Launch offer — free delivery on supplies orders above ₦50,000 🎉Shop now
Foliocart
🛒Sign in

Privacy Policy

Last updated: 12 June 2026

1. Scope

This policy explains how FolioCart collects, uses and protects personal data when you use our website and services. We process personal data in line with the Nigeria Data Protection Act 2023 (NDPA) and applicable regulations.

2. What we collect

  • Contact and account data: name, business name, email, phone number, password (stored as a salted hash — we never see your plain password).
  • Order data: delivery addresses, order contents, quotes, payment method (we do not store card details), and order history.
  • Artwork and files you upload for print jobs.
  • Technical data: basic logs (IP address, device/browser info) needed to run and secure the service.

3. How we use it

  • To quote, produce and deliver your orders — including sharing job specifications and artwork with the production partner fulfilling your job, and delivery details with logistics providers.
  • To contact you about your orders and respond to enquiries.
  • To send service updates and, with your consent, promotional messages — you can opt out at any time.
  • To prevent fraud, enforce our terms and meet legal obligations.

We do not sell your personal data.

4. Sharing

We share data only with: production partners (job specs and artwork needed to produce your order), delivery providers (name, phone, address), payment providers (to confirm transfers), professional advisers, and authorities where required by law. All partners are bound to use your data only to fulfil your order.

5. Retention

We keep order records for as long as needed for accounting, tax and dispute purposes. Uploaded artwork is retained so we can reprint or resolve claims, and is deleted on request once an order is closed.

6. Your rights

  • Access, correct, or delete your personal data.
  • Object to or restrict certain processing, and withdraw consent for marketing.
  • Complain to the Nigeria Data Protection Commission (NDPC) if you believe your rights are infringed.

To exercise any right, contact us using the details in the footer. We respond within 30 days.

7. Security

We use industry-standard measures — encrypted connections, hashed passwords, access controls — to protect your data. No system is perfectly secure; notify us immediately if you suspect unauthorised access to your account.

8. Changes

We may update this policy from time to time; the latest version is always published on this page.