Privacy Policy

1. Information We Collect

Account Information

When you register, we collect your name, email address, phone number, and role (Client or Vendor). Vendors additionally provide company name, address, city, state, years in business, and service categories.

RFQ & Bid Data

We collect the content of RFQs you submit, including descriptions, quantities, deadlines, and any uploaded files. For Vendors, we collect bid amounts, timelines, and proposal notes.

Transaction Data

We store records of payments, deposit amounts, order statuses, and transaction references. Sensitive card details are never stored by Forge Africa — they are handled entirely by Paystack.

Usage Data

We may collect information about how you use the Platform, including pages visited, actions taken, and timestamps, to improve our services and security.

2. How We Use Your Information

We use your data to:

• Create and manage your account
• Process and facilitate RFQs, bids, and orders
• Send transactional notifications (email and in-app)
• Verify vendor identities and capabilities
• Process payments via Paystack
• Resolve disputes and provide customer support
• Improve and secure the Platform
• Comply with legal obligations

We will never sell your personal data to third parties.

3. Sharing Your Data

We share your data only in the following limited circumstances:

• Between Clients and Vendors: When an RFQ is approved, relevant project details are shared with vendors in the matching category. Vendor company details are shared with clients on quote acceptance.
• Paystack: Transaction data is shared with Paystack to process payments. See Paystack's Privacy Policy.
• Legal requirements: We may disclose information if required by law, court order, or government authority in Nigeria.

4. Payment Data

All payment processing is handled by Paystack, a PCI-DSS compliant payment processor. Forge Africa does not store, process, or have access to full card details. We only store transaction references, amounts, and payment statuses for order management purposes.

5. Cookies

We use essential cookies to maintain your login session and protect against cross-site request forgery (CSRF). We do not use advertising or tracking cookies. You may disable cookies in your browser settings, but this will prevent you from logging in.

6. Data Retention

We retain your account data for as long as your account is active. If you close your account, we will delete or anonymise your personal data within 90 days, except where retention is required for legal compliance, dispute resolution, or fraud prevention. Transaction records are retained for 7 years as required by Nigerian financial regulations.

7. Your Rights

Under applicable Nigerian data protection law (NDPR), you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Portability: Request your data in a portable format
• Objection: Object to certain processing of your data

To exercise any of these rights, contact us at hello@forgeafrica.africa. We will respond within 30 days.

8. Security

We implement industry-standard security measures including HTTPS encryption, hashed passwords, CSRF protection, and access controls. However, no system is completely secure. You are responsible for keeping your account credentials confidential.

9. Children

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has registered, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. Continued use of the Platform after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or to exercise your rights, contact our Data Protection Officer at hello@forgeafrica.africa.