Cash on Delivery over ₦50,000 requires a 10% confirmation deposit at checkout, pay the balance when your order arrives. • Keep your phone available, our team will call to confirm your COD order before dispatch. • Cash on Delivery over ₦50,000 requires a 10% confirmation deposit at checkout, pay the balance when your order arrives. • Keep your phone available, our team will call to confirm your COD order before dispatch. • Cash on Delivery over ₦50,000 requires a 10% confirmation deposit at checkout, pay the balance when your order arrives. • Keep your phone available, our team will call to confirm your COD order before dispatch. • Cash on Delivery over ₦50,000 requires a 10% confirmation deposit at checkout, pay the balance when your order arrives. • Keep your phone available, our team will call to confirm your COD order before dispatch. •

Support

Free shipping for orders above ₦50,000

Privacy policy

Last updated: 2026-04-30

Correct Gadgets ("we", "us") operates the Correct Gadgets storefront and respects your right to privacy. This policy explains what personal data we collect, why we collect it, who it is shared with, how long we keep it, and the rights you have under the Nigeria Data Protection Act 2023 (NDPA), including regulations issued by the Nigeria Data Protection Commission (NDPC) such as the NDPR.

1. What we collect

Account data: name, email, password (stored as a salted hash, never in plain text), and optional phone number.
Order data: items purchased, prices, delivery address (LGA + street), shipping method, order notes, and payment reference. We do not store full card numbers.
Communication data: emails you send to support, and our replies.
Operational data: IP address and user-agent string for sign-in rate limiting and abuse detection. Server logs of API calls (without PII payloads where possible).
Cookies: a single httpOnly session cookie per signed-in customer and a separate session cookie for staff dashboard users. We do not use third-party advertising cookies.

2. Why we use it (lawful bases)

Performance of contract: to fulfil orders, process payments, and deliver products.
Legitimate interest: to keep the site secure (rate limiting, fraud prevention) and improve operations.
Legal obligation: to keep tax-related and accounting records.
Consent: optional newsletter sign-ups; you can unsubscribe any time.

3. Who we share it with (data processors)

We share only what is necessary, with vetted processors:

Paystack — payment processing. Card details are entered on Paystack's page and never reach our servers.
Resend — transactional email (order confirmations, support replies).
Cloudinary — hosting product images (no customer data).
Supabase / Postgres — the database we use to store account, order, and store-management data.
Hosting (Vercel) — runs the application; sees request metadata.

We do not sell personal data and we do not share it for third-party advertising.

4. How long we keep it

Account profile: until you ask us to delete it, or your account is inactive for an extended period (we may anonymise unused accounts).
Order records: retained for at least the period required by Nigerian tax and accounting law (commonly six years from the end of the relevant financial year). After you request deletion of personal data, names and contact info on those records are anonymised where the underlying record must still exist for legal reasons.
Support emails: kept only as long as needed to resolve your issue and provide context for follow-ups.
Login / rate-limit metadata: kept in memory for short windows (typically 15 minutes) and then discarded.

5. Your rights (NDPA)

Access the personal data we hold about you.
Correct anything that is inaccurate.
Ask us to delete your personal data, subject to records we are legally required to keep.
Receive a copy of your data in a portable format.
Object to or restrict certain processing (e.g. marketing).
Lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.

6. Security

Passwords are stored as scrypt salted hashes. Sessions use httpOnly, signed cookies and are scoped to the domain. We rate-limit sign-in attempts and key write APIs. We restrict dashboard access with server-side middleware. No system is 100% secure; please use a unique password and tell us as soon as possible if you suspect your account has been compromised.

7. Children

The store is intended for customers 18 years and older. We do not knowingly collect data from children. If you believe a child has provided personal data to us, contact us and we will remove it.

8. International transfers

Some processors (Paystack, Resend, Cloudinary, Vercel) may store data outside Nigeria. Where they do, we rely on their NDPR-/ GDPR-compatible safeguards and contractual commitments.

9. Changes to this policy

We may update this page from time to time. The "Last updated" date at the top tells you when. Significant changes will be communicated by email where you have an account.

10. Contact us

Questions, access or deletion requests, or NDPA enquiries: hello@correctgadgets.com. See also our data-deletion request page.

This page describes how Correct Gadgets handles personal data. It is not legal advice; consult a lawyer for specific situations.