1. Introduction
Welcome to SuoOps (“we,” “our,” or “us”). We are committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use SuoOps — our commerce operating system for businesses (invoicing, online payments, a buyer-protected storefront and courier delivery).
SuoOps is the data controller for the personal data described here. You can reach our Data Protection Officer (DPO) at privacy@suoops.com.
2. Information We Collect
We collect the following types of information:
- Account Information: Name, email address, phone number, and business details when you register
- Google Account Data: When you sign in with Google, we receive your name, email, and profile picture (you can revoke access anytime)
- Invoice Data: Customer names, phone numbers, email addresses, amounts, and invoice details you create
- Payment Information: Bank account details for receiving payments (we do NOT store card details)
- WhatsApp Messages: Messages sent to our WhatsApp bot for invoice creation
- Receipt Images: Photos of receipts sent for OCR processing (processed by AI to extract invoice details, then deleted)
- Custom Branding: Business logos uploaded for invoice customization (stored securely on AWS S3)
- Tax Data: VAT rates, development levy calculations, and tax compliance reports generated from your invoices
- Location & Delivery Data: GPS coordinates and delivery addresses (used to arrange courier delivery and set the buyer-protection window)
- Device & Technical Data: IP address and device identifiers (used to secure your account and prevent fraud)
- Storefront Orders: order details and order-chat messages between buyers and sellers
- Usage Data: Information about how you use our service, including access times and features used
3. How We Use Your Information
We use your information to:
- Provide and maintain the SuoOps platform
- Process and send invoices to your customers via WhatsApp and Email
- Generate PDF invoices and receipts with your custom branding
- Process receipt photos using AI to extract invoice details
- Calculate and generate automated tax compliance reports (VAT, development levy)
- Send you notifications about invoice status, payments, and tax deadlines
- Enable storefront orders, buyer protection (escrow) and courier delivery
- Process wallet top-ups and online payments, and manage your account
- Detect and prevent fraud and abuse
- Authenticate your account using phone or email one-time codes (and Google, if you choose)
- Improve our service and develop new features
- Comply with legal obligations and tax regulations
4. Data Storage and Security
We implement industry-standard security measures to protect your data:
- Data encrypted in transit using TLS/SSL
- Secure cloud storage (S3 for files and logos, and a managed database)
- Regular security audits and updates
- Access controls and authentication for all systems
- Receipt photos are processed for OCR and deleted (not permanently stored)
- Custom logos stored securely with access controls
- Tax reports encrypted and accessible only to you
5. Third-Party Services
We use the following third-party services:
- Paystack & Flutterwave: For processing online payments, escrow and payouts
- Shipbubble / GIG Logistics: For courier delivery of storefront orders (buyer name, phone and delivery address)
- WhatsApp Cloud API (Meta), Brevo, Amazon SES: For sending messages, SMS and email notifications
- AWS, Render, Vercel: For cloud hosting, database and file storage
- Sentry: For error monitoring and reliability
- Mapbox: For deriving your state/city from location for delivery and buyer protection
- Google OAuth: For optional single sign-on
- OCR AI Services: For extracting invoice details from receipt photos
These services have their own privacy policies and we encourage you to review them.
Some of these providers process data on servers outside Nigeria (for example, in the United States). We rely on their security programs and contractual data-processing terms to protect your data during such transfers.
6. Data Sharing
We do NOT sell your personal information. We only share your data:
- With your customers when you send them invoices
- With service providers who help us operate our service
- When required by law or legal process
- To protect our rights, property, or safety
7. Your Rights
You have the right to:
- Access and download your data
- Correct inaccurate information
- Delete your account and data
- Object to data processing
- Export your data in a portable format
To exercise these rights, contact us at info@suoops.com or our Data Protection Officer at privacy@suoops.com
8. Data Retention
We retain your data for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your data within 30 days, except where we must retain it for legal or regulatory purposes.
9. Children's Privacy
Our service is not intended for children under 18. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.
10. International Data Transfers
Your data may be transferred to and processed in countries other than Nigeria, including the United States and European Union, where our service providers are located. We ensure appropriate safeguards are in place for such transfers.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our service. Your continued use of SuoOps after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us: