is a real-money transaction and is subject to Paystack payment processing.

Use: Coins may be gifted to vendors during live shopping sessions as a form of appreciation or to highlight products. Coins have no monetary value outside the Platform and cannot be redeemed for cash or transferred to other users outside of Platform gifting mechanisms.

Non-refundable: Coin purchases are generally non-refundable once used. Unused coins may be refunded in exceptional circumstances at our sole discretion; contact [email protected] within 14 days of purchase.

Expiry: Unused coins do not expire while your account is active. Upon account deletion, unused coins are forfeited without compensation.

9. Data Sharing and Disclosure

We do not sell your personal data to any third party. We share your data only in the following circumstances:

Between Transaction Parties

To fulfil an order, your name and delivery address are shared with the vendor and assigned dispatcher. Vendor business name, product details, and general location are visible to buyers browsing the Platform. Dispatcher name and real-time location are shared with the buyer during active delivery.

Payment Processors

Paystack receives the transaction amount, your name, and bank/card details necessary to process payments and transfers. Paystack is bound by PCI-DSS requirements and its own privacy policy.

Identity Verification

QoreID receives identity data (BVN, NIN, document numbers) solely for the purpose of KYC verification. QoreID is a Nigerian company subject to NDPA obligations.

Cloud & Infrastructure Services

Cloudinary stores and serves product images and profile photographs. Firebase Cloud Messaging (Google) and Apple Push Notification Service (Apple) deliver push notifications to Android and iOS devices respectively.

AI Infrastructure

Conversation data submitted to our AI gateway may be processed by AI model providers (currently Anthropic and Kilo AI). Data submitted to AI services is anonymised to the extent possible and is subject to the data processing agreements we maintain with each provider.

Legal Compliance

We will disclose personal data where required by a valid court order, Nigerian law, lawful request from the NDPC or any law enforcement body, or where necessary to prevent imminent harm to users or the public. We will notify affected users of such disclosures where we are legally permitted to do so.

Business Transfers

In connection with a merger, acquisition, restructuring, or sale of all or substantially all of X Word Wide Limited's assets, user data may be transferred as part of that transaction. We will notify you via the Platform and provide an opportunity to delete your account before any such transfer is completed.

10. International Data Transfers

BuyChat is a Nigerian company and processes most data within Nigeria. However, some processing activities involve data being transferred outside Nigeria:

AI Model Processing: Our AI gateway may route requests to model providers whose infrastructure is located outside Nigeria (including in the United States). We maintain data processing agreements with these providers that include contractual safeguards consistent with NDPA Part VI requirements.

Cloudinary: Product images and user photographs are stored on Cloudinary's globally distributed content delivery network. Cloudinary is incorporated in the United States and processes data across multiple global regions.

Firebase & Google: Push notifications to Android devices are routed through Google's Firebase Cloud Messaging infrastructure, which operates globally.

Nigerian-Domiciled Services: Paystack (payment processing) and QoreID (identity verification) are Nigerian companies and process your data primarily within Nigeria.

Where data is transferred outside Nigeria to countries without an adequate level of data protection as recognised by the NDPC, we ensure appropriate safeguards are in place, including standard contractual clauses or binding corporate rules, as required by the NDPA.

11. Data Security

We implement a layered security architecture to protect your personal data:

  • Encryption in transit: All client-server communication is encrypted using TLS (HTTPS). Internal service-to-service communication uses HMAC-SHA256 signed requests.
  • Encryption at rest: Sensitive fields, including KYC data, are encrypted using AES-256-GCM before storage in the database.
  • Authentication: Password-free authentication via phone OTP (Termii managed OTP, with WhatsApp and SMS channel cascade). JWT access tokens expire after one (1) hour; refresh tokens expire after thirty (30) days.
  • Brute-force protection: OTP verification is rate-limited to ten (10) attempts per phone number per 24-hour period. Subsequent attempts are rejected without revealing whether an account exists.
  • Escrow integrity: Each escrow transaction record includes a cryptographic integrity hash to detect and prevent retroactive tampering.
  • Rate limiting: All API endpoints are rate-limited using sliding-window counters backed by Redis. AI chat is limited to thirty (30) messages per user per sixty (60) seconds.
  • Input sanitisation: All user-supplied inputs are validated and sanitised to prevent injection attacks (SQL injection, XSS). Request body size is capped at 10 KB.
  • GPS spoof detection: The logistics engine includes algorithmic detection of implausible location updates to prevent dispatcher GPS spoofing.
  • Security headers: The API and web application use strict security headers (HSTS with one-year max-age and preload, CSP, strict referrer policy) via Helmet.

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your data. In the event of a personal data breach that is likely to affect your rights and freedoms, we will notify the NDPC and affected users in accordance with the timelines prescribed by the NDPA.

12. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law:

Data CategoryRetention PeriodBasis
Account data (name, phone, role)Lifetime of account + 2 years after deletionContract / Legitimate Interest
Transaction & financial records7 yearsLegal Obligation
AI conversation history1 year, then anonymised and aggregatedLegitimate Interest
Location data (delivery / rides)30 days after session completionContract
Voice audioSession only — not persistedConsent
KYC / identity documentsDuration of active accountLegal Obligation
Server & access logs90 daysLegitimate Interest

Upon expiry of the applicable retention period, data is securely deleted or irreversibly anonymised. Where deletion is legally required by your erasure request but a legal retention obligation applies, we will retain the minimum data necessary to satisfy that obligation and suppress it from operational use.

13. Your Rights Under NDPA

As a data subject under the Nigeria Data Protection Act 2023, you have the following rights with respect to your personal data:

Right of Access (NDPA s. 34)

You may request a copy of all personal data we hold about you, including the purposes of processing, the categories of data, and any third parties to whom it has been disclosed.

Right to Rectification (NDPA s. 35)

You may request correction of any inaccurate or incomplete personal data. Many details (name, address, profile photo) can be updated directly in your account settings.

Right to Erasure (NDPA s. 36)

You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where processing is unlawful. Note that we may be required to retain certain data (e.g., financial records for 7 years) even after an erasure request.

Right to Restriction of Processing (NDPA s. 37)

You may request that we restrict processing of your data in certain circumstances, for example while contesting the accuracy of your data.

Right to Data Portability (NDPA s. 38)

You may request a machine-readable export of personal data you have provided to us where processing is based on consent or contract. This includes your order history, wallet transactions, and profile data.

Right to Object to Profiling (NDPA s. 39)

You may object to processing of your personal data for AI-based profiling and automated decision-making. Where we cannot accommodate your objection and still provide the service, we will inform you of the consequences.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time by adjusting permissions in Settings or contacting us. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng if you believe we have violated your data protection rights. We encourage you to contact us first so we may resolve your concern directly.

To exercise any of the above rights, email [email protected] with the subject "Data Subject Request" and include your registered phone number for identity verification. We will respond within thirty (30) days of receipt.

14. Children's Privacy

The BuyChat Platform is not intended for use by individuals under the age of eighteen (18) years. We do not knowingly collect, process, or retain personal data from children under 18.

If you are a parent or guardian and believe that a child under 18 has registered for or is using the Platform without your consent, please contact us immediately at [email protected]. Upon verification, we will promptly delete the child's account and all associated personal data, except where retention is required by law.

We do not knowingly allow minors to purchase coins, enter into escrow transactions, or engage in any financial activity on the Platform.

15. Cookies and Local Storage

BuyChat uses browser local storage (not traditional HTTP cookies) to maintain your session, store your authentication token, preserve cart state, record theme preferences (light/dark), and save gamification progress locally. This data never leaves your device unless transmitted as part of an authenticated API request.

We do not use third-party tracking cookies, advertising pixels, or cross-site tracking technologies. We do not participate in any advertising network or remarketing programme.

Any analytics data we collect is aggregated and cannot be used to identify individual users. We do not use Google Analytics, Meta Pixel, or equivalent tracking tools.

For full details on what is stored locally on your device and how to clear it, see our Cookie & Storage Policy.

16. Third-Party Services

The Platform integrates with the following third-party services, each of which operates under its own privacy policy. We encourage you to review those policies:

  • Paystack (paystack.com) — Payment processing, bank transfers, and payout services.
  • QoreID (qoreid.com) — Identity verification (BVN, NIN, driver's licence, bank account verification).
  • Cloudinary (cloudinary.com) — Cloud storage and delivery of product images and user photographs.
  • ElevenLabs (elevenlabs.io) — Fallback text-to-speech synthesis for the voice pipeline.
  • Firebase / Google Cloud (firebase.google.com) — Push notifications for Android devices and analytics infrastructure.
  • Apple Push Notification Service (apple.com) — Push notifications for iOS devices.
  • Termii (termii.com) — SMS and WhatsApp OTP delivery for authentication.

BuyChat is not responsible for the data practices of these third-party services. Providing your data to them (for example, by completing a payment through Paystack) is subject to their own terms and privacy policies. We select third-party partners with appropriate data protection standards and maintain data processing agreements where required.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the features of the Platform. All changes will be posted on this page with an updated "Last Updated" date and version number.

For material changes — including new categories of data collected, new purposes for processing, or changes to data sharing practices — we will provide prominent notice through the Platform (such as an in-app notification or a banner on the home screen) at least fourteen (14) days before the change takes effect, where practicable.

Your continued use of the Platform after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. If you do not accept the changes, you must discontinue use of the Platform and may request deletion of your account.

18. Contact and Data Protection Officer

If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us through any of the following channels:

Data Controller
X Word Wide Limited ("BuyChat")
No. 24 Bello Street, Ibeju-Lekki, Lagos, Nigeria

Data Protection Officer (DPO)
Email: [email protected]
Subject line: "Privacy Enquiry" or "Data Subject Request"

General Privacy Enquiries
Email: [email protected]

We aim to respond to all legitimate enquiries within thirty (30) days of receipt. For complex requests, we may extend this period by a further thirty (30) days, in which case we will notify you of the extension and the reason for it.

If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

X Word Wide Limited

No. 24 Bello Street, Ibeju-Lekki, Lagos, Nigeria

© 2026 X Word Wide Limited. All rights reserved.