Privacy Policy

1. Who we are

pamelo.trade ("pamelo", "we", "us") is a business management tool built for Nigerian vendors. We help you organise orders, customer records and payments that come through WhatsApp and Instagram DMs.

For the purposes of Nigerian data protection law (NDPR 2019), pamelo is the data controller for your account information and the data processor for your customers' information — acting on your instructions.

2. What data we collect

About you (the vendor):

• Email address and business name provided at signup
• WhatsApp number linked to your pamelo account
• Instagram Business account ID and access token (granted by you via Meta login)
• Payment and billing information for your pamelo subscription
• Usage data — which features you use, how often, and when

About your customers (collected on your behalf):

• Names and contact details mentioned in DM conversations
• Order details — items, quantities, prices, delivery addresses
• Outstanding balances and payment status
• Message history used to build and update customer profiles
• Payment confirmation data where the smart payments feature is used

3. How we collect it

Meta Business APIs (WhatsApp and Instagram): pamelo connects to your WhatsApp Business line and Instagram Business account via official Meta APIs — not screen scraping, browser automation, or any unofficial method. When you authorise the connection, we receive inbound messages in real time and use them to extract order and customer information.

Payment data: When the smart payments feature is active, we use Paystack's Dedicated Virtual Accounts API. Payment events are received via webhook from Paystack — we never handle raw card data or bank credentials.

Directly from you: Information you enter into the pamelo dashboard, including manual order notes, customer records you create, and account settings.

4. How we use your data

• To provide the pamelo service — parsing messages, building customer profiles, sending reminders and follow-ups on your behalf
• To confirm payments and send in-chat notifications via the pamelo WhatsApp Business Platform
• To send you product updates, account notices and support responses (not marketing from third parties)
• To improve pamelo — aggregate, anonymised usage patterns help us understand which features matter most
• To comply with applicable Nigerian law and respond to lawful requests from authorities

We do not use your customers' data to train general AI models, target advertising, or serve any purpose other than operating your pamelo account.

5. Who we share data with

We share data only with the service providers necessary to operate pamelo:

• Meta (Facebook/Instagram) — to send and receive messages via the WhatsApp Business Platform and Instagram Graph API
• Paystack — to generate virtual account numbers and receive payment webhooks for the smart payments feature
• Cloud infrastructure providers — for secure hosting and data storage (servers located within compliant jurisdictions)
• PostHog — for anonymised product analytics (no personally identifiable customer data is sent)

We never sell data to third parties. We never share your customer records with other businesses, data brokers, or advertisers.

6. Your customers' right to opt out

Any customer who receives automated messages from pamelo on your behalf can reply STOP at any time. We permanently honour every opt-out — that customer will never receive another automated message through pamelo, regardless of any future settings you configure.

As the vendor, you are responsible for ensuring your use of pamelo's automated messaging features complies with applicable messaging laws and Meta's messaging policies.

7. Data retention

• Your account data is retained for as long as your pamelo account is active
• If you close your account, your data and your customers' data are deleted within 14 days
• You can export your full customer and order history as a spreadsheet at any time, for free, before closing your account
• Anonymised, aggregated usage data (e.g. "X% of vendors use debt reminders") may be retained indefinitely

8. Security

We apply industry-standard security practices: encrypted connections (TLS) for all data in transit, encrypted storage for sensitive credentials, and access controls limiting who within pamelo can reach production data.

No system is perfectly secure. If we become aware of a breach that affects your account or your customers' data, we will notify you promptly and take all reasonable steps to contain it.

9. Your rights under the NDPR

Under the Nigeria Data Protection Regulation 2019, you have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Object to processing or withdraw consent where processing is consent-based
• Data portability — receive your data in a commonly used, machine-readable format

To exercise any of these rights, email us at privacy@pamelo.trade. We respond within 24 hours and resolve requests within 30 days.

10. Cookies and tracking

The pamelo.trade website uses PostHog to understand how visitors interact with the page — which sections they read, how far they scroll, and whether they sign up. This data is anonymised and used only to improve the product.

We do not use third-party advertising cookies or share tracking data with ad networks.

11. Changes to this policy

We may update this policy as the product evolves. If we make a material change — one that meaningfully affects how we use your data — we will email you at least 14 days before the change takes effect. The "last updated" date at the top of this page always reflects the current version.

12. Contact

Questions, requests, or concerns about this policy: