Privacy Policy

How we collect, use, and protect your information.

Last updated: April 4, 2025

Who We Are

LetuSell is a campus marketplace that connects university students with student-run vendors. We help students discover, order, and pay for goods — from fashion to food to beauty products — with campus pickup.

This Privacy Policy explains what personal information we collect when you use LetuSell, how we use it, and your rights as a user. We are committed to handling your data responsibly and in line with the Nigeria Data Protection Regulation (NDPR).

If you have questions about this policy, you can reach us at privacy@letusell.ng.

Information We Collect

We collect information in the following ways:

Account information (registered users only)

When you create an account, we collect your name, email address, and university affiliation.

Order information

When you place an order — with or without an account — we collect the items you purchased, the vendor, your chosen pickup time slot, and your order status.

Contact details for guest orders

If you checkout as a guest, we collect your name and email address so we can link you to your order.

Phone number

We collect your phone number if you opt in to WhatsApp order notifications. This is optional.

Payment information

We do not collect or store your card number, bank details, or any raw payment credentials. All payment processing is handled by Paystack. We receive only a transaction reference and payment status confirmation.

Usage and analytics data

We use PostHog and Google Analytics to collect anonymised data about how users interact with LetuSell — page views, button clicks, and navigation patterns. These tools may store a cookie or device identifier to track sessions.

Device and log data

Our hosting provider, Vercel, automatically collects server logs including your IP address, browser type, and pages accessed. This is standard for any web service.

How We Use Your Information

We use the information we collect to:

Fulfil your orders — process payments, notify vendors, and provide your pickup details
Send order notifications — email confirmations via Resend; WhatsApp updates via Termii (if you provided a phone number)
Award loyalty points — track points and tier status for registered users
Prevent fraud — detect unusual payment patterns or suspicious activity
Improve the platform — analyse usage data to understand what works and what doesn't
Respond to support requests — help you if something goes wrong with an order

We do not use your information for third-party advertising, sell your data to other companies, or send marketing emails without your consent.

Payment Processing

All payments on LetuSell are processed by Paystack, a licensed Nigerian payment service provider. When you pay for an order:

You are redirected to Paystack's secure checkout
Paystack collects and processes your card or bank details directly
LetuSell never sees, stores, or has access to your card number, PIN, or CVV
After payment, Paystack sends us a confirmation containing only your transaction reference and the payment status

Paystack also manages vendor payouts through its subaccount feature. Paystack's own privacy policy governs any data you provide during checkout.

Data Sharing and Third Parties

We do not sell your personal data. We share data only with the service providers that power LetuSell, and only to the extent necessary for them to do their job.

PaystackPayment processing and vendor payouts. Receives transaction data only — no card details from us.

SupabaseDatabase, authentication, and file storage. Stores all account and order data.

ResendTransactional email. Receives your name, email, and order details for confirmation emails.

TermiiWhatsApp order notifications. Receives your phone number and order status (only if you opted in).

PostHogProduct analytics. Receives anonymised usage events and session data.

Google AnalyticsPage analytics. Receives anonymised page view and traffic data.

VercelHosting and edge infrastructure. Receives server logs including IP address, browser, and request data.

All providers are contractually required to handle your data securely and are prohibited from using it for their own marketing purposes.

How Long We Keep Your Data

Account data — retained while your account is active. If you request deletion, we will remove your profile and associated data within 30 days, except where required by law.
Order records — retained for up to 2 years to support order history, loyalty point accuracy, and dispute resolution.
Guest order data — name, email, and order details retained for the same period as registered user orders.
Analytics data — retained according to PostHog's and Google Analytics' own retention policies.
Server logs — retained for a short period (typically 30 days) in line with Vercel's standard practices.

Your Rights

Under the Nigeria Data Protection Regulation (NDPR), you have the right to:

Access — request a copy of the personal data we hold about you
Correction — ask us to correct inaccurate or incomplete information
Deletion — request that we delete your personal data (subject to legal retention requirements)
Portability — request your data in a portable format
Objection — object to specific types of processing

To exercise any of these rights, email privacy@letusell.ng. We will respond within 30 days and may ask you to verify your identity before processing the request.

If you believe your rights have been violated, you can lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

Cookies and Tracking

Session cookies (Supabase Auth)

When you sign in, Supabase sets a secure session cookie to keep you logged in. This cookie expires when you sign out or after a period of inactivity. It does not track you across other websites.

Analytics (PostHog and Google Analytics)

Both PostHog and Google Analytics use cookies or local storage identifiers to track sessions and page views within LetuSell. This helps us understand how students use the marketplace. Data is anonymised where possible.

You can block cookies in your browser settings at any time. Blocking session cookies will prevent you from staying logged in. Blocking analytics cookies will not affect your ability to browse or shop.

We do not use advertising cookies, cross-site tracking cookies, or share cookie data with advertisers.

Security

We take reasonable steps to protect your personal data:

All data is transmitted over HTTPS (TLS encryption)
Your account is secured by Supabase Auth, which uses industry-standard password hashing and secure session management
We never store raw card numbers, PINs, or CVVs — payment credentials go directly to Paystack
Our database is hosted in a secure cloud environment with access controls
Access to production systems is limited to authorised team members

No system is completely immune to security incidents. If we become aware of a breach that affects your personal data, we will notify affected users and the relevant authorities in line with NDPR requirements.

Under 18 Users

LetuSell is designed for university students and is intended for users aged 18 and above. If you are under 18, you may use LetuSell only with the consent and supervision of a parent or legal guardian.

We do not knowingly collect personal data from children under 13. If we discover that we have inadvertently collected data from a child under 13 without appropriate consent, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time — for example, when we add new features, onboard new service providers, or when the law changes.

When we make significant changes, we will update the "Last Updated" date at the top of this page. For material changes, we will notify registered users by email. Continued use of LetuSell after the updated policy takes effect constitutes your acceptance of the revised terms.

Contact Us

If you have questions about this policy, want to exercise your data rights, or have a privacy concern, get in touch. We aim to respond to all privacy-related enquiries within 5 business days.

Privacy enquiries

hello@letusell.ng

General support