Privacy Policy

Version 1.2 · Effective June 6, 2026

Slay Technologies Limited ("we", "us", "our", or "Curate by Slay") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use the Curate by Slay mobile application ("the App").

This policy is prepared in compliance with the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act (NDPA) 2023, and international best practices for data protection.

By using our App, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the App.

1. Who We Are (Data Controller)

  • Company Name: Slay Technologies Limited
  • Trading Name: Curate by Slay
  • CAC Registration Number: 9435810
  • Business Address: Abuja, Federal Capital Territory, Nigeria
  • Data Protection Officer: Abdulmalik Abdulazeez Adeiza (MEng, Computer Engineering) · privacy@curatebyslay.com
  • Email: privacy@curatebyslay.com
  • Support: support@curatebyslay.com

As the Data Controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that such processing is done lawfully and transparently.

2. Information We Collect

We collect the following categories of personal information:

Account Information

  • Email address
  • Username
  • Password (encrypted)
  • Date of birth (to verify the 18+ age requirement)
  • Profile picture (optional)

Fabric & Style Images

  • Photos of fabrics you upload to generate outfits.
  • Photos of reference styles (Mode 2 only — automatically deleted after generation).
  • Generated outfit images (saved to your gallery).

Payment Information

  • Transaction history (amount, date, credit pack purchased).
  • We do not store your card details — payments are processed by Paystack, a PCI-DSS compliant processor.

Usage Data

  • App usage patterns (which features you use, how often).
  • Device information (operating system, app version) for diagnostics.
  • Anonymized error logs for stability monitoring.

3. How We Use Your Information

We process your personal data for the following purposes:

  • Service delivery: generating outfits, managing your account, processing payments.
  • Customer support: responding to your inquiries and complaints.
  • Service improvement: understanding which features are popular so we can improve them.
  • Legal compliance: meeting our tax and regulatory obligations.
  • Security: detecting fraud, abuse, and unauthorized access.

4. Legal Basis for Processing (NDPA Section 25)

We process your personal data on the following lawful bases:

  • Performance of contract: to provide the App's services to you.
  • Your consent: for optional features such as marketing communications.
  • Legitimate interest: for security monitoring and service improvement.
  • Legal obligation: for tax records and regulatory compliance.

5. Data Sharing

We share limited data with the following processors, each under a written Data Processing Agreement:

  • Google (Vertex AI / Gemini): receives your fabric and style images solely for outfit generation. Google does not retain or train on this data per their enterprise terms.
  • Paystack: processes payments. Receives card details directly (we never see them).
  • Apple (App Store In-App Purchase): processes credit purchases made within the iOS app. Apple receives the purchase and transaction data necessary to complete these payments, handled under Apple's own privacy policy.
  • Cloudflare R2: stores fabric and outfit images. End-to-end encrypted in transit.
  • Resend: delivers transactional emails (OTPs, password resets, payment confirmations).
  • Railway: hosts our backend infrastructure.

We do not sell your data to advertisers, brokers, or any third party.

6. Data Retention

  • Account data: kept while your account is active. Deleted within 30 days of account deletion.
  • Generated outfits: kept while your account is active. Deleted within 30 days of account deletion.
  • Reference style images (Mode 2): deleted immediately after each generation.
  • Fabric images: automatically purged after 12 months of inactivity.
  • Transaction records: anonymized but retained for 7 years per the Nigeria Tax Act 2025 (financial audit obligation). Anonymization removes your identity but preserves the financial record.

7. Your Rights (NDPA Section 26)

Under the NDPA, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data ("right to erasure")
  • Restrict processing in certain circumstances
  • Object to processing for marketing purposes
  • Data portability — receive a copy of your data in a structured format
  • Withdraw consent at any time

To exercise any of these rights, email privacy@curatebyslay.com or use the in-app "Delete Account" feature in Settings.

We will respond within 30 days of receiving your request.

8. Data Security

We protect your data using:

  • Encryption in transit: all data sent between the App and our servers uses TLS 1.2 or higher.
  • Encryption at rest: stored images and database contents are encrypted.
  • Secure authentication: passwords are hashed using industry-standard algorithms.
  • Hardware-backed token storage: login tokens are stored in the device's secure keychain (iOS Keychain / Android Keystore).
  • Rate limiting: to prevent brute-force attacks.
  • Audit logging: sensitive actions are logged for security investigation.

Despite these measures, no online service is 100% secure. Use a strong, unique password and notify us immediately if you suspect unauthorized access.

9. Children's Privacy

The App is intended for users aged 18 and above. We do not knowingly collect data from children under 18. If we learn that we have collected such data, we will delete it immediately. Parents/guardians who believe their child has provided personal data should email privacy@curatebyslay.com.

10. International Data Transfers

Some of our processors (Google, Cloudflare) operate servers outside Nigeria. When your data is transferred internationally, we ensure equivalent protection through contractual safeguards (Standard Contractual Clauses) and processor certifications (ISO 27001, SOC 2).

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

  • The version number and effective date at the top will change.
  • Material changes will be communicated via in-app notice or email.
  • Continued use of the App after changes constitutes acceptance of the new policy.

12. Complaints

If you believe we have violated your data protection rights, you may:

  1. Email our Data Protection Officer: privacy@curatebyslay.com
  2. File a complaint with the Nigeria Data Protection Commission (NDPC):
    • Website: https://ndpc.gov.ng
    • Email: info@ndpc.gov.ng

13. Contact Us

  • Privacy questions: privacy@curatebyslay.com
  • Support: support@curatebyslay.com
  • General inquiries: hello@curatebyslay.com