OneCartNGSign In

Privacy Policy

Last updated: July 1, 2026

OneCartNG ("we", "our", "us") is committed to protecting your personal data. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, and what rights you have over it. It applies to all users of onecartng.com.

1. Information We Collect

Account information

  • Full name and email address (collected at sign-up)
  • Phone number (optional, for Nigerian-format contact)
  • OAuth profile data if you sign in via Google or another provider

Shopping data

  • Cart names and cart items you save (product URLs, names, prices, images)
  • Store selections and purchase flags you mark manually

Affiliate and usage data

  • Affiliate link clicks and associated session IDs
  • User-agent strings (browser/device type) attached to affiliate click records
  • A hashed version of your IP address (we never store raw IPs)
  • Price history snapshots for products you track

Technical data

  • Authentication session tokens (managed by Supabase)
  • Log data retained by our hosting provider (Vercel) for up to 30 days

2. How We Use Your Information

  • Cart management: to store, retrieve, and display your saved products across sessions.
  • Affiliate tracking: to generate and record affiliate links so that we can earn a commission when you purchase via a supported store. The IP hash and session ID are required by affiliate networks for fraud prevention.
  • Authentication: to verify your identity and keep your account secure.
  • Service improvement: to understand which stores and features are most used, so we can prioritise development.
  • Communications: to send transactional emails (password reset, account confirmation). We do not send marketing emails without your explicit opt-in.
  • Legal compliance: to respond to lawful data requests and enforce our Terms of Service.

3. Who We Share It With

We do not sell your personal data. We share it only with the following parties, and only to the extent necessary to operate the service.

Infrastructure providers

  • Supabase — database, authentication, and storage. Data is stored in the EU (Ireland) region by default. Supabase is SOC 2 Type II certified.
  • Vercel — web hosting and edge functions. Processes request logs for up to 30 days.

Affiliate networks and stores

When you click an affiliate link, the destination store and its affiliate network receive standard HTTP referral data (your IP address and user-agent from your browser). We have affiliate relationships with:

  • Jumia (Jumia Affiliate Programme)
  • Konga (Konga Affiliate Programme)
  • Temu (Temu Affiliate Programme)
  • Shein (Impact / Shein Affiliate)
  • ASOS (Awin / ASOS Affiliate)
  • Fashion Nova (Impact / Fashion Nova Affiliate)
  • Jiji (direct)

Each store's own privacy policy governs what they do with that data once you visit their site.

Legal disclosures

We may disclose personal data if required by law, court order, or to protect the rights, property, or safety of OneCartNG, our users, or the public.

4. Your Rights (NDPR & GDPR)

You have the following rights over your personal data under the Nigeria Data Protection Regulation (NDPR) 2019 and, where applicable, the EU General Data Protection Regulation (GDPR):

  • Access: request a copy of all personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your account and all associated data. See section 7.
  • Restriction: request that we limit processing of your data while a dispute is resolved.
  • Portability: receive your cart data in a machine-readable format (JSON or CSV).
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@onecartng.com. We will respond within 30 days. If you are dissatisfied with our response, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

5. Cookies

We use cookies and similar technologies to keep you signed in and to support affiliate tracking. For full details, including how to opt out, see our Cookie Policy.

6. Data Retention

  • Your account data (profile, carts, cart items, affiliate clicks) is retained for as long as your account is active.
  • On account deletion, all personally identifiable data is permanently deleted within 30 days.
  • Aggregated, anonymised analytics data (no personal identifiers) may be retained indefinitely for product analysis.
  • Vercel server logs are retained for 30 days and then automatically purged.
  • Data deletion requests are retained for 12 months to demonstrate compliance, then deleted.

7. Account & Data Deletion

You can request deletion of your account and all associated data in two ways:

  1. Self-service (coming soon): Account settings → Delete Account. This will immediately deactivate your account and schedule all data for deletion within 30 days.
  2. Manual request: Submit a request via our Data Deletion page or email privacy@onecartng.com with the subject line "Data Deletion Request". We will complete deletion within 30 days and send you a confirmation.

8. Contact Us

For any privacy questions or to exercise your data rights, contact OneCartNG at:

OneCartNG

Email: privacy@onecartng.com

Website: onecartng.com