Overview

At Konna, operated by Konna Technologies Limited ("Konna," "we," "us," or "our"), we are committed to protecting your privacy and handling personal data responsibly. This Privacy Notice explains how we collect, use, disclose, and safeguard personal data when you interact with our platform, including our website, mobile application, and services (collectively, the “Services”). Our Services include a business operations management system designed to help entrepreneurs, merchants, and businesses sell online, manage customers, track inventory, and process payments.

This Privacy Notice applies to:

• Merchants: Individuals or businesses who register an account to use Konna for selling products or services (e.g., via Social Commerce like WhatsApp, Instagram, TikTok, Website Builder, Invoicing, Payments, Inventory Management, or Analytics).
• Customers: Individuals who purchase from Merchants using Konna tools (e.g., through a Merchant's online store, payment links, or invoices).

We process personal data in compliance with the Nigeria Data Protection Act, 2023 (NDPA) and other applicable laws. If you are a Merchant, you are responsible for ensuring your own compliance with data protection laws when handling Customer data collected through our Services. Konna acts as a data processor for Merchant-collected Customer data and as a data controller for data related to our direct interactions with you.

By using our Services, you consent to the practices described in this Privacy Notice. If you do not agree, please do not use the Services.

Definitions

The following terms, when used in this Privacy Notice, have the meanings described below. Words in singular include the plural, and vice versa.

1. Information We Collect

We collect personal data necessary to provide our Services. The data we collect vary depending on your status (Merchant or Customer) and how you interact with Konna.

1.1. For Merchants

• Account and Business Information: Full legal name, email address, phone number, government-issued ID, proof of address, business name, business certificate of incorporation, bank account details (for settlements), and tax identification number.
• Content and Business Data: Product listings, images, videos, logos, descriptions, inventory details, and analytics inputs you upload or generate.
• Communications: Inquiries, support tickets, or feedback submitted via email, chat, or phone.

1.2. For Customers

• Transaction Information: Name, email address, phone number, delivery/billing address, and order details provided during purchases from a Merchant's store, Social Commerce catalog, or invoice.
• Payment-Related Data: Limited details like payment confirmation status (full card or bank details are handled by our partners, “Flutterwave” “Paystack”, and “Konnadex Payment Gateway”, and not stored by Konna).

1.3. All Users (Merchants and Customers)

• Usage and Technical Data: IP address, browser type, device information, operating system, pages visited, time spent on the Services, and interaction logs (e.g., clicks, searches).
• Automatically Collected via Cookies/Tracking: Session data, preferences, and analytics metrics to improve user experience.

We do not collect sensitive personal data (e.g., health or biometric information) unless you voluntarily provide it in communications, in which case we handle it with extra care under NDPR guidelines.

2. Device Permissions and Access

Konna may request access to certain features and sensors on your device to enable specific functionalities within the application. These permissions are requested only where necessary to provide core business, operational, or support features, and are used strictly for their intended purposes.

2.1. Camera Access

• Konna may request access to your device’s camera to enable features such as scanning QR codes,barcodes, capturing product images, uploading receipts, or creating other business-related content within the application. Camera access is used only when you actively initiate a feature that requires it. Konna does not access the camera in the background, record video, or capture images without your explicit action. Camera data is not used for surveillance, facial recognition, biometric identification, or profiling.

2.2. Photo Library and File Storage

• Konna may request access to your device’s photo library or file storage to allow you to upload images, documents, invoices, or other content you choose to store or share through the application. Konna does not access or retrieve files without your direction and consent.

2.3. Location Information

• Where enabled, Konna may request access to location information to support features such as address verification, delivery coordination, business location display, fraud prevention, or compliance requirements. Location access may be precise or approximate depending on the feature and your device settings. Location data is not used for tracking or monitoring outside the scope of the enabled feature.

2.4 Notifications

• Konna may request permission to send push notifications to deliver transactional alerts, account updates, reminders, or important service-related communications. You may manage notification preferences at any time through your device settings.

2.5 Microphone Access

• If applicable, Konna may request access to your device’s microphone solely to support features such as voice-enabled support or communication tools initiated by you. Microphone access is not used for background recording or surveillance.

2.6 Use and Protection of Device Data

• Any data collected through device permissions is used exclusively to provide the requested functionality and to improve the performance and reliability of the application. Konna does not sell, rent, or misuse device-derived data. Where third-party service providers process such data on our behalf, they do so under strict confidentiality and data-protection obligations.

2.7 Managing Permissions

• You may review, grant, or revoke device permissions at any time through your device settings. Please note that disabling certain permissions may limit or prevent access to specific features of the application.

3. How We Use Your Information

We use personal data to deliver, improve, and secure our Services, with specific applications for Merchants and Customers.

3.1. For Merchants

• Provide and manage your Account, including KYC/AML verification and access to tools like Website Builder, Invoicing, and Analytics.
• Process payments and settlements via “Flutterwave” “Paystack”, and “Konnadex Payment Gateway”.
• Generate business insights (e.g., sales trends, inventory alerts).
• Communicate updates, support responses, or promotional content (with consent).

3.2. For Customers

• Facilitate Transactions, such as confirming orders, sending payment links, or delivering invoices from Merchants.
• Enable Merchant-Customer interactions (e.g., order updates via Social Commerce).
• Resolve disputes or process refunds (coordinated with Merchants).

3.3. For All Users

• Enhance platform functionality and security (e.g., fraud detection, system monitoring).
• Analyze usage to improve Services.
• Comply with legal obligations (e.g., CBN regulations, tax reporting).

Legal bases under NDPA include contractual necessity (for Service delivery), consent (for marketing), legal obligations (for compliance), and legitimate interests (for security and analytics).

4. How We Share Your Information

We share personal data only as necessary and with parties bound by NDPA-compliant agreements. We do not sell your data.

• Service Providers: “Flutterwave” “Paystack”, and “Konnadex Payment Gateway” (payments and settlements), third-party verification tools (KYC/AML), cloud hosts (data storage), and analytics partners.
• Third-Party Platforms: Meta (for Social Commerce; limited data like catalog shares).
• Merchants and Customers: As relevant, Merchants receive Customer transaction details for order fulfillment; Customers see Merchant contact info for support.
• Legal/Regulatory: Authorities (e.g., CBN, Nigerian Data Protection Commission) for compliance or investigations.
• Business Transfers: Successors in mergers/acquisitions, with notice where possible.

For Customers, Konna shares data primarily with the relevant Merchant (as the data controller for purchase-related info). Merchants must obtain Customer consent for any further sharing.

5. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tools for:

• Essential functions (e.g., login, session management).
• Analytics (e.g., usage patterns via integrated tools).
• Personalization (e.g., remembering preferences).

Merchants may encounter additional tracking in Analytics reports. Customers see cookies on Merchant stores hosted by Konna. You can control cookies via browser settings. Essential cookies cannot be disabled. For details, contact us.

6. Data Security

We employ industry-standard measures, including:

• Encryption (in transit and at rest).
• Access controls and firewalls.
• Regular audits and monitoring.

Merchants: Secure your Account with strong passwords and report breaches immediately.

Customers: Data security during Transactions is ensured via Flutterwave, Paystack PCI-DSS compliance and Konnadex Payment Gateway blockchain transactions. No system is foolproof; we limit liability for breaches due to user negligence.

7. Data Retention and Deletion

Retention

• Merchants: Account data retained while active for 90 days post-closure; Transaction records up to 7 years for legal compliance.
• Customers: Purchase data retained for the Merchant's business needs and additional legal periods (e.g., 7 years for tax/audit).
• All Users: Anonymized usage data indefinitely for analytics; deleted upon request where possible.

We securely delete or anonymize data when no longer needed.

Deletion

Konna respects your right to control your personal data and is committed to ensuring that personal information is retained only for as long as necessary to fulfill the purposes for which it was collected, including legal, regulatory, contractual, and operational requirements.

Right to Request Data Deletion

You may request the deletion of your personal data at any time by contacting Konna through the channels provided in this Privacy Policy or via your account settings where available. Upon receiving a valid request, Konna will take reasonable steps to delete or anonymize your personal data in accordance with applicable data protection laws. See steps on how to delete your account https://konna.io/page/account-deletion

Scope of Data Deletion

Subject to applicable laws and legitimate business needs, data eligible for deletion may include:

• Account profile information
• Uploaded content and business records stored within the application
• Communication records and support interactions
• Device and usage data associated with your account

Exceptions to Deletion

Konna may retain certain data where retention is necessary to:

• Comply with legal or regulatory obligations (including tax, accounting, anti-money laundering, and financial reporting requirements)
• Resolve disputes or enforce agreements
• Detect, prevent, or investigate fraud, security incidents, or technical issues
• Maintain records required for audit or compliance purposes

Where data cannot be deleted, it will be securely retained and restricted from further use except for the purposes permitted by law.

Deletion of Transaction and Financial Data

Transaction records and payment-related data may be retained for statutory periods required under applicable financial and regulatory laws, even after account closure or deletion requests. Konna does not store sensitive payment credentials and relies on regulated payment partners for payment and settlement records.

Account Deactivation and Deletion

You may deactivate or request deletion of your account at any time. Upon account deletion, access to the application will be terminated, and associated personal data will be deleted or anonymized in line with this policy, except where retention is legally required.

Third-Party Data Processing

Where personal data has been shared with trusted third-party service providers acting on Konna’s behalf, Konna will take reasonable steps to ensure such providers delete or anonymize the data in accordance with contractual and legal obligations.

Timeframe for Deletion

Konna will respond to data deletion requests within a reasonable timeframe and, where applicable, within the period prescribed by law. You will be notified once your request has been completed or if additional time is required due to legal or technical constraints.

Irreversibility of Deletion

Please note that once personal data is deleted or anonymized, it cannot be recovered. You are encouraged to export or back up any data you wish to retain before submitting a deletion request.

8. Your Privacy Rights

Under NDPA, Merchants and Customers have rights including:

• Access: Obtain a copy of your data.
• Correction: Update inaccurate information.
• Deletion: Request erasure (subject to legal holds).
• Objection/Restriction: Oppose or limit processing (e.g., marketing).
• Portability: Receive data in a usable format.
• Withdraw Consent: For consent-based processing.

Customers: Direct requests to the Merchant for purchase data; contact Konna for platform-related data.

Merchants: Exercise rights via your dashboard or support.

Submit requests to dataprivacy@konna.io. We verify identity and respond within 30 days. Complaints can be escalated to the Nigerian Data Protection Commission.

9. International Data Transfers

Data may be transferred to servers outside Nigeria (e.g., cloud providers in the US or EU) using NDPR-approved safeguards like data processing agreements. For EU/UK users (if applicable), we use Standard Contractual Clauses.

10. Children’s Privacy

Our Services are not directed at children under 18. We do not knowingly collect data from minors. If we discover such data, we delete it promptly. Merchants must ensure compliance when selling to minors.

11. Changes to This Privacy Notice

We may update this Notice to reflect Service changes or legal updates. Changes are posted on our privacy policy page with the new Effective Date. Material updates will be notified via email or dashboard. Continued use constitutes acceptance.

12. Contact Us

For privacy questions or rights exercises:

• Email:dataprivacy@konna.io
• Support:support@konna.io(general inquiries)
• Phone:+234 906 145 0594
• Address: Konna Technologies Ltd, 10/7, Ekweremmadu Avenue, Independence Layout, Enugu, Enugu State, Nigeria

We respond promptly, prioritizing NDPA timelines. For Flutterwave, Paystack, and Konnadex Payment Gateway-related data, refer to their privacy policy.