Erban X
ERBANX

Legal

Privacy Policy

Effective date: 10 June 2025

1. Who we are

Erban X (“we”, “us”, or “our”) operates the Erban X platform — a construction operations and professional services marketplace serving teams, skilled tradespeople, vendors, and individual users in Nigeria. The platform is available via our website at erbanx.com and the Erban X mobile app on Android and iOS. This policy covers both.

Erban X supports the following account types: Company Owner, Team Member, Vendor, Professional, Client, and Individual. Each account type has access to different features of the platform; the data we collect varies accordingly.

Erban X is intended for users who are 18 years of age or older. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with their information, please contact us immediately and we will delete it.

2. Information we collect

a) Account information

  • Name, email address, phone number, and organisation details you provide when registering.
  • If you sign in with Google, we receive your name, email address, and profile photo from Google. We store a Google account identifier to link your account. We do not receive your Google password or access any other Google service (Drive, Calendar, Gmail, etc.).
  • Account type and, where applicable, your role within your organisation.

b) Professional and vendor profile information

If you register as a professional or vendor, we additionally collect:

  • Profession, skills, years of experience, hourly rate, and bio.
  • Location (city/area) — entered as text on the mobile app, or optionally detected via your device’s GPS on the web platform when you use the “Request a Pro” or professional search features (see Section 2d).
  • Profile photo and portfolio posts — including images, titles, descriptions, categories, completion dates, and client names you choose to add.
  • Availability status and verification status, which are displayed publicly on your profile.

c) Identity verification (KYC)

To appear in search results and accept bookings, professionals and vendors are required to complete identity verification. We collect:

  • Your National Identification Number (NIN) — an 11-digit government-issued identifier.
  • An identity document image (optional supporting document).

Your NIN is verified against the National Identity Management Commission (NIMC) database via their official API. The NIN and verification result are stored securely. Your NIN is never shared with other users and is used solely to confirm your identity on the platform.

d) Location data

When you use the Request a Pro or professional search features on the Erban X website, we request your device’s GPS coordinates (with your permission) to find professionals near you. Your coordinates are:

  • Passed to Nominatim (OpenStreetMap) to convert your GPS coordinates into a readable address — Nominatim receives your coordinates for this purpose only.
  • Stored on our servers as latitude and longitude to calculate distances between you and available professionals.

Location access is optional. You can decline the browser permission and still use the platform by entering your location manually. We do not track your location in the background or use it for advertising.

e) Project and financial data

  • Project names, budgets, cost line items, inspection records, and other construction data you enter into the platform.
  • Order and payment records: order amounts, currency (NGN), Paystack payment reference numbers, and payment status. We do not store your card number, CVV, or bank details — these are handled directly by Paystack on their secure hosted page.

f) Communications and content

  • Text messages sent to team members or contacts within the platform.
  • Voice messages you record and send via the in-app messaging feature. Audio is uploaded to our secure storage and linked to your message. Recordings are up to 60 seconds and require microphone access on your device.
  • Photos and videos you send in messages or upload to your portfolio or profile, whether captured from your camera or selected from your photo library.
  • Enquiries, complaints, and support communications you send to us via email or in-app support channels, including any attachments or information you choose to include.

g) Device and technical data

  • Push notification token: If you allow notifications, we store your device’s push token, platform (iOS/Android), device name, and app version to deliver notifications. This is deleted when you log out or delete your account.
  • Standard server logs (IP address, browser/OS type, request timestamps) retained for security and debugging purposes.

3. Mobile app permissions

The Erban X mobile app requests the following device permissions:

  • Microphone — to record voice messages you choose to send in team chat. The microphone is accessed only when you actively tap the record button; it is never accessed in the background.
  • Camera — to take photos or videos you choose to send in messages, upload to your portfolio, or set as your profile picture. The camera is not accessed in the background.
  • Photo library / media storage — to let you select existing photos or videos from your device for messages, portfolio posts, and profile pictures.
  • Push notifications — to send you alerts about new messages, project updates, booking status changes, and other platform activity. You can disable these at any time in your device settings or within the app.
  • Biometric authentication (Face ID / Fingerprint) — if you enable the app lock feature in Settings, Erban X uses your device’s built-in biometric sensor to verify your identity when you return to the app. Your biometric data (face or fingerprint) is processed entirely by your device’s operating system and is never transmitted to or stored by Erban X. We only store a local preference (on/off) on your device.

All permissions are optional. Denying a permission disables only the related feature and does not affect the rest of the platform.

4. How we use your information

  • To provide, operate, and improve the Erban X platform and mobile app.
  • To verify your identity as a professional or vendor via NIMC and display your verified profile to potential clients.
  • To match clients with nearby professionals using location data (where provided).
  • To process bookings and payments through Paystack.
  • To deliver push notifications, transactional emails (receipts, password resets, alerts), and in-app messages.
  • To send product updates and newsletters — you can unsubscribe at any time.
  • To respond to support and enquiry communications.
  • To detect fraud, enforce our Terms of Service, and comply with legal obligations.

5. What is publicly visible

If you have a professional or vendor profile, the following information is visible to all users of the platform (including visitors browsing the marketplace):

  • Name, profession, location (city/area), bio, and profile photo.
  • Hourly rate, years of experience, and skills.
  • Verification status, availability status, and number of completed jobs.
  • Portfolio posts and images.
  • Average rating and reviews from past clients.

The following is never publicly visible: your email address, phone number, NIN, identity documents, GPS coordinates, or payment information.

6. Third-party services

We use the following third-party services to operate the platform. Each receives only the data necessary for its specific function:

  • Supabase — database hosting and file storage (profile photos, portfolio images, voice messages, identity documents). Data is stored on secure cloud infrastructure.
  • Paystack — payment processing. When you make a payment, you are redirected to Paystack’s secure hosted page. Erban X never sees or stores your card details. Paystack’s privacy policy: paystack.com/privacy.
  • Google — if you choose to sign in with Google, authentication is handled via Google’s OAuth service. We receive only your name, email, and profile photo. Google’s privacy policy: policies.google.com/privacy.
  • NIMC (National Identity Management Commission) — we submit your NIN to NIMC’s official API solely to verify your identity for KYC purposes. NIMC returns a verification result; your NIN is not shared with any other third party for this purpose.
  • Nominatim (OpenStreetMap) — when you use location-based professional search on the web platform, your GPS coordinates are sent to Nominatim to obtain a human-readable address. No personal identifiers are sent; coordinates are used solely for reverse geocoding.
  • Resend — transactional email delivery (account notifications, receipts, alerts). Your email address is shared with Resend solely to deliver emails to you.
  • Expo Push Notifications — delivery of push notifications to your device. Your device’s push token is shared with Expo’s notification infrastructure solely to route notifications to your device.

We do not use third-party analytics or advertising SDKs (e.g., Mixpanel, Amplitude, Firebase Analytics, Google Analytics) and do not track your behaviour across other websites or apps.

7. Data sharing

We do not sell your personal information. We do not share your data with advertisers or data brokers. Data is shared only with the service providers listed in Section 6 under data-processing agreements, and only to the extent necessary to operate the platform. We may disclose data if required by Nigerian law or a valid court order.

8. Cookies and local storage

The Erban X website uses cookies solely to keep you signed in and maintain your session. We do not use cookies for advertising, cross-site tracking, or profiling. You can disable cookies in your browser settings, but this will prevent you from staying logged in.

The mobile app stores your authentication token in your device’s secure storage (iOS Keychain / Android Keystore). This data stays on your device and is cleared when you log out. The biometric lock preference (on/off) is also stored locally on your device only.

9. Data retention and deletion

We retain your data for as long as your account is active. When you delete your account:

  • Your account, profile, messages, projects, and associated personal data are permanently deleted from our systems.
  • Your push notification token is immediately deregistered.
  • Payment and transaction records may be retained for the period required by Nigerian financial regulations (typically 6 years) but will be dissociated from your personal identity where possible.

To delete your account: open the app or website, go to Settings → Delete Account and confirm. Deletion is immediate and irreversible. No email request is required.

10. Security

We use industry-standard measures to protect your information: TLS encryption for all data in transit, encrypted storage at rest for sensitive data (including KYC documents and authentication tokens), and role-based access controls limiting which staff can access personal data. No method of transmission over the internet is 100% secure. If you discover a security vulnerability, please report it to support@erbanx.com.

11. Nigeria Data Protection Act (NDPA) compliance

Erban X operates in compliance with the Nigeria Data Protection Act 2023 (NDPA) and the Nigeria Data Protection Regulation 2019 (NDPR), both administered by the National Data Protection Commission (NDPC). As a Nigerian resident you have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data (see Section 9 — self-service via the app).
  • Object to or restrict certain processing.
  • Data portability where technically feasible.

To exercise any of these rights (other than account deletion, which is self-service), contact us at support@erbanx.com. We will respond within 30 days. You may also lodge a complaint directly with the NDPC at ndpc.gov.ng if you believe your data rights have been violated.

12. International data transfers

Some of the third-party services we use (including Supabase for database and file storage, Resend for email delivery, and Expo for push notifications) operate infrastructure outside Nigeria. Where your data is transferred internationally, we ensure those providers maintain security standards equivalent to or exceeding those required under the NDPA 2023. By using Erban X you consent to this transfer, which is necessary to operate the platform.

13. Data breach notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the NDPC within 72 hours of becoming aware of the breach, as required by the NDPA 2023. We will also notify affected users without undue delay via the email address on your account, describing the nature of the breach, the data affected, and the steps we are taking to address it.

14. Your rights and choices

  • Notifications: Disable push notifications in your device settings or in-app notification preferences at any time.
  • Marketing emails: Unsubscribe via the link in any marketing email.
  • Location: Decline the browser location permission — you can still use the platform by entering your location manually.
  • Biometric lock: Enable or disable at any time in Settings.
  • Profile visibility: Professionals can set their status to “Unavailable” to stop appearing in marketplace search results.
  • Account deletion: Settings → Delete Account (see Section 9).

15. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and notify registered users by email and/or an in-app notice at least 14 days before the change takes effect.

16. Contact

Questions, data requests, or privacy concerns? Contact our support team at support@erbanx.com.