T
← Back to Vsage TradeOS

Privacy Policy

Last updated: June 19, 2026

1. Overview

Vsage TradeOS("we", "us", or "our") is a business management platform for wholesale and retail merchants. This Privacy Policy explains how we collect, use, store, and protect information when you use our dashboard, our WhatsApp Business integration, and related services (collectively, the "Service").

This policy applies to three groups of people: merchant administrators and team members who sign up for and use the dashboard, end customers of those merchants who interact with a merchant's WhatsApp Business number, and visitors to our marketing website.

2. Information We Collect

We collect the following categories of information:

  • Account information: name, email address, phone number, and role, provided when a merchant administrator or team member signs up or is invited to a workspace.
  • Business data: product catalogues, inventory levels, orders, invoices, payment records, and customer records that a merchant enters or that are created through the Service on their behalf.
  • Customer data:names, phone numbers, addresses, and order history of a merchant's own customers, provided to us by the merchant or collected automatically through WhatsApp messages (see Section 3).
  • Usage data: log data, device information, and analytics collected automatically when you use the dashboard or visit our website.
  • Payment data: processed by our payment partner, Paystack — we do not store full card or bank account numbers ourselves.

3. WhatsApp Messaging Data

The Service integrates with the Meta WhatsApp Business Platform (Cloud API) to let merchants receive and respond to customer orders automatically. When a customer messages a merchant's WhatsApp Business number through the Service:

  • We receive the message content, the sender's phone number, and message metadata (timestamp, message ID) via Meta's webhook system.
  • Message content is processed by an AI model to identify intent (e.g. placing an order, checking a balance, tracking a delivery) and extract relevant order details.
  • We log both inbound and outbound messages, including the AI's interpretation and confidence score, to provide conversation continuity and to allow the merchant to audit and correct automated responses.
  • We do not use customer WhatsApp data to train AI models, and we do not sell or share this data with unrelated third parties.

This data is shared with and processed in accordance with Meta's own WhatsApp Business Platform terms, which govern how message data is transmitted to us via their infrastructure.

4. How We Use Your Data

  • To provide, operate, and maintain the Service, including order processing, inventory tracking, invoicing, and delivery management.
  • To automatically respond to customer WhatsApp messages on a merchant's behalf, using AI to interpret requests and trigger the correct action (creating an order, checking stock, reporting a balance, etc.).
  • To send transactional notifications — for example, low-stock alerts, overdue invoice reminders, and delivery updates — by email or WhatsApp.
  • To monitor and improve the reliability, security, and performance of the Service, including error tracking and diagnostics.
  • To communicate with merchant administrators about their account, billing, or changes to our terms or policies.

5. Data Sharing & Third Parties

We do not sell personal information. We share data only with the service providers necessary to operate the Service, each bound by their own data protection obligations:

  • Meta Platforms, Inc. — to send and receive WhatsApp messages via the Cloud API.
  • Supabase — database hosting and authentication.
  • Paystack — payment processing for invoices and subscriptions.
  • OpenRouter / underlying AI model providers — to process and interpret WhatsApp message text for automated order handling.
  • Resend — transactional email delivery (invites, password resets, notifications).
  • Cloudinary — storage and delivery of product images and avatars.
  • Vercel — application hosting.
  • Sentry — error monitoring (technical diagnostic data only).

We may also disclose information if required by law, to enforce our terms, or to protect the rights, property, or safety of the Service, our merchants, or others.

6. Data Retention

We retain account, business, and customer data for as long as a merchant's account remains active, and for a reasonable period afterward to comply with legal, accounting, or reporting obligations. WhatsApp message logs are retained to preserve conversation history and audit trails, and may be deleted upon a merchant's or end customer's request, subject to legal retention requirements.

7. Data Security

We use industry-standard measures to protect data, including encrypted connections (HTTPS/TLS), encrypted database storage, role-based access control within the dashboard, and verified webhook signatures (HMAC) to ensure incoming WhatsApp messages genuinely originate from Meta. No system is perfectly secure, and we encourage merchants to use strong, unique passwords and to promptly deactivate team members who no longer need access.

8. Your Rights & Choices

Depending on your location and applicable law (including Nigeria's NDPA), you may have the right to:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data, subject to legal or contractual retention requirements.
  • Object to or restrict certain processing of your data.
  • Withdraw consent where processing is based on consent (e.g. opting out of WhatsApp marketing messages by replying STOP, or contacting the merchant directly).

End customers of a merchant should direct data requests to that merchant in the first instance, as they control the underlying customer relationship. Merchant administrators can contact us directly using the details in Section 12.

9. Children's Privacy

The Service is a business-to-business platform intended for use by adults operating or working for a registered business. We do not knowingly collect personal information from children, and the Service is not directed at individuals under the age of 18.

10. International Data Transfers

Our infrastructure providers (including Supabase, Vercel, Meta, and others listed in Section 5) may process and store data outside Nigeria. Where this occurs, we rely on those providers' own compliance certifications and contractual safeguards to ensure data continues to be protected to a standard consistent with this policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will update the "Last updated" date at the top of this page when we do. Material changes will be communicated to merchant administrators by email or in-dashboard notice.

12. Contact Us

If you have questions about this Privacy Policy or how your data is handled, contact us at support@example.com.