Privacy Policy

Vendors Africa (vendorsafrica.com) is a wedding vendor discovery platform operated as part of the JoyRibbons group of products. When this Policy refers to "we," "us" or "Vendors Africa," it means the team behind vendorsafrica.com.

We operate across Africa — primarily Nigeria, Ghana, Kenya, South Africa, Rwanda and Senegal — and our platform is used by couples planning weddings and by vendors seeking to be discovered.

We collect data in three ways: data you give us, data we collect automatically, and data from third parties.

Data you give us directly:

• Account registration — your name, email address and password when you create an account
• Profile information — city, wedding date, and preferences you add to personalise your experience
• Payment information — billing details when you unlock a venue or subscribe to a plan (handled by our payment processor; we do not store full card numbers)
• Vendor listing details — if you list your business, your business name, contact details, service description, photos and pricing information
• Communications — messages you send us through our contact form, support emails or WhatsApp
• Survey and feedback responses — if you participate in optional feedback requests

Data we collect automatically when you use the platform:

• Usage data — pages visited, time spent, clicks, search queries and venue unlock actions
• Device and browser data — IP address, browser type, operating system and screen resolution
• Referral data — how you found us (search engine, social media, direct link)
• Location data — approximate country and city inferred from your IP address (not GPS)

Data from third parties:

• Payment processors — transaction confirmations and fraud signals (no raw card data)
• Analytics providers — aggregated usage trends to help us improve the platform
• Social media platforms — if you choose to sign in with Google or Apple, we receive your name and email from that provider

We use your data only for purposes that are necessary and proportionate. Specifically:

• To create and manage your account
• To process your venue unlocks and subscription payments
• To show you venue content, décor lookbooks and vendor profiles relevant to your city and preferences
• To remember your unlocked venues so you can access them at any time
• To send you transactional emails — payment confirmations, account updates, password resets
• To send you marketing emails about new venues, new cities and platform updates (you can opt out at any time)
• To detect and prevent fraudulent activity and abuse of the platform
• To improve the platform — understanding which venues get the most views, which cities have the most demand, and how people navigate the site
• To comply with our legal obligations across the jurisdictions where we operate

If you list your business on Vendors Africa, your business name, location, category, service description, pricing and contact details will be publicly visible on your vendor profile. This is the nature of a directory listing and is expected.

We recommend you do not include personal mobile numbers on your public profile if you are not comfortable with that number being widely visible. Use a business number or email where possible.

• Your business photos and media will be stored on our servers and displayed to couples browsing the platform
• Analytics about how many couples viewed your profile, shortlisted you or clicked through to your contact details will be available to you in your vendor dashboard
• We will not share your vendor analytics with other vendors or third parties
• If you remove your listing, your public profile will be taken down within 48 hours. Backup copies may be retained for up to 30 days for system integrity purposes, then permanently deleted

All venue photos, videos and décor lookbooks on Vendors Africa are watermarked with our domain. This watermark is applied automatically to protect the intellectual property of the venues and vendors whose content we feature.

We implement technical measures to prevent right-click downloading, drag-and-drop extraction and keyboard shortcut saving of our content. These measures are a condition of the content licences granted to us by venues and vendors.

If you believe content on our platform infringes your copyright or was used without your permission, please contact copyright@vendorsafrica.com with details. We take these reports seriously and respond within 5 business days.

All payments on Vendors Africa are processed by third-party payment providers (Paystack for Nigeria and Ghana; Stripe for international transactions). We do not store your full card number, CVV or bank account details on our servers.

We retain records of your transactions — dates, amounts, what you purchased — for accounting and dispute resolution purposes. Transaction records are retained for a minimum of seven years in accordance with Nigerian financial regulations and applicable law in other operating jurisdictions.

• Subscription billing — your card is charged automatically on your renewal date. You will receive a receipt by email for every charge
• Refunds — are subject to our refund policy in the Terms of Service. Payment processor records are used to process any approved refunds
• Failed payments — if a payment fails, we will notify you by email and your access will be paused until payment is resolved

We use cookies — small files stored in your browser — to make the platform work properly and to understand how it is used.

Essential cookies (always active):

• Session cookies — keep you logged in while you browse
• Unlock state cookies — remember which venues you have paid to unlock
• Security tokens — protect against cross-site request forgery

Analytics cookies (can be declined):

• We use privacy-friendly analytics to understand traffic and page performance. Where possible we use anonymised or aggregated data
• We do not use Google Analytics' advertising features

Marketing cookies (require consent):

• Only set if you have explicitly consented. Used to measure the effectiveness of any marketing campaigns we run
• You can withdraw consent at any time by clearing cookies or adjusting your browser settings

We do not sell your personal data. Full stop. We may share it only in the following limited circumstances:

• Service providers — companies that help us operate the platform (hosting, email delivery, payment processing, analytics). They process data only under our instruction and are contractually bound to protect it
• JoyRibbons group — as a JoyRibbons company, limited data may be shared within the group to provide connected services (for example, if you use both Vendors Africa and JoyRibbons for your wedding registry). You will always be informed before any such sharing occurs
• Legal obligations — if we are required by law, court order, or a regulatory authority to disclose data, we will comply and notify you where we are legally permitted to do so
• Business transfers — in the event Vendors Africa is acquired or merged, your data may transfer to the new entity. We will notify you in advance and you will have the opportunity to delete your account
• Safety — if we have a genuine belief that disclosure is necessary to prevent imminent harm to a person

Vendors Africa operates across multiple African countries and our infrastructure may be hosted in data centres outside your country of residence. Where your data is transferred internationally, we ensure appropriate safeguards are in place:

• For users in Nigeria — we comply with the Nigeria Data Protection Act (NDPA) 2023 and the Nigeria Data Protection Regulation (NDPR)
• For users in South Africa — we comply with the Protection of Personal Information Act (POPIA)
• For users in Kenya — we comply with the Data Protection Act 2019
• For users in Ghana — we comply with the Data Protection Act 2012
• For users in the UK or EU — we apply UK GDPR / EU GDPR standards
• For all other jurisdictions — we apply the NDPA standard as a minimum baseline

Where we transfer data outside Africa, we use standard contractual clauses or equivalent mechanisms to protect it.

• Account data — retained for as long as your account is active, plus 12 months after closure to allow for any disputes or reactivation requests
• Unlocked venue access — records of your unlocks are kept for the lifetime of your account so you can access them at any time
• Transaction records — minimum 7 years for financial and tax compliance
• Marketing preferences — until you opt out or delete your account
• Support communications — 3 years from the date of the last interaction
• Analytics data — aggregated and anonymised after 24 months

You can request deletion of your account and personal data at any time. We will action deletion requests within 30 days, subject to our legal retention obligations (principally financial records).

We take reasonable and appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, destruction or disclosure. These include:

• All data in transit is encrypted using TLS/SSL
• Passwords are hashed using industry-standard algorithms — we cannot see your password
• Financial data (transaction records) is encrypted at rest
• Access to personal data is restricted to staff who need it for their role
• All staff with access to personal data are subject to confidentiality obligations
• We conduct periodic reviews of our security practices

No system is perfectly secure. In the event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority without undue delay and in any case within 72 hours where required by law.

Depending on where you are based, you have some or all of the following rights over your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — ask us to correct inaccurate or incomplete data
• Erasure — request deletion of your data (subject to legal retention obligations)
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing of your data for marketing purposes at any time
• Restriction — ask us to pause processing of your data in certain circumstances
• Withdraw consent — where processing is based on your consent, you can withdraw it at any time without penalty
• Complaint — lodge a complaint with the relevant data protection authority in your country

Vendors Africa is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@vendorsafrica.com and we will delete it promptly.

We may update this Privacy Policy from time to time as our platform evolves or as laws change. When we make material changes, we will notify you by email and display a prominent notice on the platform at least 14 days before the changes take effect.

Your continued use of the platform after the effective date of any changes constitutes acceptance of the updated Policy. If you do not agree with the changes, you may delete your account before they take effect.

The date at the top of this page always shows when the Policy was last updated. Previous versions are available on request.

For any questions about this Privacy Policy or to exercise your rights:

• Email: privacy@vendorsafrica.com
• General enquiries: hello@vendorsafrica.com
• Copyright concerns: copyright@vendorsafrica.com

We are a JoyRibbons company. You can also reach the JoyRibbons team at hello@joyribbons.com.