Legal

Privacy Policy

Effective: April 14, 2026

Spenfai ("we", "our", or "us") respects your privacy and is committed to handling your personal data responsibly. This policy explains what we collect, why we collect it, how we use it, and your rights.

1. Who we are

Spenfai is an AI-powered commerce operating system that provides storefronts, order management, campaign tools, and merchant analytics to businesses and independent sellers.

For questions about this policy or to exercise your privacy rights, contact us at privacy@spenfai.app.

2. Information we collect

We collect the following categories of information when you use Spenfai:

  • Account information: Name, email address, and hashed password when you register. If you sign up via Google or GitHub OAuth, we receive the profile information provided by those services.
  • Store information: Your store name, slug, description, logo, payment configuration, and settings you provide.
  • Product and order data: Products you list, orders placed through your storefront, customer contact details, and payment transaction references.
  • Communication data: Campaign content, message templates, and customer contact lists you upload or create.
  • Usage data: Pages visited, features used, actions taken within the dashboard, and platform activity logs.
  • Technical data: IP address, browser type, device identifiers, and session tokens used to maintain your login state.

3. How we use your information

  • To create and maintain your Spenfai account and stores.
  • To operate storefronts and process orders on your behalf.
  • To deliver campaigns and messages you create and schedule.
  • To provide AI-assisted insights about your store performance.
  • To send transactional and operational emails (order confirmations, password resets, system notices).
  • To enforce our Terms of Service and protect platform integrity.
  • To improve the platform, fix bugs, and develop new features.
  • To comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for advertising targeted to you without your explicit consent.

4. Data sharing and processors

We share limited data with trusted third parties only where necessary to operate the platform:

  • Paystack:Processes card payments made through your storefronts. Paystack receives order amounts and customer transaction details. Paystack's privacy policy governs their handling of that data.
  • Email providers (SMTP / Resend): Deliver emails on your behalf. Email content and recipient addresses are transmitted to the configured provider.
  • OpenAI: Powers AI assistant features. Store-derived context may be sent to OpenAI to generate insights. We do not send sensitive customer PII to OpenAI.
  • Hosting infrastructure: Spenfai runs on cloud infrastructure. Data is stored in encrypted databases.

5. Customer data you collect through your storefront

When customers place orders through your Spenfai-powered storefront, their contact information (name, email, phone, address) is stored in our database on your behalf. You are the data controller for this customer data. You are responsible for informing your customers how their data is used, maintaining appropriate legal basis for processing, and complying with applicable privacy laws in your jurisdiction.

6. Data retention

We retain your account and store data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., financial records).

Order and transaction records may be retained for up to 7 years for accounting and compliance purposes.

7. Security

We take security seriously. Passwords are hashed using bcrypt with a cost factor of 12. Sessions use encrypted, server-signed tokens. All connections to Spenfai use TLS. We regularly review our security practices and promptly address vulnerabilities.

Despite these measures, no system is 100% secure. If you believe your account has been compromised, contact us immediately.

8. Cookies and sessions

Spenfai uses a session cookie to keep you logged in. This cookie is essential for platform operation. We do not set third-party tracking cookies or advertising cookies. If you use analytics on your storefront (configured via admin settings), your analytics provider may set its own cookies — governed by their policies.

9. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Request deletion of your account and associated data.
  • Object to or restrict certain processing activities.
  • Data portability (receive a copy of your data in a structured format).

To exercise these rights, contact privacy@spenfai.app. We will respond within 30 days.

10. Children

Spenfai is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the effective date above. Continued use of Spenfai after the updated policy takes effect constitutes acceptance.

12. Contact

Questions, concerns, or requests relating to this policy should be sent to privacy@spenfai.app.