Back home

Privacy Policy

Last updated: 30 May 2026

This Privacy Policy explains what personal data Agba Bookings("Agba Bookings", "we", "us") collects when you use our website, dashboards and the public booking pages we host, how we use it, who we share it with, and the rights you have over it. It is written to comply with the Nigeria Data Protection Regulation (NDPR), the Nigeria Data Protection Act 2023, and applicable consumer-protection rules.

1. Who we are

Agba Bookings is a Nigerian-focused appointment-booking platform. We let small and medium businesses (the "Business") accept online bookings and payments from their customers (the "Customer"). We are the data controller for account and platform data described below. When you book through a Business's public booking page, that Business is a joint controller of your booking data and uses it to deliver the service you booked.

2. Data we collect

From Businesses (account owners)

  • Identification: name, email address, phone number, password (stored hashed).
  • Business profile: business name, type, address, description, logo, banner, hours, services and prices.
  • Verification documents you upload (e.g. CAC certificate, government ID, utility bill, tenancy agreement) and their review status.
  • Payout details: bank name, bank code, account number, account name. We pass these to our payments provider so we can pay you out — we do not retain your BVN.
  • Subscription and billing records, including the plan you chose and the dates of charges.
  • Acceptance of these terms (date and time stamp).

From Customers (people who book)

  • Contact details you give the Business: name, email and/or phone number.
  • Booking details: the service, date, time, optional notes, and reviews you leave.
  • Payment details: handled directly by our payments provider (see Section 4). We receive a transaction reference and the channel used (card or transfer); we do not see or store your card number, PIN, CVV or full bank details.

Automatically

  • Standard technical data: IP address, browser type, device, pages visited and timestamps, used for security, abuse-prevention and basic analytics.
  • An authentication token stored in your browser's localStorage after you sign in, so we can keep you logged in.
  • Limited short-lived caches (e.g. one-time-password values) used for email verification and password reset.

3. How we use your data

  • To create and operate your account and your business's booking page.
  • To enable bookings, take payments, hold them in escrow, and pay Businesses out to their bank accounts.
  • To send transactional emails: booking received, payment confirmed, booking accepted/declined, refund issued, payout sent, appointment reminders, review requests.
  • To verify a Business's identity before its booking page goes live (anti-fraud).
  • To enforce our Terms of Service and prevent abuse, fraud and unlawful activity.
  • To comply with our legal obligations (tax, anti-money-laundering, lawful requests from regulators or courts).
  • To improve the platform — we may analyse aggregate, de-identified usage data.

We do not sell your personal data, and we do not use it for advertising or marketing by third parties.

4. Third parties we share data with

We share the minimum data necessary, only with providers who help us run the service:
  • Paystack — our licensed payments partner. They process card and bank-transfer payments, hold funds, refund customers, and transfer your earnings to your bank. Customer email and amount are shared on each transaction; for payouts, your bank account is shared. Paystack's privacy policy applies to the data they process.
  • Email-delivery provider (Resend) — to send the transactional emails listed above.
  • Cloud hosting and infrastructure — to host the application and store data.
  • Law enforcement, regulators and our professional advisers — only where required by law or to defend our legal rights.

We never sell, rent or trade your data, and we never share Customer contact details with anyone other than the Business that received the booking.

5. Where your data is stored

Account and booking data is held in databases operated for Agba Bookings. Uploaded files (logos, banners, verification documents) are held in secure object storage. Some of our providers may store or process data outside Nigeria. Where this happens, we rely on the provider's standard data-protection commitments and use providers that offer security and privacy protections at least equivalent to those in Nigeria.

6. How long we keep data

  • Active accounts: for as long as your account is open.
  • Closed accounts: we delete or anonymise personal data within 90 days of account closure, except where we must keep it longer to comply with the law (e.g. tax and payment records, typically held for up to 7 years).
  • Bookings and payment records: retained for accounting and dispute resolution; we may retain financial transaction records for up to 7 years.
  • Verification documents: retained for as long as your account is active, and for a reasonable period after closure for audit purposes.

7. Security

We protect your data with industry-standard measures: TLS in transit, encrypted storage, hashed passwords, signed authentication tokens, signed webhook verification, rate-limiting, and access controls. No system is perfectly secure; you must keep your password confidential and notify us immediately at the address below if you suspect unauthorised access.

8. Your rights

Under the NDPR / Nigeria Data Protection Act 2023, you have the right to:
  • access the personal data we hold about you;
  • correct it if it is wrong;
  • request that it be deleted, subject to our legal retention obligations;
  • object to or restrict certain uses of it;
  • request a copy in a portable format;
  • withdraw consent at any time (without affecting processing already done);
  • complain to the Nigeria Data Protection Commission (NDPC).

To exercise any of these rights, email us at agbabookings@gmail.com from the email on your account. We will respond within 30 days.

9. Cookies and local storage

We use a single authentication token stored in localStorage to keep you signed in, plus essential cookies set by our hosting and security infrastructure. We do not use advertising or third-party tracking cookies.

10. Children

The platform is for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a child has provided us data, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects when it last changed. For material changes that affect your rights, we will notify you by email or via the dashboard.

12. Contact us

Questions, requests or complaints about this Privacy Policy or your data: