Data Protection

Effective Date: May 9, 2026Last Updated: May 9, 2026

Regalo is committed to protecting the personal data of all users — clients, braiders, and admins alike. We operate in compliance with Nigeria's Data Protection Regulation (NDPR), and where applicable, the General Data Protection Regulation (GDPR). This page explains how we collect, store, and protect your data.

Data Protection Principles

We adhere to the following principles in all our data processing activities:

  • Lawfulness, fairness, and transparency — we are clear about why we collect data
  • Purpose limitation — data is collected only for specific, legitimate purposes
  • Data minimisation — we collect only what is necessary
  • Accuracy — we keep records current and provide tools to correct your data
  • Storage limitation — data is not kept longer than necessary
  • Integrity and confidentiality — all data is protected with appropriate security measures

Braider Data

Braiders provide profile information including their name, photo, service listings, pricing, availability, and portfolio images. This information is displayed publicly on the platform to facilitate client discovery. Braiders may update or remove their profile information at any time from account settings. Financial records relating to subscription payments and earnings are retained for accounting and legal compliance purposes.

Client Data

Client booking history, contact details, and payment records are stored securely and never shared with third parties for marketing. Booking details are shared with the relevant braider only as necessary to fulfil the appointment. Clients may request a full export or deletion of their data by contacting privacy@regalo.ng.

NDPR & GDPR Compliance

In compliance with applicable data protection laws, users have the following rights:

  • Right to access — obtain a copy of your personal data we hold
  • Right to rectification — correct inaccurate or outdated information
  • Right to erasure — request deletion of your data (subject to legal obligations)
  • Right to data portability — receive your data in a structured, portable format
  • Right to object — opt out of certain processing activities

Data Breach Response

In the event of a confirmed data breach, Regalo will:

  • Notify affected users within 72 hours of discovery
  • Report the breach to the Nigeria Data Protection Commission (NDPC) and any other relevant authority
  • Take immediate steps to contain and remediate the breach
  • Provide guidance on protective measures users can take

Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Booking records are kept for 2 years after the transaction date. Subscription and payment records are retained for 7 years for tax compliance. Inactive accounts inactive for more than 3 years may be deleted after prior notice.

Questions about this policy?

If you have any questions or concerns about this policy, please don't hesitate to contact our support team.

Contact Legal Team