Botglam

Legal

Privacy Policy

Effective Date: 12 April 2026 · Last Updated: 12 April 2026

Botglam (“we,” “us,” or “our”) operates the Botglam platform (accessible at botglam.com and via our mobile applications), a beauty business management platform designed for beauty professionals across Africa. We are committed to protecting the privacy and personal data of our users, their clients, and all visitors to our platform.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data in accordance with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation (NDPR), and other applicable data protection laws. By accessing or using Botglam, you acknowledge that you have read and understood this Privacy Policy.

1. Definitions

In this Privacy Policy:

  • “Platform” means the Botglam website, web application, mobile applications, APIs, and all related services.
  • “Business User” means a beauty professional or business that registers an account on Botglam to manage their services, bookings, and client relationships.
  • “End Client” means a customer of a Business User who interacts with the Platform by booking appointments, making payments, submitting forms, or communicating through the Platform.
  • “Personal Data” means any information that directly or indirectly identifies a natural person, as defined under the NDPA.
  • “AI Features” means any artificial intelligence or machine learning functionality offered through the Platform, including automated responses, recommendations, and data analysis tools.

2. Data Controller and Processor Roles

Botglam as Data Controller: We act as the data controller for Personal Data we collect directly from Business Users (e.g., account registration data, billing information) and from visitors to our website.

Botglam as Data Processor:When Business Users collect and manage their End Clients’ data through the Platform (e.g., appointment records, client notes, intake form responses), we act as a data processor on behalf of the Business User, who remains the data controller for their End Clients’ Personal Data.

Business Users are responsible for ensuring that they have obtained the necessary consent or legal basis to collect and process their End Clients’ data through the Platform.

3. Personal Data We Collect

3.1 Business User Data

When you register for and use a Botglam account, we collect:

  • Identity and contact information: full name, email address, phone number, WhatsApp number, profile photo, and biographical information.
  • Business information: business name, business address, business category, description, social media handles (Instagram, Facebook, TikTok), and website URL.
  • Location data: business address coordinates (latitude and longitude) for location-based features and multi-location management.
  • Financial and payment information: bank account details (account number, bank code), Paystack integration credentials, dedicated virtual account (DVA) details, wallet balance, and earnings data.
  • Subscription and billing data: plan selection, payment history, and billing cycle information.
  • Preferences and settings: brand colours, booking page customisation, WhatsApp message templates, and notification preferences.

3.2 End Client Data

When End Clients interact with a Business User through the Platform, the following data may be collected:

  • Contact information: name, email address, and phone number.
  • Booking and service data: appointment dates, services selected, service preferences, intake form responses, and inspiration images uploaded by the End Client.
  • Payment data: transaction amounts, payment references, deposit amounts, and payment status (processed securely through Paystack).
  • Communication data: messages exchanged with Business Users via in-app chat, WhatsApp, and other integrated channels.
  • Purchase data:product orders, shipping addresses, and order history from Business Users’ online shops.
  • Feedback data: reviews, ratings, and review responses.
  • Marketing preferences: consent status for marketing communications.

3.3 Automatically Collected Data

When you access the Platform, we automatically collect certain technical and usage data:

  • Device type, operating system, browser type, and version.
  • IP address and approximate geographic location.
  • Pages viewed, features used, and interaction patterns.
  • Referral sources and session duration.
  • Cookies and similar tracking technologies (see Section 12).

4. How We Use Your Personal Data

We process Personal Data for the following purposes and legal bases:

4.1 Service Delivery (Contractual Necessity)

  • Providing and maintaining the Platform and all its features.
  • Processing appointment bookings, calendar management, and scheduling.
  • Facilitating payments, deposits, refunds, and wallet transactions via Paystack.
  • Enabling client management, including profiles, booking history, and notes.
  • Operating the online shop, including order processing and fulfilment tracking.
  • Supporting multi-location business management.
  • Generating reports and analytics on revenue, retention, and business performance.

4.2 Communications (Contractual Necessity / Legitimate Interest)

  • Sending WhatsApp automated reminders, booking confirmations, and follow-up messages on behalf of Business Users.
  • Facilitating in-app messaging between Business Users and their End Clients.
  • Enabling call features with contextual client and booking information.
  • Sending service-related notifications and account communications.

4.3 WhatsApp Conversational API Integration

We integrate with the WhatsApp Business API (Conversational API) to provide messaging features. When Business Users or End Clients communicate via WhatsApp through our Platform:

  • Message content, sender and recipient identifiers, and timestamps are processed to deliver and display messages within the Platform.
  • WhatsApp messages may be stored on our servers to provide message history, enable continuity of conversations, and support the features described in this Policy.
  • Meta Platforms, Inc. (the operator of WhatsApp) processes message data in accordance with its own privacy policy. We encourage you to review Meta’s Privacy Policy for details on their data practices.
  • Business Users are responsible for complying with WhatsApp Business Policy and obtaining appropriate consent before initiating conversations with their End Clients.

4.4 Artificial Intelligence and Automated Processing

We use AI technologies to enhance the Platform. This includes, but is not limited to:

  • AI-Assisted Responses: Our AI features may read and analyse communication data (including WhatsApp messages, in-app chat, and booking information) to suggest responses, draft replies, and assist Business Users in managing client communications more efficiently.
  • Smart Recommendations: AI may be used to recommend services, products, or relevant professionals to End Clients based on their booking history, preferences, and interactions on the Platform, including within our marketplace.
  • AI Rebooking Campaigns: Automated campaigns that use client data to identify rebooking opportunities and generate targeted follow-up communications.
  • Business Insights: AI-powered analytics to help Business Users understand trends, optimise scheduling, and improve client retention.

AI Training: We may use aggregated and de-identified data derived from Platform usage to train, improve, and develop our AI models and features. Where we use Personal Data for AI training purposes, we will do so only with appropriate legal basis and safeguards, including:

  • Obtaining explicit consent where required under applicable law.
  • Applying data minimisation and anonymisation techniques wherever practicable.
  • Providing Business Users with the ability to opt out of AI training on their data via account settings.

You will be notified of material changes to our AI data practices, and any expansion of AI training on identifiable Personal Data will require fresh consent where mandated by law.

4.5 Marketplace and Service Recommendations (Legitimate Interest / Consent)

We operate and may expand marketplace features that connect End Clients with Business Users. In this context:

  • We may recommend services, products, or Business Users to End Clients based on their booking history, preferences, location, and other relevant factors.
  • Business Users’ profile information, service offerings, pricing, reviews, and ratings may be displayed to End Clients browsing the marketplace.
  • We may send marketing communications about relevant services or professionals to End Clients who have consented to receiving such communications.
  • End Clients may opt out of personalised recommendations at any time.

4.6 Legal and Compliance (Legal Obligation / Legitimate Interest)

  • Complying with applicable laws, regulations, and legal processes.
  • Enforcing our Terms of Service and other agreements.
  • Detecting, preventing, and addressing fraud, security issues, and technical problems.
  • Protecting the rights, property, and safety of Botglam, our users, and the public.

5. Data Sharing and Disclosure

We do not sell your Personal Data. We share Personal Data only in the following circumstances:

5.1 With Service Providers

  • Paystack: Payment processing, including card payments, bank transfers, virtual accounts, and wallet operations.
  • Meta / WhatsApp: Message delivery and WhatsApp Business API services.
  • Google: Calendar synchronisation (where enabled by the Business User).
  • Cloud infrastructure providers: Hosting, storage, and content delivery.
  • Analytics providers: Aggregated usage analytics and performance monitoring.
  • AI service providers: Third-party AI infrastructure used to power our AI features, subject to data processing agreements and appropriate safeguards.

5.2 Between Business Users and End Clients

When an End Client books an appointment, makes a purchase, or communicates through the Platform, relevant data is shared between the End Client and the Business User to fulfil the service. Business Users can view their End Clients’ contact information, booking history, preferences, and communications within their dashboard.

5.3 Within the Marketplace

Business Users’ public profile information (business name, services, pricing, location, reviews, and ratings) may be displayed to End Clients and the general public through our marketplace and public booking pages.

5.4 Legal Requirements

We may disclose Personal Data where required by law, regulation, court order, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.5 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, Personal Data may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.

6. Data Retention

We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Active account data:Retained for the duration of the Business User’s account and for a reasonable period thereafter to allow for reactivation.
  • Transaction and payment records: Retained for a minimum of six (6) years in accordance with applicable tax and financial regulations.
  • Communication data: Retained for the duration of the business relationship and deleted or anonymised within twelve (12) months of account closure, unless required by law.
  • Automatically collected data: Retained for up to twenty-four (24) months for analytics purposes.
  • AI training data: Where Personal Data is used for AI training, it is anonymised or aggregated promptly. Identifiable data used for training is deleted once the training cycle is complete unless continued retention is justified by a lawful basis.

Upon account deletion, we will delete or anonymise your Personal Data within a reasonable timeframe, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).

7. Data Security

We implement appropriate technical and organisational measures to protect Personal Data against unauthorised access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Access controls and role-based permissions.
  • Regular security assessments and vulnerability testing.
  • Secure payment processing through PCI-DSS compliant payment providers (Paystack).
  • Employee training on data protection and security practices.
  • Incident response procedures for data breaches.

While we strive to protect your Personal Data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but commit to promptly notifying affected individuals and relevant authorities in the event of a data breach, in accordance with the NDPA.

8. Your Data Protection Rights

Under the NDPA and applicable data protection laws, you have the following rights:

  • Right of Access: You may request a copy of the Personal Data we hold about you.
  • Right to Rectification: You may request correction of inaccurate or incomplete Personal Data.
  • Right to Erasure: You may request deletion of your Personal Data, subject to legal retention obligations.
  • Right to Restriction of Processing: You may request that we limit how we process your data in certain circumstances.
  • Right to Data Portability: You may request a machine-readable copy of your Personal Data.
  • Right to Object: You may object to processing based on legitimate interests, including profiling, AI-driven recommendations, and direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right Not to be Subject to Automated Decision-Making: You may request human review of any decision made solely by automated means (including AI) that significantly affects you.

To exercise any of these rights, please contact us at the details provided in Section 15. We will respond to your request within thirty (30) days. If we are unable to comply with your request, we will provide reasons in writing.

End Clients: If you are an End Client of a Business User on our Platform, please direct data access, correction, or deletion requests to the Business User in the first instance, as they are the data controller for your data. We will assist Business Users in responding to such requests.

9. International Data Transfers

Your Personal Data may be transferred to and processed in countries outside Nigeria where our service providers operate (including for cloud hosting, payment processing, AI services, and WhatsApp messaging). Where such transfers occur, we ensure that appropriate safeguards are in place, including:

  • Data processing agreements with contractual protections equivalent to NDPA standards.
  • Transfers to jurisdictions that provide adequate levels of data protection, or where the recipient is subject to binding corporate rules or equivalent frameworks.

10. Children’s Privacy

The Platform is not directed at children under the age of eighteen (18). We do not knowingly collect Personal Data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete such data.

11. Third-Party Links and Services

The Platform may contain links to third-party websites and services (including Paystack, WhatsApp, Google Calendar, and social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to review their respective privacy policies before providing them with your Personal Data.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyse usage, and support our services. Types of cookies we use include:

  • Essential cookies: Required for core Platform functionality (e.g., authentication, session management).
  • Analytics cookies: Used to understand how visitors interact with the Platform and to improve performance.
  • Preference cookies: Used to remember your settings and preferences.

You may manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Platform.

13. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) where our processing activities are likely to result in a high risk to the rights and freedoms of individuals, including in relation to AI features, large-scale profiling, and new marketplace functionalities. Results of these assessments inform our data protection practices and safeguards.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by:

  • Posting the updated Policy on the Platform with a revised “Last Updated” date.
  • Sending a notification via email or in-app message for significant changes, particularly those affecting AI data practices or data sharing.

Your continued use of the Platform after such changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Company: Botglam
  • Email: privacy@botglam.com
  • Website: botglam.com

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe your data protection rights have been violated.

16. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act 2023 and other applicable data protection legislation.

Please also review our Terms of Service which govern your use of the Botglam platform.