Privacy Policy

This Privacy Policy explains how Trackboria LTD, a limited liability company incorporated in the Federal Republic of Nigeria ("Trackboria", "we", "us", or "our"), collects, uses, stores, shares, and protects information in connection with the Trackboria delivery operations platform (the "Service"). It should be read together with our Terms and Conditions.

This Policy applies to people who use Trackboria directly — merchant administrators and staff, and agents using the mobile app — and to people whose delivery information appears within a merchant workspace, including customers and recipients who open a public tracking link.

Trackboria LTD has its registered office at No. 9B Tinubu Road, Ilupeju, Lagos, Nigeria.

For account, billing, security, website, and platform administration data, Trackboria acts as the controller and processes information for its own operational purposes.

For merchant workspace data — such as customer records, delivery addresses, order details, and rider activity — Trackboria generally acts as a processor, handling that information on the merchant's behalf and on its documented instructions. The merchant is the controller of that information and is responsible for its lawful collection and use.

We believe you should know exactly what information the Service processes and the reason for each category. The list below describes the information collected through normal use of Trackboria and mirrors the transparency section of our Terms and Conditions.

• Account and identity information — names, work email addresses, phone numbers, sign-in credentials, assigned roles, and account type, used to create and secure accounts, authenticate users, and apply role-based access.
• Business and merchant profile information — legal and trading name, country, timezone, currency, and billing and operations contact details, used to provision the workspace and issue accurate billing.
• Settlement and payout details — settlement bank name, account number, account name, and payment-provider subaccount identifiers, used to route collected funds and remittances to the correct merchant.
• Customer and recipient information — names, phone numbers, email addresses, delivery addresses, landmarks, zones, postal codes, and access notes, used to plan, carry out, and confirm deliveries and to keep recipients informed.
• Order and shipment records — order references, item details, declared values, COD amounts, delivery notes, shipment states, and timeline events, used to manage the delivery lifecycle and calculate amounts due.
• Location and tracking data — precise GPS coordinates, accuracy, speed, bearing, and timestamps from agent devices and shipment updates, used to provide live tracking, route oversight, and location evidence for completed deliveries.
• Proof-of-delivery evidence — recipient confirmation details, delivery OTP verification, captured signatures or photographs, and the location and device used at capture, used to confirm deliveries, resolve disputes, and reduce fraud.
• Payment and billing information — plan selection, invoices, balances, payment attempts and references, and limited card metadata such as card brand and the last four digits returned by the payment provider, used to process payments and reconcile accounts. Complete card numbers are handled by the payment provider and are not stored by Trackboria.
• Device, session, and security information — IP addresses, browser and user-agent details, device identifiers, login timestamps, and session and refresh-token records, used to keep sessions secure and detect unauthorised access.
• Communications and notifications — email, SMS, WhatsApp, push, and webhook messages sent through the Service and their delivery status, used to send operational updates and confirm they were received.
• Audit, fraud, and compliance records — audit logs of significant actions (including the actor, IP address, and before-and-after values), fraud flags, and dispute records, used to maintain accountability, investigate abuse, and meet legal obligations.

We use the information described above to:

• Create and manage merchant workspaces and user accounts
• Authenticate users, keep sessions secure, and prevent fraud or misuse
• Run delivery workflows, assign riders, show live tracking, and record delivery events
• Manage COD verification, remittance, billing cycles, invoices, and payment follow-up
• Send operational notifications by email, SMS, WhatsApp, push, or webhook where configured
• Store, retrieve, and secure proof-of-delivery media and related delivery evidence
• Investigate disputes, support issues, delivery exceptions, and security incidents
• Improve service reliability, maintain audit trails, and comply with legal and tax obligations

We share information only where it is needed to operate the Service or where the law requires it. Depending on the workflow, that can include:

• The merchant and authorised users within that merchant's workspace
• Agents, partner couriers, and delivery operators involved in a shipment
• Recipients who receive a valid public tracking link
• Payment providers such as Paystack and Flutterwave when a payment is initiated
• Infrastructure providers used for hosting, storage, notifications, maps, and delivery media access
• Law enforcement, regulators, or other third parties where disclosure is legally required

We do not sell personal information.

Some service providers may process information outside the country where a merchant or recipient is located. Where that happens, we take reasonable steps to ensure those providers apply appropriate security and confidentiality measures consistent with this Policy and applicable law.

We keep information for as long as it is needed to operate the workspace, maintain billing and audit records, investigate disputes or fraud, enforce our Terms and Conditions, and meet legal or tax obligations. Retention periods vary by the type of record and the reason it is held.

When information is no longer required for these purposes, we take reasonable steps to delete it or render it anonymous.

We use access controls, role-based permissions, token-based access, session records, hashed refresh tokens, and private media access controls to reduce the risk of unauthorised access. We restrict access to information so that it is scoped to the users and workflows that genuinely require it.

No system can be guaranteed completely secure, but the Service is designed to limit exposure and to support prompt investigation of any security incident.

Depending on the laws that apply to you, you may have the right to access, correct, delete, or restrict the use of personal information, or to object to certain processing.

Merchant users can review and update account information within their workspace, and merchants control most customer, order, and delivery records held in their workspace. If you are a customer or recipient and wish to correct, delete, or ask questions about delivery information connected to your order, please contact the merchant that sent the order first, as they control that information.

For requests relating to Trackboria's own account, billing, or security records, email info@trackboria.com.

The web app stores sign-in tokens in browser storage on the device used to sign in, so the workspace can remain authenticated between requests. Public pages, including the marketing site and public tracking pages, may generate server logs when they are opened.

Where map features are enabled, map providers may process device and location-related information under their own policies.

The Service is intended for businesses and the people who operate them. It is not directed at children, and we do not knowingly collect personal information from anyone under 18 years of age.

We may update this Policy as the product, our practices, or legal requirements change. When we make a material change, we will revise the "Last updated" date shown above and, where appropriate, communicate the update within the product or through the merchant account contact on file.

For privacy questions about Trackboria's platform records, contact info@trackboria.com, or write to Trackboria LTD, No. 9B Tinubu Road, Ilupeju, Lagos, Nigeria.