Legal

Privacy Policy

Last updated: 26 May 2026

1. What we collect

  • Account: email, display name, password hash.
  • Author KYC: legal name, phone, address, government ID type and number, ID document image.
  • Payment: bank account name, number, code for payouts. We never store card details — Paystack handles checkout.
  • Reading activity: books in your library, reading progress, bookmarks.
  • Technical: IP, browser, device, anonymised page views.

2. How we use it

To deliver books, process payments, prevent fraud, send transactional emails, and improve the product. We do not sell your personal data.

3. Legal basis (NDPR / GDPR)

Performance of a contract (you bought a book), legitimate interest (security and analytics), and your consent (marketing emails).

4. Sharing

We share data only with: Paystack (payments), Resend (email delivery), Supabase (hosting), and law enforcement when legally required.

5. Storage and security

Data is stored on Supabase (EU/US regions) with encryption at rest and in transit. KYC documents are stored in a private bucket accessible only to you and our compliance team.

6. Your rights

You can access, correct, export or delete your data from your account settings, or by emailing privacy@tbsbookshop.com. We respond within 30 days.

7. Retention

Account data: kept until you delete your account. Purchase records: 7 years (Nigerian tax law). KYC: 5 years after account closure.

8. Cookies

See our Cookie Policy.

9. Contact

Data Protection Officer: privacy@tbsbookshop.com.