Privacy Policy
This Policy explains how SLOBI LINK processes personal data across Slobi websites, creator pages, storefronts, Studio, APIs, emails, and connected-platform features.
1. Who controls your data
SLOBI LINK, a business registered in Nigeria, is the controller of personal data processed for Slobi's own purposes. Creators may independently control customer information they collect through their pages or products. Contact us at support@slobi.link.
2. Data we collect
- Account data: name, email address, profile image, username or slug, authentication identifiers, account settings, and verification records.
- Creator and storefront data: biography, links, themes, product listings, uploaded files, prices, customer-support information, and public-page content.
- Transaction data: order references, amounts, currency, payment status, customer email, payout information, refund and dispute records. Payment card details are handled by payment providers and are not intended to be stored by Slobi.
- Connected-platform data: provider account ID, display name, handle, profile URL, granted scopes, encrypted access and refresh tokens, posts, metrics, comments, messages, or other data you expressly authorise and the provider permits.
- Studio and AI data: goals, brand information, prompts, drafts, research instructions, approvals, generated content, workflow history, and feedback.
- Usage and device data: IP address, browser and device information, timestamps, pages and actions, referral information, approximate location derived from IP, logs, diagnostics, and security events.
- Communications: support requests, survey responses, marketing preferences, and other messages you send us.
3. Sources of data
We obtain data directly from you, automatically from your use of Slobi, from creators when you transact with them, from authentication and payment providers, and from social or content platforms you choose to connect. We may also process lawfully available public information for research features when permitted by applicable law and platform rules.
4. Why and on what basis we process data
- Contract: create accounts, host pages, deliver products, process orders, provide subscriptions, connect authorised accounts, and respond to support.
- Consent: connect optional platforms, send optional marketing, store provider profile data where required, or use non-essential tracking. You may withdraw consent.
- Legitimate interests: secure and improve Slobi, prevent fraud, understand product use, provide relevant recommendations, enforce policies, and protect legal rights, balanced against your rights.
- Legal obligation: maintain tax, accounting, transaction, sanctions, dispute, and compliance records and respond to lawful requests.
- Vital or public interests: only where applicable and legally permitted.
5. Connected social accounts
When you connect a platform, Slobi receives the scopes and data shown during consent. We store provider identifiers, profile data, granted permissions, and encrypted tokens so the connection can operate. Depending on the feature and approval granted, we may retrieve your posts and analytics, prepare or publish content you approve, synchronise media, or assist with comments and messages.
We do not sell connected-platform data. We do not use it to build advertising profiles for unrelated third parties. Disconnecting stops future authorised access, and we delete or de-identify retained provider data subject to the retention rules below. You can also revoke Slobi from the provider's own connected-app settings.
6. AI processing and automated assistance
Information submitted to Studio may be processed by Slobi infrastructure and selected AI service providers to generate requested outputs, perform analysis, or support workflows. We limit the data sent to what is reasonably needed for the feature. Slobi does not make solely automated decisions that produce legal or similarly significant effects about you without appropriate safeguards.
Do not submit highly sensitive personal data unless the feature clearly requires it and you have authority and a lawful basis. AI output and feedback may be retained to provide history, improve your workspace, prevent abuse, and evaluate service quality.
7. When we share data
- Cloud hosting, storage, security, analytics, communications, email, and AI vendors acting under appropriate instructions.
- Payment processors such as Paystack to initiate, verify, settle, refund, and investigate transactions.
- Social platforms when you direct us to authenticate, retrieve data, or perform an approved action.
- Creators and customers as needed to fulfil a transaction, provide support, or resolve a dispute.
- Professional advisers, auditors, insurers, authorities, or courts when reasonably necessary or legally required.
- A buyer or successor in a merger, financing, reorganisation, or sale, subject to confidentiality and applicable law.
We do not sell personal data for money. If our practices change in a way that legally constitutes a sale or targeted advertising, we will provide required notice and choices.
8. International transfers
Slobi and its providers may process data outside your country, including where cloud, payment, social-platform, email, or AI systems operate. We use contractual, organisational, and technical safeguards required by applicable law and assess transfer risks where appropriate.
9. Retention
- Account and workspace data: while your account is active and for a reasonable deletion and recovery period afterward.
- Connected-platform tokens: until disconnection, revocation, expiry, or account deletion, then removed from active systems promptly.
- Orders, payments, payouts, tax, fraud, and dispute records: generally up to seven years or the period required by law.
- Security logs and diagnostics: generally 30 days to two years depending on risk and purpose.
- Backups: removed through normal backup rotation and isolated from ordinary use.
We may retain data longer when required for litigation, regulatory obligations, fraud prevention, or enforcement. We delete or de-identify data when its purpose ends.
10. Security
We use measures designed to protect data, including access controls, encryption in transit, encrypted connector tokens, isolated storage, logging, and least-privilege service access. No system is completely secure. You are responsible for protecting your credentials and should report suspected compromise immediately.
11. Your rights
Subject to applicable law, including the Nigeria Data Protection Act 2023, you may request access, correction, deletion, restriction, objection, portability, information about processing, withdrawal of consent, or review of certain automated decisions. You may also object to direct marketing at any time.
Email support@slobi.link with the subject "Privacy Request". We may verify identity and authority before acting. We aim to respond within the legally required period. You may complain to the Nigeria Data Protection Commission or your local supervisory authority.
12. Children
Slobi is not directed to children under 13. People below the age of legal majority may not use seller, payment, or paid-account features without legally valid involvement of a parent or guardian. If you believe a child provided data unlawfully, contact us.
13. Cookies and communications
We use essential cookies and similar storage for authentication, security, preferences, and service operation. Optional analytics or marketing technologies are used only as described in our Cookie Policy and where required with consent. Transactional messages are necessary for account and order operation; marketing messages include an opt-out.
14. Changes and contact
We may update this Policy when products, providers, or laws change. Material changes will be highlighted through reasonable notice. Contact SLOBI LINK at support@slobi.link. Data deletion instructions are available at slobi.link/data-deletion.
