1. Scope and Overview
This Privacy Policy explains how WebOwnr ("WebOwnr", "we", "our", or "us") collects, uses, stores, shares, and protects personal information when merchants, merchant team members, customers of merchant stores, and visitors use our website, dashboards, storefront infrastructure, APIs, support channels, and related services (collectively, the "Services").
WebOwnr is a multi-tenant Website-as-a-Service platform built for ecommerce businesses. Merchants can launch online stores using subscription plans or structured installment plans that may lead to full website ownership under applicable commercial terms.
2. Roles and Relationship to Merchant Data
- Merchant account data: For merchant account, onboarding, billing, and compliance data, WebOwnr is generally a data controller.
- Store customer data: For customer information processed through merchant storefronts (for example orders, checkout records, or support requests), merchants are generally data controllers and WebOwnr acts as a processor/service provider.
- Third-party integrations: Payment and identity verification workflows may involve independent controllers such as Paystack and Flutterwave or regulated banking partners.
3. Information We Collect
3.1 Information provided by merchants and team members
- Full name, business name, and contact details
- Authentication details (email, account credentials)
- Business profile and storefront settings
- Billing and plan data (subscription status, installment schedules, invoices, transaction references)
- Bank account data submitted for withdrawals and payouts, including account verification responses
- Customer support communications, feedback, and compliance submissions
3.2 Information processed on behalf of merchants
- Order records and customer checkout details
- Store catalog and product metadata
- Operational events generated through store usage
3.3 Technical and usage information
- Log data, IP address, browser type, and device metadata
- Session data, timestamps, and diagnostic information
- Cookie and similar tracking signals described in our Cookie Policy
4. How We Use Information
- Provide and maintain merchant dashboards and storefronts
- Authenticate users and secure accounts
- Process plan billing, installment tracking, and service entitlements
- Verify bank accounts and support withdrawals via Paystack and Flutterwave and banking rails
- Prevent fraud, abuse, account compromise, and policy violations
- Deliver customer support and operational notices
- Improve platform performance, reliability, and UX
- Generate aggregated analytics and business intelligence reports
- Comply with legal, tax, audit, and regulatory obligations
5. Lawful Bases for Processing
Where required by applicable law, we process personal data based on:
- Contractual necessity (for account creation, service delivery, billing, and support)
- Legitimate interests (platform security, product improvement, and fraud prevention)
- Legal obligations (compliance, accounting, dispute handling, and lawful disclosure)
- Consent where specific consent is required (for example optional marketing communications)
6. How We Share Information
We may share personal information only as needed in these contexts:
- Infrastructure vendors: Hosting and deployment providers (including Vercel), analytics and operational tooling, and customer communication services.
- Data platform providers: Firestore for application data persistence and Firebase Auth for authentication management.
- Media platform: Cloudinary for product/media delivery and optimization.
- Payment and verification providers: Paystack and Flutterwave and associated financial institutions for payment processing, account resolution, and withdrawals.
- Professional advisors: Auditors, insurers, legal counsel, and compliance partners bound by confidentiality duties.
- Corporate transactions: During mergers, financing events, reorganizations, or sale of assets, subject to confidentiality safeguards.
- Legal disclosure: To comply with law, regulation, court order, lawful request, or to protect rights, safety, and security.
We do not sell personal information in exchange for money.
7. International and Cross-Border Data Transfers
WebOwnr and its providers may process data in multiple countries. When data is transferred across borders, we apply reasonable safeguards and contractual measures intended to protect personal data under applicable law.
8. Data Retention
We retain personal data for as long as necessary for service delivery, legitimate business needs, legal obligations, audit requirements, and dispute resolution. Retention periods vary based on data type, account status, and legal obligations. When data is no longer required, we delete or de-identify it where feasible.
9. Security Measures
We use administrative, technical, and organizational measures designed to protect personal data, including access controls, authentication safeguards, encryption in transit where supported, monitoring, and incident response processes. No method of storage or transmission is completely secure, and we cannot guarantee absolute security.
10. Your Privacy Rights and Choices
Depending on your location and applicable law, you may have rights to:
- Request access to personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request deletion of certain personal data
- Request restriction of or object to certain processing
- Request data portability where technically feasible
- Withdraw consent for consent-based processing
- Manage cookies through browser and consent controls
Merchants are responsible for responding to customer requests related to merchant-controlled storefront data.
11. Marketing Communications
We may send product updates, service notices, and educational communications. You can opt out of non-essential marketing emails using unsubscribe links or by contacting us.
12. Children's Privacy
The Services are intended for business and adult users and are not directed to children under 18. If we become aware that personal data from a child has been collected without appropriate authorization, we will take steps to delete it.
13. Changes to This Privacy Policy
We may update this Privacy Policy to reflect service, operational, legal, or regulatory changes. Updates become effective when posted with a revised "Last updated" date. Material changes may be communicated by additional notice where appropriate.